nemesis337
Members-
Posts
12 -
Joined
-
Last visited
Reputation
0 Neutral-
for some reason, when i run the command it prompts me with a warning, avg antivirus is running and if it is, your computer may be damaged. it looks like the combofix scan is about to run again rather than uninstall. i am just want to make sure this is normal and wont ruin my pc by running that command. should i proceed and just disable avg before i run combofix /uninstall?
-
i really cant thank you enough for all the help here is the log from malwarebytes, also, should i uninstall combofix? Malwarebytes Anti-Malware (PRO) 1.61.0.1400 www.malwarebytes.org Database version: v2012.04.30.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 MikeP :: MIKEP-HP [administrator] Protection: Enabled 5/3/2012 9:46:21 AM mbam-log-2012-05-03 (09-46-21).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 462956 Time elapsed: 1 hour(s), 24 minute(s), 21 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
-
the scan found one maliscious object and moved it to quarantine (cure was not an option) here are the contents of the log 12:05:46.0013 4628 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18 12:05:46.0949 4628 ============================================================ 12:05:46.0949 4628 Current date / time: 2012/05/02 12:05:46.0949 12:05:46.0949 4628 SystemInfo: 12:05:46.0949 4628 12:05:46.0949 4628 OS Version: 6.1.7601 ServicePack: 1.0 12:05:46.0949 4628 Product type: Workstation 12:05:46.0949 4628 ComputerName: MIKEP-HP 12:05:46.0965 4628 UserName: MikeP 12:05:46.0965 4628 Windows directory: C:\Windows 12:05:46.0965 4628 System windows directory: C:\Windows 12:05:46.0965 4628 Running under WOW64 12:05:46.0965 4628 Processor architecture: Intel x64 12:05:46.0965 4628 Number of processors: 8 12:05:46.0965 4628 Page size: 0x1000 12:05:46.0965 4628 Boot type: Normal boot 12:05:46.0965 4628 ============================================================ 12:05:47.0495 4628 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 12:05:47.0511 4628 ============================================================ 12:05:47.0511 4628 \Device\Harddisk0\DR0: 12:05:47.0511 4628 MBR partitions: 12:05:47.0511 4628 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800 12:05:47.0511 4628 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x557BE800 12:05:47.0511 4628 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x55822800, BlocksNum 0x1CF0000 12:05:47.0511 4628 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x57512800, BlocksNum 0x336F0 12:05:47.0511 4628 ============================================================ 12:05:47.0527 4628 C: <-> \Device\Harddisk0\DR0\Partition1 12:05:47.0558 4628 D: <-> \Device\Harddisk0\DR0\Partition2 12:05:47.0558 4628 ============================================================ 12:05:47.0558 4628 Initialize success 12:05:47.0558 4628 ============================================================ 12:05:51.0255 4140 ============================================================ 12:05:51.0255 4140 Scan started 12:05:51.0255 4140 Mode: Manual; 12:05:51.0255 4140 ============================================================ 12:05:51.0848 4140 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 12:05:51.0863 4140 1394ohci - ok 12:05:51.0895 4140 Accelerometer (7a330a42870eb1fa81f88be514d2d566) C:\Windows\system32\DRIVERS\Accelerometer.sys 12:05:51.0910 4140 Accelerometer - ok 12:05:51.0957 4140 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 12:05:51.0973 4140 ACPI - ok 12:05:52.0019 4140 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 12:05:52.0019 4140 AcpiPmi - ok 12:05:52.0160 4140 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 12:05:52.0160 4140 AdobeARMservice - ok 12:05:52.0316 4140 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 12:05:52.0331 4140 AdobeFlashPlayerUpdateSvc - ok 12:05:52.0409 4140 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys 12:05:52.0425 4140 adp94xx - ok 12:05:52.0487 4140 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys 12:05:52.0503 4140 adpahci - ok 12:05:52.0534 4140 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys 12:05:52.0534 4140 adpu320 - ok 12:05:52.0565 4140 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 12:05:52.0565 4140 AeLookupSvc - ok 12:05:52.0659 4140 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe 12:05:52.0659 4140 AESTFilters - ok 12:05:52.0737 4140 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys 12:05:52.0753 4140 AFD - ok 12:05:52.0799 4140 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 12:05:52.0799 4140 agp440 - ok 12:05:52.0815 4140 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 12:05:52.0831 4140 ALG - ok 12:05:52.0862 4140 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 12:05:52.0862 4140 aliide - ok 12:05:52.0909 4140 AMD External Events Utility (1b4a3c8e429f1fab998eceea3ce3e0b8) C:\Windows\system32\atiesrxx.exe 12:05:52.0924 4140 AMD External Events Utility - ok 12:05:52.0940 4140 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 12:05:52.0940 4140 amdide - ok 12:05:52.0987 4140 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys 12:05:52.0987 4140 AmdK8 - ok 12:05:53.0439 4140 amdkmdag (e08cf0ed91fcca0017776cff4a506012) C:\Windows\system32\DRIVERS\atikmdag.sys 12:05:53.0611 4140 amdkmdag - ok 12:05:53.0767 4140 amdkmdap (f072f317e430925c7d88c766db7da86e) C:\Windows\system32\DRIVERS\atikmpag.sys 12:05:53.0782 4140 amdkmdap - ok 12:05:53.0813 4140 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys 12:05:53.0813 4140 AmdPPM - ok 12:05:53.0860 4140 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 12:05:53.0860 4140 amdsata - ok 12:05:53.0907 4140 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys 12:05:53.0923 4140 amdsbs - ok 12:05:53.0938 4140 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 12:05:53.0938 4140 amdxata - ok 12:05:53.0969 4140 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 12:05:53.0969 4140 AppID - ok 12:05:53.0985 4140 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 12:05:54.0001 4140 AppIDSvc - ok 12:05:54.0016 4140 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll 12:05:54.0016 4140 Appinfo - ok 12:05:54.0063 4140 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys 12:05:54.0063 4140 arc - ok 12:05:54.0110 4140 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys 12:05:54.0110 4140 arcsas - ok 12:05:54.0125 4140 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 12:05:54.0125 4140 AsyncMac - ok 12:05:54.0141 4140 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 12:05:54.0141 4140 atapi - ok 12:05:54.0250 4140 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 12:05:54.0281 4140 AudioEndpointBuilder - ok 12:05:54.0297 4140 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 12:05:54.0297 4140 AudioSrv - ok 12:05:54.0656 4140 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe 12:05:54.0687 4140 AVGIDSAgent - ok 12:05:54.0827 4140 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys 12:05:54.0827 4140 AVGIDSDriver - ok 12:05:54.0859 4140 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys 12:05:54.0874 4140 AVGIDSEH - ok 12:05:54.0874 4140 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys 12:05:54.0890 4140 AVGIDSFilter - ok 12:05:54.0921 4140 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys 12:05:54.0937 4140 Avgldx64 - ok 12:05:54.0952 4140 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys 12:05:54.0952 4140 Avgmfx64 - ok 12:05:54.0983 4140 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys 12:05:54.0999 4140 Avgrkx64 - ok 12:05:55.0046 4140 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys 12:05:55.0046 4140 Avgtdia - ok 12:05:55.0093 4140 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe 12:05:55.0108 4140 avgwd - ok 12:05:55.0155 4140 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll 12:05:55.0155 4140 AxInstSV - ok 12:05:55.0233 4140 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys 12:05:55.0249 4140 b06bdrv - ok 12:05:55.0280 4140 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 12:05:55.0295 4140 b57nd60a - ok 12:05:55.0436 4140 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys 12:05:55.0467 4140 BCM43XX - ok 12:05:55.0483 4140 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 12:05:55.0498 4140 BDESVC - ok 12:05:55.0529 4140 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 12:05:55.0529 4140 Beep - ok 12:05:55.0639 4140 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll 12:05:55.0654 4140 BFE - ok 12:05:55.0748 4140 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll 12:05:55.0763 