Jump to content

Google/Yahoo Redirect Virus


Recommended Posts

My computer is infected with which appears to be a Google/Yahoo redirect virus. I've tried MalWareBytes, TDSSKiller, RogueKiller, etc. and while some of them have identified and removed suspicious files, the problem with search engine redirects still exists. After removal of the suspect files, redirects are halted but then return after a period of time (I noticed this morning that only some of the search results take you to errant sites, other links shown will take you to the "normal" site).

DSS logs follow:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26

Run by Dad at 8:13:01 on 2012-04-17

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8097.6002 [GMT -4:00]

.

AV: G Data TotalSecurity 2012 *Disabled/Updated* {39B780B4-63C2-05B0-3B40-8F7A21E4F496}

SP: G Data TotalSecurity 2012 *Disabled/Updated* {82D66150-45F8-0A3E-01F0-B4085A63BE2B}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: G Data Personal Firewall *Enabled* {018C0191-29AD-04E8-101F-264FDF37B3ED}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe

C:\Program Files (x86)\G Data\TotalSecurity\AVK\AVKWCtlX64.exe

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe

C:\Program Files\NetMotion Client\messerv.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe

C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe

C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe

C:\Program Files (x86)\Bluetooth Suite\adminservice.exe

C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe

C:\Program Files (x86)\G Data\TotalSecurity\AVK\AVKService.exe

C:\Windows\system32\IProsetMonitor.exe

C:\Program Files (x86)\Nortel\Nortel VPN Client\NvcSvcMgr.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\G Data\TotalSecurity\Firewall\GDFwSvcx64.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Common Files\G Data\AVKProxy\AvkBap64.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe

C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Logitech\SetPointP\LBTWiz.exe

C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\pnSvc.exe

C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe

C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\EC Simulator.exe

C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe

C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe

C:\Program Files (x86)\G Data\TotalSecurity\AVKTray\AVKTray.exe

C:\Program Files (x86)\G Data\TotalSecurity\Firewall\GDFirewallTray.exe

C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files\NetMotion Client\nomtray.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe

C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe

C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit=userinit.exe,

BHO: G Data WebFilter: {0124123d-61b4-456f-af86-78c53a0790c5} - C:\Program Files (x86)\G Data\TotalSecurity\WebFilter\AVKWebIE.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

BHO: G Data BankGuard: {ba3295cf-17ed-4f49-9e95-d999a0adbfdc} - C:\Program Files (x86)\Common Files\G Data\AVKProxy\BanksafeBHO.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: G Data WebFilter: {0124123d-61b4-456f-af86-78c53a0790c5} - C:\Program Files (x86)\G Data\TotalSecurity\WebFilter\AVKWebIE.dll

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe

mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe

mRun: [NVC] "C:\Program Files (x86)\Nortel\Nortel VPN Client\Nvc.exe" -autostart

mRun: [<NO NAME>]

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [iSUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start

mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

mRun: [ASUS ShellProcess Execute] C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe

mRun: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\TotalSecurity\AVKTray\AVKTray.exe

mRun: [GDFirewallTray] C:\Program Files (x86)\G Data\TotalSecurity\Firewall\GDFirewallTray.exe

mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [nomtray] C:\Program Files\NetMotion Client\nomtray.exe

mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

StartupFolder: C:\Users\Dad\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\AUTOMA~1.LNK - C:\Troopmaster Software\AutoMailer\AutoMailer.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GOOGLE~1.LNK - C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

Trusted Zone: intuit.com\ttlc

DPF: {444785F1-DE89-4295-863A-D46C3A781394} - hxxp://webplayer.unity3d.com/download_webplayer-2.x/UnityWebPlayer.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{6C5B3449-84CB-4589-A666-774F1A6EB932} : DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{BD5462E1-DD57-45B4-94BB-139D20AA0675} : DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{C4E1F696-F36D-4DDF-8F1A-12AFD276A586} : DhcpNameServer = 162.114.144.5 162.114.176.4 172.20.52.65

Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll

BHO-X64: G Data WebFilter: {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\TotalSecurity\WebFilter\AVKWebIE.dll

BHO-X64: G Data WebFilter Class - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

BHO-X64: Increase performance and video formats for your HTML5 <video> - No File

BHO-X64: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

BHO-X64: IESpeakDoc - No File

BHO-X64: G Data BankGuard: {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G Data\AVKProxy\BanksafeBHO.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: G Data WebFilter: {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\TotalSecurity\WebFilter\AVKWebIE.dll

mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe

mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe

mRun-x64: [NVC] "C:\Program Files (x86)\Nortel\Nortel VPN Client\Nvc.exe" -autostart

mRun-x64: [(Default)]

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [iSUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start

mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

mRun-x64: [ASUS ShellProcess Execute] C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe

mRun-x64: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\TotalSecurity\AVKTray\AVKTray.exe

mRun-x64: [GDFirewallTray] C:\Program Files (x86)\G Data\TotalSecurity\Firewall\GDFirewallTray.exe

mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [nomtray] C:\Program Files\NetMotion Client\nomtray.exe

mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\4zx6rji9.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.foxnews.com/

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Users\Dad\AppData\Local\Roblox\Versions\version-844560f43f354d3f\NPRobloxProxy.dll

FF - plugin: C:\Users\Dad\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\4zx6rji9.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll

.

============= SERVICES / DRIVERS ===============

.

R0 GDBehave;GDBehave;C:\Windows\system32\drivers\GDBehave.sys --> C:\Windows\system32\drivers\GDBehave.sys [?]

R0 mv91cons;Marvell 91xx Config Device Driver;C:\Windows\system32\DRIVERS\mv91cons.sys --> C:\Windows\system32\DRIVERS\mv91cons.sys [?]

R0 mvs91xx;mvs91xx;C:\Windows\system32\DRIVERS\mvs91xx.sys --> C:\Windows\system32\DRIVERS\mvs91xx.sys [?]

R0 NMutilnt;NetMotion Utility Driver;C:\Windows\system32\drivers\nmutilnt.sys --> C:\Windows\system32\drivers\nmutilnt.sys [?]

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 fsclm;FIPS Encryption Driver;\??\C:\Windows\system32\drivers\fsclm.sys --> C:\Windows\system32\drivers\fsclm.sys [?]

R1 GDMnIcpt;GDMnIcpt;\??\C:\Windows\system32\drivers\MiniIcpt.sys --> C:\Windows\system32\drivers\MiniIcpt.sys [?]

R1 gdwfpcd;G Data WFP CD;C:\Windows\system32\drivers\gdwfpcd64.sys --> C:\Windows\system32\drivers\gdwfpcd64.sys [?]

R1 GRD;G Data Rootkit Detector Driver;\??\C:\Windows\system32\drivers\GRD.sys --> C:\Windows\system32\drivers\GRD.sys [?]

R1 HookCentre;HookCentre;\??\C:\Windows\system32\drivers\HookCentre.sys --> C:\Windows\system32\drivers\HookCentre.sys [?]

R1 NMDRV;NetMotion Client Driver;C:\Program Files\NetMotion Client\nmdrv.sys [2011-8-26 1001560]

R1 NMRoam;NetMotion Roaming Detection Daemon;C:\Windows\system32\DRIVERS\nmroam.sys --> C:\Windows\system32\DRIVERS\nmroam.sys [?]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [2010-11-3 918144]

R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [2010-12-1 915584]

R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2011-7-18 586880]

R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-3-13 74912]

R2 AVKProxy;G Data AntiVirus Proxy;C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2012-2-22 1499656]

R2 AVKService;G Data Scheduler;C:\Program Files (x86)\G Data\TotalSecurity\AVK\AVKService.exe [2011-5-3 409608]

R2 AVKWCtl;G Data Filesystem Monitor;C:\Program Files (x86)\G Data\TotalSecurity\AVK\AVKWCtlx64.exe [2011-11-14 2191808]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-12-25 13592]

R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe --> C:\Windows\system32\IProsetMonitor.exe [?]

