Jump to content

nemesis337

Members
  • Posts

    12
  • Joined

  • Last visited

Reputation

0 Neutral
  1. ok. i just succesfully uninstalled it! no ip blocks so far, thank you very much for your help
  2. for some reason, when i run the command it prompts me with a warning, avg antivirus is running and if it is, your computer may be damaged. it looks like the combofix scan is about to run again rather than uninstall. i am just want to make sure this is normal and wont ruin my pc by running that command. should i proceed and just disable avg before i run combofix /uninstall?
  3. thanks for all the help though , is it strange that it cannot uninstall?
  4. interestingly, i cannot uninstall combofix. the prompt says windows cannot find combofix/uninstall. i previously tried typing uninstall/combofix,
  5. there were no IP blocks today, though they usually happened every 2 or so days. i ran the scan like you said and it found 1 threat. C:\Users\MikeP\Downloads\cnet_SecurityTaskManager_Setup_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
  6. i really cant thank you enough for all the help here is the log from malwarebytes, also, should i uninstall combofix? Malwarebytes Anti-Malware (PRO) 1.61.0.1400 www.malwarebytes.org Database version: v2012.04.30.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 MikeP :: MIKEP-HP [administrator] Protection: Enabled 5/3/2012 9:46:21 AM mbam-log-2012-05-03 (09-46-21).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 462956 Time elapsed: 1 hour(s), 24 minute(s), 21 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  7. things seem to be running ok, they weren't really running poorly to begin with, i was just concerned that svchost.exe was generating ip blocks. isnt that a windows service? i thought if it was generating those blocks my computer is infected. should i let you know if things act up again?
  8. interestingly i ran combofix and when it restarded, none of my programs worked. windows kept telling me that the items in the registry had been marked for deletion. however, after restarting again, everything is back to normal. here is the log. ComboFix.txt
  9. the scan found one maliscious object and moved it to quarantine (cure was not an option) here are the contents of the log 12:05:46.0013 4628 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18 12:05:46.0949 4628 ============================================================ 12:05:46.0949 4628 Current date / time: 2012/05/02 12:05:46.0949 12:05:46.0949 4628 SystemInfo: 12:05:46.0949 4628 12:05:46.0949 4628 OS Version: 6.1.7601 ServicePack: 1.0 12:05:46.0949 4628 Product type: Workstation 12:05:46.0949 4628 ComputerName: MIKEP-HP 12:05:46.0965 4628 UserName: MikeP 12:05:46.0965 4628 Windows directory: C:\Windows 12:05:46.0965 4628 System windows directory: C:\Windows 12:05:46.0965 4628 Running under WOW64 12:05:46.0965 4628 Processor architecture: Intel x64 12:05:46.0965 4628 Number of processors: 8 12:05:46.0965 4628 Page size: 0x1000 12:05:46.0965 4628 Boot type: Normal boot 12:05:46.0965 4628 ============================================================ 12:05:47.0495 4628 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 12:05:47.0511 4628 ============================================================ 12:05:47.0511 4628 \Device\Harddisk0\DR0: 12:05:47.0511 4628 MBR partitions: 12:05:47.0511 4628 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800 12:05:47.0511 4628 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x557BE800 12:05:47.0511 4628 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x55822800, BlocksNum 0x1CF0000 12:05:47.0511 4628 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x57512800, BlocksNum 0x336F0 12:05:47.0511 4628 ============================================================ 12:05:47.0527 4628 C: <-> \Device\Harddisk0\DR0\Partition1 12:05:47.0558 4628 D: <-> \Device\Harddisk0\DR0\Partition2 12:05:47.0558 4628 ============================================================ 12:05:47.0558 4628 Initialize success 12:05:47.0558 4628 ============================================================ 12:05:51.0255 4140 ============================================================ 12:05:51.0255 4140 Scan started 12:05:51.0255 4140 Mode: Manual; 12:05:51.0255 4140 ============================================================ 12:05:51.0848 4140 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 12:05:51.0863 4140 1394ohci - ok 12:05:51.0895 4140 Accelerometer (7a330a42870eb1fa81f88be514d2d566) C:\Windows\system32\DRIVERS\Accelerometer.sys 12:05:51.0910 4140 Accelerometer - ok 12:05:51.0957 4140 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 12:05:51.0973 4140 ACPI - ok 12:05:52.0019 4140 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 12:05:52.0019 4140 AcpiPmi - ok 12:05:52.0160 4140 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 12:05:52.0160 4140 AdobeARMservice - ok 12:05:52.0316 4140 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 12:05:52.0331 4140 AdobeFlashPlayerUpdateSvc - ok 12:05:52.0409 4140 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys 12:05:52.0425 4140 adp94xx - ok 12:05:52.0487 4140 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys 12:05:52.0503 4140 adpahci - ok 12:05:52.0534 4140 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys 12:05:52.0534 4140 adpu320 - ok 12:05:52.0565 4140 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 12:05:52.0565 4140 AeLookupSvc - ok 12:05:52.0659 4140 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe 12:05:52.0659 4140 AESTFilters - ok 12:05:52.0737 4140 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys 12:05:52.0753 4140 AFD - ok 12:05:52.0799 4140 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 12:05:52.0799 4140 agp440 - ok 12:05:52.0815 4140 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 12:05:52.0831 4140 ALG - ok 12:05:52.0862 4140 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 12:05:52.0862 4140 aliide - ok 12:05:52.0909 4140 AMD External Events Utility (1b4a3c8e429f1fab998eceea3ce3e0b8) C:\Windows\system32\atiesrxx.exe 12:05:52.0924 4140 AMD External Events Utility - ok 12:05:52.0940 4140 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 12:05:52.0940 4140 amdide - ok 12:05:52.0987 4140 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys 12:05:52.0987 4140 AmdK8 - ok 12:05:53.0439 4140 amdkmdag (e08cf0ed91fcca0017776cff4a506012) C:\Windows\system32\DRIVERS\atikmdag.sys 12:05:53.0611 4140 amdkmdag - ok 12:05:53.0767 4140 amdkmdap (f072f317e430925c7d88c766db7da86e) C:\Windows\system32\DRIVERS\atikmpag.sys 12:05:53.0782 4140 amdkmdap - ok 12:05:53.0813 4140 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys 12:05:53.0813 4140 AmdPPM - ok 12:05:53.0860 4140 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 12:05:53.0860 4140 amdsata - ok 12:05:53.0907 4140 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys 12:05:53.0923 4140 amdsbs - ok 12:05:53.0938 4140 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 12:05:53.0938 4140 amdxata - ok 12:05:53.0969 4140 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 12:05:53.0969 4140 AppID - ok 12:05:53.0985 4140 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 12:05:54.0001 4140 AppIDSvc - ok 12:05:54.0016 4140 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll 12:05:54.0016 4140 Appinfo - ok 12:05:54.0063 4140 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys 12:05:54.0063 4140 arc - ok 12:05:54.0110 4140 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys 12:05:54.0110 4140 arcsas - ok 12:05:54.0125 4140 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 12:05:54.0125 4140 AsyncMac - ok 12:05:54.0141 4140 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 12:05:54.0141 4140 atapi - ok 12:05:54.0250 4140 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 12:05:54.0281 4140 AudioEndpointBuilder - ok 12:05:54.0297 4140 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 12:05:54.0297 4140 AudioSrv - ok 12:05:54.0656 4140 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe 12:05:54.0687 4140 AVGIDSAgent - ok 12:05:54.0827 4140 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys 12:05:54.0827 4140 AVGIDSDriver - ok 12:05:54.0859 4140 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys 12:05:54.0874 4140 AVGIDSEH - ok 12:05:54.0874 4140 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys 12:05:54.0890 4140 AVGIDSFilter - ok 12:05:54.0921 4140 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys 12:05:54.0937 4140 Avgldx64 - ok 12:05:54.0952 4140 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys 12:05:54.0952 4140 Avgmfx64 - ok 12:05:54.0983 4140 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys 12:05:54.0999 4140 Avgrkx64 - ok 12:05:55.0046 4140 