Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

previously Infected with SmartHDD


  • This topic is locked This topic is locked
22 replies to this topic

#1 Cave71

Cave71

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:12:21 PM

Posted 14 April 2012 - 10:33 PM

I recently had SmartHDD infect my desktop and my laptop. After removal I was getting many system freezes and thanks to the efforts of members here, all seems to be back to normal. If possible, I just need someone to check the logs from my laptop, in hopes that this infection is gone and that I don't have any other surprises hanging around on my system. The laptop seems to be functioning well at this point, I haven't noticed any strange behavior in about 4-5 days now.

Please let me know what other scans or info may be required.
Thank You!!

Andy

Here are my DDS Logs:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Andy at 23:12:19 on 2012-04-14
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.3894.2373 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Windows\system32\taskhost.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_228_ActiveX.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ca.yahoo.com/?p=us
uSearch Bar = Preserve
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://ca.search.yahoo.com/search?p=%s&type=HPNTDF&fr=chr-hp-psg
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
TCP: DhcpNameServer = 64.71.255.198 192.168.1.1
TCP: Interfaces\{2815D0C5-EBBE-48E4-8C19-B5A065F15D1D} : DhcpNameServer = 64.71.255.198 192.168.1.1
TCP: Interfaces\{2815D0C5-EBBE-48E4-8C19-B5A065F15D1D}\742716E6E697 : DhcpNameServer = 192.168.15.1 192.168.1.1
TCP: Interfaces\{A4443DA0-0E19-4F13-B5F4-B66D07168456} : DhcpNameServer = 64.71.255.198 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [IMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-8-23 13336]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-12 654408]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-10-14 994360]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-8-23 2320920]
R3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\system32\drivers\btwampfl.sys --> C:\Windows\system32\drivers\btwampfl.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys --> C:\Windows\system32\DRIVERS\psi_mf.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-7 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-31 253600]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-7 136176]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-04-14 16:49:02 -------- d-----w- C:\Users\Andy\AppData\Roaming\WinPatrol
2012-04-14 16:48:55 -------- d-----w- C:\ProgramData\InstallMate
2012-04-14 16:48:55 -------- d-----w- C:\Program Files (x86)\BillP Studios
2012-04-14 16:47:17 -------- d-----w- C:\Users\Andy\AppData\Local\{140ED9FC-49B0-4D46-8077-48BE6B0E4344}
2012-04-14 16:47:06 -------- d-----w- C:\Users\Andy\AppData\Local\{21CFC260-FA1B-46D4-A25F-DEBCB3429B02}
2012-04-14 16:46:30 -------- d-----w- C:\Windows\en
2012-04-14 16:42:44 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\9d6ec6461cd1a5d01\DSETUP.dll
2012-04-14 16:42:44 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\9d6ec6461cd1a5d01\DXSETUP.exe
2012-04-14 16:42:44 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\9d6ec6461cd1a5d01\dsetup32.dll
2012-04-14 16:42:44 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\9db3ce2e1cd1a5d02\MeshBetaRemover.exe
2012-04-14 16:27:45 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{774FB881-6259-4F09-9228-D7F95FCA3133}\gapaengine.dll
2012-04-14 16:27:40 8669240 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0C15865A-B9BE-46C1-8710-C77086BC752D}\mpengine.dll
2012-04-14 16:25:16 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-04-14 16:25:11 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-04-14 16:21:02 -------- d-----w- C:\Users\Andy\AppData\Local\{4A0B0880-69DC-4472-87A5-025217AE8E8D}
2012-04-14 16:20:52 -------- d-----w- C:\Users\Andy\AppData\Local\{DB76FE0C-3656-417B-80A0-2B92DCA38027}
2012-04-14 16:11:55 -------- d-----w- C:\Users\Andy\AppData\Local\{5E156D67-BA9E-4B35-9EE2-5B8B6C6E90A1}
2012-04-14 16:11:45 -------- d-----w- C:\Users\Andy\AppData\Local\{AB0C009D-CA23-4C1C-A0BB-CC1B4EFF4F48}
2012-04-13 21:09:22 -------- d-----w- C:\Program Files (x86)\Cisco Systems
2012-04-13 20:58:54 -------- d-----w- C:\ProgramData\Cisco Systems
2012-04-13 14:00:37 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CAF59FDB-0E23-45FB-A69E-38CF77B6DA2D}\mpengine.dll
2012-04-13 01:56:39 -------- d-----w- C:\Users\Andy\AppData\Local\{A592491F-D1E8-420C-9B3F-F35B14943061}
2012-04-12 13:56:16 -------- d-----w- C:\Users\Andy\AppData\Local\{977850EF-5262-42B4-9DFD-FF55610F4154}
2012-04-12 12:48:59 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-04-12 12:48:59 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-12 05:33:28 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-12 05:33:28 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-12 05:33:28 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-12 05:33:28 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-12 05:33:28 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-12 05:33:28 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-12 05:33:28 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-12 01:55:52 -------- d-----w- C:\Users\Andy\AppData\Local\{6141A559-2FF4-48A7-A615-53DA9EFD8A50}
2012-04-11 01:55:15 -------- d-----w- C:\Users\Andy\AppData\Local\{9D39CAB0-D510-4AFC-85CE-D528825ED71C}
2012-04-10 13:54:51 -------- d-----w- C:\Users\Andy\AppData\Local\{44D37E79-95AC-4CE2-94FD-30D4D86EF41C}
2012-04-10 01:30:09 -------- d-----w- C:\Users\Andy\AppData\Local\{30D4386B-6A27-483E-94CC-7EDF2F100D19}
2012-04-09 01:29:33 -------- d-----w- C:\Users\Andy\AppData\Local\{0B8F8298-511F-45EE-9579-422FBD98A0EB}
2012-04-02 15:10:54 -------- d-----w- C:\Users\Andy\AppData\Local\{4C33E0C8-0DE5-4E77-9E06-E976D481B468}
2012-04-02 02:39:54 -------- d-----w- C:\Users\Andy\AppData\Local\{B84AA6B8-A28C-4D93-A8FB-506CCB17B5CC}
2012-04-01 15:52:49 -------- d-----w- C:\Users\Andy\Music Recording
2012-04-01 15:29:28 -------- d-----w- C:\ProgramData\Synaptics
2012-04-01 15:27:28 -------- d-----w- C:\Program Files\Synaptics
2012-04-01 14:39:31 -------- d-----w- C:\Users\Andy\AppData\Local\{E3A6C3BE-DFDD-4B58-A0C2-CF013B28B99B}
2012-04-01 02:32:08 -------- d-----w- C:\Users\Andy\AppData\Local\{C75DAEF7-58D7-423B-9F22-AE16A4BBF6BA}
2012-03-31 15:49:16 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-03-31 15:46:51 -------- d-----w- C:\Users\Andy\AppData\Local\Secunia PSI
2012-03-31 15:46:37 -------- d-----w- C:\Program Files (x86)\Secunia
2012-03-31 14:31:45 -------- d-----w- C:\Users\Andy\AppData\Local\{1002B054-745B-400C-A5A9-04A38C65D348}
2012-03-31 05:49:05 -------- d-----w- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
2012-03-31 03:03:11 -------- d-----w- C:\Users\Andy\AppData\Roaming\SUPERAntiSpyware.com
2012-03-31 03:02:57 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-03-31 03:02:57 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-03-30 20:13:15 -------- d-----w- C:\Users\Andy\AppData\Local\{A5FDD98E-1C28-4144-BAF7-9BD7F6F21501}
2012-03-30 19:02:31 -------- d-----w- C:\Users\Andy\AppData\Local\{6DFF938F-A220-489C-9C5D-D12B1C433AF7}
2012-03-30 18:56:52 -------- d-----w- C:\Users\Andy\AppData\Local\{4B94B4F6-D2C5-4A9D-8F8F-F9FA5F55ECC7}
2012-03-30 17:21:32 -------- d-----w- C:\Users\Andy\AppData\Local\{5E47F0C9-7417-4B8C-8C61-02072F357839}
2012-03-30 16:07:15 -------- d-----w- C:\Program Files (x86)\Safer Networking
2012-03-30 05:20:18 -------- d-----w- C:\Users\Andy\AppData\Roaming\Malwarebytes
2012-03-30 05:19:58 -------- d-----w- C:\ProgramData\Malwarebytes
2012-03-29 15:52:36 -------- d-----w- C:\Users\Andy\AppData\Local\{EEDAF42C-957E-4EE0-BA14-23E53C371BAF}
2012-03-28 23:07:26 -------- d-----w- C:\Users\Andy\AppData\Local\{EB8331C8-C335-4DA5-B92A-3B4F280D73EB}
2012-03-28 23:07:11 -------- d-----w- C:\Users\Andy\AppData\Local\{27E2ACAE-B79A-4169-851E-85A43BBC62E8}
2012-03-19 01:54:45 -------- d-----w- C:\Users\Andy\AppData\Local\{4098B37C-A1C4-4145-B159-122884C30F0E}
2012-03-19 01:54:31 -------- d-----w- C:\Users\Andy\AppData\Local\{80F8D8D1-F79A-40DA-B35C-5387689771F5}
2012-03-17 18:06:27 -------- d-----w- C:\Users\Andy\AppData\Local\{BCC7F426-7A01-4D85-AEBA-C0C31B23F0DB}
2012-03-16 18:49:43 -------- d-----w- C:\Users\Andy\AppData\Local\{BE513230-B01E-48AF-AC6D-0913036B56DE}
2012-03-16 18:49:30 -------- d-----w- C:\Users\Andy\AppData\Local\{4EF5912B-E3BA-480B-BBE5-8C4DD91CB729}
.
==================== Find3M ====================
.
2012-03-31 15:49:16 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-08 22:50:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2012-03-08 22:37:20 302448 ----a-w- C:\Windows\WLXPGSS.SCR
2012-03-06 06:53:37 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-06 05:59:47 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-06 05:59:41 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-19 01:12:07 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-07 20:27:03 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2012-02-07 20:27:03 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-02-07 18:59:13 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-02-07 18:59:13 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-02-07 15:02:40 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-01-31 12:44:20 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-01-25 06:38:39 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-01-25 06:38:38 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-01-25 06:33:30 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
.
============= FINISH: 23:13:14.40 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 07/02/2012 11:00:43 AM
System Uptime: 14/04/2012 10:57:06 PM (1 hours ago)
.
Motherboard: Hewlett-Packard | | 166A
Processor: Intel® Pentium® CPU P6300 @ 2.27GHz | CPU | 929/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 381.874 GiB free.
D: is FIXED (NTFS) - 14 GiB total, 2.33 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP65: 01/04/2012 10:29:50 PM - Removed AmpliTube X-GEAR
RP66: 08/04/2012 9:32:09 PM - Windows Update
RP67: 08/04/2012 9:40:03 PM - HPSF Applying updates
RP68: 09/04/2012 4:22:23 PM - Revo Uninstaller's restore point - Adobe Reader 9.5.0 MUI
RP69: 09/04/2012 4:23:10 PM - Removed Adobe Reader 9.5.0 MUI.
RP70: 09/04/2012 4:26:14 PM - Revo Uninstaller's restore point - jZip
RP71: 12/04/2012 1:33:13 AM - Windows Update
RP72: 12/04/2012 8:40:31 AM - Revo Uninstaller's restore point - Malwarebytes Anti-Malware version 1.61.0.1400
RP73: 14/04/2012 12:08:12 PM - Removed AVG 2012
RP74: 14/04/2012 12:09:19 PM - Removed AVG 2012
RP75: 14/04/2012 12:17:10 PM - Revo Uninstaller's restore point - SpywareBlaster 4.6
RP76: 14/04/2012 12:21:26 PM - Removed Soluto
RP77: 14/04/2012 12:42:43 PM - Windows Live Essentials
RP78: 14/04/2012 12:43:33 PM - Installed DirectX
RP79: 14/04/2012 12:43:52 PM - Installed DirectX
RP80: 14/04/2012 12:44:07 PM - WLSetup
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe Flash Player 11 ActiveX
AoA Audio Extractor
Apple Application Support
Apple Software Update
Audacity 1.3.14 (Unicode)
Audio Creator LE 1.5
Cakewalk Sound Center 1.0.0
Cisco Connect
CyberLink DVD Suite
CyberLink YouCam
D3DX10
Energy Star Digital Logo
ESU for Microsoft Windows 7
Google Earth
Google Update Helper
Guitar Pro 5.2
Hewlett-Packard ACLM.NET v1.1.2.0
HP CloudDrive
HP Customer Experience Enhancements
HP Documentation
HP On Screen Display
HP Power Manager
HP Quick Launch
HP Setup
HP Setup Manager
HP Software Framework
HP Support Assistant
IDT Audio
Intel® Control Center
Intel® Management Engine Components
Intel® Processor Graphics
Intel® Rapid Storage Technology
Junk Mail filter update
LabelPrint
LAME v3.99.3 (for Windows)
LightScribe System Software
Malwarebytes Anti-Malware version 1.61.0.1400
Mesh Runtime
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WSE 3.0 Runtime
Mp3tag v2.49b
MSVCRT
MSVCRT_amd64
Music Creator 5
ORF-Ski Challenge 2007
ORF-Ski Challenge 2009
ORF-Ski Challenge 2010
PlayReady PC Runtime x86
Power2Go
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek Ethernet Controller Driver
Realtek PCIE Card Reader
RealUpgrade 1.1
Recovery Manager
Revo Uninstaller 1.93
RoxioNow Player
Secunia PSI (2.0.0.4003)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Ski Challenge 12 (AT)
SlimComputer
swMSM
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Visual Studio 2008 x64 Redistributables
WD Discovery Software
Winamp
Winamp Detector Plug-in
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
14/04/2012 12:22:26 PM, Error: Service Control Manager [7034] - The Soluto PCGenome Core Service service terminated unexpectedly. It has done this 1 time(s).
14/04/2012 12:11:53 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR7.
13/04/2012 11:09:05 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR3.
11/04/2012 12:52:53 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR4.
10/04/2012 5:26:58 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
10/04/2012 11:13:47 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.
09/04/2012 2:11:55 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
08/04/2012 9:35:29 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.123.1222.0).
.
==== End Of File ===========================