R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]

R2 MESSERV;NetMotion Client;C:\Program Files\NetMotion Client\messerv.exe [2011-8-26 1626200]

R2 NvcSvcMgr;Nortel VPN Client;C:\Program Files (x86)\Nortel\Nortel VPN Client\NvcSvcMgr.exe [2008-12-11 615704]

R2 nvcwfpco;nvcwfpco;C:\Windows\system32\DRIVERS\nvcwfpco.sys --> C:\Windows\system32\DRIVERS\nvcwfpco.sys [?]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys --> C:\Windows\system32\DRIVERS\btath_flt.sys [?]

R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys --> C:\Windows\system32\drivers\btath_a2dp.sys [?]

R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys --> C:\Windows\system32\DRIVERS\btath_bus.sys [?]

R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys --> C:\Windows\system32\DRIVERS\btath_hcrp.sys [?]

R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys --> C:\Windows\system32\DRIVERS\btath_lwflt.sys [?]

R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys --> C:\Windows\system32\DRIVERS\btath_rcp.sys [?]

R3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?]

R3 GDFwSvc;G Data Personal Firewall;C:\Program Files (x86)\G Data\TotalSecurity\Firewall\GDFwSvcx64.exe [2011-10-26 1556816]

R3 GDPkIcpt;GDPkIcpt;\??\C:\Windows\system32\drivers\PktIcpt.sys --> C:\Windows\system32\drivers\PktIcpt.sys [?]

R3 GDScan;G Data Scanner;C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [2011-11-14 457536]

R3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);C:\Windows\system32\DRIVERS\ICCWDT.sys --> C:\Windows\system32\DRIVERS\ICCWDT.sys [?]

R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 nmvnic;NMVNIC Network Adapter;C:\Windows\system32\DRIVERS\nmvnic.sys --> C:\Windows\system32\DRIVERS\nmvnic.sys [?]

R3 NT_NvcA;Nortel VPN Adapter;C:\Windows\system32\DRIVERS\ntnvca.sys --> C:\Windows\system32\DRIVERS\ntnvca.sys [?]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]

R3 rt61x64;Linksys Wireless-G PCI Adapter Driver;C:\Windows\system32\DRIVERS\WMP54Gv41x64.sys --> C:\Windows\system32\DRIVERS\WMP54Gv41x64.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-17 136176]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-10 253088]

S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\system32\Drivers\AthDfu.sys --> C:\Windows\system32\Drivers\AthDfu.sys [?]

S3 cphs;Intel® Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-2-14 276248]

S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]

S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]

S3 GDBackupSvc;G Data Backup Service;C:\Program Files (x86)\G Data\TotalSecurity\AVKBackup\AVKBackupService.exe [2011-11-14 1498616]

S3 GdNetMon;G Data Network Monitor;\??\C:\Windows\system32\drivers\GdNetMon64.sys --> C:\Windows\system32\drivers\GdNetMon64.sys [?]

S3 GDTunerSvc;G Data Tuner Service;C:\Program Files (x86)\G Data\TotalSecurity\AVKTuner\AVKTunerService.exe [2011-5-3 960504]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-17 136176]

S3 hitmanpro35;Hitman Pro 3.5 Support Driver;\??\C:\Windows\system32\drivers\hitmanpro36.sys --> C:\Windows\system32\drivers\hitmanpro36.sys [?]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-3-26 129976]

S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-04-17 11:31:33 12872 ----a-w- C:\Windows\System32\bootdelete.exe

2012-04-15 12:12:03 -------- d-----w- C:\Program Files (x86)\PC Tools

2012-04-15 12:08:53 230952 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys

2012-04-15 12:08:52 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools

2012-04-15 12:08:33 -------- d-----w- C:\Users\Dad\AppData\Roaming\TestApp

2012-04-15 12:08:33 -------- d-----w- C:\ProgramData\PC Tools

2012-04-15 07:40:04 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{92EDF1DD-B0E4-4F19-AB1E-E85C03DFB5DD}\offreg.dll

2012-04-15 04:25:50 27936 ----a-w- C:\Windows\System32\drivers\hitmanpro36.sys

2012-04-15 01:11:26 -------- d-----w- C:\Users\Dad\AppData\Roaming\SUPERAntiSpyware.com

2012-04-15 01:11:09 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com

2012-04-15 01:11:09 -------- d-----w- C:\Program Files\SUPERAntiSpyware

2012-04-14 23:59:17 -------- d-----w- C:\Program Files (x86)\ESET

2012-04-14 22:28:54 -------- d-----w- C:\Program Files\HitmanPro

2012-04-14 22:28:37 -------- d-----w- C:\ProgramData\HitmanPro

2012-04-14 22:22:15 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{92EDF1DD-B0E4-4F19-AB1E-E85C03DFB5DD}\mpengine.dll

2012-04-14 22:12:59 -------- d-----w- C:\TDSSKiller_Quarantine

2012-04-14 20:29:48 -------- d-----w- C:\Users\Dad\AppData\Roaming\Malwarebytes

2012-04-14 20:29:41 -------- d-----w- C:\ProgramData\Malwarebytes

2012-04-14 20:29:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-04-14 20:29:40 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-04-14 20:13:00 106488 ----a-w- C:\Windows\System32\drivers\GRD.sys

2012-04-12 12:17:54 81408 ----a-w- C:\Windows\System32\imagehlp.dll

2012-04-12 12:17:54 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys

2012-04-12 12:17:54 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll

2012-04-12 12:17:53 5120 ----a-w- C:\Windows\SysWow64\wmi.dll

2012-04-12 12:17:53 5120 ----a-w- C:\Windows\System32\wmi.dll

2012-04-12 12:17:53 220672 ----a-w- C:\Windows\System32\wintrust.dll

2012-04-12 12:17:53 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll

2012-04-10 18:29:06 8741536 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

2012-04-10 18:25:12 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-03-27 03:39:03 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service

2012-03-27 03:39:02 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe

2012-03-27 03:39:02 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe

2012-03-27 02:52:20 588728 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll

2012-03-27 02:52:20 43960 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll

2012-03-27 02:20:19 -------- d-----w- C:\Program Files\CCleaner

2012-03-27 02:07:58 -------- d-----w- C:\Program Files\WON

2012-03-26 15:54:06 1056768 ----a-w- C:\Windows\SysWow64\ROBOEX32.DLL

2012-03-26 15:54:03 54784 ----a-w- C:\Windows\SysWow64\INETWH32.dll

2012-03-26 15:54:03 233472 ----a-w- C:\Windows\SysWow64\SNWValid.dll

2012-03-26 15:54:02 1204224 ----a-w- C:\Windows\SysWow64\SierraNW.DLL

2012-03-26 15:53:59 44544 ----a-w- C:\Windows\SysWow64\gif89.dll

2012-03-26 15:53:53 -------- d-----w- C:\Program Files (x86)\Sierra On-Line

.

==================== Find3M ====================

.

2012-04-17 09:16:35 610688 ----a-w- C:\Windows\SysWow64\sig.bin

2012-04-14 13:34:21 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll

2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll

2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-02-23 14:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe

2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll

2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

2012-02-14 22:55:04 276248 ----a-w- C:\Windows\SysWow64\IntelCpHeciSvc.exe

2012-02-14 22:55:02 5886232 ----a-w- C:\Windows\System32\GfxUI.exe

2012-02-14 22:55:02 511768 ----a-w- C:\Windows\System32\igfxsrvc.exe

2012-02-14 22:55:02 440600 ----a-w- C:\Windows\System32\igfxpers.exe

2012-02-14 22:55:02 398616 ----a-w- C:\Windows\System32\hkcmd.exe

2012-02-14 22:55:02 250136 ----a-w- C:\Windows\System32\igfxext.exe

2012-02-14 22:55:02 184600 ----a-w- C:\Windows\System32\difx64.exe

2012-02-14 22:55:02 170264 ----a-w- C:\Windows\System32\igfxtray.exe

2012-02-14 22:53:26 90112 ----a-w- C:\Windows\System32\igfxCoIn_v2653.dll

2012-02-14 22:47:40 8086528 ----a-w- C:\Windows\System32\igdumd64.dll

2012-02-14 22:47:38 14692224 ----a-w- C:\Windows\System32\drivers\igdkmd64.sys

2012-02-14 22:47:06 963912 ----a-w- C:\Windows\SysWow64\igkrng600.bin

2012-02-14 22:47:06 963912 ----a-w- C:\Windows\System32\igkrng600.bin

2012-02-14 22:47:06 79360 ----a-w- C:\Windows\System32\igdde64.dll

2012-02-14 22:47:06 261208 ----a-w- C:\Windows\SysWow64\igfcg600m.bin

2012-02-14 22:47:06 261208 ----a-w- C:\Windows\System32\igfcg600m.bin

2012-02-14 22:44:54 6120960 ----a-w- C:\Windows\SysWow64\igdumd32.dll

2012-02-14 22:44:24 58880 ----a-w- C:\Windows\SysWow64\igdde32.dll

2012-02-14 22:42:58 9605632 ----a-w- C:\Windows\System32\igd10umd64.dll

2012-02-14 22:35:26 7794688 ----a-w- C:\Windows\SysWow64\igd10umd32.dll

2012-02-14 22:07:18 18125312 ----a-w- C:\Windows\System32\ig4icd64.dll

2012-02-14 21:59:56 13209600 ----a-w- C:\Windows\SysWow64\ig4icd32.dll

2012-02-14 21:56:42 110592 ----a-w- C:\Windows\System32\hccutils.dll

2012-02-14 21:56:34 9216 ----a-w- C:\Windows\System32\IGFXDEVLib.dll

2012-02-14 21:56:34 430080 ----a-w- C:\Windows\System32\igfxdev.dll

2012-02-14 21:56:34 172032 ----a-w- C:\Windows\System32\gfxSrvc.dll

2012-02-14 21:56:06 286208 ----a-w- C:\Windows\System32\igfxrenu.lrc

2012-02-14 21:56:04 142336 ----a-w- C:\Windows\System32\igfxdo.dll

2012-02-14 21:56:02 9007616 ----a-w- C:\Windows\System32\igfxress.dll

2012-02-14 21:55:06 25088 ----a-w- C:\Windows\SysWow64\igfxexps32.dll

2012-02-14 21:54:36 321024 ----a-w- C:\Windows\SysWow64\igfxdv32.dll

2012-02-14 21:53:08 524800 ----a-w- C:\Windows\System32\iglhsip64.dll

2012-02-14 21:53:08 519680 ----a-w- C:\Windows\SysWow64\iglhsip32.dll

2012-02-14 21:53:08 2967040 ----a-w- C:\Windows\System32\igfxcmjit64.dll

2012-02-14 21:53:08 237056 ----a-w- C:\Windows\SysWow64\igfxcmrt32.dll

2012-02-14 21:53:08 2321408 ----a-w- C:\Windows\SysWow64\igfxcmjit32.dll

2012-02-14 21:53:08 213504 ----a-w- C:\Windows\System32\iglhcp64.dll

2012-02-14 21:53:08 193024 ----a-w- C:\Windows\System32\igfxcmrt64.dll

2012-02-14 21:53:08 177152 ----a-w- C:\Windows\SysWow64\iglhcp32.dll

2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll

2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-02-07 15:02:40 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX

2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys

2012-01-25 06:38:39 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-01-25 06:38:38 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-01-25 06:33:30 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

.

============= FINISH: 8:13:23.48 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 7/14/2011 10:57:04 PM

System Uptime: 4/17/2012 7:38:15 AM (1 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | P8Z68 DELUXE

Processor: Intel® Core i5-2500K CPU @ 3.30GHz | LGA1155 | 3301/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 466 GiB total, 396.837 GiB free.

D: is FIXED (NTFS) - 596 GiB total, 565.176 GiB free.

E: is CDROM ()

F: is CDROM ()

G: is FIXED (NTFS) - 932 GiB total, 770.822 GiB free.

H: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Intel® 82579V Gigabit Network Connection

Device ID: PCI\VEN_8086&DEV_1503&SUBSYS_849C1043&REV_05\3&11583659&0&C8

Manufacturer: Intel

Name: Intel® 82579V Gigabit Network Connection

PNP Device ID: PCI\VEN_8086&DEV_1503&SUBSYS_849C1043&REV_05\3&11583659&0&C8

Service: e1cexpress

.

==== System Restore Points ===================

.

RP131: 4/15/2012 12:36:17 PM - Scheduled Checkpoint

.

==== Installed Programs ======================

.

.

Update for Microsoft Office 2007 (KB2508958)

Adobe AIR

Adobe Reader X (10.1.2)

AI Suite II

AnswerWorks 5.0 English Runtime

Apple Application Support

Apple Software Update

BufferChm

ClueFinders 5th Grade Adventures

DameWare Mini Remote Control

DeLorme Topo North America 9.0

Destinations

DirectX 9 Runtime

Disney Pirates of the Caribbean Online

DivX Setup

DocProc

EMC 10 Content

eReg

ESET Online Scanner v3

Family Tree Maker 2006

Family Tree Maker 2012

G Data TotalSecurity 2012

Google Calendar Sync

Google Chrome

Google Update Helper

GPBaseService2

GSAK 8.1.0.10 (Final)

HP Update

hpg4000

HPPhotosmartEssential

HPProductAssistant

Intel® Control Center

Intel® Management Engine Components

Intel® Processor Graphics

Intel® Rapid Storage Technology

Intel® Watchdog Timer Driver (Intel® WDT)

Java Auto Updater

Java 6 Update 26

JMicron JMB36X Driver

Malwarebytes Anti-Malware version 1.61.0.1400

marvell 91xx driver

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access database engine 2007 (English)

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Standard 2007

Microsoft Office Word MUI (English) 2007

Microsoft Streets & Trips 2010

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable Package

Mozilla Firefox 12.0 (x86 en-US)

Mozilla Maintenance Service

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Myst IV - Revelation

Notepad++

PackLedger Millennium

PackMaster 2011

PowerUp

Quicken 2011

QuickTime

Realtek Ethernet Controller Driver

Realtek High Definition Audio Driver

Renesas Electronics USB 3.0 Host Controller Driver

Roblox for Dad

Roxio Activation Module

Roxio BackOnTrack

Roxio Burn

Roxio Central Audio

Roxio Central Copy

Roxio Central Core

Roxio Central Data

Roxio Central Tools

Roxio Easy CD and DVD Burning

Roxio Express Labeler 3

Roxio PhotoShow

Roxio Update Manager

Scan

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

SolutionCenter

Sonic CinePlayer Decoder Pack

TurboTax 2011

TurboTax 2011 WinPerFedFormset

TurboTax 2011 WinPerReleaseEngine

TurboTax 2011 WinPerTaxSupport

TurboTax 2011 wkyiper

TurboTax 2011 wrapper

Unity Web Player

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition

Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

VC80CRTRedist - 8.0.50727.6195

WebReg

Windows Media Encoder 9 Series

Wizard101

WONswap

.

==== Event Viewer Messages From Past Week ========

.

4/17/2012 7:38:36 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: RxFilter

4/17/2012 7:37:41 AM, Error: Service Control Manager [7024] - The Superfetch service terminated with service-specific error The operation completed successfully..

4/17/2012 7:35:33 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service GDScan with arguments "" in order to run the server: {1E0D02B2-989A-45FF-9318-F43CC56C515A}

4/17/2012 7:35:33 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service AVKService with arguments "-Servive" in order to run the server: {2E0299CA-5126-439D-B801-45FC6B26209E}

4/17/2012 6:49:09 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service AVKProxy with arguments "-Service" in order to run the server: {9CC0C66E-A7B9-4611-8792-EE9833277273}

4/17/2012 6:48:48 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}

4/17/2012 6:48:48 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

4/17/2012 6:33:55 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

4/17/2012 6:33:54 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

4/17/2012 6:33:53 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

4/17/2012 6:33:53 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

4/17/2012 6:33:52 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

4/17/2012 6:33:46 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

4/17/2012 6:33:21 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AsIO AsUpIO discache GDMnIcpt gdwfpcd HookCentre RxFilter SASDIFSV SASKUTIL spldr Wanarpv6

4/16/2012 9:10:46 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

4/16/2012 8:53:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

4/16/2012 8:53:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

4/16/2012 8:53:39 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AsIO AsUpIO CSC DfsC discache fsclm GDMnIcpt gdwfpcd HookCentre NetBIOS NetBT NMDRV NMRoam nsiproxy Psched rdbss RxFilter SASDIFSV SASKUTIL spldr tdx Wanarpv6 WfpLwf

4/16/2012 8:53:39 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

4/16/2012 8:53:39 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

4/16/2012 8:53:39 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

4/16/2012 8:53:39 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

4/16/2012 8:53:39 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

4/16/2012 8:53:39 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

4/16/2012 8:53:39 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

4/16/2012 8:53:39 PM, Error: Service Control Manager [7001] - The NetMotion Client service depends on the NetMotion Client Driver service which failed to start because of the following error: A device attached to the system is not functioning.