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys 12:05:55.0046 4140 Avgtdia - ok 12:05:55.0093 4140 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe 12:05:55.0108 4140 avgwd - ok 12:05:55.0155 4140 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll 12:05:55.0155 4140 AxInstSV - ok 12:05:55.0233 4140 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys 12:05:55.0249 4140 b06bdrv - ok 12:05:55.0280 4140 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 12:05:55.0295 4140 b57nd60a - ok 12:05:55.0436 4140 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys 12:05:55.0467 4140 BCM43XX - ok 12:05:55.0483 4140 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 12:05:55.0498 4140 BDESVC - ok 12:05:55.0529 4140 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 12:05:55.0529 4140 Beep - ok 12:05:55.0639 4140 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll 12:05:55.0654 4140 BFE - ok 12:05:55.0748 4140 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll 12:05:55.0763 4140 BITS - ok 12:05:55.0795 4140 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys 12:05:55.0795 4140 blbdrive - ok 12:05:55.0841 4140 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 12:05:55.0857 4140 bowser - ok 12:05:55.0873 4140 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys 12:05:55.0873 4140 BrFiltLo - ok 12:05:55.0904 4140 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys 12:05:55.0904 4140 BrFiltUp - ok 12:05:55.0935 4140 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys 12:05:55.0951 4140 BridgeMP - ok 12:05:55.0966 4140 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll 12:05:55.0982 4140 Browser - ok 12:05:56.0029 4140 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 12:05:56.0044 4140 Brserid - ok 12:05:56.0060 4140 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 12:05:56.0060 4140 BrSerWdm - ok 12:05:56.0075 4140 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 12:05:56.0091 4140 BrUsbMdm - ok 12:05:56.0091 4140 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 12:05:56.0091 4140 BrUsbSer - ok 12:05:56.0122 4140 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys 12:05:56.0122 4140 BTHMODEM - ok 12:05:56.0153 4140 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 12:05:56.0169 4140 bthserv - ok 12:05:56.0185 4140 catchme - ok 12:05:56.0216 4140 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 12:05:56.0231 4140 cdfs - ok 12:05:56.0294 4140 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys 12:05:56.0325 4140 cdrom - ok 12:05:56.0356 4140 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 12:05:56.0356 4140 CertPropSvc - ok 12:05:56.0372 4140 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys 12:05:56.0372 4140 circlass - ok 12:05:56.0434 4140 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 12:05:56.0434 4140 CLFS - ok 12:05:56.0497 4140 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 12:05:56.0497 4140 clr_optimization_v2.0.50727_32 - ok 12:05:56.0543 4140 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 12:05:56.0543 4140 clr_optimization_v2.0.50727_64 - ok 12:05:56.0606 4140 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 12:05:56.0621 4140 clr_optimization_v4.0.30319_32 - ok 12:05:56.0653 4140 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 12:05:56.0653 4140 clr_optimization_v4.0.30319_64 - ok 12:05:56.0668 4140 clwvd - ok 12:05:56.0715 4140 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys 12:05:56.0715 4140 CmBatt - ok 12:05:56.0746 4140 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 12:05:56.0746 4140 cmdide - ok 12:05:56.0824 4140 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys 12:05:56.0840 4140 CNG - ok 12:05:56.0855 4140 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys 12:05:56.0855 4140 Compbatt - ok 12:05:56.0887 4140 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 12:05:56.0887 4140 CompositeBus - ok 12:05:56.0902 4140 COMSysApp - ok 12:05:56.0918 4140 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys 12:05:56.0918 4140 crcdisk - ok 12:05:56.0965 4140 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll 12:05:56.0980 4140 CryptSvc - ok 12:05:57.0058 4140 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 12:05:57.0074 4140 DcomLaunch - ok 12:05:57.0136 4140 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 12:05:57.0136 4140 defragsvc - ok 12:05:57.0167 4140 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 12:05:57.0167 4140 DfsC - ok 12:05:57.0214 4140 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll 12:05:57.0230 4140 Dhcp - ok 12:05:57.0245 4140 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 12:05:57.0245 4140 discache - ok 12:05:57.0261 4140 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys 12:05:57.0277 4140 Disk - ok 12:05:57.0308 4140 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll 12:05:57.0323 4140 Dnscache - ok 12:05:57.0355 4140 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll 12:05:57.0370 4140 dot3svc - ok 12:05:57.0401 4140 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll 12:05:57.0401 4140 DPS - ok 12:05:57.0417 4140 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 12:05:57.0433 4140 drmkaud - ok 12:05:57.0526 4140 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 12:05:57.0542 4140 DXGKrnl - ok 12:05:57.0573 4140 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 12:05:57.0573 4140 EapHost - ok 12:05:57.0823 4140 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys 12:05:57.0854 4140 ebdrv - ok 12:05:57.0979 4140 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe 12:05:57.0979 4140 EFS - ok 12:05:58.0088 4140 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe 12:05:58.0103 4140 ehRecvr - ok 12:05:58.0135 4140 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 12:05:58.0135 4140 ehSched - ok 12:05:58.0244 4140 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys 12:05:58.0244 4140 elxstor - ok 12:05:58.0275 4140 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 12:05:58.0275 4140 ErrDev - ok 12:05:58.0353 4140 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 12:05:58.0369 4140 EventSystem - ok 12:05:58.0556 4140 EvtEng (7ee9f35bc1dd0ce1a4976032f9ac5162) C:\Program Files\Intel\WiFi\bin\EvtEng.exe 12:05:58.0587 4140 EvtEng - ok 12:05:58.0696 4140 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 12:05:58.0712 4140 exfat - ok 12:05:58.0727 4140 ezSharedSvc - ok 12:05:58.0759 4140 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 12:05:58.0774 4140 fastfat - ok 12:05:58.0852 4140 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe 12:05:58.0852 4140 Fax - ok 12:05:58.0883 4140 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys 12:05:58.0883 4140 fdc - ok 12:05:58.0899 4140 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 12:05:58.0899 4140 fdPHost - ok 12:05:58.0915 4140 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 12:05:58.0915 4140 FDResPub - ok 12:05:58.0961 4140 ffusb2audio (bb6563c615217f85c737460ee8a67a3a) C:\Windows\system32\DRIVERS\ffusb2audio.sys 12:05:58.0993 4140 ffusb2audio - ok 12:05:59.0008 4140 ffusb2audioks (9246b27034a6de759640887f058707ed) C:\Windows\system32\DRIVERS\ffusb2audioks_x64.sys 12:05:59.0024 4140 ffusb2audioks - ok 12:05:59.0055 4140 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 12:05:59.0055 4140 FileInfo - ok 12:05:59.0071 4140 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 12:05:59.0071 4140 Filetrace - ok 12:05:59.0102 4140 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys 12:05:59.0102 4140 flpydisk - ok 12:05:59.0149 4140 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 12:05:59.0149 4140 FltMgr - ok 12:05:59.0273 4140 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll 12:05:59.0305 4140 FontCache - ok 12:05:59.0367 4140 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 12:05:59.0367 4140 FontCache3.0.0.0 - ok 12:05:59.0461 4140 FPLService (2074a85a6b8f84a5a9c60b915b465faf) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe 12:05:59.0461 4140 FPLService - ok 12:05:59.0570 4140 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 12:05:59.0570 4140 FsDepends - ok 12:05:59.0601 4140 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys 12:05:59.0617 4140 Fs_Rec - ok 12:05:59.0648 4140 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 12:05:59.0648 4140 fvevol - ok 12:05:59.0679 4140 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys 12:05:59.0679 4140 gagp30kx - ok 12:05:59.0757 4140 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe 12:05:59.0773 4140 GamesAppService - ok 12:05:59.0882 4140 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll 12:05:59.0897 4140 gpsvc - ok 12:05:59.0913 4140 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 