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:21 PM

Posted 14 April 2012 - 10:38 PM

Hello Andy

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Cave71

Cave71
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:12:21 PM

Posted 14 April 2012 - 11:07 PM

Thanks Gringo! The laptop appears to be running well. I removed AVG this morning and replaced it with Microsoft Security Essentials. For some reason the AVG folder has been reappearing in my start menu after restarts. The program is gone, so I have just right click deleted it from the start menu. Not sure if that is a potential problem or not.

Here is the Combofix:

ComboFix 12-04-14.03 - Andy 14/04/2012 23:54:17.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.3894.2427 [GMT -4:00]
Running from: c:\users\Andy\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-03-15 to 2012-04-15 )))))))))))))))))))))))))))))))
.
.
2012-04-15 03:59 . 2012-04-15 03:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-15 03:15 . 2012-03-14 00:27 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B90E02C8-D050-493E-81E1-B5815C6847B4}\mpengine.dll
2012-04-14 16:49 . 2012-04-14 16:49 -------- d-----w- c:\users\Andy\AppData\Roaming\WinPatrol
2012-04-14 16:48 . 2012-04-14 16:48 -------- d-----w- c:\programdata\InstallMate
2012-04-14 16:48 . 2012-04-14 16:48 -------- d-----w- c:\program files (x86)\BillP Studios
2012-04-14 16:46 . 2012-04-14 16:46 -------- d-----w- c:\windows\en
2012-04-14 16:42 . 2012-04-14 16:42 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\9d6ec6461cd1a5d01\DSETUP.dll
2012-04-14 16:42 . 2012-04-14 16:42 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\9d6ec6461cd1a5d01\DXSETUP.exe
2012-04-14 16:42 . 2012-04-14 16:42 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\9d6ec6461cd1a5d01\dsetup32.dll
2012-04-14 16:42 . 2012-04-14 16:42 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\9db3ce2e1cd1a5d02\MeshBetaRemover.exe
2012-04-14 16:27 . 2012-04-14 16:27 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{774FB881-6259-4F09-9228-D7F95FCA3133}\gapaengine.dll
2012-04-14 16:25 . 2012-04-14 16:25 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-04-14 16:25 . 2012-04-14 16:25 -------- d-----w- c:\program files\Microsoft Security Client
2012-04-13 21:09 . 2012-04-13 21:09 -------- d-----w- c:\program files (x86)\Cisco Systems
2012-04-13 20:58 . 2012-04-13 20:58 -------- d-----w- c:\programdata\Cisco Systems
2012-04-13 14:00 . 2012-03-20 07:51 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CAF59FDB-0E23-45FB-A69E-38CF77B6DA2D}\mpengine.dll
2012-04-12 12:48 . 2012-04-12 12:49 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-12 12:48 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-12 05:33 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 05:33 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 05:33 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 05:33 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 05:33 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 05:33 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 05:33 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-01 15:52 . 2012-04-01 15:53 -------- d-----w- c:\users\Andy\Music Recording
2012-04-01 15:29 . 2012-04-01 15:29 -------- d-----w- c:\programdata\Synaptics
2012-04-01 15:27 . 2012-04-01 15:27 -------- d-----w- c:\program files\Synaptics
2012-03-31 15:49 . 2012-03-31 15:49 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-03-31 15:46 . 2012-03-31 15:46 -------- d-----w- c:\users\Andy\AppData\Local\Secunia PSI
2012-03-31 15:46 . 2012-03-31 15:46 -------- d-----w- c:\program files (x86)\Secunia
2012-03-31 05:49 . 2012-04-12 12:49 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE
2012-03-31 03:03 . 2012-03-31 03:03 -------- d-----w- c:\users\Andy\AppData\Roaming\SUPERAntiSpyware.com
2012-03-31 03:02 . 2012-03-31 03:03 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-31 03:02 . 2012-03-31 03:02 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-03-30 16:07 . 2012-03-30 16:07 -------- d-----w- c:\program files (x86)\Safer Networking
2012-03-30 05:20 . 2012-03-30 05:20 -------- d-----w- c:\users\Andy\AppData\Roaming\Malwarebytes
2012-03-30 05:19 . 2012-03-30 05:19 -------- d-----w- c:\programdata\Malwarebytes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-31 15:49 . 2012-02-15 15:26 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-11 20:52 . 2012-03-11 20:52 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-03-11 20:52 . 2012-03-11 20:52 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2012-03-08 22:50 . 2012-03-08 22:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-03-08 22:37 . 2012-03-08 22:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
2012-02-19 01:12 . 2010-12-30 01:28 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-17 06:38 . 2012-03-14 16:57 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 16:57 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 16:57 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 16:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 06:36 . 2012-03-14 16:57 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 16:57 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-08 01:04 . 2012-02-08 01:04 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-02-08 01:03 . 2012-02-08 01:03 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-02-08 01:03 . 2012-02-08 01:03 573776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-02-07 22:01 . 2012-02-07 22:01 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-02-07 20:27 . 2003-03-19 04:14 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-02-07 20:27 . 2003-02-21 12:42 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-02-07 18:59 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-02-07 18:59 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-02-07 17:35 . 2012-02-07 17:35 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-02-07 17:35 . 2012-02-07 17:35 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-02-07 17:35 . 2012-02-07 17:35 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-02-07 17:35 . 2012-02-07 17:35 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-02-07 17:35 . 2012-02-07 17:35 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-02-07 17:35 . 2012-02-07 17:35 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-02-07 17:35 . 2012-02-07 17:35 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-02-07 17:35 . 2012-02-07 17:35 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-02-07 17:35 . 2012-02-07 17:35 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-02-07 17:35 . 2012-02-07 17:35 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-02-07 17:35 . 2012-02-07 17:35 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-02-07 17:35 . 2012-02-07 17:35 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-02-07 17:35 . 2012-02-07 17:35 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-02-07 17:35 . 2012-02-07 17:35 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-02-07 17:35 . 2012-02-07 17:35 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-02-07 17:35 . 2012-02-07 17:35 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-02-07 17:35 . 2012-02-07 17:35 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-02-07 17:35 . 2012-02-07 17:35 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-02-07 17:35 . 2012-02-07 17:35 222208 ----a-w- c:\windows\system32\msls31.dll
2012-02-07 17:35 . 2012-02-07 17:35 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-02-07 17:35 . 2012-02-07 17:35 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-02-07 17:35 . 2012-02-07 17:35 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-02-07 17:35 . 2012-02-07 17:35 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-02-07 17:35 . 2012-02-07 17:35 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-02-07 17:35 . 2012-02-07 17:35 12288 ----a-w- c:\windows\system32\mshta.exe
2012-02-07 17:35 . 2012-02-07 17:35 114176 ----a-w- c:\windows\system32\admparse.dll
2012-02-07 17:35 . 2012-02-07 17:35 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-02-07 17:35 . 2012-02-07 17:35 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-02-07 17:35 . 2012-02-07 17:35 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-02-07 17:35 . 2012-02-07 17:35 448512 ----a-w- c:\windows\system32\html.iec
2012-02-07 17:35 . 2012-02-07 17:35 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-07 17:35 . 2012-02-07 17:35 160256 ----a-w- c:\windows\system32\wextract.exe
2012-02-07 17:35 . 2012-02-07 17:35 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-02-07 17:35 . 2012-02-07 17:35 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-02-07 15:02 . 2012-02-07 15:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-04 13:05 . 2012-02-04 13:05 1759744 ----a-w- c:\users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Audio Video Programs\foobar2000\foobar2000.exe
2012-02-04 13:05 . 2012-02-04 13:05 1398784 ----a-w- c:\users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Audio Video Programs\foobar2000\components\foo_input_std.dll
2012-02-04 13:04 . 2012-02-04 13:04 276480 ----a-w- c:\users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Audio Video Programs\foobar2000\components\foo_dsp_std.dll
2012-02-04 13:04 . 2012-02-04 13:04 359424 ----a-w- c:\users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Audio Video Programs\foobar2000\components\foo_albumlist.dll
2012-02-04 13:04 . 2012-02-04 13:04 914944 ----a-w- c:\users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Audio Video Programs\foobar2000\components\foo_ui_std.dll
2012-02-04 13:04 . 2012-02-04 13:04 485376 ----a-w- c:\users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Audio Video Programs\foobar2000\components\foo_converter.dll
2012-02-04 13:03 . 2012-02-04 13:03 299008 ----a-w- c:\users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Audio Video Programs\foobar2000\components\foo_cdda.dll
2012-02-04 13:03 . 2012-02-04 13:03 283136 ----a-w- c:\users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Audio Video Programs\foobar2000\components\foo_rgscan.dll
2012-02-04 13:02 . 2012-02-04 13:02 148480 ----a-w- c:\users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Audio Video Programs\foobar2000\shared.dll
2012-02-03 04:34 . 2012-03-14 16:57 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 12:44 . 2012-02-09 20:10 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-25 06:38 . 2012-03-14 16:57 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 06:38 . 2012-03-14 16:57 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 06:33 . 2012-03-14 16:57 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-11-22 2736128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-09-14 283160]
"IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2010-07-23 111640]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2010-12-13 318520]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2012-02-07 296056]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-07 421736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-29 1132320]
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-07 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 253600]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-07 136176]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-14 13336]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-09-11 399344]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-10-14 994360]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-07-23 2320920]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-11-22 21:18 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 15:49]
.
2012-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-07 20:39]
.
2012-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-07 20:39]
.
2012-04-09 c:\windows\Tasks\HPCeeScheduleForANDY-LAPTOP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
2012-04-15 c:\windows\Tasks\HPCeeScheduleForAndy.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-11-09 22:16 2238976 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-11-09 22:16 2238976 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-11-09 22:16 2238976 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-11-09 22:16 2238976 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-11-09 22:16 2238976 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-12-13 524800]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-09-01 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-09-01 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-09-01 416024]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\WinPatrol.exe" [2012-03-25 329312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ca.yahoo.com/?p=us
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://ca.search.yahoo.com/search?p=%s&type=HPNTDF&fr=chr-hp-psg
TCP: DhcpNameServer = 64.71.255.198 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-SolutoService
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-04-15 00:02:15
ComboFix-quarantined-files.txt 2012-04-15 04:02
.
Pre-Run: 409,557,508,096 bytes free
Post-Run: 409,170,874,368 bytes free
.
- - End Of File - - E7279CDEFF12A2341F650D177015B2D5

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:21 PM

Posted 14 April 2012 - 11:31 PM

Greetings

That report looks pretty good but I will still give it a good check up while we are here.

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Cave71

Cave71
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:12:21 PM

Posted 15 April 2012 - 12:10 AM

No new issues to report. running well. I was able to get rid of that avg folder that I had mentioned before.

Thanks!

Here are the new logs:

00:49:00.0868 5916 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
00:49:01.0461 5916 ============================================================
00:49:01.0461 5916 Current date / time: 2012/04/15 00:49:01.0461
00:49:01.0461 5916 SystemInfo:
00:49:01.0461 5916
00:49:01.0461 5916 OS Version: 6.1.7601 ServicePack: 1.0
00:49:01.0461 5916 Product type: Workstation
00:49:01.0461 5916 ComputerName: ANDY-LAPTOP
00:49:01.0461 5916 UserName: Andy
00:49:01.0461 5916 Windows directory: C:\Windows
00:49:01.0461 5916 System windows directory: C:\Windows
00:49:01.0461 5916 Running under WOW64
00:49:01.0461 5916 Processor architecture: Intel x64
00:49:01.0461 5916 Number of processors: 2
00:49:01.0461 5916 Page size: 0x1000
00:49:01.0461 5916 Boot type: Normal boot
00:49:01.0461 5916 ============================================================
00:49:02.0007 5916 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:49:02.0007 5916 \Device\Harddisk0\DR0:
00:49:02.0007 5916 MBR used
00:49:02.0007 5916 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
00:49:02.0007 5916 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x38607800
00:49:02.0007 5916 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3866B800, BlocksNum 0x1CE6800
00:49:02.0007 5916 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
00:49:02.0132 5916 Initialize success
00:49:02.0132 5916 ============================================================
00:49:07.0186 5784 ============================================================
00:49:07.0186 5784 Scan started
00:49:07.0186 5784 Mode: Manual;
00:49:07.0186 5784 ============================================================
00:49:07.0498 5784 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
00:49:07.0498 5784 !SASCORE - ok
00:49:07.0623 5784 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
00:49:07.0623 5784 1394ohci - ok
00:49:07.0685 5784 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
00:49:07.0701 5784 ACPI - ok
00:49:07.0748 5784 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
00:49:07.0748 5784 AcpiPmi - ok
00:49:07.0841 5784 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
00:49:07.0857 5784 AdobeFlashPlayerUpdateSvc - ok
00:49:07.0966 5784 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
00:49:07.0966 5784 adp94xx - ok
00:49:08.0013 5784 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
00:49:08.0013 5784 adpahci - ok
00:49:08.0044 5784 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
00:49:08.0044 5784 adpu320 - ok
00:49:08.0075 5784 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
00:49:08.0075 5784 AeLookupSvc - ok
00:49:08.0153 5784 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
00:49:08.0153 5784 AFD - ok
00:49:08.0231 5784 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
00:49:08.0231 5784 agp440 - ok
00:49:08.0278 5784 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
00:49:08.0278 5784 ALG - ok
00:49:08.0341 5784 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
00:49:08.0341 5784 aliide - ok
00:49:08.0356 5784 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
00:49:08.0372 5784 amdide - ok
00:49:08.0403 5784 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
00:49:08.0403 5784 AmdK8 - ok
00:49:08.0434 5784 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
00:49:08.0434 5784 AmdPPM - ok
00:49:08.0465 5784 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
00:49:08.0465 5784 amdsata - ok
00:49:08.0481 5784 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
00:49:08.0497 5784 amdsbs - ok
00:49:08.0512 5784 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
00:49:08.0512 5784 amdxata - ok
00:49:08.0575 5784 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
00:49:08.0575 5784 AppID - ok
00:49:08.0606 5784 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
00:49:08.0621 5784 AppIDSvc - ok
00:49:08.0637 5784 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
00:49:08.0653 5784 Appinfo - ok
00:49:08.0762 5784 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
00:49:08.0762 5784 Apple Mobile Device - ok
00:49:08.0887 5784 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
00:49:08.0887 5784 arc - ok
00:49:08.0918 5784 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
00:49:08.0918 5784 arcsas - ok
00:49:08.0949 5784 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
00:49:08.0949 5784 AsyncMac - ok
00:49:08.0980 5784 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
00:49:08.0996 5784 atapi - ok
00:49:09.0058 5784 athr (e857eee6b92aaa473ebb3465add8f7e7) C:\Windows\system32\DRIVERS\athrx.sys
00:49:09.0089 5784 athr - ok
00:49:09.0199 5784 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
00:49:09.0214 5784 AudioEndpointBuilder - ok
00:49:09.0245 5784 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
00:49:09.0245 5784 AudioSrv - ok
00:49:09.0323 5784 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
00:49:09.0323 5784 AxInstSV - ok
00:49:09.0370 5784 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
00:49:09.0386 5784 b06bdrv - ok
00:49:09.0433 5784 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
00:49:09.0448 5784 b57nd60a - ok
00:49:09.0557 5784 BCM43XX (0e7a9264576b40638a3fbc804de1ff76) C:\Windows\system32\DRIVERS\bcmwl664.sys
00:49:09.0573 5784 BCM43XX - ok
00:49:09.0604 5784 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
00:49:09.0604 5784 BDESVC - ok
00:49:09.0667 5784 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
00:49:09.0667 5784 Beep - ok
00:49:09.0729 5784 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
00:49:09.0760 5784 BFE - ok
00:49:09.0807 5784 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
00:49:09.0823 5784 BITS - ok
00:49:09.0885 5784 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
00:49:09.0885 5784 blbdrive - ok
00:49:09.0947 5784 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
00:49:09.0963 5784 Bonjour Service - ok
00:49:10.0025 5784 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
00:49:10.0041 5784 bowser - ok
00:49:10.0072 5784 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
00:49:10.0072 5784 BrFiltLo - ok
00:49:10.0088 5784 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
00:49:10.0103 5784 BrFiltUp - ok
00:49:10.0228 5784 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
00:49:10.0228 5784 BridgeMP - ok
00:49:10.0259 5784 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
00:49:10.0259 5784 Browser - ok
00:49:10.0291 5784 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
00:49:10.0306 5784 Brserid - ok
00:49:10.0322 5784 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
00:49:10.0322 5784 BrSerWdm - ok
00:49:10.0353 5784 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
00:49:10.0353 5784 BrUsbMdm - ok
00:49:10.0384 5784 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
00:49:10.0384 5784 BrUsbSer - ok
00:49:10.0447 5784 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
00:49:10.0447 5784 BthEnum - ok
00:49:10.0525 5784 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
00:49:10.0525 5784 BTHMODEM - ok
00:49:10.0571 5784 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
00:49:10.0571 5784 BthPan - ok
00:49:10.0603 5784 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
00:49:10.0618 5784 BTHPORT - ok
00:49:10.0665 5784 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
00:49:10.0665 5784 bthserv - ok
00:49:10.0712 5784 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
00:49:10.0712 5784 BTHUSB - ok
00:49:10.0759 5784 btwampfl (7a2ce8c1bf4daa1f2766e21e9ca11078) C:\Windows\system32\drivers\btwampfl.sys
00:49:10.0759 5784 btwampfl - ok
00:49:10.0837 5784 btwaudio (a75bf6802a967f5aacecc3c67febdf55) C:\Windows\system32\drivers\btwaudio.sys
00:49:10.0837 5784 btwaudio - ok
00:49:10.0852 5784 btwavdt (d895dc213edbda5fcc53aad1f1e0e63b) C:\Windows\system32\drivers\btwavdt.sys
00:49:10.0852 5784 btwavdt - ok
00:49:10.0946 5784 btwdins (692f8648d7686d91e34a65ac698019d8) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
00:49:10.0946 5784 btwdins - ok
00:49:11.0039 5784 btwl2cap (07096d2bc22ccb6cea5a532df0be8a75) C:\Windows\system32\DRIVERS\btwl2cap.sys
00:49:11.0039 5784 btwl2cap - ok
00:49:11.0071 5784 btwrchid (6d7aa2bde0135599c5f230d69db3b420) C:\Windows\system32\DRIVERS\btwrchid.sys
00:49:11.0071 5784 btwrchid - ok
00:49:11.0102 5784 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
00:49:11.0102 5784 cdfs - ok
00:49:11.0164 5784 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
00:49:11.0164 5784 cdrom - ok
00:49:11.0195 5784 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
00:49:11.0195 5784 CertPropSvc - ok
00:49:11.0258 5784 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
00:49:11.0258 5784 circlass - ok
00:49:11.0305 5784 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
00:49:11.0305 5784 CLFS - ok
00:49:11.0383 5784 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:49:11.0383 5784 clr_optimization_v2.0.50727_32 - ok
00:49:11.0429 5784 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:49:11.0429 5784 clr_optimization_v2.0.50727_64 - ok
00:49:11.0523 5784 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:49:11.0523 5784 clr_optimization_v4.0.30319_32 - ok
00:49:11.0554 5784 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:49:11.0554 5784 clr_optimization_v4.0.30319_64 - ok
00:49:11.0632 5784 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys
00:49:11.0632 5784 clwvd - ok
00:49:11.0679 5784 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
00:49:11.0679 5784 CmBatt - ok
00:49:11.0710 5784 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
00:49:11.0710 5784 cmdide - ok
00:49:11.0741 5784 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
00:49:11.0757 5784 CNG - ok
00:49:11.0788 5784 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
00:49:11.0788 5784 Compbatt - ok
00:49:11.0835 5784 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
00:49:11.0835 5784 CompositeBus - ok
00:49:11.0851 5784 COMSysApp - ok
00:49:11.0866 5784 cpuz135 - ok
00:49:11.0913 5784 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
00:49:11.0913 5784 crcdisk - ok
00:49:11.0960 5784 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
00:49:11.0960 5784 CryptSvc - ok
00:49:12.0007 5784 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
00:49:12.0022 5784 DcomLaunch - ok
00:49:12.0053 5784 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
00:49:12.0053 5784 defragsvc - ok
00:49:12.0100 5784 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
00:49:12.0100 5784 DfsC - ok
00:49:12.0163 5784 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
00:49:12.0163 5784 Dhcp - ok
00:49:12.0209 5784 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
00:49:12.0209 5784 discache - ok
00:49:12.0241 5784 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
00:49:12.0241 5784 Disk - ok
00:49:12.0287 5784 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
00:49:12.0287 5784 Dnscache - ok
00:49:12.0319 5784 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
00:49:12.0319 5784 dot3svc - ok
00:49:12.0365 5784 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
00:49:12.0365 5784 DPS - ok
00:49:12.0412 5784 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
00:49:12.0412 5784 drmkaud - ok
00:49:12.0459 5784 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
00:49:12.0459 5784 DXGKrnl - ok
00:49:12.0521 5784 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
00:49:12.0521 5784 EapHost - ok
00:49:12.0615 5784 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
00:49:12.0709 5784 ebdrv - ok
00:49:12.0724 5784 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
00:49:12.0724 5784 EFS - ok
00:49:12.0787 5784 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
00:49:12.0802 5784 ehRecvr - ok
00:49:12.0818 5784 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
00:49:12.0818 5784 ehSched - ok
00:49:12.0911 5784 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
00:49:12.0911 5784 elxstor - ok
00:49:12.0943 5784 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
00:49:12.0943 5784 ErrDev - ok
00:49:13.0021 5784 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
00:49:13.0021 5784 EventSystem - ok
00:49:13.0067 5784 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
00:49:13.0067 5784 exfat - ok
00:49:13.0099 5784 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