4140 BITS - ok 12:05:55.0795 4140 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys 12:05:55.0795 4140 blbdrive - ok 12:05:55.0841 4140 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 12:05:55.0857 4140 bowser - ok 12:05:55.0873 4140 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys 12:05:55.0873 4140 BrFiltLo - ok 12:05:55.0904 4140 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys 12:05:55.0904 4140 BrFiltUp - ok 12:05:55.0935 4140 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys 12:05:55.0951 4140 BridgeMP - ok 12:05:55.0966 4140 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll 12:05:55.0982 4140 Browser - ok 12:05:56.0029 4140 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 12:05:56.0044 4140 Brserid - ok 12:05:56.0060 4140 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 12:05:56.0060 4140 BrSerWdm - ok 12:05:56.0075 4140 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 12:05:56.0091 4140 BrUsbMdm - ok 12:05:56.0091 4140 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 12:05:56.0091 4140 BrUsbSer - ok 12:05:56.0122 4140 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys 12:05:56.0122 4140 BTHMODEM - ok 12:05:56.0153 4140 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 12:05:56.0169 4140 bthserv - ok 12:05:56.0185 4140 catchme - ok 12:05:56.0216 4140 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 12:05:56.0231 4140 cdfs - ok 12:05:56.0294 4140 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys 12:05:56.0325 4140 cdrom - ok 12:05:56.0356 4140 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 12:05:56.0356 4140 CertPropSvc - ok 12:05:56.0372 4140 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys 12:05:56.0372 4140 circlass - ok 12:05:56.0434 4140 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 12:05:56.0434 4140 CLFS - ok 12:05:56.0497 4140 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 12:05:56.0497 4140 clr_optimization_v2.0.50727_32 - ok 12:05:56.0543 4140 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 12:05:56.0543 4140 clr_optimization_v2.0.50727_64 - ok 12:05:56.0606 4140 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 12:05:56.0621 4140 clr_optimization_v4.0.30319_32 - ok 12:05:56.0653 4140 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 12:05:56.0653 4140 clr_optimization_v4.0.30319_64 - ok 12:05:56.0668 4140 clwvd - ok 12:05:56.0715 4140 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys 12:05:56.0715 4140 CmBatt - ok 12:05:56.0746 4140 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 12:05:56.0746 4140 cmdide - ok 12:05:56.0824 4140 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys 12:05:56.0840 4140 CNG - ok 12:05:56.0855 4140 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys 12:05:56.0855 4140 Compbatt - ok 12:05:56.0887 4140 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 12:05:56.0887 4140 CompositeBus - ok 12:05:56.0902 4140 COMSysApp - ok 12:05:56.0918 4140 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys 12:05:56.0918 4140 crcdisk - ok 12:05:56.0965 4140 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll 12:05:56.0980 4140 CryptSvc - ok 12:05:57.0058 4140 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 12:05:57.0074 4140 DcomLaunch - ok 12:05:57.0136 4140 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 12:05:57.0136 4140 defragsvc - ok 12:05:57.0167 4140 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 12:05:57.0167 4140 DfsC - ok 12:05:57.0214 4140 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll 12:05:57.0230 4140 Dhcp - ok 12:05:57.0245 4140 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 12:05:57.0245 4140 discache - ok 12:05:57.0261 4140 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys 12:05:57.0277 4140 Disk - ok 12:05:57.0308 4140 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll 12:05:57.0323 4140 Dnscache - ok 12:05:57.0355 4140 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll 12:05:57.0370 4140 dot3svc - ok 12:05:57.0401 4140 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll 12:05:57.0401 4140 DPS - ok 12:05:57.0417 4140 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 12:05:57.0433 4140 drmkaud - ok 12:05:57.0526 4140 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 12:05:57.0542 4140 DXGKrnl - ok 12:05:57.0573 4140 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 12:05:57.0573 4140 EapHost - ok 12:05:57.0823 4140 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys 12:05:57.0854 4140 ebdrv - ok 12:05:57.0979 4140 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe 12:05:57.0979 4140 EFS - ok 12:05:58.0088 4140 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe 12:05:58.0103 4140 ehRecvr - ok 12:05:58.0135 4140 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 12:05:58.0135 4140 ehSched - ok 12:05:58.0244 4140 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys 12:05:58.0244 4140 elxstor - ok 12:05:58.0275 4140 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 12:05:58.0275 4140 ErrDev - ok 12:05:58.0353 4140 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 12:05:58.0369 4140 EventSystem - ok 12:05:58.0556 4140 EvtEng (7ee9f35bc1dd0ce1a4976032f9ac5162) C:\Program Files\Intel\WiFi\bin\EvtEng.exe 12:05:58.0587 4140 EvtEng - ok 12:05:58.0696 4140 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 12:05:58.0712 4140 exfat - ok 12:05:58.0727 4140 ezSharedSvc - ok 12:05:58.0759 4140 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 12:05:58.0774 4140 fastfat - ok 12:05:58.0852 4140 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe 12:05:58.0852 4140 Fax - ok 12:05:58.0883 4140 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys 12:05:58.0883 4140 fdc - ok 12:05:58.0899 4140 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 12:05:58.0899 4140 fdPHost - ok 12:05:58.0915 4140 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 12:05:58.0915 4140 FDResPub - ok 12:05:58.0961 4140 ffusb2audio (bb6563c615217f85c737460ee8a67a3a) C:\Windows\system32\DRIVERS\ffusb2audio.sys 12:05:58.0993 4140 ffusb2audio - ok 12:05:59.0008 4140 ffusb2audioks (9246b27034a6de759640887f058707ed) C:\Windows\system32\DRIVERS\ffusb2audioks_x64.sys 12:05:59.0024 4140 ffusb2audioks - ok 12:05:59.0055 4140 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 12:05:59.0055 4140 FileInfo - ok 12:05:59.0071 4140 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 12:05:59.0071 4140 Filetrace - ok 12:05:59.0102 4140 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys 12:05:59.0102 4140 flpydisk - ok 12:05:59.0149 4140 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 12:05:59.0149 4140 FltMgr - ok 12:05:59.0273 4140 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll 12:05:59.0305 4140 FontCache - ok 12:05:59.0367 4140 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 12:05:59.0367 4140 FontCache3.0.0.0 - ok 12:05:59.0461 4140 FPLService (2074a85a6b8f84a5a9c60b915b465faf) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe 12:05:59.0461 4140 FPLService - ok 12:05:59.0570 4140 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 12:05:59.0570 4140 FsDepends - ok 12:05:59.0601 4140 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys 12:05:59.0617 4140 Fs_Rec - ok 12:05:59.0648 4140 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 12:05:59.0648 4140 fvevol - ok 12:05:59.0679 4140 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys 12:05:59.0679 4140 gagp30kx - ok 12:05:59.0757 4140 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe 12:05:59.0773 4140 GamesAppService - ok 12:05:59.0882 4140 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll 12:05:59.0897 4140 gpsvc - ok 12:05:59.0913 4140 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 12:05:59.0929 4140 hcw85cir - ok 12:05:59.0975 4140 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 12:06:00.0007 4140 HdAudAddService - ok 12:06:00.0038 4140 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys 12:06:00.0038 4140 HDAudBus - ok 12:06:00.0069 4140 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys 12:06:00.0069 4140 HidBatt - ok 12:06:00.0085 4140 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys 12:06:00.0100 4140 HidBth - ok 12:06:00.0131 4140 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys 12:06:00.0131 4140 HidIr - ok 12:06:00.0194 4140 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll 12:06:00.0194 4140 hidserv - ok 12:06:00.0225 4140 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys 12:06:00.0225 4140 HidUsb - ok 12:06:00.0256 4140 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll 12:06:00.0272 4140 hkmsvc - ok 12:06:00.0319 4140 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll 12:06:00.0319 4140 HomeGroupListener - ok 12:06:00.0365 4140 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll 12:06:00.0365 4140 HomeGroupProvider - ok 12:06:00.0443 4140 HP Support Assistant Service (170233b8d743efe35f462a5d516b93e3) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe 12:06:00.0443 4140 HP Support Assistant Service - ok 12:06:00.0521 4140 HPClientSvc (6a181452d4e240b8ecc7614b9a19bde9) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe 12:06:00.0537 4140 HPClientSvc - ok 12:06:00.0693 4140 hpCMSrv (e040f0064d39f73bb4995d494f3dcbb8) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe 12:06:00.0709 4140 hpCMSrv - ok 12:06:00.0771 4140 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe 12:06:00.0771 4140 HPDrvMntSvc.exe - ok 12:06:00.0896 4140 hpdskflt (a4be23c451adeb252cd17a0532cae220) C:\Windows\system32\DRIVERS\hpdskflt.sys 12:06:00.0896 4140 hpdskflt - ok 12:06:00.0989 4140 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe 12:06:01.0005 4140 hpqwmiex - ok 12:06:01.0036 4140 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 12:06:01.0052 4140 HpSAMD - ok 12:06:01.0052 4140 hpsrv (a88a45e82bc54bffb49c63973010226a) C:\Windows\system32\Hpservice.exe 12:06:01.0052 4140 hpsrv - ok 12:06:01.0099 4140 HPWMISVC (f630dd7564ebb7248a13b1cc774d9ea6) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe 12:06:01.0099 4140 HPWMISVC - ok 12:06:01.0192 4140 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 12:06:01.0208 4140 HTTP - ok 12:06:01.0223 4140 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 12:06:01.0239 4140 hwpolicy - ok 12:06:01.0270 4140 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys 12:06:01.0286 4140 i8042prt - ok 12:06:01.0364 4140 iaStor (d469b77687e12fe43e344806740b624d) C:\Windows\system32\DRIVERS\iaStor.sys 12:06:01.0364 4140 iaStor - ok 12:06:01.0457 4140 IAStorDataMgrSvc (983fc69644ddf0486c8dfea262948d1a) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe 12:06:01.0457 4140 IAStorDataMgrSvc - ok 12:06:01.0520 4140 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 12:06:01.0535 4140 iaStorV - ok 12:06:01.0660 4140 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 12:06:01.0676 4140 idsvc - ok 12:06:01.0707 4140 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys 12:06:01.0707 4140 iirsp - ok 12:06:01.0816 4140 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll 12:06:01.0832 4140 IKEEXT - ok 12:06:01.0894 4140 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys 12:06:01.0925 4140 IntcDAud - ok 12:06:01.0941 4140 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 12:06:01.0941 4140 intelide - ok 12:06:02.0815 4140 intelkmd (efe5a0af39a8e179624117c521f1e012) C:\Windows\system32\DRIVERS\igdpmd64.sys 12:06:03.0033 4140 intelkmd - ok 12:06:03.0173 4140 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 12:06:03.0173 4140 intelppm - ok 12:06:03.0205 4140 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 12:06:03.0220 4140 IPBusEnum - ok 12:06:03.0251 4140 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 12:06:03.0267 4140 IpFilterDriver - ok 12:06:03.0329 4140 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll 12:06:03.0345 4140 iphlpsvc - ok 12:06:03.0376 4140 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 12:06:03.0376 4140 IPMIDRV - ok 12:06:03.0392 4140 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 12:06:03.0407 4140 IPNAT - ok 12:06:03.0423 4140 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 12:06:03.0423 4140 IRENUM - ok 12:06:03.0439 4140 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 12:06:03.0439 4140 isapnp - ok 12:06:03.0485 4140 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 12:06:03.0485 4140 iScsiPrt - ok 12:06:03.0532 4140 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 12:06:03.0532 4140 kbdclass - ok 12:06:03.0563 4140 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys 12:06:03.0563 4140 kbdhid - ok 12:06:03.0595 4140 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 12:06:03.0595 4140 KeyIso - ok 12:06:03.0626 4140 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys 12:06:03.0626 4140 KSecDD - ok 12:06:03.0657 4140 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys 12:06:03.0657 4140 KSecPkg - ok 12:06:03.0673 4140 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 12:06:03.0673 4140 ksthunk - ok 12:06:03.0719 4140 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 12:06:03.0735 4140 KtmRm - ok 12:06:03.0782 4140 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll 12:06:03.0797 4140 LanmanServer - ok 12:06:03.0829 4140 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll 12:06:03.0829 4140 LanmanWorkstation - ok 12:06:03.0875 4140 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 12:06:03.0875 4140 lltdio - ok 12:06:03.0922 4140 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 12:06:03.0938 4140 lltdsvc - ok 12:06:03.0953 4140 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 12:06:03.0953 4140 lmhosts - ok 12:06:04.0063 4140 LMS (d7e0bed3ea21d7bddd410ade51708d90) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe 12:06:04.0063 4140 LMS - ok 12:06:04.0125 4140 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys 12:06:04.0141 4140 LSI_FC - ok 12:06:04.0172 4140 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys 12:06:04.0172 4140 LSI_SAS - ok 12:06:04.0234 4140 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys 12:06:04.0234 4140 LSI_SAS2 - ok 12:06:04.0297 4140 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys 12:06:04.0297 4140 LSI_SCSI - ok 12:06:04.0328 4140 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 12:06:04.0343 4140 luafv - ok 12:06:04.0375 4140 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys 12:06:04.0375 4140 MBAMProtector - ok 12:06:04.0484 4140 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 12:06:04.0484 4140 MBAMService - ok 12:06:04.0515 4140 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll 12:06:04.0515 4140 Mcx2Svc - ok 12:06:04.0546 4140 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys 12:06:04.0546 4140 megasas - ok 12:06:04.0593 4140 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys 12:06:04.0593 4140 MegaSR - ok 12:06:04.0624 4140 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys 12:06:04.0624 4140 MEIx64 - ok 12:06:04.0687 4140 Microsoft SharePoint Workspace Audit Service - ok 12:06:04.0718 4140 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 12:06:04.0733 4140 MMCSS - ok 12:06:04.0749 4140 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 12:06:04.0749 4140 Modem - ok 12:06:04.0780 4140 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 12:06:04.0780 4140 monitor - ok 12:06:04.0811 4140 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 12:06:04.0811 4140 mouclass - ok 12:06:04.0827 4140 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 12:06:04.0827 4140 mouhid - ok 12:06:04.0858 4140 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 12:06:04.0874 4140 mountmgr - ok 12:06:04.0921 4140 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 12:06:04.0921 4140 mpio - ok 12:06:04.0936 4140 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 12:06:04.0952 4140 mpsdrv - ok 12:06:05.0030 4140 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll 12:06:05.0061 4140 MpsSvc - ok 12:06:05.0092 4140 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 12:06:05.0092 4140 MRxDAV - ok 12:06:05.0123 4140 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 12:06:05.0139 4140 mrxsmb - ok 12:06:05.0170 4140 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 12:06:05.0186 4140 mrxsmb10 - ok 12:06:05.0217 4140 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 12:06:05.0233 4140 mrxsmb20 - ok 12:06:05.0248 4140 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 12:06:05.0248 4140 msahci - ok 12:06:05.0295 4140 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 12:06:05.0295 4140 msdsm - ok 12:06:05.0326 4140 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 12:06:05.0326 4140 MSDTC - ok 12:06:05.0357 4140 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 12:06:05.0357 4140 Msfs - ok 12:06:05.0373 4140 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 12:06:05.0373 4140 mshidkmdf - ok 12:06:05.0404 4140 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 12:06:05.0404 4140 msisadrv - ok 12:06:05.0435 4140 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 12:06:05.0451 4140 MSiSCSI - ok 12:06:05.0467 4140 msiserver - ok 12:06:05.0482 4140 