12:05:59.0929 4140 hcw85cir - ok 12:05:59.0975 4140 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 12:06:00.0007 4140 HdAudAddService - ok 12:06:00.0038 4140 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys 12:06:00.0038 4140 HDAudBus - ok 12:06:00.0069 4140 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys 12:06:00.0069 4140 HidBatt - ok 12:06:00.0085 4140 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys 12:06:00.0100 4140 HidBth - ok 12:06:00.0131 4140 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys 12:06:00.0131 4140 HidIr - ok 12:06:00.0194 4140 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll 12:06:00.0194 4140 hidserv - ok 12:06:00.0225 4140 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys 12:06:00.0225 4140 HidUsb - ok 12:06:00.0256 4140 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll 12:06:00.0272 4140 hkmsvc - ok 12:06:00.0319 4140 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll 12:06:00.0319 4140 HomeGroupListener - ok 12:06:00.0365 4140 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll 12:06:00.0365 4140 HomeGroupProvider - ok 12:06:00.0443 4140 HP Support Assistant Service (170233b8d743efe35f462a5d516b93e3) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe 12:06:00.0443 4140 HP Support Assistant Service - ok 12:06:00.0521 4140 HPClientSvc (6a181452d4e240b8ecc7614b9a19bde9) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe 12:06:00.0537 4140 HPClientSvc - ok 12:06:00.0693 4140 hpCMSrv (e040f0064d39f73bb4995d494f3dcbb8) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe 12:06:00.0709 4140 hpCMSrv - ok 12:06:00.0771 4140 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe 12:06:00.0771 4140 HPDrvMntSvc.exe - ok 12:06:00.0896 4140 hpdskflt (a4be23c451adeb252cd17a0532cae220) C:\Windows\system32\DRIVERS\hpdskflt.sys 12:06:00.0896 4140 hpdskflt - ok 12:06:00.0989 4140 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe 12:06:01.0005 4140 hpqwmiex - ok 12:06:01.0036 4140 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 12:06:01.0052 4140 HpSAMD - ok 12:06:01.0052 4140 hpsrv (a88a45e82bc54bffb49c63973010226a) C:\Windows\system32\Hpservice.exe 12:06:01.0052 4140 hpsrv - ok 12:06:01.0099 4140 HPWMISVC (f630dd7564ebb7248a13b1cc774d9ea6) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe 12:06:01.0099 4140 HPWMISVC - ok 12:06:01.0192 4140 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 12:06:01.0208 4140 HTTP - ok 12:06:01.0223 4140 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 12:06:01.0239 4140 hwpolicy - ok 12:06:01.0270 4140 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys 12:06:01.0286 4140 i8042prt - ok 12:06:01.0364 4140 iaStor (d469b77687e12fe43e344806740b624d) C:\Windows\system32\DRIVERS\iaStor.sys 12:06:01.0364 4140 iaStor - ok 12:06:01.0457 4140 IAStorDataMgrSvc (983fc69644ddf0486c8dfea262948d1a) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe 12:06:01.0457 4140 IAStorDataMgrSvc - ok 12:06:01.0520 4140 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 12:06:01.0535 4140 iaStorV - ok 12:06:01.0660 4140 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 12:06:01.0676 4140 idsvc - ok 12:06:01.0707 4140 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys 12:06:01.0707 4140 iirsp - ok 12:06:01.0816 4140 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll 12:06:01.0832 4140 IKEEXT - ok 12:06:01.0894 4140 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys 12:06:01.0925 4140 IntcDAud - ok 12:06:01.0941 4140 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 12:06:01.0941 4140 intelide - ok 12:06:02.0815 4140 intelkmd (efe5a0af39a8e179624117c521f1e012) C:\Windows\system32\DRIVERS\igdpmd64.sys 12:06:03.0033 4140 intelkmd - ok 12:06:03.0173 4140 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 12:06:03.0173 4140 intelppm - ok 12:06:03.0205 4140 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 12:06:03.0220 4140 IPBusEnum - ok 12:06:03.0251 4140 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 12:06:03.0267 4140 IpFilterDriver - ok 12:06:03.0329 4140 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll 12:06:03.0345 4140 iphlpsvc - ok 12:06:03.0376 4140 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 12:06:03.0376 4140 IPMIDRV - ok 12:06:03.0392 4140 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 12:06:03.0407 4140 IPNAT - ok 12:06:03.0423 4140 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 12:06:03.0423 4140 IRENUM - ok 12:06:03.0439 4140 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 12:06:03.0439 4140 isapnp - ok 12:06:03.0485 4140 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 12:06:03.0485 4140 iScsiPrt - ok 12:06:03.0532 4140 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 12:06:03.0532 4140 kbdclass - ok 12:06:03.0563 4140 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys 12:06:03.0563 4140 kbdhid - ok 12:06:03.0595 4140 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 12:06:03.0595 4140 KeyIso - ok 12:06:03.0626 4140 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys 12:06:03.0626 4140 KSecDD - ok 12:06:03.0657 4140 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys 12:06:03.0657 4140 KSecPkg - ok 12:06:03.0673 4140 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 12:06:03.0673 4140 ksthunk - ok 12:06:03.0719 4140 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 12:06:03.0735 4140 KtmRm - ok 12:06:03.0782 4140 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll 12:06:03.0797 4140 LanmanServer - ok 12:06:03.0829 4140 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll 12:06:03.0829 4140 LanmanWorkstation - ok 12:06:03.0875 4140 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 12:06:03.0875 4140 lltdio - ok 12:06:03.0922 4140 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 12:06:03.0938 4140 lltdsvc - ok 12:06:03.0953 4140 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 12:06:03.0953 4140 lmhosts - ok 12:06:04.0063 4140 LMS (d7e0bed3ea21d7bddd410ade51708d90) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe 12:06:04.0063 4140 LMS - ok 12:06:04.0125 4140 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys 12:06:04.0141 4140 LSI_FC - ok 12:06:04.0172 4140 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys 12:06:04.0172 4140 LSI_SAS - ok 12:06:04.0234 4140 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys 12:06:04.0234 4140 LSI_SAS2 - ok 12:06:04.0297 4140 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys 12:06:04.0297 4140 LSI_SCSI - ok 12:06:04.0328 4140 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 12:06:04.0343 4140 luafv - ok 12:06:04.0375 4140 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys 12:06:04.0375 4140 MBAMProtector - ok 12:06:04.0484 4140 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 12:06:04.0484 4140 MBAMService - ok 12:06:04.0515 4140 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll 12:06:04.0515 4140 Mcx2Svc - ok 12:06:04.0546 4140 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys 12:06:04.0546 4140 megasas - ok 12:06:04.0593 4140 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys 12:06:04.0593 4140 MegaSR - ok 12:06:04.0624 4140 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys 12:06:04.0624 4140 MEIx64 - ok 12:06:04.0687 4140 Microsoft SharePoint Workspace Audit Service - ok 12:06:04.0718 4140 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 12:06:04.0733 4140 MMCSS - ok 12:06:04.0749 4140 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 12:06:04.0749 4140 Modem - ok 12:06:04.0780 4140 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 12:06:04.0780 4140 monitor - ok 12:06:04.0811 4140 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 12:06:04.0811 4140 mouclass - ok 12:06:04.0827 4140 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 12:06:04.0827 4140 mouhid - ok 12:06:04.0858 4140 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 12:06:04.0874 4140 mountmgr - ok 12:06:04.0921 4140 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 12:06:04.0921 4140 mpio - ok 12:06:04.0936 4140 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 12:06:04.0952 4140 mpsdrv - ok 12:06:05.0030 4140 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll 12:06:05.0061 4140 MpsSvc - ok 12:06:05.0092 4140 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 12:06:05.0092 4140 MRxDAV - ok 12:06:05.0123 4140 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 12:06:05.0139 4140 mrxsmb - ok 12:06:05.0170 4140 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 12:06:05.0186 4140 mrxsmb10 - ok 12:06:05.0217 4140 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 12:06:05.0233 4140 mrxsmb20 - ok 12:06:05.0248 4140 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 12:06:05.0248 4140 