00:49:13.0099 5784 fastfat - ok
00:49:13.0161 5784 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
00:49:13.0177 5784 Fax - ok
00:49:13.0223 5784 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
00:49:13.0223 5784 fdc - ok
00:49:13.0255 5784 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
00:49:13.0255 5784 fdPHost - ok
00:49:13.0270 5784 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
00:49:13.0270 5784 FDResPub - ok
00:49:13.0301 5784 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
00:49:13.0301 5784 FileInfo - ok
00:49:13.0317 5784 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
00:49:13.0317 5784 Filetrace - ok
00:49:13.0333 5784 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
00:49:13.0348 5784 flpydisk - ok
00:49:13.0395 5784 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
00:49:13.0395 5784 FltMgr - ok
00:49:13.0442 5784 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
00:49:13.0473 5784 FontCache - ok
00:49:13.0551 5784 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:49:13.0551 5784 FontCache3.0.0.0 - ok
00:49:13.0613 5784 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
00:49:13.0613 5784 FsDepends - ok
00:49:13.0660 5784 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
00:49:13.0660 5784 Fs_Rec - ok
00:49:13.0707 5784 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
00:49:13.0707 5784 fvevol - ok
00:49:13.0754 5784 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
00:49:13.0754 5784 gagp30kx - ok
00:49:13.0785 5784 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
00:49:13.0785 5784 GEARAspiWDM - ok
00:49:13.0816 5784 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
00:49:13.0847 5784 gpsvc - ok
00:49:13.0925 5784 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:49:13.0925 5784 gupdate - ok
00:49:13.0941 5784 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:49:13.0941 5784 gupdatem - ok
00:49:14.0019 5784 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
00:49:14.0019 5784 hcw85cir - ok
00:49:14.0081 5784 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
00:49:14.0081 5784 HdAudAddService - ok
00:49:14.0128 5784 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
00:49:14.0128 5784 HDAudBus - ok
00:49:14.0159 5784 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
00:49:14.0159 5784 HECIx64 - ok
00:49:14.0191 5784 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
00:49:14.0191 5784 HidBatt - ok
00:49:14.0191 5784 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
00:49:14.0206 5784 HidBth - ok
00:49:14.0222 5784 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
00:49:14.0222 5784 HidIr - ok
00:49:14.0253 5784 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
00:49:14.0253 5784 hidserv - ok
00:49:14.0315 5784 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
00:49:14.0315 5784 HidUsb - ok
00:49:14.0347 5784 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
00:49:14.0347 5784 hkmsvc - ok
00:49:14.0378 5784 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
00:49:14.0378 5784 HomeGroupListener - ok
00:49:14.0409 5784 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
00:49:14.0409 5784 HomeGroupProvider - ok
00:49:14.0534 5784 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
00:49:14.0534 5784 HP Support Assistant Service - ok
00:49:14.0627 5784 HP Wireless Assistant Service (c930128c8f8ff03d8f8c42b570920d56) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
00:49:14.0627 5784 HP Wireless Assistant Service - ok
00:49:14.0674 5784 HPClientSvc (3dc11a802353401332d49c3cbfbbe5fc) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
00:49:14.0674 5784 HPClientSvc - ok
00:49:14.0783 5784 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
00:49:14.0783 5784 HPDrvMntSvc.exe - ok
00:49:14.0815 5784 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
00:49:14.0830 5784 hpqwmiex - ok
00:49:14.0939 5784 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
00:49:14.0939 5784 HpSAMD - ok
00:49:15.0017 5784 HPWMISVC (f630dd7564ebb7248a13b1cc774d9ea6) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
00:49:15.0017 5784 HPWMISVC - ok
00:49:15.0127 5784 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
00:49:15.0142 5784 HTTP - ok
00:49:15.0173 5784 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
00:49:15.0173 5784 hwpolicy - ok
00:49:15.0220 5784 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
00:49:15.0220 5784 i8042prt - ok
00:49:15.0267 5784 iaStor (f7ce9be72edac499b713eca6dae5d26f) C:\Windows\system32\DRIVERS\iaStor.sys
00:49:15.0267 5784 iaStor - ok
00:49:15.0345 5784 IAStorDataMgrSvc (b25f192ea1f84a316eb7c19efcccf33d) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
00:49:15.0345 5784 IAStorDataMgrSvc - ok
00:49:15.0439 5784 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
00:49:15.0439 5784 iaStorV - ok
00:49:15.0517 5784 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:49:15.0532 5784 idsvc - ok
00:49:15.0797 5784 igfx (0d1b8c64bdf0e5cdc523a1409ffb5ef0) C:\Windows\system32\DRIVERS\igdkmd64.sys
00:49:16.0031 5784 igfx - ok
00:49:16.0078 5784 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
00:49:16.0078 5784 iirsp - ok
00:49:16.0125 5784 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
00:49:16.0156 5784 IKEEXT - ok
00:49:16.0203 5784 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
00:49:16.0203 5784 Impcd - ok
00:49:16.0265 5784 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
00:49:16.0281 5784 IntcDAud - ok
00:49:16.0297 5784 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
00:49:16.0312 5784 intelide - ok
00:49:16.0343 5784 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
00:49:16.0343 5784 intelppm - ok
00:49:16.0375 5784 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
00:49:16.0375 5784 IPBusEnum - ok
00:49:16.0421 5784 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:49:16.0421 5784 IpFilterDriver - ok
00:49:16.0453 5784 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
00:49:16.0468 5784 iphlpsvc - ok
00:49:16.0499 5784 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
00:49:16.0499 5784 IPMIDRV - ok
00:49:16.0546 5784 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
00:49:16.0546 5784 IPNAT - ok
00:49:16.0609 5784 iPod Service (755e4ba6dce627a2683bb7640553c8d6) C:\Program Files\iPod\bin\iPodService.exe
00:49:16.0609 5784 iPod Service - ok
00:49:16.0702 5784 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
00:49:16.0702 5784 IRENUM - ok
00:49:16.0749 5784 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
00:49:16.0749 5784 isapnp - ok
00:49:16.0796 5784 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
00:49:16.0796 5784 iScsiPrt - ok
00:49:16.0843 5784 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
00:49:16.0843 5784 kbdclass - ok
00:49:16.0889 5784 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
00:49:16.0889 5784 kbdhid - ok
00:49:16.0936 5784 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:49:16.0936 5784 KeyIso - ok
00:49:16.0952 5784 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
00:49:16.0952 5784 KSecDD - ok
00:49:16.0999 5784 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
00:49:16.0999 5784 KSecPkg - ok
00:49:17.0014 5784 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
00:49:17.0030 5784 ksthunk - ok
00:49:17.0061 5784 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
00:49:17.0061 5784 KtmRm - ok
00:49:17.0108 5784 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
00:49:17.0108 5784 LanmanServer - ok
00:49:17.0139 5784 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
00:49:17.0139 5784 LanmanWorkstation - ok
00:49:17.0233 5784 LightScribeService (fa4a45c179ab0e0f1a31b9751d4b18d7) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
00:49:17.0233 5784 LightScribeService - ok
00:49:17.0342 5784 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
00:49:17.0342 5784 lltdio - ok
00:49:17.0373 5784 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
00:49:17.0373 5784 lltdsvc - ok
00:49:17.0389 5784 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
00:49:17.0389 5784 lmhosts - ok
00:49:17.0498 5784 LMS (0405f4bcd1c7a7b309f620fe0b5de5e6) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
00:49:17.0498 5784 LMS - ok
00:49:17.0591 5784 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
00:49:17.0591 5784 LSI_FC - ok
00:49:17.0607 5784 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
00:49:17.0607 5784 LSI_SAS - ok
00:49:17.0638 5784 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
00:49:17.0638 5784 LSI_SAS2 - ok
00:49:17.0669 5784 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
00:49:17.0669 5784 LSI_SCSI - ok
00:49:17.0685 5784 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
00:49:17.0685 5784 luafv - ok
00:49:17.0810 5784 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
00:49:17.0810 5784 MBAMProtector - ok
00:49:17.0919 5784 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
00:49:17.0935 5784 MBAMService - ok
00:49:17.0997 5784 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
00:49:17.0997 5784 Mcx2Svc - ok
00:49:18.0044 5784 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
00:49:18.0044 5784 megasas - ok
00:49:18.0059 5784 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
00:49:18.0075 5784 MegaSR - ok
00:49:18.0106 5784 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
00:49:18.0122 5784 MMCSS - ok
00:49:18.0137 5784 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
00:49:18.0137 5784 Modem - ok
00:49:18.0153 5784 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
00:49:18.0153 5784 monitor - ok
00:49:18.0215 5784 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
00:49:18.0215 5784 mouclass - ok
00:49:18.0278 5784 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
00:49:18.0278 5784 mouhid - ok
00:49:18.0309 5784 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
00:49:18.0309 5784 mountmgr - ok
00:49:18.0371 5784 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
00:49:18.0371 5784 MpFilter - ok
00:49:18.0418 5784 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
00:49:18.0418 5784 mpio - ok
00:49:18.0512 5784 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
00:49:18.0512 5784 MpNWMon - ok
00:49:18.0543 5784 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
00:49:18.0559 5784 mpsdrv - ok
00:49:18.0590 5784 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
00:49:18.0621 5784 MpsSvc - ok
00:49:18.0668 5784 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
00:49:18.0683 5784 MRxDAV - ok
00:49:18.0730 5784 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:49:18.0730 5784 mrxsmb - ok
00:49:18.0746 5784 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:49:18.0777 5784 mrxsmb10 - ok
00:49:18.0793 5784 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:49:18.0793 5784 mrxsmb20 - ok
00:49:18.0824 5784 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
00:49:18.0824 5784 msahci - ok
00:49:18.0855 5784 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
00:49:18.0855 5784 msdsm - ok
00:49:18.0902 5784 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
00:49:18.0902 5784 MSDTC - ok
00:49:18.0933 5784 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
00:49:18.0933 5784 Msfs - ok
00:49:18.0964 5784 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
00:49:18.0964 5784 mshidkmdf - ok
00:49:18.0995 5784 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
00:49:18.0995 5784 msisadrv - ok
00:49:19.0042 5784 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
00:49:19.0042 5784 MSiSCSI - ok
00:49:19.0058 5784 msiserver - ok
00:49:19.0089 5784 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
00:49:19.0089 5784 MSKSSRV - ok
00:49:19.0229 5784 MsMpSvc (157e9e498206a3366baa7e4697bdd947) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
00:49:19.0229 5784 MsMpSvc - ok
00:49:19.0307 5784 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
00:49:19.0307 5784 MSPCLOCK - ok
00:49:19.0339 5784 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
00:49:19.0339 5784 MSPQM - ok
00:49:19.0370 5784 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
00:49:19.0370 5784 MsRPC - ok
00:49:19.0401 5784 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
00:49:19.0401 5784 mssmbios - ok
00:49:19.0448 5784 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