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 12:06:05.0498 4140 MSKSSRV - ok 12:06:05.0513 4140 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 12:06:05.0513 4140 MSPCLOCK - ok 12:06:05.0529 4140 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 12:06:05.0529 4140 MSPQM - ok 12:06:05.0576 4140 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 12:06:05.0591 4140 MsRPC - ok 12:06:05.0623 4140 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 12:06:05.0623 4140 mssmbios - ok 12:06:05.0638 4140 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 12:06:05.0638 4140 MSTEE - ok 12:06:05.0654 4140 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys 12:06:05.0654 4140 MTConfig - ok 12:06:05.0669 4140 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 12:06:05.0685 4140 Mup - ok 12:06:05.0763 4140 MyWiFiDHCPDNS (0cf5580f27918ffd2e165ecafa734103) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe 12:06:05.0779 4140 MyWiFiDHCPDNS - ok 12:06:05.0841 4140 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll 12:06:05.0857 4140 napagent - ok 12:06:05.0919 4140 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 12:06:05.0919 4140 NativeWifiP - ok 12:06:06.0028 4140 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys 12:06:06.0044 4140 NDIS - ok 12:06:06.0075 4140 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 12:06:06.0075 4140 NdisCap - ok 12:06:06.0106 4140 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 12:06:06.0106 4140 NdisTapi - ok 12:06:06.0122 4140 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 12:06:06.0137 4140 Ndisuio - ok 12:06:06.0169 4140 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 12:06:06.0184 4140 NdisWan - ok 12:06:06.0215 4140 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 12:06:06.0215 4140 NDProxy - ok 12:06:06.0231 4140 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 12:06:06.0231 4140 NetBIOS - ok 12:06:06.0262 4140 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 12:06:06.0262 4140 NetBT - ok 12:06:06.0293 4140 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 12:06:06.0293 4140 Netlogon - ok 12:06:06.0340 4140 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 12:06:06.0356 4140 Netman - ok 12:06:06.0403 4140 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 12:06:06.0403 4140 netprofm - ok 12:06:06.0465 4140 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 12:06:06.0465 4140 NetTcpPortSharing - ok 12:06:06.0886 4140 NETwNs64 (b9c587bdaa61a689883439d5ae6fe7f3) C:\Windows\system32\DRIVERS\NETwNs64.sys 12:06:07.0042 4140 NETwNs64 - ok 12:06:07.0198 4140 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys 12:06:07.0198 4140 nfrd960 - ok 12:06:07.0245 4140 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll 12:06:07.0261 4140 NlaSvc - ok 12:06:07.0276 4140 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 12:06:07.0292 4140 Npfs - ok 12:06:07.0307 4140 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 12:06:07.0307 4140 nsi - ok 12:06:07.0323 4140 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 12:06:07.0323 4140 nsiproxy - ok 12:06:07.0510 4140 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 12:06:07.0541 4140 Ntfs - ok 12:06:07.0635 4140 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 12:06:07.0635 4140 Null - ok 12:06:07.0666 4140 nusb3hub (158ad24745bd85ba9be3c51c38f48c32) C:\Windows\system32\DRIVERS\nusb3hub.sys 12:06:07.0682 4140 nusb3hub - ok 12:06:07.0729 4140 nusb3xhc (d40a13b2c0891e218f9523b376955db6) C:\Windows\system32\DRIVERS\nusb3xhc.sys 12:06:07.0729 4140 nusb3xhc - ok 12:06:07.0791 4140 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys 12:06:07.0807 4140 NVENETFD - ok 12:06:07.0853 4140 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 12:06:07.0853 4140 nvraid - ok 12:06:07.0885 4140 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 12:06:07.0900 4140 nvstor - ok 12:06:07.0931 4140 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 12:06:07.0931 4140 nv_agp - ok 12:06:07.0963 4140 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 12:06:07.0978 4140 ohci1394 - ok 12:06:08.0072 4140 ose64 (4965b005492cba7719e82b71e3245495) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 12:06:08.0072 4140 ose64 - ok 12:06:08.0415 4140 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 12:06:08.0462 4140 osppsvc - ok 12:06:08.0602 4140 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 12:06:08.0618 4140 p2pimsvc - ok 12:06:08.0680 4140 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 12:06:08.0696 4140 p2psvc - ok 12:06:08.0727 4140 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys 12:06:08.0743 4140 Parport - ok 12:06:08.0758 4140 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys 12:06:08.0758 4140 partmgr - ok 12:06:08.0789 4140 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 12:06:08.0805 4140 PcaSvc - ok 12:06:08.0852 4140 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 12:06:08.0852 4140 pci - ok 12:06:08.0867 4140 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 12:06:08.0867 4140 pciide - ok 12:06:08.0914 4140 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys 12:06:08.0914 4140 pcmcia - ok 12:06:08.0930 4140 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 12:06:08.0930 4140 pcw - ok 12:06:09.0008 4140 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 12:06:09.0023 4140 PEAUTH - ok 12:06:09.0117 4140 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 12:06:09.0117 4140 PerfHost - ok 12:06:09.0351 4140 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll 12:06:09.0382 4140 pla - ok 12:06:09.0460 4140 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll 12:06:09.0476 4140 PlugPlay - ok 12:06:09.0491 4140 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 12:06:09.0507 4140 PNRPAutoReg - ok 12:06:09.0554 4140 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 12:06:09.0554 4140 PNRPsvc - ok 12:06:09.0632 4140 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll 12:06:09.0647 4140 PolicyAgent - ok 12:06:09.0694 4140 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 12:06:09.0694 4140 Power - ok 12:06:09.0757 4140 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 12:06:09.0772 4140 PptpMiniport - ok 12:06:09.0803 4140 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys 12:06:09.0803 4140 Processor - ok 12:06:09.0835 4140 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll 12:06:09.0850 4140 ProfSvc - ok 12:06:09.0881 4140 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 12:06:09.0881 4140 ProtectedStorage - ok 12:06:09.0913 4140 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 12:06:09.0913 4140 Psched - ok 12:06:10.0100 4140 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys 12:06:10.0115 4140 ql2300 - ok 12:06:10.0209 4140 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys 12:06:10.0225 4140 ql40xx - ok 12:06:10.0256 4140 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 12:06:10.0271 4140 QWAVE - ok 12:06:10.0287 4140 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 12:06:10.0287 4140 QWAVEdrv - ok 12:06:10.0303 4140 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 12:06:10.0303 4140 RasAcd - ok 12:06:10.0334 4140 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 12:06:10.0334 4140 RasAgileVpn - ok 12:06:10.0365 4140 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 12:06:10.0381 4140 RasAuto - ok 12:06:10.0412 4140 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 12:06:10.0427 4140 Rasl2tp - ok 12:06:10.0490 4140 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll 12:06:10.0490 4140 RasMan - ok 12:06:10.0537 4140 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 12:06:10.0552 4140 RasPppoe - ok 12:06:10.0568 4140 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 12:06:10.0599 4140 RasSstp - ok 12:06:10.0630 4140 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 12:06:10.0646 4140 rdbss - ok 12:06:10.0661 4140 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys 12:06:10.0661 4140 rdpbus - ok 12:06:10.0677 4140 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 12:06:10.0677 4140 RDPCDD - ok 12:06:10.0693 4140 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 12:06:10.0693 4140 RDPENCDD - ok 12:06:10.0708 4140 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 12:06:10.0724 4140 RDPREFMP - ok 12:06:10.0771 4140 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys 12:06:10.0786 4140 RDPWD - ok 12:06:10.0833 4140 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 12:06:10.0833 4140 rdyboost - ok 12:06:10.0989 4140 RegSrvc (aa9fd849c028ccb441a78061b57db734) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe 12:06:11.0005 4140 RegSrvc - ok 12:06:11.0051 4140 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 12:06:11.0067 4140 RemoteAccess - ok 12:06:11.0098 4140 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 12:06:11.0114 4140 RemoteRegistry - ok 12:06:11.0192 4140 RoxioNow Service (085d18c71ab2611a3d61528132b6501e) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe 12:06:11.0207 4140 RoxioNow Service - ok 12:06:11.0223 4140 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 12:06:11.0223 4140 RpcEptMapper - ok 12:06:11.0254 4140 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 12:06:11.0254 4140 RpcLocator - ok 12:06:11.0317 4140 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 12:06:11.0332 4140 RpcSs - ok 12:06:11.0410 4140 RSPCIESTOR (d5c3e1629a3f7f0857d27949252b94ce) C:\Windows\system32\DRIVERS\RtsPStor.sys 12:06:11.0426 4140 RSPCIESTOR - ok 12:06:11.0473 4140 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 12:06:11.0473 4140 rspndr - ok 12:06:11.0519 4140 RTL8167 (ed5873f7dfb2f96d37f13322211b6bdc) C:\Windows\system32\DRIVERS\Rt64win7.sys 12:06:11.0535 4140 RTL8167 - ok 12:06:11.0566 4140 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 12:06:11.0566 4140 SamSs - ok 12:06:11.0629 4140 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 12:06:11.0629 4140 sbp2port - ok 12:06:11.0660 4140 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 12:06:11.0675 4140 SCardSvr - ok 12:06:11.0691 4140 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 12:06:11.0691 4140 scfilter - ok 12:06:11.0816 4140 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll 12:06:11.0847 4140 Schedule - ok 12:06:11.0878 4140 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 12:06:11.0878 4140 SCPolicySvc - ok 12:06:11.0909 4140 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys 12:06:11.0925 4140 sdbus - ok 12:06:11.0956 4140 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll 12:06:11.0972 4140 SDRSVC - ok 12:06:12.0003 4140 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 12:06:12.0003 4140 secdrv - ok 12:06:12.0019 4140 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll 12:06:12.0019 4140 seclogon - ok 12:06:12.0050 4140 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll 12:06:12.0065 4140 SENS - ok 12:06:12.0081 4140 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 12:06:12.0081 4140 SensrSvc - ok 12:06:12.0112 4140 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys 12:06:12.0112 4140 Serenum - ok 12:06:12.0159 4140 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys 12:06:12.0175 4140 Serial - ok 12:06:12.0190 4140 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys 12:06:12.0206 4140 sermouse - ok 12:06:12.0237 4140 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll 12:06:12.0268 4140 SessionEnv - ok 12:06:12.0284 4140 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 12:06:12.0284 4140 sffdisk - ok 12:06:12.0299 4140 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 12:06:12.0315 4140 sffp_mmc - ok 12:06:12.0331 4140 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 12:06:12.0331 4140 sffp_sd - ok 12:06:12.0346 4140 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys 12:06:12.0362 4140 sfloppy - ok 12:06:12.0409 4140 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll 12:06:12.0424 4140 SharedAccess - ok 12:06:12.0487 4140 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll 12:06:12.0487 4140 ShellHWDetection - ok 12:06:12.0518 4140 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys 12:06:12.0518 4140 SiSRaid2 - ok 12:06:12.0549 4140 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys 12:06:12.0549 4140 SiSRaid4 - ok 12:06:12.0643 4140 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe 12:06:12.0643 4140 SkypeUpdate - ok 12:06:12.0689 4140 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 12:06:12.0721 4140 Smb - ok 12:06:12.0752 4140 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 12:06:12.0767 4140 SNMPTRAP - ok 12:06:12.0783 4140 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 12:06:12.0783 4140 spldr - ok 12:06:12.0845 4140 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe 12:06:12.0861 4140 Spooler - ok 12:06:13.0126 4140 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe 12:06:13.0204 4140 sppsvc - ok 12:06:13.0313 4140 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 12:06:13.0313 4140 sppuinotify - ok 12:06:13.0423 4140 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys 12:06:13.0423 4140 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb 12:06:13.0423 4140 sptd ( LockedFile.Multi.Generic ) - warning 12:06:13.0423 4140 sptd - detected LockedFile.Multi.Generic (1) 12:06:13.0501 4140 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 12:06:13.0516 4140 srv - ok 12:06:13.0563 4140 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 12:06:13.0563 4140 srv2 - ok 12:06:13.0625 4140 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS 12:06:13.0625 4140 SrvHsfHDA - ok 12:06:13.0781 4140 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS 12:06:13.0828 4140 SrvHsfV92 - ok 12:06:13.0969 4140 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS 12:06:13.0984 4140 SrvHsfWinac - ok 12:06:14.0015 4140 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 12:06:14.0031 4140 srvnet - ok 12:06:14.0093 4140 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 12:06:14.0093 4140 SSDPSRV - ok 12:06:14.0125 4140 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 12:06:14.0125 4140 SstpSvc - ok 12:06:14.0234 4140 STacSV (86678c2f5081fea3517d78e92230b5ff) C:\Program Files\IDT\WDM\STacSV64.exe 12:06:14.0234 4140 STacSV - ok 12:06:14.0296 4140 Steam Client Service - ok 12:06:14.0327 4140 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys 12:06:14.0327 4140 stexstor - ok 12:06:14.0405 4140 STHDA (74387b34b43f94e380608888c56a5ccd) C:\Windows\system32\DRIVERS\stwrt64.sys 12:06:14.0437 4140 STHDA - ok 12:06:14.0530 4140 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll 12:06:14.0546 4140 stisvc - ok 12:06:14.0577 4140 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 12:06:14.0577 4140 swenum - ok 12:06:14.0655 4140 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 12:06:14.0671 4140 swprv - ok 12:06:14.0827 4140 SynTP (33e6a285daa5134d8ea2247914c86c09) C:\Windows\system32\DRIVERS\SynTP.sys 12:06:14.0858 4140 SynTP - ok 12:06:15.0029 4140 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll 12:06:15.0076 4140 SysMain - ok 12:06:15.0139 4140 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll 12:06:15.0139 4140 TabletInputService - ok 12:06:15.0185 4140 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll 12:06:15.0201 4140 TapiSrv - ok 12:06:15.0217 4140 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 12:06:15.0232 4140 TBS - ok 12:06:15.0388 4140 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys 12:06:15.0419 4140 Tcpip - ok 12:06:15.0591 4140 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys 12:06:15.0622 4140 TCPIP6 - ok 12:06:15.0669 4140 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 12:06:15.0669 4140 tcpipreg - ok 12:06:15.0685 4140 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 12:06:15.0685 4140 TDPIPE - ok 12:06:15.0700 4140 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys 12:06:15.0716 4140 TDTCP - ok 12:06:15.0747 4140 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 12:06:15.0763 4140 tdx - ok 12:06:15.0778 4140 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 12:06:15.0794 4140 TermDD - ok 12:06:15.0856 4140 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll 12:06:15.0887 4140 TermService - ok 12:06:15.0903 4140 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 12:06:15.0903 4140 Themes - ok 12:06:15.0934 4140 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 12:06:15.0934 4140 THREADORDER - ok 12:06:15.0965 4140 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 12:06:15.0965 4140 TrkWks - ok 12:06:16.0012 4140 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe 12:06:16.0012 4140 TrustedInstaller - ok 12:06:16.0028 4140 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 12:06:16.0043 4140 tssecsrv - ok 12:06:16.0059 4140 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 12:06:16.0059 4140 TsUsbFlt - ok 12:06:16.0090 4140 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys 12:06:16.0090 4140 TsUsbGD - ok 12:06:16.0137 4140 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 12:06:16.0137 4140 tunnel - ok 12:06:16.0168 4140 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys 12:06:16.0168 4140 uagp35 - ok 12:06:16.0215 4140 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 12:06:16.0246 4140 udfs - ok 12:06:16.0277 4140 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 12:06:16.0293 4140 UI0Detect - ok 12:06:16.0340 4140 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 12:06:16.0340 4140 uliagpkx - ok 12:06:16.0371 4140 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys 12:06:16.0371 4140 umbus - ok 12:06:16.0402 4140 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys 12:06:16.0402 4140 UmPass - ok 12:06:16.0683 4140 UNS (a678e5ddd974903dd71f503bdcaca218) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe 12:06:16.0730 4140 UNS - ok 12:06:16.0870 4140 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 12:06:16.0886 4140 upnphost - ok 12:06:16.0948 4140 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 12:06:16.0964 4140 usbccgp - ok 12:06:16.0979 4140 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 12:06:16.0979 4140 usbcir - ok 12:06:17.0011 4140 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys 12:06:17.0011 4140 usbehci - ok 12:06:17.0073 4140 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 12:06:17.0089 4140 usbhub - ok 12:06:17.0104 4140 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys 12:06:17.0104 4140 usbohci - ok 12:06:17.0135 4140 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 12:06:17.0135 4140 usbprint - ok 12:06:17.0167 4140 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys 12:06:17.0167 4140 usbscan - ok 12:06:17.0198 4140 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 12:06:17.0213 4140 USBSTOR - ok 12:06:17.0229 4140 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys 12:06:17.0229 4140 usbuhci - ok 12:06:17.0276 4140 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys 12:06:17.0291 4140 usbvideo - ok 12:06:17.0323 4140 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 12:06:17.0323 4140 UxSms - ok 12:06:17.0354 4140 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 12:06:17.0369 4140 VaultSvc - ok 12:06:17.0385 4140 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 12:06:17.0385 4140 vdrvroot - ok 12:06:17.0447 4140 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe 12:06:17.0463 4140 vds - ok 12:06:17.0479 4140 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 12:06:17.0479 4140 vga - ok 12:06:17.0494 4140 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 12:06:17.0510 4140 VgaSave - ok 12:06:17.0557 4140 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 12:06:17.0557 4140 vhdmp - ok 12:06:17.0588 4140 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 12:06:17.0588 4140 viaide - ok 12:06:17.0635 4140 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 12:06:17.0635 4140 volmgr - ok 12:06:17.0681 4140 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 12:06:17.0681 4140 volmgrx - ok 12:06:17.0728 4140 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 12:06:17.0728 4140 volsnap - ok 12:06:17.0775 4140 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys 12:06:17.0775 4140 vsmraid - ok 12:06:17.0947 4140 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe 12:06:17.0978 4140 VSS - ok 12:06:18.0103 4140 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 12:06:18.0103 4140 vwifibus - ok 12:06:18.0134 4140 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 12:06:18.0134 4140 vwififlt - ok 12:06:18.0165 4140 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys 12:06:18.0165 4140 vwifimp - ok 12:06:18.0227 4140 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 12:06:18.0259 4140 W32Time - ok 12:06:18.0274 4140 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys 12:06:18.0290 4140 WacomPen - ok 12:06:18.0321 4140 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 12:06:18.0337 4140 WANARP - ok 12:06:18.0352 4140 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 12:06:18.0352 4140 Wanarpv6 - ok 12:06:18.0524 4140 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe 12:06:18.0539 4140 WatAdminSvc - ok 12:06:18.0711 4140 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe 12:06:18.0727 4140 wbengine - ok 12:06:18.0820 4140 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 12:06:18.0820 4140 WbioSrvc - ok 12:06:18.0883 4140 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll 12:06:18.0883 4140 wcncsvc - ok 12:06:18.0914 4140 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 12:06:18.0914 4140 WcsPlugInService - ok 12:06:18.0961 4140 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys 12:06:18.0961 4140 Wd - ok 12:06:19.0054 4140 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 12:06:19.0054 4140 Wdf01000 - ok 12:06:19.0085 4140 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 12:06:19.0085 4140 WdiServiceHost - ok 12:06:19.0085 4140 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 12:06:19.0101 4140 WdiSystemHost - ok 12:06:19.0132 4140 wdkmd (5e1640435dd54d00451156ca5340b109) C:\Windows\system32\DRIVERS\WDKMD.sys 12:06:19.0148 4140 wdkmd - ok 12:06:19.0179 4140 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll 12:06:19.0195 4140 WebClient - ok 12:06:19.0226 4140 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 12:06:19.0241 4140 Wecsvc - ok 12:06:19.0273 4140 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 12:06:19.0273 4140 wercplsupport - ok 12:06:19.0304 4140 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 12:06:19.0335 4140 WerSvc - ok 12:06:19.0351 4140 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 12:06:19.0366 4140 WfpLwf - ok 12:06:19.0382 4140 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 12:06:19.0382 4140 WIMMount - ok 12:06:19.0413 4140 WinDefend - ok 12:06:19.0413 4140 WinHttpAutoProxySvc - ok 12:06:19.0491 4140 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 12:06:19.0507 4140 Winmgmt - ok 12:06:19.0709 4140 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll 12:06:19.0756 4140 WinRM - ok 12:06:19.0912 4140 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys 12:06:19.0912 4140 WinUsb - ok 12:06:20.0021 4140 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 12:06:20.0053 4140 Wlansvc - ok 12:06:20.0099 4140 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 12:06:20.0099 4140 wlcrasvc - ok 12:06:20.0333 4140 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 12:06:20.0365 4140 wlidsvc - ok 12:06:20.0427 4140 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 12:06:20.0427 4140 WmiAcpi - ok 12:06:20.0505 4140 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 12:06:20.0505 4140 wmiApSrv - ok 12:06:20.0536 4140 WMPNetworkSvc - ok 12:06:20.0630 4140 WMZuneComm (83b6ca03c846fcd47f9883d77d1eb27b) C:\Program Files\Zune\WMZuneComm.exe 12:06:20.0645 4140 WMZuneComm - ok 12:06:20.0677 4140 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 12:06:20.0677 4140 WPCSvc - ok 12:06:20.0708 4140 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll 12:06:20.0723 4140 WPDBusEnum - ok 12:06:20.0755 4140 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 12:06:20.0755 4140 ws2ifsl - ok 12:06:20.0786 4140 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll 12:06:20.0786 4140 wscsvc - ok 12:06:20.0817 4140 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys 12:06:20.0848 4140 WSDPrintDevice - ok 12:06:20.0848 4140 WSearch - ok 12:06:21.0067 4140 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll 12:06:21.0129 4140 wuauserv - ok 12:06:21.0238 4140 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 12:06:21.0254 4140 WudfPf - ok 12:06:21.0301 4140 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 12:06:21.0316 4140 WUDFRd - ok 12:06:21.0332 4140 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll 12:06:21.0347 4140 wudfsvc - ok 12:06:21.0379 4140 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 12:06:21.0394 4140 WwanSvc - ok 12:06:21.0878 4140 ZuneNetworkSvc (67b787c34fb2888d01b130ae007042d8) C:\Program Files\Zune\ZuneNss.exe 12:06:21.0925 4140 ZuneNetworkSvc - ok 12:06:22.0003 4140 ZuneWlanCfgSvc (4d89fc1c20cf655739efac5da81a67bc) C:\Program Files\Zune\ZuneWlanCfgSvc.exe 12:06:22.0018 4140 ZuneWlanCfgSvc - ok 12:06:22.0049 4140 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 12:06:22.0127 4140 \Device\Harddisk0\DR0 - ok 12:06:22.0127 4140 Boot (0x1200) (c9f1a9cb0e553cf54b9f185fb402c6cd) \Device\Harddisk0\DR0\Partition0 12:06:22.0127 4140 \Device\Harddisk0\DR0\Partition0 - ok 12:06:22.0143 4140 Boot (0x1200) (5872a9229fe6c42902722c741a1c46a2) \Device\Harddisk0\DR0\Partition1 12:06:22.0159 4140 \Device\Harddisk0\DR0\Partition1 - ok 12:06:22.0190 4140 Boot (0x1200) (af7d18284ff0a1437949ec0e24be5f84) \Device\Harddisk0\DR0\Partition2 12:06:22.0190 4140 \Device\Harddisk0\DR0\Partition2 - ok 12:06:22.0205 4140 Boot (0x1200) (599868f08ed0f96b9988545fb8b56ac4) \Device\Harddisk0\DR0\Partition3 12:06:22.0205 4140 \Device\Harddisk0\DR0\Partition3 - ok 12:06:22.0205 4140 ============================================================ 12:06:22.0205 4140 Scan finished 12:06:22.0205 4140 ============================================================ 12:06:22.0221 3688 Detected object count: 1 12:06:22.0221 3688 Actual detected object count: 1 12:06:39.0444 3688 C:\Windows\system32\Drivers\sptd.sys - copied to quarantine 12:06:39.0459 3688 sptd ( LockedFile.Multi.Generic ) - User select action: Quarantine 12:07:08.0059 2532 Deinitialize success