4/16/2012 8:53:39 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

4/16/2012 8:53:39 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

4/16/2012 8:53:39 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

4/15/2012 8:13:42 AM, Error: PCTCore [280] -

4/15/2012 12:25:53 AM, Error: Service Control Manager [7024] - The HitmanPro 3.6 Crusader (Boot) service terminated with service-specific error The operation completed successfully..

4/15/2012 1:15:09 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000124 (0x0000000000000000, 0xfffffa800a855028, 0x00000000be200000, 0x0000000000041136). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 041512-20420-01.

4/14/2012 7:56:23 PM, Error: Service Control Manager [7000] - The HitmanPro 3.6 Crusader (Boot) service failed to start due to the following error: The system cannot find the file specified.

4/14/2012 3:59:31 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

4/14/2012 3:59:31 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

4/14/2012 3:59:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

4/14/2012 3:59:25 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

4/14/2012 3:59:11 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.

4/13/2012 8:43:41 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.123.1683.0).

4/11/2012 9:12:18 PM, Error: Service Control Manager [7034] - The G Data Backup Service service terminated unexpectedly. It has done this 2 time(s).

.

==== End Of File ===========================

Link to post
Share on other sites

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system (don't run any other options)

Post back the report.

--------------------------

Please post the log form TDSSKiller also, MrC

MrC

Link to post
Share on other sites

Thanks for the help. Logs posted:

RogueKiller V7.3.2 [03/20/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: Dad [Admin rights]

Mode: Scan -- Date: 04/17/2012 22:22:46

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: System0 +++++

--- User ---

[MBR] ef999c7af7e16e7ef2b31025efcc9389

[bSP] 4c313d1d8e278d2dfcff546e5a029a68 : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476835 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

+++++ PhysicalDrive1: WDC WD6400AAKS-65Z7B0 +++++

--- User ---

[MBR] 54ed20151a0463b47a5d4829e23051a4

[bSP] be3228f67023f03a9e8ee14e89455f0e : Windows XP MBR Code

Partition table:

0 - [ACTIVE] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 610469 Mo

1 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 1250242560 | Size: 7 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

22:26:08.0845 6072 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05

22:26:09.0344 6072 ============================================================

22:26:09.0344 6072 Current date / time: 2012/04/17 22:26:09.0344

22:26:09.0344 6072 SystemInfo:

22:26:09.0344 6072

22:26:09.0344 6072 OS Version: 6.1.7601 ServicePack: 1.0

22:26:09.0344 6072 Product type: Workstation

22:26:09.0344 6072 ComputerName: SHAGGY

22:26:09.0344 6072 UserName: Dad

22:26:09.0344 6072 Windows directory: C:\Windows

22:26:09.0344 6072 System windows directory: C:\Windows

22:26:09.0344 6072 Running under WOW64

22:26:09.0344 6072 Processor architecture: Intel x64

22:26:09.0344 6072 Number of processors: 4

22:26:09.0344 6072 Page size: 0x1000

22:26:09.0344 6072 Boot type: Normal boot

22:26:09.0344 6072 ============================================================

22:26:09.0632 6072 Drive \Device\Harddisk0\DR0 - Size: 0x7470900000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

22:26:09.0643 6072 Drive \Device\Harddisk1\DR1 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

22:26:09.0647 6072 Drive \Device\Harddisk2\DR4 - Size: 0xFFFF00000 (64.00 Gb), SectorSize: 0x200, Cylinders: 0x20A2, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

22:26:09.0648 6072 \Device\Harddisk0\DR0:

22:26:09.0649 6072 MBR used

22:26:09.0649 6072 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

22:26:09.0649 6072 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A351800

22:26:09.0649 6072 \Device\Harddisk1\DR1:

22:26:09.0649 6072 MBR used

22:26:09.0649 6072 \Device\Harddisk2\DR4:

22:26:09.0649 6072 MBR used

22:26:09.0673 6072 Initialize success

22:26:09.0673 6072 ============================================================

22:26:39.0178 1588 ============================================================

22:26:39.0178 1588 Scan started

22:26:39.0178 1588 Mode: Manual; SigCheck; TDLFS;

22:26:39.0179 1588 ============================================================

22:26:39.0977 1588 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

22:26:40.0093 1588 !SASCORE - ok

22:26:40.0288 1588 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys

22:26:40.0420 1588 1394ohci - ok

22:26:40.0488 1588 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

22:26:40.0518 1588 ACPI - ok

22:26:40.0530 1588 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

22:26:40.0590 1588 AcpiPmi - ok

22:26:40.0689 1588 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

22:26:40.0709 1588 AdobeARMservice - ok

22:26:40.0853 1588 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

22:26:40.0866 1588 AdobeFlashPlayerUpdateSvc - ok

22:26:40.0904 1588 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys

22:26:40.0928 1588 adp94xx - ok

22:26:40.0974 1588 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys

22:26:41.0003 1588 adpahci - ok

22:26:41.0024 1588 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys

22:26:41.0045 1588 adpu320 - ok

22:26:41.0069 1588 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

22:26:41.0188 1588 AeLookupSvc - ok

22:26:41.0246 1588 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

22:26:41.0302 1588 AFD - ok

22:26:41.0316 1588 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

22:26:41.0353 1588 agp440 - ok

22:26:41.0376 1588 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

22:26:41.0421 1588 ALG - ok

22:26:41.0438 1588 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

22:26:41.0475 1588 aliide - ok

22:26:41.0551 1588 AMD External Events Utility (a359974eaac83a435497c52f62a2e590) C:\Windows\system32\atiesrxx.exe

22:26:41.0587 1588 AMD External Events Utility - ok

22:26:41.0601 1588 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

22:26:41.0623 1588 amdide - ok

22:26:41.0640 1588 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys

22:26:41.0671 1588 AmdK8 - ok

22:26:41.0857 1588 amdkmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys

22:26:42.0068 1588 amdkmdag - ok

22:26:42.0089 1588 amdkmdap (6b4e9261b613b047a9a145f328889968) C:\Windows\system32\DRIVERS\atikmpag.sys

22:26:42.0135 1588 amdkmdap - ok

22:26:42.0172 1588 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys

22:26:42.0200 1588 AmdPPM - ok

22:26:42.0227 1588 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

22:26:42.0264 1588 amdsata - ok

22:26:42.0274 1588 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys

22:26:42.0300 1588 amdsbs - ok

22:26:42.0319 1588 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

22:26:42.0333 1588 amdxata - ok

22:26:42.0352 1588 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

22:26:42.0389 1588 AppID - ok

22:26:42.0407 1588 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

22:26:42.0435 1588 AppIDSvc - ok

22:26:42.0441 1588 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

22:26:42.0489 1588 Appinfo - ok

22:26:42.0558 1588 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll

22:26:42.0593 1588 AppMgmt - ok

22:26:42.0607 1588 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys

22:26:42.0647 1588 arc - ok

22:26:42.0656 1588 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys

22:26:42.0679 1588 arcsas - ok

22:26:42.0779 1588 asComSvc (fb03a917c1294d3e6d671f24722e1ba3) C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe

22:26:42.0833 1588 asComSvc - ok

22:26:42.0896 1588 asHmComSvc (a63173897ea1a73a75d0e65036de5b15) C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe

22:26:42.0942 1588 asHmComSvc - ok

22:26:42.0982 1588 AsIO (fef9dd9ea587f8886ade43c1befbdafe) C:\Windows\syswow64\drivers\AsIO.sys

22:26:43.0002 1588 AsIO - ok

22:26:43.0106 1588 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

22:26:43.0151 1588 aspnet_state - ok

22:26:43.0214 1588 AsSysCtrlService (5c31dfb196cb3a488a041881634d86d2) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe

22:26:43.0252 1588 AsSysCtrlService - ok

22:26:43.0309 1588 AsUpIO (1392b92179b07b672720763d9b1028a5) C:\Windows\syswow64\drivers\AsUpIO.sys

22:26:43.0329 1588 AsUpIO - ok

22:26:43.0348 1588 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

22:26:43.0409 1588 AsyncMac - ok

22:26:43.0436 1588 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

22:26:43.0448 1588 atapi - ok

22:26:43.0475 1588 AthBTPort (cbe61b4494165f458bd87e37181ee934) C:\Windows\system32\DRIVERS\btath_flt.sys

22:26:43.0510 1588 AthBTPort - ok

22:26:43.0544 1588 ATHDFU (4119870b90e1b5e7797d6433d21f9216) C:\Windows\system32\Drivers\AthDfu.sys

22:26:43.0572 1588 ATHDFU - ok

22:26:43.0607 1588 AtherosSvc (21753130331188c4b474e1d3b396e629) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe

22:26:43.0631 1588 AtherosSvc - ok

22:26:43.0771 1588 atikmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys

22:26:43.0850 1588 atikmdag - ok

22:26:43.0918 1588 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

22:26:43.0994 1588 AudioEndpointBuilder - ok

22:26:43.0999 1588 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

22:26:44.0029 1588 AudioSrv - ok

22:26:44.0159 1588 AVKProxy (b1ce458a6f330fa4369d1b3a65169c0c) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe

22:26:44.0221 1588 AVKProxy - ok

22:26:44.0306 1588 AVKService (ba79fa9db53879c2a05a181c3f40c76d) C:\Program Files (x86)\G Data\TotalSecurity\AVK\AVKService.exe

22:26:44.0335 1588 AVKService - ok

22:26:44.0420 1588 AVKWCtl (0255c17c2dca5fe8a99ce03a7cc6886e) C:\Program Files (x86)\G Data\TotalSecurity\AVK\AVKWCtlX64.exe

22:26:44.0475 1588 AVKWCtl - ok

22:26:44.0501 1588 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

22:26:44.0570 1588 AxInstSV - ok

22:26:44.0610 1588 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys

22:26:44.0660 1588 b06bdrv - ok

22:26:44.0697 1588 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

22:26:44.0743 1588 b57nd60a - ok

22:26:44.0764 1588 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

22:26:44.0816 1588 BDESVC - ok

22:26:44.0845 1588 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

22:26:44.0907 1588 Beep - ok

22:26:44.0957 1588 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

22:26:45.0030 1588 BFE - ok

22:26:45.0074 1588 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll

22:26:45.0201 1588 BITS - ok

22:26:45.0215 1588 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

22:26:45.0258 1588 blbdrive - ok

22:26:45.0283 1588 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

22:26:45.0339 1588 bowser - ok

22:26:45.0362 1588 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys

22:26:45.0392 1588 BrFiltLo - ok

22:26:45.0395 1588 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys

22:26:45.0420 1588 BrFiltUp - ok

22:26:45.0436 1588 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

22:26:45.0511 1588 Browser - ok

22:26:45.0521 1588 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

22:26:45.0584 1588 Brserid - ok

22:26:45.0588 1588 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

22:26:45.0611 1588 BrSerWdm - ok

22:26:45.0625 1588 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

22:26:45.0641 1588 BrUsbMdm - ok

22:26:45.0649 1588 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

22:26:45.0663 1588 BrUsbSer - ok

22:26:45.0695 1588 BTATH_A2DP (fe70889a85c57a9268101b2db0474509) C:\Windows\system32\drivers\btath_a2dp.sys

22:26:45.0713 1588 BTATH_A2DP - ok

22:26:45.0747 1588 BTATH_BUS (a83a91d07d1fe6bbe7a9db46ca00434b) C:\Windows\system32\DRIVERS\btath_bus.sys

22:26:45.0766 1588 BTATH_BUS - ok

22:26:45.0780 1588 BTATH_HCRP (c864ff85ee16d61c2bdd5ef76824625f) C:\Windows\system32\DRIVERS\btath_hcrp.sys

22:26:45.0805 1588 BTATH_HCRP - ok

22:26:45.0821 1588 BTATH_LWFLT (0dea505efb5d771826d177ef8b8a208f) C:\Windows\system32\DRIVERS\btath_lwflt.sys

22:26:45.0843 1588 BTATH_LWFLT - ok

22:26:45.0864 1588 BTATH_RCP (724c8088c96efe7a3e63fec21d4681c0) C:\Windows\system32\DRIVERS\btath_rcp.sys

22:26:45.0887 1588 BTATH_RCP - ok

22:26:45.0907 1588 BtFilter (aa0f5afcf077c5246589b32eceeae566) C:\Windows\system32\DRIVERS\btfilter.sys

22:26:45.0927 1588 BtFilter - ok

22:26:45.0964 1588 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys

22:26:46.0029 1588 BthEnum - ok

22:26:46.0041 1588 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

22:26:46.0105 1588 BTHMODEM - ok

22:26:46.0115 1588 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys

22:26:46.0180 1588 BthPan - ok

22:26:46.0209 1588 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys

22:26:46.0255 1588 BTHPORT - ok

22:26:46.0292 1588 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

22:26:46.0351 1588 bthserv - ok

22:26:46.0370 1588 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys

22:26:46.0404 1588 BTHUSB - ok

22:26:46.0429 1588 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

22:26:46.0501 1588 cdfs - ok

22:26:46.0535 1588 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

22:26:46.0590 1588 cdrom - ok

22:26:46.0612 1588 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

22:26:46.0680 1588 CertPropSvc - ok

22:26:46.0706 1588 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys

22:26:46.0733 1588 circlass - ok

22:26:46.0754 1588 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

22:26:46.0771 1588 CLFS - ok

22:26:46.0839 1588 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

22:26:46.0874 1588 clr_optimization_v2.0.50727_32 - ok

22:26:46.0923 1588 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

22:26:46.0949 1588 clr_optimization_v2.0.50727_64 - ok

22:26:47.0035 1588 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

22:26:47.0068 1588 clr_optimization_v4.0.30319_32 - ok

22:26:47.0095 1588 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

22:26:47.0116 1588 clr_optimization_v4.0.30319_64 - ok

22:26:47.0118 1588 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys

22:26:47.0167 1588 CmBatt - ok

22:26:47.0180 1588 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

22:26:47.0202 1588 cmdide - ok

22:26:47.0260 1588 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

22:26:47.0323 1588 CNG - ok

22:26:47.0343 1588 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys

22:26:47.0384 1588 Compbatt - ok

22:26:47.0412 1588 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys

22:26:47.0455 1588 CompositeBus - ok

22:26:47.0458 1588 COMSysApp - ok

22:26:47.0593 1588 cphs (df3e8c2c443d3618260dff5705ce2df5) C:\Windows\SysWow64\IntelCpHeciSvc.exe

22:26:47.0626 1588 cphs - ok

22:26:47.0650 1588 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys

22:26:47.0663 1588 crcdisk - ok

22:26:47.0678 1588 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll

22:26:47.0734 1588 CryptSvc - ok

22:26:47.0774 1588 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys

22:26:47.0862 1588 CSC - ok

22:26:47.0897 1588 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll

22:26:47.0937 1588 CscService - ok

22:26:47.0982 1588 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

22:26:48.0043 1588 DcomLaunch - ok

22:26:48.0067 1588 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

22:26:48.0114 1588 defragsvc - ok

22:26:48.0124 1588 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

22:26:48.0172 1588 DfsC - ok

22:26:48.0191 1588 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

22:26:48.0262 1588 Dhcp - ok

22:26:48.0271 1588 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

22:26:48.0318 1588 discache - ok

22:26:48.0345 1588 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys

22:26:48.0380 1588 Disk - ok

22:26:48.0417 1588 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys

22:26:48.0469 1588 dmvsc - ok

22:26:48.0507 1588 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

22:26:48.0557 1588 Dnscache - ok

22:26:48.0581 1588 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

22:26:48.0633 1588 dot3svc - ok

22:26:48.0648 1588 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

22:26:48.0690 1588 DPS - ok

22:26:48.0721 1588 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

22:26:48.0765 1588 drmkaud - ok

22:26:48.0791 1588 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

22:26:48.0839 1588 DXGKrnl - ok

22:26:48.0900 1588 e1cexpress (471612d324d8682b98b267bd091d2219) C:\Windows\system32\DRIVERS\e1c62x64.sys