00:49:19.0448 5784 MSTEE - ok
00:49:19.0448 5784 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
00:49:19.0448 5784 MTConfig - ok
00:49:19.0479 5784 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
00:49:19.0479 5784 Mup - ok
00:49:19.0510 5784 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
00:49:19.0526 5784 napagent - ok
00:49:19.0588 5784 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
00:49:19.0588 5784 NativeWifiP - ok
00:49:19.0651 5784 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
00:49:19.0666 5784 NDIS - ok
00:49:19.0744 5784 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
00:49:19.0744 5784 NdisCap - ok
00:49:19.0775 5784 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
00:49:19.0775 5784 NdisTapi - ok
00:49:19.0822 5784 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
00:49:19.0822 5784 Ndisuio - ok
00:49:19.0853 5784 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
00:49:19.0853 5784 NdisWan - ok
00:49:19.0900 5784 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
00:49:19.0900 5784 NDProxy - ok
00:49:19.0947 5784 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
00:49:19.0947 5784 NetBIOS - ok
00:49:19.0978 5784 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
00:49:19.0978 5784 NetBT - ok
00:49:20.0009 5784 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:49:20.0009 5784 Netlogon - ok
00:49:20.0056 5784 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
00:49:20.0072 5784 Netman - ok
00:49:20.0087 5784 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
00:49:20.0119 5784 netprofm - ok
00:49:20.0197 5784 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:49:20.0197 5784 NetTcpPortSharing - ok
00:49:20.0368 5784 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
00:49:20.0477 5784 netw5v64 - ok
00:49:20.0509 5784 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
00:49:20.0509 5784 nfrd960 - ok
00:49:20.0587 5784 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
00:49:20.0587 5784 NisDrv - ok
00:49:20.0696 5784 NisSrv (566ddd5d82520da01d75f81428ac4c38) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
00:49:20.0711 5784 NisSrv - ok
00:49:20.0805 5784 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
00:49:20.0805 5784 NlaSvc - ok
00:49:20.0852 5784 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
00:49:20.0852 5784 Npfs - ok
00:49:20.0867 5784 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
00:49:20.0883 5784 nsi - ok
00:49:20.0899 5784 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
00:49:20.0899 5784 nsiproxy - ok
00:49:20.0961 5784 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
00:49:20.0992 5784 Ntfs - ok
00:49:21.0008 5784 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
00:49:21.0023 5784 Null - ok
00:49:21.0055 5784 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
00:49:21.0055 5784 nvraid - ok
00:49:21.0086 5784 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
00:49:21.0101 5784 nvstor - ok
00:49:21.0117 5784 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
00:49:21.0117 5784 nv_agp - ok
00:49:21.0226 5784 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
00:49:21.0242 5784 odserv - ok
00:49:21.0320 5784 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
00:49:21.0320 5784 ohci1394 - ok
00:49:21.0429 5784 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:49:21.0429 5784 ose - ok
00:49:21.0507 5784 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
00:49:21.0523 5784 p2pimsvc - ok
00:49:21.0554 5784 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
00:49:21.0554 5784 p2psvc - ok
00:49:21.0601 5784 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
00:49:21.0601 5784 Parport - ok
00:49:21.0616 5784 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
00:49:21.0616 5784 partmgr - ok
00:49:21.0632 5784 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
00:49:21.0632 5784 PcaSvc - ok
00:49:21.0679 5784 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
00:49:21.0679 5784 pci - ok
00:49:21.0710 5784 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
00:49:21.0710 5784 pciide - ok
00:49:21.0741 5784 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
00:49:21.0757 5784 pcmcia - ok
00:49:21.0772 5784 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
00:49:21.0772 5784 pcw - ok
00:49:21.0803 5784 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
00:49:21.0819 5784 PEAUTH - ok
00:49:21.0850 5784 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
00:49:21.0850 5784 PerfHost - ok
00:49:21.0944 5784 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
00:49:21.0975 5784 pla - ok
00:49:22.0022 5784 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
00:49:22.0022 5784 PlugPlay - ok
00:49:22.0053 5784 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
00:49:22.0053 5784 PNRPAutoReg - ok
00:49:22.0069 5784 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
00:49:22.0084 5784 PNRPsvc - ok
00:49:22.0131 5784 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
00:49:22.0131 5784 PolicyAgent - ok
00:49:22.0162 5784 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
00:49:22.0162 5784 Power - ok
00:49:22.0225 5784 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
00:49:22.0240 5784 PptpMiniport - ok
00:49:22.0256 5784 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
00:49:22.0271 5784 Processor - ok
00:49:22.0303 5784 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
00:49:22.0318 5784 ProfSvc - ok
00:49:22.0334 5784 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:49:22.0334 5784 ProtectedStorage - ok
00:49:22.0381 5784 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
00:49:22.0381 5784 Psched - ok
00:49:22.0490 5784 PSI (fb46e9a827a8799ebd7bfa9128c91f37) C:\Windows\system32\DRIVERS\psi_mf.sys
00:49:22.0490 5784 PSI - ok
00:49:22.0552 5784 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
00:49:22.0583 5784 ql2300 - ok
00:49:22.0599 5784 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
00:49:22.0599 5784 ql40xx - ok
00:49:22.0646 5784 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
00:49:22.0661 5784 QWAVE - ok
00:49:22.0693 5784 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
00:49:22.0693 5784 QWAVEdrv - ok
00:49:22.0739 5784 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
00:49:22.0739 5784 RasAcd - ok
00:49:22.0771 5784 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
00:49:22.0771 5784 RasAgileVpn - ok
00:49:22.0802 5784 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
00:49:22.0802 5784 RasAuto - ok
00:49:22.0849 5784 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:49:22.0864 5784 Rasl2tp - ok
00:49:22.0895 5784 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
00:49:22.0895 5784 RasMan - ok
00:49:22.0942 5784 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
00:49:22.0942 5784 RasPppoe - ok
00:49:22.0989 5784 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
00:49:22.0989 5784 RasSstp - ok
00:49:23.0020 5784 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
00:49:23.0036 5784 rdbss - ok
00:49:23.0051 5784 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
00:49:23.0051 5784 rdpbus - ok
00:49:23.0067 5784 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:49:23.0067 5784 RDPCDD - ok
00:49:23.0098 5784 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
00:49:23.0098 5784 RDPENCDD - ok
00:49:23.0176 5784 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
00:49:23.0176 5784 RDPREFMP - ok
00:49:23.0254 5784 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
00:49:23.0270 5784 RDPWD - ok
00:49:23.0317 5784 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
00:49:23.0317 5784 rdyboost - ok
00:49:23.0348 5784 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
00:49:23.0348 5784 RemoteAccess - ok
00:49:23.0395 5784 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
00:49:23.0395 5784 RemoteRegistry - ok
00:49:23.0457 5784 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
00:49:23.0457 5784 RFCOMM - ok
00:49:23.0566 5784 RoxioNow Service (c1568e17039b2ec2b73a4f880ddd51e5) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
00:49:23.0582 5784 RoxioNow Service - ok
00:49:23.0660 5784 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
00:49:23.0675 5784 RpcEptMapper - ok
00:49:23.0707 5784 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
00:49:23.0707 5784 RpcLocator - ok
00:49:23.0738 5784 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
00:49:23.0753 5784 RpcSs - ok
00:49:23.0816 5784 RSPCIESTOR (ca327a84085f68200452e6761f943298) C:\Windows\system32\DRIVERS\RtsPStor.sys
00:49:23.0816 5784 RSPCIESTOR - ok
00:49:23.0863 5784 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
00:49:23.0863 5784 rspndr - ok
00:49:23.0956 5784 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
00:49:23.0956 5784 RTL8167 - ok
00:49:23.0987 5784 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:49:24.0003 5784 SamSs - ok
00:49:24.0050 5784 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
00:49:24.0050 5784 SASDIFSV - ok
00:49:24.0065 5784 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
00:49:24.0065 5784 SASKUTIL - ok
00:49:24.0159 5784 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
00:49:24.0159 5784 sbp2port - ok
00:49:24.0190 5784 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
00:49:24.0206 5784 SCardSvr - ok
00:49:24.0221 5784 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
00:49:24.0237 5784 scfilter - ok
00:49:24.0268 5784 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
00:49:24.0299 5784 Schedule - ok
00:49:24.0331 5784 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
00:49:24.0346 5784 SCPolicySvc - ok
00:49:24.0393 5784 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
00:49:24.0393 5784 sdbus - ok
00:49:24.0440 5784 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
00:49:24.0440 5784 SDRSVC - ok
00:49:24.0471 5784 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
00:49:24.0471 5784 secdrv - ok
00:49:24.0502 5784 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
00:49:24.0502 5784 seclogon - ok
00:49:24.0596 5784 Secunia PSI Agent (5b66db4877bbac9f7493aa8d84421e49) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
00:49:24.0596 5784 Secunia PSI Agent - ok
00:49:24.0627 5784 Secunia Update Agent (0e88fdf474f2cdd370a4a6ce77d018f0) C:\Program Files (x86)\Secunia\PSI\sua.exe
00:49:24.0627 5784 Secunia Update Agent - ok
00:49:24.0705 5784 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
00:49:24.0705 5784 SENS - ok
00:49:24.0767 5784 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
00:49:24.0767 5784 SensrSvc - ok
00:49:24.0814 5784 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
00:49:24.0814 5784 Serenum - ok
00:49:24.0830 5784 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
00:49:24.0830 5784 Serial - ok
00:49:24.0861 5784 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
00:49:24.0877 5784 sermouse - ok
00:49:24.0908 5784 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
00:49:24.0908 5784 SessionEnv - ok
00:49:24.0939 5784 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
00:49:24.0955 5784 sffdisk - ok
00:49:24.0970 5784 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
00:49:24.0970 5784 sffp_mmc - ok
00:49:24.0986 5784 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
00:49:24.0986 5784 sffp_sd - ok
00:49:25.0017 5784 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
00:49:25.0017 5784 sfloppy - ok
00:49:25.0064 5784 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
00:49:25.0064 5784 SharedAccess - ok
00:49:25.0095 5784 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
00:49:25.0111 5784 ShellHWDetection - ok
00:49:25.0157 5784 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
00:49:25.0157 5784 SiSRaid2 - ok
00:49:25.0173 5784 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
00:49:25.0189 5784 SiSRaid4 - ok
00:49:25.0220 5784 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
00:49:25.0220 5784 Smb - ok
00:49:25.0267 5784 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
00:49:25.0267 5784 SNMPTRAP - ok
00:49:25.0298 5784 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
00:49:25.0298 5784 spldr - ok
00:49:25.0345 5784 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
00:49:25.0345 5784 Spooler - ok
00:49:25.0438 5784 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