-
thank you for your help! here is the dds log . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by MikeP at 0:07:31 on 2012-05-02 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8140.5193 [GMT -7:00] . AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\PROGRA~2\AVG\AVG2012\avgrsa.exe C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\IDT\WDM\STacSV64.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\Hpservice.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k WbioSvcGroup C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\IDT\WDM\AESTSr64.exe C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Windows\SysWOW64\ezSharedSvcHost.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe C:\Program Files (x86)\AVG\AVG2012\avgemca.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\wbem\unsecapp.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe C:\Users\MikeP\AppData\Local\Akamai\netsession_win.exe C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Users\MikeP\AppData\Local\Akamai\netsession_win.exe C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files (x86)\AVG\AVG2012\avgtray.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\DllHost.exe C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Zune\ZuneNss.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Program Files\Zune\WMZuneComm.exe C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe C:\Users\MikeP\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MikeP\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MikeP\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MikeP\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MikeP\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MikeP\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\System32\svchost.exe -k swprv C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uInternet Settings,ProxyOverride = <local> BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File BHO: TrueSuite Website Log On: {8590886e-ec8c-43c1-a32c-e4c2b0b6395b} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File uRun: [Google Update] "C:\Users\MikeP\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [Akamai NetSession Interface] "C:\Users\MikeP\AppData\Local\Akamai\netsession_win.exe" mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" StartupFolder: C:\Users\MikeP\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{0BDD282A-EA72-4B70-B8F5-6078397FB7A0} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{0BDD282A-EA72-4B70-B8F5-6078397FB7A0}\140707C65602E4564777F627B602360393930363 : DhcpNameServer = 10.0.1.1 TCP: Interfaces\{0BDD282A-EA72-4B70-B8F5-6078397FB7A0}\259716E6723702140747 : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{0BDD282A-EA72-4B70-B8F5-6078397FB7A0}\C457 : DhcpNameServer = 75.75.75.75 75.75.76.76 TCP: Interfaces\{0BDD282A-EA72-4B70-B8F5-6078397FB7A0}\D496B6560284447303832313 : DhcpNameServer = 192.168.33.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - C:\Windows\SysWow64\EZUPBH~1.DLL SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO-X64: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File BHO-X64: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll BHO-X64: TSBHO Class - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun-x64: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" SEH-X64: EasyBits ShellExecute Hook: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL . ============= SERVICES / DRIVERS =============== . R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?] R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?] R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?] R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928] R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-9-24 89600] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248] R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776] R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe [2011-6-21 514232] R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-2-17 265544] R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560] R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168] R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264] R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?] R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-9-24 13336] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-16 654408] R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-9-24 2656280] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?] R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?] R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?] R3 intelkmd;intelkmd;C:\Windows\system32\DRIVERS\igdpmd64.sys --> C:\Windows\system32\DRIVERS\igdpmd64.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?] R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?] R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?] R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?] R3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2011-8-5 306400] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-25 253088] S3 ffusb2audio;Focusrite USB 2.0 Audio Driver;C:\Windows\system32\DRIVERS\ffusb2audio.sys --> C:\Windows\system32\DRIVERS\ffusb2audio.sys [?] S3 ffusb2audioks;ffusb2audioks;C:\Windows\system32\DRIVERS\ffusb2audioks_x64.sys --> C:\Windows\system32\DRIVERS\ffusb2audioks_x64.sys [?] S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] S3 hpCMSrv;HP Connection Manager 4.0 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-2-15 1071160] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536] S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-1-5 340240] S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440] S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?] S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?] S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-04-25 08:15:11 8766112 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe 2012-04-25 08:03:08 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-04-18 07:05:09 -------- d-----w- C:\Users\MikeP\AppData\Local\Akamai 2012-04-16 00:36:57 -------- d-----w- C:\Users\MikeP\AppData\Roaming\MAGIX 2012-04-16 00:35:54 -------- d-----w- C:\ProgramData\MAGIX 2012-04-16 00:35:53 -------- d-----w- C:\Program Files (x86)\Common Files\MAGIX Services 2012-04-14 19:17:59 887296 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll 2012-04-14 19:17:59 678912 ----a-w- C:\Program Files (x86)\Internet Explorer\iedvtool.dll 2012-04-14 19:17:12 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-04-14 19:17:12 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-04-14 19:17:12 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-04-14 19:13:34 81408 ----a-w- C:\Windows\System32\imagehlp.dll 2012-04-14 19:13:34 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys 2012-04-14 19:13:34 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll 2012-04-14 19:13:32 5120 ----a-w- C:\Windows\SysWow64\wmi.dll 2012-04-14 19:13:32 5120 ----a-w- C:\Windows\System32\wmi.dll 2012-04-14 19:13:32 220672 ----a-w- C:\Windows\System32\wintrust.dll 2012-04-14 19:13:32 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll . ==================== Find3M ==================== . 2012-04-25 08:15:29 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-04-04 22:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-03-20 21:18:22 466456 ----a-w- C:\Windows\System32\wrap_oal.dll 2012-03-20 21:18:22 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll 2012-03-20 21:18:22 122904 ----a-w- C:\Windows\System32\OpenAL32.dll 2012-03-20 21:18:22 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll 2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll 2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll 2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-02-21 09:34:17 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-02-21 01:04:50 750488 ----a-w- C:\Windows\System32\npdeployJava1.dll 2012-02-21 01:04:49 660368 ----a-w- C:\Windows\System32\deployJava1.dll 2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll 2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll 2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys 2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll 2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll 2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys . ============= FINISH: 0:07:56.31 =============== attach.zip