22:26:48.0933 1588 e1cexpress - ok

22:26:48.0945 1588 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

22:26:49.0001 1588 EapHost - ok

22:26:49.0099 1588 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys

22:26:49.0204 1588 ebdrv - ok

22:26:49.0223 1588 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

22:26:49.0286 1588 EFS - ok

22:26:49.0356 1588 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

22:26:49.0414 1588 ehRecvr - ok

22:26:49.0435 1588 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

22:26:49.0461 1588 ehSched - ok

22:26:49.0570 1588 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys

22:26:49.0631 1588 elxstor - ok

22:26:49.0641 1588 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

22:26:49.0674 1588 ErrDev - ok

22:26:49.0707 1588 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

22:26:49.0748 1588 EventSystem - ok

22:26:49.0781 1588 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

22:26:49.0811 1588 exfat - ok

22:26:49.0836 1588 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

22:26:49.0891 1588 fastfat - ok

22:26:49.0943 1588 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

22:26:50.0023 1588 Fax - ok

22:26:50.0051 1588 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys

22:26:50.0085 1588 fdc - ok

22:26:50.0095 1588 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

22:26:50.0158 1588 fdPHost - ok

22:26:50.0165 1588 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

22:26:50.0202 1588 FDResPub - ok

22:26:50.0222 1588 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

22:26:50.0236 1588 FileInfo - ok

22:26:50.0242 1588 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

22:26:50.0306 1588 Filetrace - ok

22:26:50.0317 1588 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys

22:26:50.0331 1588 flpydisk - ok

22:26:50.0353 1588 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

22:26:50.0387 1588 FltMgr - ok

22:26:50.0453 1588 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

22:26:50.0526 1588 FontCache - ok

22:26:50.0596 1588 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

22:26:50.0629 1588 FontCache3.0.0.0 - ok

22:26:50.0709 1588 fsclm (216000a907cb41d7546f7b8c85afc562) C:\Windows\system32\drivers\fsclm.sys

22:26:50.0753 1588 fsclm - ok

22:26:50.0785 1588 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

22:26:50.0820 1588 FsDepends - ok

22:26:50.0859 1588 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

22:26:50.0916 1588 Fs_Rec - ok

22:26:50.0937 1588 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

22:26:50.0962 1588 fvevol - ok

22:26:50.0982 1588 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys

22:26:50.0998 1588 gagp30kx - ok

22:26:51.0147 1588 GDBackupSvc (be8d41cdf5dec88c55c8b559ad6c9f4a) C:\Program Files (x86)\G Data\TotalSecurity\AVKBackup\AVKBackupService.exe

22:26:51.0210 1588 GDBackupSvc - ok

22:26:51.0257 1588 GDBehave (70f2b7c787602c857525fd1939ef680a) C:\Windows\system32\drivers\GDBehave.sys

22:26:51.0281 1588 GDBehave - ok

22:26:51.0369 1588 GDFwSvc (9b510af4a6a63261f5c9a961a7508963) C:\Program Files (x86)\G Data\TotalSecurity\Firewall\GDFwSvcx64.exe

22:26:51.0413 1588 GDFwSvc - ok

22:26:51.0421 1588 GDMnIcpt (185b4958bf8ccc6ffa0eea5c0e7f65f6) C:\Windows\system32\drivers\MiniIcpt.sys

22:26:51.0439 1588 GDMnIcpt - ok

22:26:51.0475 1588 GdNetMon (6ed8137eb1767a9e4c94db894793b37d) C:\Windows\system32\drivers\GdNetMon64.sys

22:26:51.0509 1588 GdNetMon - ok

22:26:51.0522 1588 GDPkIcpt (a7dbc5e8767e70dbf59114f826d4b1b6) C:\Windows\system32\drivers\PktIcpt.sys

22:26:51.0556 1588 GDPkIcpt - ok

22:26:51.0727 1588 GDScan (7641143d7cae05ae5e07aa517a09fad3) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe

22:26:51.0752 1588 GDScan - ok

22:26:51.0878 1588 GDTunerSvc (7ec5ceefed97f1ab48a48c1df1d0af7f) C:\Program Files (x86)\G Data\TotalSecurity\AVKTuner\AVKTunerService.exe

22:26:51.0948 1588 GDTunerSvc - ok

22:26:51.0988 1588 gdwfpcd (a59e3e53fa5ba6355a300b31782d2e34) C:\Windows\system32\drivers\gdwfpcd64.sys

22:26:52.0033 1588 gdwfpcd - ok

22:26:52.0084 1588 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

22:26:52.0146 1588 gpsvc - ok

22:26:52.0198 1588 GRD (c86f45014c5d096d0e40e098d5e6947e) C:\Windows\system32\drivers\GRD.sys

22:26:52.0228 1588 GRD - ok

22:26:52.0275 1588 grmnusb (2ed7ff3e1ada4092632393781518b3a7) C:\Windows\system32\drivers\grmnusb.sys

22:26:52.0305 1588 grmnusb - ok

22:26:52.0421 1588 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

22:26:52.0458 1588 gupdate - ok

22:26:52.0479 1588 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

22:26:52.0492 1588 gupdatem - ok

22:26:52.0524 1588 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

22:26:52.0585 1588 hcw85cir - ok

22:26:52.0617 1588 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

22:26:52.0658 1588 HdAudAddService - ok

22:26:52.0680 1588 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys

22:26:52.0726 1588 HDAudBus - ok

22:26:52.0729 1588 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys

22:26:52.0750 1588 HidBatt - ok

22:26:52.0753 1588 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys

22:26:52.0783 1588 HidBth - ok

22:26:52.0798 1588 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys

22:26:52.0813 1588 HidIr - ok

22:26:52.0827 1588 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

22:26:52.0860 1588 hidserv - ok

22:26:52.0866 1588 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

22:26:52.0880 1588 HidUsb - ok

22:26:52.0922 1588 hitmanpro35 (461f1ca9b00f7142480c21a22efa7288) C:\Windows\system32\drivers\hitmanpro36.sys

22:26:52.0965 1588 hitmanpro35 - ok

22:26:52.0989 1588 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

22:26:53.0068 1588 hkmsvc - ok

22:26:53.0097 1588 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

22:26:53.0126 1588 HomeGroupListener - ok

22:26:53.0141 1588 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

22:26:53.0174 1588 HomeGroupProvider - ok

22:26:53.0225 1588 HookCentre (3bcb98418bf3cffb152109d3b10b1c85) C:\Windows\system32\drivers\HookCentre.sys

22:26:53.0270 1588 HookCentre - ok

22:26:53.0314 1588 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

22:26:53.0340 1588 HpSAMD - ok

22:26:53.0369 1588 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

22:26:53.0430 1588 HTTP - ok

22:26:53.0447 1588 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

22:26:53.0461 1588 hwpolicy - ok

22:26:53.0480 1588 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

22:26:53.0502 1588 i8042prt - ok

22:26:53.0557 1588 iaStor (2fdaec4b02729c48c0fd1b0b4695995b) C:\Windows\system32\DRIVERS\iaStor.sys

22:26:53.0583 1588 iaStor - ok

22:26:53.0650 1588 IAStorDataMgrSvc (d41861e56e7552c13674d7f147a02464) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

22:26:53.0680 1588 IAStorDataMgrSvc - ok

22:26:53.0712 1588 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

22:26:53.0747 1588 iaStorV - ok

22:26:53.0801 1588 ICCWDT (c1010add3ddae1196ed21057af7b2aae) C:\Windows\system32\DRIVERS\ICCWDT.sys

22:26:53.0831 1588 ICCWDT - ok

22:26:53.0879 1588 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

22:26:53.0919 1588 idsvc - ok

22:26:54.0155 1588 igfx (276ee9cdab16c50e1df0e4cefa882f5f) C:\Windows\system32\DRIVERS\igdkmd64.sys