00:49:25.0516 5784 sppsvc - ok
00:49:25.0563 5784 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
00:49:25.0563 5784 sppuinotify - ok
00:49:25.0610 5784 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
00:49:25.0625 5784 srv - ok
00:49:25.0641 5784 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
00:49:25.0641 5784 srv2 - ok
00:49:25.0703 5784 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
00:49:25.0703 5784 SrvHsfHDA - ok
00:49:25.0750 5784 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
00:49:25.0781 5784 SrvHsfV92 - ok
00:49:25.0813 5784 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
00:49:25.0844 5784 SrvHsfWinac - ok
00:49:25.0875 5784 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
00:49:25.0875 5784 srvnet - ok
00:49:25.0937 5784 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
00:49:25.0937 5784 SSDPSRV - ok
00:49:25.0953 5784 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
00:49:25.0953 5784 SstpSvc - ok
00:49:26.0031 5784 STacSV (7c49a5e1943afda4672d80726af3bae4) C:\Program Files\IDT\WDM\STacSV64.exe
00:49:26.0031 5784 STacSV - ok
00:49:26.0125 5784 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
00:49:26.0125 5784 stexstor - ok
00:49:26.0187 5784 STHDA (0aad250a31a7ee96e0945ab9e1f3baa7) C:\Windows\system32\DRIVERS\stwrt64.sys
00:49:26.0187 5784 STHDA - ok
00:49:26.0249 5784 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
00:49:26.0265 5784 stisvc - ok
00:49:26.0296 5784 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
00:49:26.0296 5784 swenum - ok
00:49:26.0343 5784 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
00:49:26.0343 5784 swprv - ok
00:49:26.0405 5784 SynTP (ac3cc98b1bdb6540021d3ffb105ac2b9) C:\Windows\system32\DRIVERS\SynTP.sys
00:49:26.0405 5784 SynTP - ok
00:49:26.0468 5784 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
00:49:26.0515 5784 SysMain - ok
00:49:26.0546 5784 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
00:49:26.0561 5784 TabletInputService - ok
00:49:26.0593 5784 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
00:49:26.0593 5784 TapiSrv - ok
00:49:26.0639 5784 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
00:49:26.0639 5784 TBS - ok
00:49:26.0717 5784 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
00:49:26.0764 5784 Tcpip - ok
00:49:26.0842 5784 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
00:49:26.0842 5784 TCPIP6 - ok
00:49:26.0920 5784 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
00:49:26.0920 5784 tcpipreg - ok
00:49:26.0951 5784 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
00:49:26.0951 5784 TDPIPE - ok
00:49:26.0998 5784 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
00:49:26.0998 5784 TDTCP - ok
00:49:27.0045 5784 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
00:49:27.0045 5784 tdx - ok
00:49:27.0076 5784 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
00:49:27.0076 5784 TermDD - ok
00:49:27.0123 5784 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
00:49:27.0123 5784 TermService - ok
00:49:27.0170 5784 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
00:49:27.0170 5784 Themes - ok
00:49:27.0201 5784 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
00:49:27.0201 5784 THREADORDER - ok
00:49:27.0232 5784 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
00:49:27.0232 5784 TrkWks - ok
00:49:27.0279 5784 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
00:49:27.0279 5784 TrustedInstaller - ok
00:49:27.0341 5784 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:49:27.0357 5784 tssecsrv - ok
00:49:27.0388 5784 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
00:49:27.0388 5784 TsUsbFlt - ok
00:49:27.0435 5784 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
00:49:27.0435 5784 tunnel - ok
00:49:27.0482 5784 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
00:49:27.0482 5784 uagp35 - ok
00:49:27.0513 5784 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
00:49:27.0529 5784 udfs - ok
00:49:27.0560 5784 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
00:49:27.0560 5784 UI0Detect - ok
00:49:27.0591 5784 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
00:49:27.0591 5784 uliagpkx - ok
00:49:27.0638 5784 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
00:49:27.0638 5784 umbus - ok
00:49:27.0669 5784 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
00:49:27.0669 5784 UmPass - ok
00:49:27.0794 5784 UNS (6f895ca96552069b3d3ef5b4f6e90d3e) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
00:49:27.0809 5784 UNS - ok
00:49:27.0887 5784 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
00:49:27.0903 5784 upnphost - ok
00:49:27.0934 5784 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
00:49:27.0934 5784 usbccgp - ok
00:49:27.0965 5784 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
00:49:27.0965 5784 usbcir - ok
00:49:27.0997 5784 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
00:49:28.0012 5784 usbehci - ok
00:49:28.0028 5784 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
00:49:28.0028 5784 usbhub - ok
00:49:28.0075 5784 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
00:49:28.0075 5784 usbohci - ok
00:49:28.0090 5784 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
00:49:28.0090 5784 usbprint - ok
00:49:28.0121 5784 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:49:28.0121 5784 USBSTOR - ok
00:49:28.0137 5784 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
00:49:28.0137 5784 usbuhci - ok
00:49:28.0168 5784 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
00:49:28.0184 5784 usbvideo - ok
00:49:28.0199 5784 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
00:49:28.0215 5784 UxSms - ok
00:49:28.0246 5784 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:49:28.0246 5784 VaultSvc - ok
00:49:28.0309 5784 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
00:49:28.0309 5784 vdrvroot - ok
00:49:28.0340 5784 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
00:49:28.0340 5784 vds - ok
00:49:28.0371 5784 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
00:49:28.0371 5784 vga - ok
00:49:28.0387 5784 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
00:49:28.0402 5784 VgaSave - ok
00:49:28.0433 5784 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
00:49:28.0433 5784 vhdmp - ok
00:49:28.0465 5784 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
00:49:28.0480 5784 viaide - ok
00:49:28.0496 5784 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
00:49:28.0496 5784 volmgr - ok
00:49:28.0527 5784 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
00:49:28.0543 5784 volmgrx - ok
00:49:28.0574 5784 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
00:49:28.0589 5784 volsnap - ok
00:49:28.0621 5784 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
00:49:28.0636 5784 vsmraid - ok
00:49:28.0683 5784 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
00:49:28.0730 5784 VSS - ok
00:49:28.0745 5784 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
00:49:28.0745 5784 vwifibus - ok
00:49:28.0777 5784 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
00:49:28.0777 5784 vwififlt - ok
00:49:28.0808 5784 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
00:49:28.0808 5784 vwifimp - ok
00:49:28.0839 5784 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
00:49:28.0839 5784 W32Time - ok
00:49:28.0870 5784 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
00:49:28.0870 5784 WacomPen - ok
00:49:28.0917 5784 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
00:49:28.0917 5784 WANARP - ok
00:49:28.0933 5784 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
00:49:28.0933 5784 Wanarpv6 - ok
00:49:29.0042 5784 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
00:49:29.0073 5784 WatAdminSvc - ok
00:49:29.0135 5784 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
00:49:29.0167 5784 wbengine - ok
00:49:29.0198 5784 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
00:49:29.0198 5784 WbioSrvc - ok
00:49:29.0245 5784 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
00:49:29.0245 5784 wcncsvc - ok
00:49:29.0260 5784 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
00:49:29.0276 5784 WcsPlugInService - ok
00:49:29.0307 5784 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
00:49:29.0307 5784 Wd - ok
00:49:29.0338 5784 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
00:49:29.0338 5784 WDC_SAM - ok
00:49:29.0369 5784 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
00:49:29.0385 5784 Wdf01000 - ok
00:49:29.0416 5784 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
00:49:29.0416 5784 WdiServiceHost - ok
00:49:29.0416 5784 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
00:49:29.0416 5784 WdiSystemHost - ok
00:49:29.0463 5784 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
00:49:29.0463 5784 WebClient - ok
00:49:29.0494 5784 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
00:49:29.0494 5784 Wecsvc - ok
00:49:29.0510 5784 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
00:49:29.0525 5784 wercplsupport - ok
00:49:29.0541 5784 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
00:49:29.0541 5784 WerSvc - ok
00:49:29.0603 5784 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
00:49:29.0603 5784 WfpLwf - ok
00:49:29.0619 5784 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
00:49:29.0619 5784 WIMMount - ok
00:49:29.0681 5784 WinDefend - ok
00:49:29.0681 5784 WinHttpAutoProxySvc - ok
00:49:29.0759 5784 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
00:49:29.0775 5784 Winmgmt - ok
00:49:29.0837 5784 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
00:49:29.0884 5784 WinRM - ok
00:49:29.0947 5784 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
00:49:29.0978 5784 Wlansvc - ok
00:49:30.0040 5784 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
00:49:30.0040 5784 wlcrasvc - ok
00:49:30.0118 5784 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:49:30.0134 5784 wlidsvc - ok
00:49:30.0227 5784 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
00:49:30.0227 5784 WmiAcpi - ok
00:49:30.0274 5784 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
00:49:30.0290 5784 wmiApSrv - ok
00:49:30.0352 5784 WMPNetworkSvc - ok
00:49:30.0415 5784 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
00:49:30.0430 5784 WPCSvc - ok
00:49:30.0446 5784 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
00:49:30.0461 5784 WPDBusEnum - ok
00:49:30.0508 5784 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
00:49:30.0508 5784 ws2ifsl - ok
00:49:30.0555 5784 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
00:49:30.0555 5784 wscsvc - ok
00:49:30.0571 5784 WSearch - ok
00:49:30.0664 5784 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
00:49:30.0711 5784 wuauserv - ok
00:49:30.0758 5784 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
00:49:30.0758 5784 WudfPf - ok
00:49:30.0820 5784 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:49:30.0836 5784 WUDFRd - ok
00:49:30.0851 5784 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
00:49:30.0867 5784 wudfsvc - ok
00:49:30.0898 5784 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
00:49:30.0898 5784 WwanSvc - ok
00:49:31.0007 5784 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
00:49:31.0023 5784 yukonw7 - ok
00:49:31.0085 5784 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
00:49:31.0179 5784 \Device\Harddisk0\DR0 - ok
00:49:31.0179 5784 Boot (0x1200) (7a939d364a2271632e1909e919f739a5) \Device\Harddisk0\DR0\Partition0
00:49:31.0179 5784 \Device\Harddisk0\DR0\Partition0 - ok
00:49:31.0210 5784 Boot (0x1200) (4dd1db1016016f058f22d89e84fc94b5) \Device\Harddisk0\DR0\Partition1
00:49:31.0210 5784 \Device\Harddisk0\DR0\Partition1 - ok
00:49:31.0241 5784 Boot (0x1200) (2342e683c6a881c414c1e20fa563b6e6) \Device\Harddisk0\DR0\Partition2
00:49:31.0241 5784 \Device\Harddisk0\DR0\Partition2 - ok
00:49:31.0319 5784 Boot (0x1200) (28cf672ed5e2985889f985061a65993c) \Device\Harddisk0\DR0\Partition3
00:49:31.0335 5784 \Device\Harddisk0\DR0\Partition3 - ok
00:49:31.0335 5784 ============================================================
00:49:31.0335 5784 Scan finished
00:49:31.0335 5784 ============================================================
00:49:31.0335 5564 Detected object count: 0
00:49:31.0335 5564 Actual detected object count: 0
00:50:16.0634 5280 Deinitialize success