msahci - ok 12:06:05.0295 4140 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 12:06:05.0295 4140 msdsm - ok 12:06:05.0326 4140 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 12:06:05.0326 4140 MSDTC - ok 12:06:05.0357 4140 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 12:06:05.0357 4140 Msfs - ok 12:06:05.0373 4140 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 12:06:05.0373 4140 mshidkmdf - ok 12:06:05.0404 4140 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 12:06:05.0404 4140 msisadrv - ok 12:06:05.0435 4140 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 12:06:05.0451 4140 MSiSCSI - ok 12:06:05.0467 4140 msiserver - ok 12:06:05.0482 4140 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 12:06:05.0498 4140 MSKSSRV - ok 12:06:05.0513 4140 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 12:06:05.0513 4140 MSPCLOCK - ok 12:06:05.0529 4140 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 12:06:05.0529 4140 MSPQM - ok 12:06:05.0576 4140 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 12:06:05.0591 4140 MsRPC - ok 12:06:05.0623 4140 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 12:06:05.0623 4140 mssmbios - ok 12:06:05.0638 4140 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 12:06:05.0638 4140 MSTEE - ok 12:06:05.0654 4140 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys 12:06:05.0654 4140 MTConfig - ok 12:06:05.0669 4140 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 12:06:05.0685 4140 Mup - ok 12:06:05.0763 4140 MyWiFiDHCPDNS (0cf5580f27918ffd2e165ecafa734103) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe 12:06:05.0779 4140 MyWiFiDHCPDNS - ok 12:06:05.0841 4140 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll 12:06:05.0857 4140 napagent - ok 12:06:05.0919 4140 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 12:06:05.0919 4140 NativeWifiP - ok 12:06:06.0028 4140 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys 12:06:06.0044 4140 NDIS - ok 12:06:06.0075 4140 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 12:06:06.0075 4140 NdisCap - ok 12:06:06.0106 4140 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 12:06:06.0106 4140 NdisTapi - ok 12:06:06.0122 4140 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 12:06:06.0137 4140 Ndisuio - ok 12:06:06.0169 4140 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 12:06:06.0184 4140 NdisWan - ok 12:06:06.0215 4140 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 12:06:06.0215 4140 NDProxy - ok 12:06:06.0231 4140 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 12:06:06.0231 4140 NetBIOS - ok 12:06:06.0262 4140 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 12:06:06.0262 4140 NetBT - ok 12:06:06.0293 4140 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 12:06:06.0293 4140 Netlogon - ok 12:06:06.0340 4140 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 12:06:06.0356 4140 Netman - ok 12:06:06.0403 4140 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 12:06:06.0403 4140 netprofm - ok 12:06:06.0465 4140 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 12:06:06.0465 4140 NetTcpPortSharing - ok 12:06:06.0886 4140 NETwNs64 (b9c587bdaa61a689883439d5ae6fe7f3) C:\Windows\system32\DRIVERS\NETwNs64.sys 12:06:07.0042 4140 NETwNs64 - ok 12:06:07.0198 4140 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys 12:06:07.0198 4140 nfrd960 - ok 12:06:07.0245 4140 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll 12:06:07.0261 4140 NlaSvc - ok 12:06:07.0276 4140 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 12:06:07.0292 4140 Npfs - ok 12:06:07.0307 4140 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 12:06:07.0307 4140 nsi - ok 12:06:07.0323 4140 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 12:06:07.0323 4140 nsiproxy - ok 12:06:07.0510 4140 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 12:06:07.0541 4140 Ntfs - ok 12:06:07.0635 4140 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 12:06:07.0635 4140 Null - ok 12:06:07.0666 4140 nusb3hub (158ad24745bd85ba9be3c51c38f48c32) C:\Windows\system32\DRIVERS\nusb3hub.sys 12:06:07.0682 4140 nusb3hub - ok 12:06:07.0729 4140 nusb3xhc (d40a13b2c0891e218f9523b376955db6) C:\Windows\system32\DRIVERS\nusb3xhc.sys 12:06:07.0729 4140 nusb3xhc - ok 12:06:07.0791 4140 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys 12:06:07.0807 4140 NVENETFD - ok 12:06:07.0853 4140 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 12:06:07.0853 4140 nvraid - ok 12:06:07.0885 4140 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 12:06:07.0900 4140 nvstor - ok 12:06:07.0931 4140 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 12:06:07.0931 4140 nv_agp - ok 12:06:07.0963 4140 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 12:06:07.0978 4140 ohci1394 - ok 12:06:08.0072 4140 ose64 (4965b005492cba7719e82b71e3245495) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 12:06:08.0072 4140 ose64 - ok 12:06:08.0415 4140 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 12:06:08.0462 4140 osppsvc - ok 12:06:08.0602 4140 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 12:06:08.0618 4140 p2pimsvc - ok 12:06:08.0680 4140 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 12:06:08.0696 4140 p2psvc - ok 12:06:08.0727 4140 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys 12:06:08.0743 4140 Parport - ok 12:06:08.0758 4140 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys 12:06:08.0758 4140 partmgr - ok 12:06:08.0789 4140 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 12:06:08.0805 4140 PcaSvc - ok 12:06:08.0852 4140 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 12:06:08.0852 4140 pci - ok 12:06:08.0867 4140 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 12:06:08.0867 4140 pciide - ok 12:06:08.0914 4140 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys 12:06:08.0914 4140 pcmcia - ok 12:06:08.0930 4140 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 12:06:08.0930 4140 pcw - ok 12:06:09.0008 4140 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 12:06:09.0023 4140 PEAUTH - ok 12:06:09.0117 4140 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 12:06:09.0117 4140 PerfHost - ok 12:06:09.0351 4140 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll 12:06:09.0382 4140 pla - ok 12:06:09.0460 4140 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll 12:06:09.0476 4140 PlugPlay - ok 12:06:09.0491 4140 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 12:06:09.0507 4140 PNRPAutoReg - ok 12:06:09.0554 4140 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 12:06:09.0554 4140 PNRPsvc - ok 12:06:09.0632 4140 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll 12:06:09.0647 4140 PolicyAgent - ok 12:06:09.0694 4140 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 12:06:09.0694 4140 Power - ok 12:06:09.0757 4140 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 12:06:09.0772 4140 PptpMiniport - ok 12:06:09.0803 4140 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys 12:06:09.0803 4140 Processor - ok 12:06:09.0835 4140 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll 12:06:09.0850 4140 ProfSvc - ok 12:06:09.0881 4140 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 12:06:09.0881 4140 ProtectedStorage - ok 12:06:09.0913 4140 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 12:06:09.0913 4140 Psched - ok 12:06:10.0100 4140 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys 12:06:10.0115 4140 ql2300 - ok 12:06:10.0209 4140 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys 12:06:10.0225 4140 ql40xx - ok 12:06:10.0256 4140 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 12:06:10.0271 4140 QWAVE - ok 12:06:10.0287 4140 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 12:06:10.0287 4140 QWAVEdrv - ok 12:06:10.0303 4140 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 12:06:10.0303 4140 RasAcd - ok 12:06:10.0334 4140 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 12:06:10.0334 4140 RasAgileVpn - ok 12:06:10.0365 4140 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 12:06:10.0381 4140 RasAuto - ok 12:06:10.0412 4140 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 12:06:10.0427 4140 Rasl2tp - ok 12:06:10.0490 4140 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll 12:06:10.0490 4140 RasMan - ok 12:06:10.0537 4140 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 12:06:10.0552 4140 RasPppoe - ok 12:06:10.0568 4140 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 12:06:10.0599 4140 RasSstp - ok 12:06:10.0630 4140 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 12:06:10.0646 4140 rdbss - ok 12:06:10.0661 4140 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys 12:06:10.0661 4140 rdpbus - ok 12:06:10.0677 4140 