22:26:54.0549 1588 igfx - ok

22:26:54.0573 1588 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys

22:26:54.0595 1588 iirsp - ok

22:26:54.0622 1588 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

22:26:54.0665 1588 IKEEXT - ok

22:26:54.0736 1588 IntcAzAudAddService (589b94a9b73a0e819ff873743a480834) C:\Windows\system32\drivers\RTKVHD64.sys

22:26:54.0780 1588 IntcAzAudAddService - ok

22:26:54.0820 1588 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys

22:26:54.0882 1588 IntcDAud - ok

22:26:54.0932 1588 Intel® PROSet Monitoring Service (7a3f838f2d7c8fd8e8cff480384a798c) C:\Windows\system32\IProsetMonitor.exe

22:26:54.0958 1588 Intel® PROSet Monitoring Service - ok

22:26:54.0973 1588 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

22:26:55.0001 1588 intelide - ok

22:26:55.0022 1588 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

22:26:55.0046 1588 intelppm - ok

22:26:55.0131 1588 IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

22:26:55.0159 1588 IntuitUpdateServiceV4 - ok

22:26:55.0180 1588 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

22:26:55.0235 1588 IPBusEnum - ok

22:26:55.0266 1588 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

22:26:55.0299 1588 IpFilterDriver - ok

22:26:55.0332 1588 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

22:26:55.0373 1588 iphlpsvc - ok

22:26:55.0384 1588 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

22:26:55.0413 1588 IPMIDRV - ok

22:26:55.0428 1588 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

22:26:55.0470 1588 IPNAT - ok

22:26:55.0496 1588 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

22:26:55.0513 1588 IRENUM - ok

22:26:55.0527 1588 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

22:26:55.0545 1588 isapnp - ok

22:26:55.0566 1588 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

22:26:55.0588 1588 iScsiPrt - ok

22:26:55.0635 1588 JRAID (79a55e8907f34ab569029505418c35ef) C:\Windows\system32\DRIVERS\jraid.sys

22:26:55.0669 1588 JRAID - ok

22:26:55.0676 1588 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

22:26:55.0696 1588 kbdclass - ok

22:26:55.0702 1588 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

22:26:55.0746 1588 kbdhid - ok

22:26:55.0784 1588 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

22:26:55.0811 1588 KeyIso - ok

22:26:55.0820 1588 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

22:26:55.0837 1588 KSecDD - ok

22:26:55.0863 1588 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

22:26:55.0878 1588 KSecPkg - ok

22:26:55.0890 1588 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

22:26:55.0925 1588 ksthunk - ok

22:26:55.0961 1588 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

22:26:56.0028 1588 KtmRm - ok

22:26:56.0057 1588 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll

22:26:56.0129 1588 LanmanServer - ok

22:26:56.0153 1588 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

22:26:56.0221 1588 LanmanWorkstation - ok

22:26:56.0334 1588 LBTServ (7772dfab22611050b79504e671b06e6e) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe

22:26:56.0364 1588 LBTServ - ok

22:26:56.0413 1588 LHidFilt (241f2648adf090e2a10095bd6d6f5dcb) C:\Windows\system32\DRIVERS\LHidFilt.Sys

22:26:56.0446 1588 LHidFilt - ok

22:26:56.0473 1588 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

22:26:56.0507 1588 lltdio - ok

22:26:56.0540 1588 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

22:26:56.0597 1588 lltdsvc - ok

22:26:56.0612 1588 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

22:26:56.0642 1588 lmhosts - ok

22:26:56.0648 1588 LMouFilt (342ed5a4b3326014438f36d22d803737) C:\Windows\system32\DRIVERS\LMouFilt.Sys

22:26:56.0677 1588 LMouFilt - ok

22:26:56.0700 1588 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys

22:26:56.0721 1588 LSI_FC - ok

22:26:56.0727 1588 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys

22:26:56.0743 1588 LSI_SAS - ok

22:26:56.0767 1588 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys

22:26:56.0790 1588 LSI_SAS2 - ok

22:26:56.0799 1588 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys

22:26:56.0824 1588 LSI_SCSI - ok

22:26:56.0842 1588 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

22:26:56.0909 1588 luafv - ok

22:26:56.0934 1588 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

22:26:56.0976 1588 Mcx2Svc - ok

22:26:56.0997 1588 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys

22:26:57.0028 1588 megasas - ok

22:26:57.0056 1588 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys

22:26:57.0099 1588 MegaSR - ok

22:26:57.0131 1588 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys

22:26:57.0161 1588 MEIx64 - ok

22:26:57.0276 1588 MESSERV (04a8418007b13cc92627974ed810dc7e) C:\Program Files\NetMotion Client\messerv.exe

22:26:57.0323 1588 MESSERV - ok

22:26:57.0361 1588 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

22:26:57.0434 1588 MMCSS - ok

22:26:57.0465 1588 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

22:26:57.0538 1588 Modem - ok

22:26:57.0585 1588 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

22:26:57.0625 1588 monitor - ok

22:26:57.0633 1588 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

22:26:57.0651 1588 mouclass - ok

22:26:57.0664 1588 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

22:26:57.0706 1588 mouhid - ok

22:26:57.0727 1588 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

22:26:57.0765 1588 mountmgr - ok

22:26:57.0840 1588 MozillaMaintenance (b160ab483b3f3b313131caeda84904f7) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

22:26:57.0871 1588 MozillaMaintenance - ok

22:26:57.0900 1588 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

22:26:57.0938 1588 mpio - ok

22:26:57.0964 1588 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

22:26:58.0018 1588 mpsdrv - ok

22:26:58.0051 1588 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

22:26:58.0109 1588 MpsSvc - ok

22:26:58.0126 1588 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

22:26:58.0157 1588 MRxDAV - ok

22:26:58.0194 1588 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

22:26:58.0256 1588 mrxsmb - ok

22:26:58.0305 1588 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

22:26:58.0348 1588 mrxsmb10 - ok

22:26:58.0357 1588 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

22:26:58.0382 1588 mrxsmb20 - ok

22:26:58.0393 1588 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

22:26:58.0408 1588 msahci - ok

22:26:58.0429 1588 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

22:26:58.0457 1588 msdsm - ok

22:26:58.0473 1588 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

22:26:58.0508 1588 MSDTC - ok

22:26:58.0523 1588 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

22:26:58.0551 1588 Msfs - ok

22:26:58.0557 1588 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

22:26:58.0584 1588 mshidkmdf - ok

22:26:58.0591 1588 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

22:26:58.0604 1588 msisadrv - ok

22:26:58.0645 1588 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

22:26:58.0713 1588 MSiSCSI - ok

22:26:58.0715 1588 msiserver - ok

22:26:58.0738 1588 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

22:26:58.0797 1588 MSKSSRV - ok

22:26:58.0817 1588 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

22:26:58.0857 1588 MSPCLOCK - ok

22:26:58.0865 1588 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

22:26:58.0908 1588 MSPQM - ok

22:26:58.0926 1588 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

22:26:58.0971 1588 MsRPC - ok

22:26:58.0980 1588 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

22:26:58.0991 1588 mssmbios - ok

22:26:59.0004 1588 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

22:26:59.0048 1588 MSTEE - ok

22:26:59.0059 1588 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys

22:26:59.0077 1588 MTConfig - ok

22:26:59.0102 1588 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

22:26:59.0115 1588 Mup - ok

22:26:59.0134 1588 mv91cons (baa293f089077fe71f855ba5649648d9) C:\Windows\system32\DRIVERS\mv91cons.sys

22:26:59.0146 1588 mv91cons - ok

22:26:59.0172 1588 mvs91xx (a986dc81534582fa478c286e8f57a877) C:\Windows\system32\DRIVERS\mvs91xx.sys