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-15 00:50:44
-----------------------------
00:50:44.556 OS Version: Windows x64 6.1.7601 Service Pack 1
00:50:44.556 Number of processors: 2 586 0x2505
00:50:44.556 ComputerName: ANDY-LAPTOP UserName: Andy
00:50:45.820 Initialize success
00:51:47.556 AVAST engine defs: 12041401
00:52:04.077 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
00:52:04.077 Disk 0 Vendor: ST950032 0005 Size: 476940MB BusType: 3
00:52:04.108 Disk 0 MBR read successfully
00:52:04.108 Disk 0 MBR scan
00:52:04.108 Disk 0 Windows 7 default MBR code
00:52:04.123 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
00:52:04.139 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 461839 MB offset 409600
00:52:04.186 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 14797 MB offset 946255872
00:52:04.217 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 976560128
00:52:04.264 Disk 0 scanning C:\Windows\system32\drivers
00:52:17.821 Service scanning
00:52:42.641 Modules scanning
00:52:42.657 Disk 0 trace - called modules:
00:52:42.688 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
00:52:42.703 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005125060]
00:52:42.703 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004fab050]
00:52:43.951 AVAST engine scan C:\Windows
00:52:47.337 AVAST engine scan C:\Windows\system32
00:56:09.564 AVAST engine scan C:\Windows\system32\drivers
00:56:24.321 AVAST engine scan C:\Users\Andy
01:00:55.173 AVAST engine scan C:\ProgramData
01:01:51.193 Scan finished successfully
01:02:38.492 Disk 0 MBR has been saved successfully to "C:\Users\Andy\Desktop\MBR.dat"
01:02:38.492 The log file has been saved successfully to "C:\Users\Andy\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:21 PM