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 12:06:10.0677 4140 RDPCDD - ok 12:06:10.0693 4140 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 12:06:10.0693 4140 RDPENCDD - ok 12:06:10.0708 4140 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 12:06:10.0724 4140 RDPREFMP - ok 12:06:10.0771 4140 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys 12:06:10.0786 4140 RDPWD - ok 12:06:10.0833 4140 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 12:06:10.0833 4140 rdyboost - ok 12:06:10.0989 4140 RegSrvc (aa9fd849c028ccb441a78061b57db734) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe 12:06:11.0005 4140 RegSrvc - ok 12:06:11.0051 4140 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 12:06:11.0067 4140 RemoteAccess - ok 12:06:11.0098 4140 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 12:06:11.0114 4140 RemoteRegistry - ok 12:06:11.0192 4140 RoxioNow Service (085d18c71ab2611a3d61528132b6501e) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe 12:06:11.0207 4140 RoxioNow Service - ok 12:06:11.0223 4140 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 12:06:11.0223 4140 RpcEptMapper - ok 12:06:11.0254 4140 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 12:06:11.0254 4140 RpcLocator - ok 12:06:11.0317 4140 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 12:06:11.0332 4140 RpcSs - ok 12:06:11.0410 4140 RSPCIESTOR (d5c3e1629a3f7f0857d27949252b94ce) C:\Windows\system32\DRIVERS\RtsPStor.sys 12:06:11.0426 4140 RSPCIESTOR - ok 12:06:11.0473 4140 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 12:06:11.0473 4140 rspndr - ok 12:06:11.0519 4140 RTL8167 (ed5873f7dfb2f96d37f13322211b6bdc) C:\Windows\system32\DRIVERS\Rt64win7.sys 12:06:11.0535 4140 RTL8167 - ok 12:06:11.0566 4140 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 12:06:11.0566 4140 SamSs - ok 12:06:11.0629 4140 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 12:06:11.0629 4140 sbp2port - ok 12:06:11.0660 4140 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 12:06:11.0675 4140 SCardSvr - ok 12:06:11.0691 4140 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 12:06:11.0691 4140 scfilter - ok 12:06:11.0816 4140 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll 12:06:11.0847 4140 Schedule - ok 12:06:11.0878 4140 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 12:06:11.0878 4140 SCPolicySvc - ok 12:06:11.0909 4140 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys 12:06:11.0925 4140 sdbus - ok 12:06:11.0956 4140 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll 12:06:11.0972 4140 SDRSVC - ok 12:06:12.0003 4140 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 12:06:12.0003 4140 secdrv - ok 12:06:12.0019 4140 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll 12:06:12.0019 4140 seclogon - ok 12:06:12.0050 4140 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll 12:06:12.0065 4140 SENS - ok 12:06:12.0081 4140 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 12:06:12.0081 4140 SensrSvc - ok 12:06:12.0112 4140 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys 12:06:12.0112 4140 Serenum - ok 12:06:12.0159 4140 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys 12:06:12.0175 4140 Serial - ok 12:06:12.0190 4140 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys 12:06:12.0206 4140 sermouse - ok 12:06:12.0237 4140 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll 12:06:12.0268 4140 SessionEnv - ok 12:06:12.0284 4140 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 12:06:12.0284 4140 sffdisk - ok 12:06:12.0299 4140 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 12:06:12.0315 4140 sffp_mmc - ok 12:06:12.0331 4140 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 12:06:12.0331 4140 sffp_sd - ok 12:06:12.0346 4140 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys 12:06:12.0362 4140 sfloppy - ok 12:06:12.0409 4140 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll 12:06:12.0424 4140 SharedAccess - ok 12:06:12.0487 4140 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll 12:06:12.0487 4140 ShellHWDetection - ok 12:06:12.0518 4140 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys 12:06:12.0518 4140 SiSRaid2 - ok 12:06:12.0549 4140 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys 12:06:12.0549 4140 SiSRaid4 - ok 12:06:12.0643 4140 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe 12:06:12.0643 4140 SkypeUpdate - ok 12:06:12.0689 4140 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 12:06:12.0721 4140 Smb - ok 12:06:12.0752 4140 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 12:06:12.0767 4140 SNMPTRAP - ok 12:06:12.0783 4140 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 12:06:12.0783 4140 spldr - ok 12:06:12.0845 4140 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe 12:06:12.0861 4140 Spooler - ok 12:06:13.0126 4140 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe 12:06:13.0204 4140 sppsvc - ok 12:06:13.0313 4140 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 12:06:13.0313 4140 sppuinotify - ok 12:06:13.0423 4140 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys 12:06:13.0423 4140 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb 12:06:13.0423 4140 sptd ( LockedFile.Multi.Generic ) - warning 12:06:13.0423 4140 sptd - detected LockedFile.Multi.Generic (1) 12:06:13.0501 4140 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 12:06:13.0516 4140 srv - ok 12:06:13.0563 4140 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 12:06:13.0563 4140 srv2 - ok 12:06:13.0625 4140 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS 12:06:13.0625 4140 SrvHsfHDA - ok 12:06:13.0781 4140 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS 12:06:13.0828 4140 SrvHsfV92 - ok 12:06:13.0969 4140 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS 12:06:13.0984 4140 SrvHsfWinac - ok 12:06:14.0015 4140 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 12:06:14.0031 4140 srvnet - ok 12:06:14.0093 4140 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 12:06:14.0093 4140 SSDPSRV - ok 12:06:14.0125 4140 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 12:06:14.0125 4140 SstpSvc - ok 12:06:14.0234 4140 STacSV (86678c2f5081fea3517d78e92230b5ff) C:\Program Files\IDT\WDM\STacSV64.exe 12:06:14.0234 4140 STacSV - ok 12:06:14.0296 4140 Steam Client Service - ok 12:06:14.0327 4140 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys 12:06:14.0327 4140 stexstor - ok 12:06:14.0405 4140 STHDA (74387b34b43f94e380608888c56a5ccd) C:\Windows\system32\DRIVERS\stwrt64.sys 12:06:14.0437 4140 STHDA - ok 12:06:14.0530 4140 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll 12:06:14.0546 4140 stisvc - ok 12:06:14.0577 4140 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 12:06:14.0577 4140 swenum - ok 12:06:14.0655 4140 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 12:06:14.0671 4140 swprv - ok 12:06:14.0827 4140 SynTP (33e6a285daa5134d8ea2247914c86c09) C:\Windows\system32\DRIVERS\SynTP.sys 12:06:14.0858 4140 SynTP - ok 12:06:15.0029 4140 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll 12:06:15.0076 4140 SysMain - ok 12:06:15.0139 4140 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll 12:06:15.0139 4140 TabletInputService - ok 12:06:15.0185 4140 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll 12:06:15.0201 4140 TapiSrv - ok 12:06:15.0217 4140 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 12:06:15.0232 4140 TBS - ok 12:06:15.0388 4140 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys 12:06:15.0419 4140 Tcpip - ok 12:06:15.0591 4140 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys 12:06:15.0622 4140 TCPIP6 - ok 12:06:15.0669 4140 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 12:06:15.0669 4140 tcpipreg - ok 12:06:15.0685 4140 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 12:06:15.0685 4140 TDPIPE - ok 12:06:15.0700 4140 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys 12:06:15.0716 4140 TDTCP - ok 12:06:15.0747 4140 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 12:06:15.0763 4140 tdx - ok 12:06:15.0778 4140 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 12:06:15.0794 4140 TermDD - ok 12:06:15.0856 4140 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll 12:06:15.0887 4140 TermService - ok 12:06:15.0903 4140 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 12:06:15.0903 4140 Themes - ok 12:06:15.0934 4140 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 12:06:15.0934 4140 THREADORDER - ok 12:06:15.0965 4140 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 12:06:15.0965 4140 TrkWks - ok 12:06:16.0012 4140 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe 12:06:16.0012 4140 TrustedInstaller - ok 12:06:16.0028 4140 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 12:06:16.0043 4140 tssecsrv - ok 12:06:16.0059 4140 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 12:06:16.0059 4140 TsUsbFlt - ok 12:06:16.0090 4140 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys 12:06:16.0090 4140 TsUsbGD - ok 12:06:16.0137 4140 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 12:06:16.0137 4140 tunnel - ok 12:06:16.0168 4140 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys 12:06:16.0168 4140 uagp35 - ok 12:06:16.0215 4140 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 12:06:16.0246 4140 udfs - ok 12:06:16.0277 4140 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 12:06:16.0293 4140 UI0Detect - ok 12:06:16.0340 4140 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 12:06:16.0340 4140 uliagpkx - ok 12:06:16.0371 4140 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys 12:06:16.0371 4140 umbus - ok 12:06:16.0402 4140 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys 12:06:16.0402 4140 UmPass - ok 12:06:16.0683 4140 UNS (a678e5ddd974903dd71f503bdcaca218) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe 12:06:16.0730 4140 UNS - ok 12:06:16.0870 4140 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 12:06:16.0886 4140 upnphost - ok 12:06:16.0948 4140 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 12:06:16.0964 4140 usbccgp - ok 12:06:16.0979 4140 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 12:06:16.0979 4140 usbcir - ok 12:06:17.0011 4140 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys 12:06:17.0011 4140 usbehci - ok 12:06:17.0073 4140 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 12:06:17.0089 4140 usbhub - ok 12:06:17.0104 4140 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys 12:06:17.0104 4140 usbohci - ok 12:06:17.0135 4140 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 12:06:17.0135 4140 usbprint - ok 12:06:17.0167 4140 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys 12:06:17.0167 4140 usbscan - ok 12:06:17.0198 4140 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 12:06:17.0213 4140 USBSTOR - ok 12:06:17.0229 4140 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys 12:06:17.0229 4140 usbuhci - ok 12:06:17.0276 4140 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys 12:06:17.0291 4140 usbvideo - ok 12:06:17.0323 4140 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 12:06:17.0323 4140 UxSms - ok 12:06:17.0354 4140 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 12:06:17.0369 4140 VaultSvc - ok 12:06:17.0385 4140 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 12:06:17.0385 4140 vdrvroot - ok 12:06:17.0447 4140 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe 12:06:17.0463 4140 vds - ok 12:06:17.0479 4140 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 12:06:17.0479 4140 vga - ok 12:06:17.0494 4140 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 12:06:17.0510 4140 VgaSave - ok 12:06:17.0557 4140 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 12:06:17.0557 4140 vhdmp - ok 12:06:17.0588 4140 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 12:06:17.0588 4140 viaide - ok 12:06:17.0635 4140 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 12:06:17.0635 4140 volmgr - ok 12:06:17.0681 4140 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 12:06:17.0681 4140 volmgrx - ok 12:06:17.0728 4140 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 12:06:17.0728 4140 volsnap - ok 12:06:17.0775 4140 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys 12:06:17.0775 4140 vsmraid - ok 12:06:17.0947 4140 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe 12:06:17.0978 4140 VSS - ok 12:06:18.0103 4140 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 12:06:18.0103 4140 vwifibus - ok 12:06:18.0134 4140 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 12:06:18.0134 4140 vwififlt - ok 12:06:18.0165 4140 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys 12:06:18.0165 4140 vwifimp - ok 12:06:18.0227 4140 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 12:06:18.0259 4140 W32Time - ok 12:06:18.0274 4140 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys 12:06:18.0290 4140 WacomPen - ok 12:06:18.0321 4140 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 12:06:18.0337 4140 WANARP - ok 12:06:18.0352 4140 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 12:06:18.0352 4140 Wanarpv6 - ok 12:06:18.0524 4140 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe 12:06:18.0539 4140 WatAdminSvc - ok 12:06:18.0711 4140 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe 12:06:18.0727 4140 wbengine - ok 12:06:18.0820 4140 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 12:06:18.0820 4140 WbioSrvc - ok 12:06:18.0883 4140 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll 12:06:18.0883 4140 wcncsvc - ok 12:06:18.0914 4140 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 12:06:18.0914 4140 WcsPlugInService - ok 12:06:18.0961 4140 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys 12:06:18.0961 4140 Wd - ok 12:06:19.0054 4140 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 12:06:19.0054 4140 Wdf01000 - ok 12:06:19.0085 4140 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 12:06:19.0085 4140 WdiServiceHost - ok 12:06:19.0085 4140 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 12:06:19.0101 4140 WdiSystemHost - ok 12:06:19.0132 4140 wdkmd (5e1640435dd54d00451156ca5340b109) C:\Windows\system32\DRIVERS\WDKMD.sys 12:06:19.0148 4140 wdkmd - ok 12:06:19.0179 4140 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll 12:06:19.0195 4140 WebClient - ok 12:06:19.0226 4140 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 12:06:19.0241 4140 Wecsvc - ok 12:06:19.0273 4140 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 12:06:19.0273 4140 wercplsupport - ok 12:06:19.0304 4140 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 12:06:19.0335 4140 WerSvc - ok 12:06:19.0351 4140 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 12:06:19.0366 4140 WfpLwf - ok 12:06:19.0382 4140 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 12:06:19.0382 4140 WIMMount - ok 12:06:19.0413 4140 WinDefend - ok 12:06:19.0413 4140 WinHttpAutoProxySvc - ok 12:06:19.0491 4140 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 12:06:19.0507 4140 Winmgmt - ok 12:06:19.0709 4140 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll 12:06:19.0756 4140 WinRM - ok 12:06:19.0912 4140 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys 12:06:19.0912 4140 WinUsb - ok 12:06:20.0021 4140 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 12:06:20.0053 4140 Wlansvc - ok 12:06:20.0099 4140 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 12:06:20.0099 4140 wlcrasvc - ok 12:06:20.0333 4140 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 12:06:20.0365 4140 wlidsvc - ok 12:06:20.0427 4140 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 12:06:20.0427 4140 WmiAcpi - ok 12:06:20.0505 4140 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 12:06:20.0505 4140 wmiApSrv - ok 12:06:20.0536 4140 WMPNetworkSvc - ok 12:06:20.0630 4140 WMZuneComm (83b6ca03c846fcd47f9883d77d1eb27b) C:\Program Files\Zune\WMZuneComm.exe 12:06:20.0645 4140 WMZuneComm - ok 12:06:20.0677 4140 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 12:06:20.0677 4140 WPCSvc - ok 12:06:20.0708 4140 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll 12:06:20.0723 4140 WPDBusEnum - ok 12:06:20.0755 4140 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 12:06:20.0755 4140 ws2ifsl - ok 12:06:20.0786 4140 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll 12:06:20.0786 4140 wscsvc - ok 12:06:20.0817 4140 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys 12:06:20.0848 4140 WSDPrintDevice - ok 12:06:20.0848 4140 WSearch - ok 12:06:21.0067 4140 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll 12:06:21.0129 4140 wuauserv - ok 12:06:21.0238 4140 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 12:06:21.0254 4140 WudfPf - ok 12:06:21.0301 4140 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 12:06:21.0316 4140 WUDFRd - ok 12:06:21.0332 4140 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll 12:06:21.0347 4140 wudfsvc - ok 12:06:21.0379 4140 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 12:06:21.0394 4140 WwanSvc - ok 12:06:21.0878 4140 ZuneNetworkSvc (67b787c34fb2888d01b130ae007042d8) C:\Program Files\Zune\ZuneNss.exe 12:06:21.0925 4140 ZuneNetworkSvc - ok 12:06:22.0003 4140 ZuneWlanCfgSvc (4d89fc1c20cf655739efac5da81a67bc) C:\Program Files\Zune\ZuneWlanCfgSvc.exe 12:06:22.0018 4140 ZuneWlanCfgSvc - ok 12:06:22.0049 4140 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 12:06:22.0127 4140 \Device\Harddisk0\DR0 - ok 12:06:22.0127 4140 Boot (0x1200) (c9f1a9cb0e553cf54b9f185fb402c6cd) \Device\Harddisk0\DR0\Partition0 12:06:22.0127 4140 \Device\Harddisk0\DR0\Partition0 - ok 12:06:22.0143 4140 Boot (0x1200) (5872a9229fe6c42902722c741a1c46a2) \Device\Harddisk0\DR0\Partition1 12:06:22.0159 4140 \Device\Harddisk0\DR0\Partition1 - ok 12:06:22.0190 4140 Boot (0x1200) (af7d18284ff0a1437949ec0e24be5f84) \Device\Harddisk0\DR0\Partition2 12:06:22.0190 4140 \Device\Harddisk0\DR0\Partition2 - ok 12:06:22.0205 4140 Boot (0x1200) (599868f08ed0f96b9988545fb8b56ac4) \Device\Harddisk0\DR0\Partition3 12:06:22.0205 4140 \Device\Harddisk0\DR0\Partition3 - ok 12:06:22.0205 4140 ============================================================ 12:06:22.0205 4140 Scan finished 12:06:22.0205 4140 ============================================================ 12:06:22.0221 3688 Detected object count: 1 12:06:22.0221 3688 Actual detected object count: 1 12:06:39.0444 3688 C:\Windows\system32\Drivers\sptd.sys - copied to quarantine 12:06:39.0459 3688 sptd ( LockedFile.Multi.Generic ) - User select action: Quarantine 12:07:08.0059 2532 Deinitialize success