-
HiJack this log right here Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 6:25:41 PM, on 5/1/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Users\MikeP\AppData\Local\Akamai\netsession_win.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Users\MikeP\AppData\Local\Akamai\netsession_win.exe C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files (x86)\AVG\AVG2012\avgtray.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe C:\Users\MikeP\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MikeP\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MikeP\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MikeP\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MikeP\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\SysWOW64\rundll32.exe C:\Users\MikeP\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MikeP\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MikeP\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MikeP\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file) O2 - BHO: TSBHO Class - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (file missing) O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" O4 - HKLM\..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [Google Update] "C:\Users\MikeP\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\MikeP\AppData\Local\Akamai\netsession_win.exe" O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: TrueSuiteService (FPLService) - HP - C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe O23 - Service: HP Connection Manager 4.0 Service (hpCMSrv) - Hewlett-Packard Development Company L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing) O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: RoxioNow Service - Roxio - C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 13113 bytes And here are the most recent IP Block logs from malwarebytes 2012/04/29 21:10:09 -0700 MIKEP-HP MikeP MESSAGE Starting protection 2012/04/29 21:10:11 -0700 MIKEP-HP MikeP MESSAGE Protection started successfully 2012/04/29 21:10:14 -0700 MIKEP-HP MikeP MESSAGE Starting IP protection 2012/04/29 21:10:15 -0700 MIKEP-HP MikeP MESSAGE IP Protection started successfully 2012/04/29 21:10:38 -0700 MIKEP-HP MikeP IP-BLOCK 80.82.70.206 (Type: outgoing, Port: 49474, Process: chrome.exe) 2012/04/29 21:11:17 -0700 MIKEP-HP MikeP MESSAGE Executing scheduled update: Daily 2012/04/29 21:11:23 -0700 MIKEP-HP MikeP MESSAGE Starting database refresh 2012/04/29 21:11:23 -0700 MIKEP-HP MikeP MESSAGE Scheduled update executed successfully: database updated from version v2012.04.27.02 to version v2012.04.30.02 2012/04/29 21:11:23 -0700 MIKEP-HP MikeP MESSAGE Stopping IP protection 2012/04/29 21:12:12 -0700 MIKEP-HP MikeP MESSAGE IP Protection stopped 2012/04/29 21:12:13 -0700 MIKEP-HP MikeP MESSAGE Database refreshed successfully 2012/04/29 21:12:13 -0700 MIKEP-HP MikeP MESSAGE Starting IP protection 2012/04/29 21:12:14 -0700 MIKEP-HP MikeP MESSAGE IP Protection started successfully 2012/04/30 11:06:08 -0700 MIKEP-HP MikeP IP-BLOCK 67.43.237.147 (Type: incoming, Port: 13238, Process: svchost.exe) 2012/04/30 11:06:08 -0700 MIKEP-HP MikeP IP-BLOCK 67.43.237.147 (Type: incoming, Port: 13238, Process: svchost.exe)
-
HiJack this log right here Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 9:49:53 PM, on 4/17/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files (x86)\AVG\AVG2012\avgtray.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe C:\Users\MikeP\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MikeP\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MikeP\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MikeP\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MikeP\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MikeP\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\SysWOW64\rundll32.exe C:\Users\MikeP\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MikeP\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MikeP\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MikeP\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MikeP\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file) O2 - BHO: TSBHO Class - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (file missing) O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" O4 - HKLM\..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKCU\..\Run: [Google Update] "C:\Users\MikeP\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing) O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: TrueSuiteService (FPLService) - HP - C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe O23 - Service: HP Connection Manager 4.0 Service (hpCMSrv) - Hewlett-Packard Development Company L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing) O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: RoxioNow Service - Roxio - C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 12893 bytes And here are the most recent IP Block logs from malwarebytes Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 9:49:53 PM, on 4/17/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files (x86)\AVG\AVG2012\avgtray.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe C:\Users\MikeP\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MikeP\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MikeP\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MikeP\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MikeP\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MikeP\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\SysWOW64\rundll32.exe C:\Users\MikeP\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MikeP\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MikeP\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MikeP\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MikeP\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file) O2 - BHO: TSBHO Class - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (file missing) O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" O4 - HKLM\..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKCU\..\Run: [Google Update] "C:\Users\MikeP\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing) O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: TrueSuiteService (FPLService) - HP - C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe O23 - Service: HP Connection Manager 4.0 Service (hpCMSrv) - Hewlett-Packard Development Company L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing) O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: RoxioNow Service - Roxio - C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 12893 bytes 2012/04/17 10:11:50 -0700 MIKEP-HP MikeP MESSAGE Starting protection 2012/04/17 10:11:53 -0700 MIKEP-HP MikeP MESSAGE Protection started successfully 2012/04/17 10:11:56 -0700 MIKEP-HP MikeP MESSAGE Starting IP protection 2012/04/17 10:11:57 -0700 MIKEP-HP MikeP MESSAGE IP Protection started successfully 2012/04/17 10:19:27 -0700 MIKEP-HP MikeP IP-BLOCK 88.85.70.106 (Type: outgoing, Port: 50296, Process: chrome.exe) 2012/04/17 10:19:28 -0700 MIKEP-HP MikeP IP-BLOCK 88.85.70.106 (Type: outgoing, Port: 50300, Process: chrome.exe) 2012/04/17 10:19:28 -0700 MIKEP-HP MikeP IP-BLOCK 88.85.70.106 (Type: outgoing, Port: 50307, Process: chrome.exe) 2012/04/17 10:19:28 -0700 MIKEP-HP MikeP IP-BLOCK 88.85.70.106 (Type: outgoing, Port: 50311, Process: chrome.exe) 2012/04/17 21:46:15 -0700 MIKEP-HP MikeP IP-BLOCK 141.101.124.178 (Type: outgoing, Port: 54226, Process: chrome.exe) 2012/04/17 21:46:23 -0700 MIKEP-HP MikeP IP-BLOCK 141.101.124.178 (Type: outgoing, Port: 54226, Process: chrome.exe) 2012/04/17 21:46:39 -0700 MIKEP-HP MikeP IP-BLOCK 141.101.124.178 (Type: outgoing, Port: 54235, Process: chrome.exe) 2012/04/17 21:46:39 -0700 MIKEP-HP MikeP IP-BLOCK 141.101.124.178 (Type: outgoing, Port: 54236, Process: chrome.exe) 2012/04/17 21:46:39 -0700 MIKEP-HP MikeP IP-BLOCK 141.101.124.178 (Type: outgoing, Port: 54237, Process: chrome.exe) Does it seem like i may be infected?