Posted 15 April 2012 - 12:19 AM

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Cave71

Cave71
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:12:21 PM

Posted 15 April 2012 - 12:39 AM

Things still seem to be running well.

Thanks!

Here are the new logs:

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.15.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Andy :: ANDY-LAPTOP [administrator]

Protection: Disabled

15/04/2012 1:29:10 AM
mbam-log-2012-04-15 (01-29-10).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 196805
Time elapsed: 2 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:36:06 AM, on 15/04/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_228_ActiveX.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.com/?p=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/4
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ca.search.yahoo.com/search?p=%s&type=HPNTDF&fr=chr-hp-psg
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (file missing)
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RoxioNow Service - Roxio - C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11296 bytes

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:21 PM

Posted 15 April 2012 - 12:41 AM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
      O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
      O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Cave71

Cave71
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:12:21 PM

Posted 15 April 2012 - 11:29 AM

Hi Gringo,
The laptop still appears to be working well. However, Eset shows 2 threats:

C:\Users\Andy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\17c4f0ce-681f7dad Java/Exploit.CVE-2011-3544.AU trojan
C:\Users\Andy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\47089b3a-5d8f1a3c Java/Exploit.CVE-2011-3544.AU trojan

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:21 PM

Posted 15 April 2012 - 01:08 PM

Hello

There are some minor things in your online scan that should be removed.


delete files

  • Copy all text in the quote box (below)...to Notepad.

    @echo off
    del /f /s /q "C:\Users\Andy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\17c4f0ce-681f7dad"
    del /f /s /q "C:\Users\Andy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\47089b3a-5d8f1a3c"
    del %0

  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: Posted Image<--XPPosted Image<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.


The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.




Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standerd today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Cave71

Cave71
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:12:21 PM

Posted 15 April 2012 - 02:16 PM

Hi Gringo, I was able to remove the threats that Eset picked up, and also remove the "help programs". Would you recommend that I run Eset every once in a while and if so, would it be best for me (since I am not a really advanced user) to allow it to automatically remove threats or to follow how you guided me to remove them (with the delfile.bat method).

The laptop is functioning VERY well from what I can tell so far.

Thanks so much (again)!!

Kindest Regards,

Andy

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:21 PM

Posted 15 April 2012 - 02:27 PM

it is better to not let it remove anything - could be an important file

what ever file it finds then do a google search to see if it is a system file or not



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Cave71

Cave71
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:12:21 PM

Posted 15 April 2012 - 03:48 PM

Thanks again for all of your help, Gringo. It would have been totally impossible for me to fix these things without your guidance and expertise.

The laptop is running incredibly well. If anything pops up, I'll let you know.

Kindest Regards,

Andy! :thumbsup:

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:21 PM

Posted 15 April 2012 - 05:16 PM

You are more than welcome


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Cave71

Cave71
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:12:21 PM

Posted 15 April 2012 - 08:28 PM

Hi Gringo,

I hate to bother you but I've noticed a "new" issue with both the laptop and desktop while browsing, and I am not sure if this is related to my recent problems or not. I have never seen this prior to today, which is the first time I've really used either pc to "browse" post SmartHDD. This is now happening on both computers.

For instance, I browse yahoo for an image, I click on the picture and open the website where it is hosted. When I click my browser back button to return to the search results, there is no response. If I hold down the right mouse button on the back arrow (where I could select a previously visited site) I see either "googleads.g.doubleclick.net" or "https//:s-static.ak.facebook.com/connect/x" (neither of which I have visited) has "inserted itself" between where I am and where I want to go - It always blocks me from single click return. Double clicking seems to help. I've googled the issue but can't tell fact from fiction. Is this a browser hijack and/or could it be related to SmartHDD?? Or is this something to start in a new thread?

Thanks!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users