  10. thank you for your help! here is the dds log . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by MikeP at 0:07:31 on 2012-05-02 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8140.5193 [GMT -7:00] . AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\PROGRA~2\AVG\AVG2012\avgrsa.exe C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\IDT\WDM\STacSV64.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\Hpservice.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k WbioSvcGroup C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\IDT\WDM\AESTSr64.exe C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Windows\SysWOW64\ezSharedSvcHost.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe C:\Program Files (x86)\AVG\AVG2012\avgemca.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\wbem\unsecapp.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe C:\Users\MikeP\AppData\Local\Akamai\netsession_win.exe C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Users\MikeP\AppData\Local\Akamai\netsession_win.exe C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files (x86)\AVG\AVG2012\avgtray.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\DllHost.exe C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Zune\ZuneNss.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Program Files\Zune\WMZuneComm.exe C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe C:\Users\MikeP\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MikeP\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MikeP\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MikeP\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MikeP\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MikeP\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\System32\svchost.exe -k swprv C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uInternet Settings,ProxyOverride = <local> BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File BHO: TrueSuite Website Log On: {8590886e-ec8c-43c1-a32c-e4c2b0b6395b} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File uRun: [Google Update] "C:\Users\MikeP\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [Akamai NetSession Interface] "C:\Users\MikeP\AppData\Local\Akamai\netsession_win.exe" mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" StartupFolder: C:\Users\MikeP\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{0BDD282A-EA72-4B70-B8F5-6078397FB7A0} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{0BDD282A-EA72-4B70-B8F5-6078397FB7A0}\140707C65602E4564777F627B602360393930363 : DhcpNameServer = 10.0.1.1 TCP: Interfaces\{0BDD282A-EA72-4B70-B8F5-6078397FB7A0}\259716E6723702140747 : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{0BDD282A-EA72-4B70-B8F5-6078397FB7A0}\C457 : DhcpNameServer = 75.75.75.75 75.75.76.76 TCP: Interfaces\{0BDD282A-EA72-4B70-B8F5-6078397FB7A0}\D496B6560284447303832313 : DhcpNameServer = 192.168.33.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - C:\Windows\SysWow64\EZUPBH~1.DLL SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO-X64: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File BHO-X64: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll BHO-X64: TSBHO Class - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun-x64: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" SEH-X64: EasyBits ShellExecute Hook: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL . ============= SERVICES / DRIVERS =============== . R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?] R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?] R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?] R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928] R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-9-24 89600] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248] R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776] R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe [2011-6-21 514232] R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-2-17 265544] R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560] R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168] R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264] R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?] R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-9-24 13336] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-16 654408] R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-9-24 2656280] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?] R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?] R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?] R3 intelkmd;intelkmd;C:\Windows\system32\DRIVERS\igdpmd64.sys --> C:\Windows\system32\DRIVERS\igdpmd64.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?] R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?] R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?] R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?] R3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2011-8-5 306400] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-25 253088] S3 ffusb2audio;Focusrite USB 2.0 Audio Driver;C:\Windows\system32\DRIVERS\ffusb2audio.sys --> C:\Windows\system32\DRIVERS\ffusb2audio.sys [?] S3 ffusb2audioks;ffusb2audioks;C:\Windows\system32\DRIVERS\ffusb2audioks_x64.sys --> C:\Windows\system32\DRIVERS\ffusb2audioks_x64.sys [?] S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] S3 hpCMSrv;HP Connection Manager 4.0 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-2-15 1071160] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536] S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-1-5 340240] S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440] S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?] S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?] S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-04-25 08:15:11 8766112 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe 2012-04-25 08:03:08 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-04-18 07:05:09 -------- d-----w- C:\Users\MikeP\AppData\Local\Akamai 2012-04-16 00:36:57 -------- d-----w- C:\Users\MikeP\AppData\Roaming\MAGIX 2012-04-16 00:35:54 -------- d-----w- C:\ProgramData\MAGIX 2012-04-16 00:35:53 -------- d-----w- C:\Program Files (x86)\Common Files\MAGIX Services 2012-04-14 19:17:59 887296 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll 2012-04-14 19:17:59 678912 ----a-w- C:\Program Files (x86)\Internet Explorer\iedvtool.dll 2012-04-14 19:17:12 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-04-14 19:17:12 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-04-14 19:17:12 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-04-14 19:13:34 81408 ----a-w- C:\Windows\System32\imagehlp.dll 2012-04-14 19:13:34 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys 2012-04-14 19:13:34 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll 2012-04-14 19:13:32 5120 ----a-w- C:\Windows\SysWow64\wmi.dll 2012-04-14 19:13:32 5120 ----a-w- C:\Windows\System32\wmi.dll 2012-04-14 19:13:32 220672 ----a-w- C:\Windows\System32\wintrust.dll 2012-04-14 19:13:32 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll . ==================== Find3M ==================== . 2012-04-25 08:15:29 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-04-04 22:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-03-20 21:18:22 466456 ----a-w- C:\Windows\System32\wrap_oal.dll 2012-03-20 21:18:22 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll 2012-03-20 21:18:22 122904 ----a-w- C:\Windows\System32\OpenAL32.dll 2012-03-20 21:18:22 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll 2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll 2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll 2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-02-21 09:34:17 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-02-21 01:04:50 750488 ----a-w- C:\Windows\System32\npdeployJava1.dll 2012-02-21 01:04:49 660368 ----a-w- C:\Windows\System32\deployJava1.dll 2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll 2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll 2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys 2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll 2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll 2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys . ============= FINISH: 0:07:56.31 =============== attach.zip
  11. HiJack this log right here Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 6:25:41 PM, on 5/1/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Users\MikeP\AppData\Local\Akamai\netsession_win.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Users\MikeP\AppData\Local\Akamai\netsession_win.exe C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files (x86)\AVG\AVG2012\avgtray.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe C:\Users\MikeP\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MikeP\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MikeP\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MikeP\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MikeP\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\SysWOW64\rundll32.exe C:\Users\MikeP\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MikeP\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MikeP\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MikeP\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file) O2 - BHO: TSBHO Class - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (file missing) O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" O4 - HKLM\..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [Google Update] "C:\Users\MikeP\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\MikeP\AppData\Local\Akamai\netsession_win.exe" O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: TrueSuiteService (FPLService) - HP - C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe O23 - Service: HP Connection Manager 4.0 Service (hpCMSrv) - Hewlett-Packard Development Company L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing) O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: RoxioNow Service - Roxio - C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 13113 bytes And here are the most recent IP Block logs from malwarebytes 2012/04/29 21:10:09 -0700 MIKEP-HP MikeP MESSAGE Starting protection 2012/04/29 21:10:11 -0700 MIKEP-HP MikeP MESSAGE Protection started successfully 2012/04/29 21:10:14 -0700 MIKEP-HP MikeP MESSAGE Starting IP protection 2012/04/29 21:10:15 -0700 MIKEP-HP MikeP MESSAGE IP Protection started successfully 2012/04/29 21:10:38 -0700 MIKEP-HP MikeP IP-BLOCK 80.82.70.206 (Type: outgoing, Port: 49474, Process: chrome.exe) 2012/04/29 21:11:17 -0700 MIKEP-HP MikeP MESSAGE Executing scheduled update: Daily 2012/04/29 21:11:23 -0700 MIKEP-HP MikeP MESSAGE Starting database refresh 2012/04/29 21:11:23 -0700 MIKEP-HP MikeP MESSAGE Scheduled update executed successfully: database updated from version v2012.04.27.02 to version v2012.04.30.02 2012/04/29 21:11:23 -0700 MIKEP-HP MikeP MESSAGE Stopping IP protection 2012/04/29 21:12:12 -0700 MIKEP-HP MikeP MESSAGE IP Protection stopped 2012/04/29 21:12:13 -0700 MIKEP-HP MikeP MESSAGE Database refreshed successfully 2012/04/29 21:12:13 -0700 MIKEP-HP MikeP MESSAGE Starting IP protection 2012/04/29 21:12:14 -0700 MIKEP-HP MikeP MESSAGE IP Protection started successfully 2012/04/30 11:06:08 -0700 MIKEP-HP MikeP IP-BLOCK 67.43.237.147 (Type: incoming, Port: 13238, Process: svchost.exe) 2012/04/30 11:06:08 -0700 MIKEP-HP MikeP IP-BLOCK 67.43.237.147 (Type: incoming, Port: 13238, Process: svchost.exe)
  12. HiJack this log right here Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 9:49:53 PM, on 4/17/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files (x86)\AVG\AVG2012\avgtray.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe C:\Users\MikeP\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MikeP\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MikeP\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MikeP\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MikeP\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MikeP\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\SysWOW64\rundll32.exe C:\Users\MikeP\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MikeP\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MikeP\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MikeP\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MikeP\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file) O2 - BHO: TSBHO Class - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (file missing) O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" O4 - HKLM\..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKCU\..\Run: [Google Update] "C:\Users\MikeP\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing) O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: TrueSuiteService (FPLService) - HP - C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe O23 - Service: HP Connection Manager 4.0 Service (hpCMSrv) - Hewlett-Packard Development Company L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing) O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: RoxioNow Service - Roxio - C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 12893 bytes And here are the most recent IP Block logs from malwarebytes Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 9:49:53 PM, on 4/17/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files (x86)\AVG\AVG2012\avgtray.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe C:\Users\MikeP\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MikeP\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MikeP\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MikeP\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MikeP\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MikeP\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\SysWOW64\rundll32.exe C:\Users\MikeP\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MikeP\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MikeP\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MikeP\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MikeP\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file) O2 - BHO: TSBHO Class - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (file missing) O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" O4 - HKLM\..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKCU\..\Run: [Google Update] "C:\Users\MikeP\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing) O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: TrueSuiteService (FPLService) - HP - C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe O23 - Service: HP Connection Manager 4.0 Service (hpCMSrv) - Hewlett-Packard Development Company L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing) O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: RoxioNow Service - Roxio - C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 12893 bytes 2012/04/17 10:11:50 -0700 MIKEP-HP MikeP MESSAGE Starting protection 2012/04/17 10:11:53 -0700 MIKEP-HP MikeP MESSAGE Protection started successfully 2012/04/17 10:11:56 -0700 MIKEP-HP MikeP MESSAGE Starting IP protection 2012/04/17 10:11:57 -0700 MIKEP-HP MikeP MESSAGE IP Protection started successfully 2012/04/17 10:19:27 -0700 MIKEP-HP MikeP IP-BLOCK 88.85.70.106 (Type: outgoing, Port: 50296, Process: chrome.exe) 2012/04/17 10:19:28 -0700 MIKEP-HP MikeP IP-BLOCK 88.85.70.106 (Type: outgoing, Port: 50300, Process: chrome.exe) 2012/04/17 10:19:28 -0700 MIKEP-HP MikeP IP-BLOCK 88.85.70.106 (Type: outgoing, Port: 50307, Process: chrome.exe) 2012/04/17 10:19:28 -0700 MIKEP-HP MikeP IP-BLOCK 88.85.70.106 (Type: outgoing, Port: 50311, Process: chrome.exe) 2012/04/17 21:46:15 -0700 MIKEP-HP MikeP IP-BLOCK 141.101.124.178 (Type: outgoing, Port: 54226, Process: chrome.exe) 2012/04/17 21:46:23 -0700 MIKEP-HP MikeP IP-BLOCK 141.101.124.178 (Type: outgoing, Port: 54226, Process: chrome.exe) 2012/04/17 21:46:39 -0700 MIKEP-HP MikeP IP-BLOCK 141.101.124.178 (Type: outgoing, Port: 54235, Process: chrome.exe) 2012/04/17 21:46:39 -0700 MIKEP-HP MikeP IP-BLOCK 141.101.124.178 (Type: outgoing, Port: 54236, Process: chrome.exe) 2012/04/17 21:46:39 -0700 MIKEP-HP MikeP IP-BLOCK 141.101.124.178 (Type: outgoing, Port: 54237, Process: chrome.exe) Does it seem like i may be infected?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.