22:26:59.0211 1588 mvs91xx - ok

22:26:59.0259 1588 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

22:26:59.0319 1588 napagent - ok

22:26:59.0349 1588 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

22:26:59.0404 1588 NativeWifiP - ok

22:26:59.0444 1588 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

22:26:59.0468 1588 NDIS - ok

22:26:59.0471 1588 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

22:26:59.0499 1588 NdisCap - ok

22:26:59.0517 1588 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

22:26:59.0544 1588 NdisTapi - ok

22:26:59.0555 1588 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

22:26:59.0599 1588 Ndisuio - ok

22:26:59.0611 1588 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

22:26:59.0672 1588 NdisWan - ok

22:26:59.0689 1588 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

22:26:59.0726 1588 NDProxy - ok

22:26:59.0731 1588 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

22:26:59.0769 1588 NetBIOS - ok

22:26:59.0802 1588 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

22:26:59.0851 1588 NetBT - ok

22:26:59.0862 1588 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

22:26:59.0875 1588 Netlogon - ok

22:26:59.0919 1588 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

22:26:59.0977 1588 Netman - ok

22:27:00.0055 1588 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

22:27:00.0099 1588 NetMsmqActivator - ok

22:27:00.0103 1588 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

22:27:00.0117 1588 NetPipeActivator - ok

22:27:00.0134 1588 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

22:27:00.0175 1588 netprofm - ok

22:27:00.0200 1588 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

22:27:00.0212 1588 NetTcpActivator - ok

22:27:00.0214 1588 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

22:27:00.0225 1588 NetTcpPortSharing - ok

22:27:00.0250 1588 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys

22:27:00.0280 1588 nfrd960 - ok

22:27:00.0317 1588 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

22:27:00.0386 1588 NlaSvc - ok

22:27:00.0425 1588 NMDRV (079f55a1baa8a41e03c1f0a755edaa7f) C:\Program Files\NetMotion Client\nmdrv.sys

22:27:00.0477 1588 NMDRV - ok

22:27:00.0520 1588 NMRoam (176c274c7dcd0d6a5ad344357ab93fc3) C:\Windows\system32\DRIVERS\nmroam.sys

22:27:00.0555 1588 NMRoam - ok

22:27:00.0610 1588 NMutilnt (68b9d30336800ca0713e7adfa93e3a24) C:\Windows\system32\drivers\nmutilnt.sys

22:27:00.0628 1588 NMutilnt - ok

22:27:00.0650 1588 nmvnic (e50d152933a79b06a2b020d9bb0c8f7f) C:\Windows\system32\DRIVERS\nmvnic.sys

22:27:00.0680 1588 nmvnic - ok

22:27:00.0693 1588 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

22:27:00.0725 1588 Npfs - ok

22:27:00.0740 1588 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

22:27:00.0807 1588 nsi - ok

22:27:00.0816 1588 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

22:27:00.0844 1588 nsiproxy - ok

22:27:00.0918 1588 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

22:27:00.0966 1588 Ntfs - ok

22:27:00.0998 1588 NT_NvcA (a76a73520dacf2a7073838dbeda0d972) C:\Windows\system32\DRIVERS\ntnvca.sys

22:27:01.0038 1588 NT_NvcA - ok

22:27:01.0050 1588 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

22:27:01.0081 1588 Null - ok

22:27:01.0114 1588 nusb3hub (158ad24745bd85ba9be3c51c38f48c32) C:\Windows\system32\DRIVERS\nusb3hub.sys

22:27:01.0152 1588 nusb3hub - ok

22:27:01.0172 1588 nusb3xhc (d40a13b2c0891e218f9523b376955db6) C:\Windows\system32\DRIVERS\nusb3xhc.sys

22:27:01.0219 1588 nusb3xhc - ok

22:27:01.0278 1588 NvcSvcMgr (421b8f8d18cf36672e7e7b2a1609222d) C:\Program Files (x86)\Nortel\Nortel VPN Client\NvcSvcMgr.exe

22:27:01.0315 1588 NvcSvcMgr - ok

22:27:01.0329 1588 nvcwfpco (0949f891d665b4ec07e703d318df4abc) C:\Windows\system32\DRIVERS\nvcwfpco.sys

22:27:01.0350 1588 nvcwfpco - ok

22:27:01.0375 1588 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

22:27:01.0397 1588 nvraid - ok

22:27:01.0428 1588 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

22:27:01.0470 1588 nvstor - ok

22:27:01.0498 1588 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

22:27:01.0538 1588 nv_agp - ok

22:27:01.0609 1588 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

22:27:01.0658 1588 odserv - ok

22:27:01.0663 1588 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

22:27:01.0679 1588 ohci1394 - ok

22:27:01.0725 1588 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

22:27:01.0764 1588 ose - ok

22:27:01.0795 1588 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

22:27:01.0843 1588 p2pimsvc - ok

22:27:01.0882 1588 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

22:27:01.0923 1588 p2psvc - ok

22:27:01.0930 1588 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys

22:27:01.0958 1588 Parport - ok

22:27:01.0969 1588 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

22:27:01.0991 1588 partmgr - ok

22:27:02.0007 1588 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

22:27:02.0058 1588 PcaSvc - ok

22:27:02.0071 1588 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

22:27:02.0094 1588 pci - ok

22:27:02.0112 1588 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

22:27:02.0124 1588 pciide - ok

22:27:02.0152 1588 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys

22:27:02.0181 1588 pcmcia - ok

22:27:02.0189 1588 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

22:27:02.0201 1588 pcw - ok

22:27:02.0225 1588 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

22:27:02.0306 1588 PEAUTH - ok

22:27:02.0349 1588 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll

22:27:02.0438 1588 PeerDistSvc - ok

22:27:02.0571 1588 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

22:27:02.0600 1588 PerfHost - ok

22:27:02.0647 1588 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

22:27:02.0714 1588 pla - ok

22:27:02.0753 1588 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

22:27:02.0818 1588 PlugPlay - ok

22:27:02.0832 1588 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

22:27:02.0865 1588 PNRPAutoReg - ok

22:27:02.0879 1588 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

22:27:02.0898 1588 PNRPsvc - ok

22:27:02.0932 1588 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

22:27:02.0991 1588 PolicyAgent - ok

22:27:03.0006 1588 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

22:27:03.0077 1588 Power - ok

22:27:03.0115 1588 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

22:27:03.0183 1588 PptpMiniport - ok

22:27:03.0194 1588 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys

22:27:03.0227 1588 Processor - ok

22:27:03.0237 1588 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll

22:27:03.0307 1588 ProfSvc - ok

22:27:03.0334 1588 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

22:27:03.0350 1588 ProtectedStorage - ok

22:27:03.0372 1588 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

22:27:03.0425 1588 Psched - ok

22:27:03.0467 1588 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys

22:27:03.0491 1588 PxHlpa64 - ok

22:27:03.0539 1588 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys

22:27:03.0622 1588 ql2300 - ok

22:27:03.0635 1588 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys

22:27:03.0679 1588 ql40xx - ok

22:27:03.0700 1588 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

22:27:03.0740 1588 QWAVE - ok

22:27:03.0744 1588 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

22:27:03.0762 1588 QWAVEdrv - ok

22:27:03.0777 1588 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

22:27:03.0816 1588 RasAcd - ok

22:27:03.0838 1588 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

22:27:03.0876 1588 RasAgileVpn - ok

22:27:03.0884 1588 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

22:27:03.0956 1588 RasAuto - ok

22:27:03.0965 1588 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

22:27:04.0016 1588 Rasl2tp - ok

22:27:04.0050 1588 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

22:27:04.0090 1588 RasMan - ok

22:27:04.0100 1588 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

22:27:04.0148 1588 RasPppoe - ok

22:27:04.0157 1588 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

22:27:04.0226 1588 RasSstp - ok

22:27:04.0241 1588 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

22:27:04.0279 1588 rdbss - ok

22:27:04.0289 1588 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

22:27:04.0314 1588 rdpbus - ok

22:27:04.0328 1588 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

22:27:04.0356 1588 RDPCDD - ok

22:27:04.0395 1588 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys

22:27:04.0450 1588 RDPDR - ok

22:27:04.0458 1588 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

22:27:04.0504 1588 RDPENCDD - ok

22:27:04.0510 1588 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

22:27:04.0538 1588 RDPREFMP - ok

22:27:04.0581 1588 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys

22:27:04.0647 1588 RDPWD - ok

22:27:04.0672 1588 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

22:27:04.0698 1588 rdyboost - ok

22:27:04.0715 1588 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

22:27:04.0772 1588 RemoteAccess - ok

22:27:04.0797 1588 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

22:27:04.0858 1588 RemoteRegistry - ok

22:27:04.0885 1588 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys

22:27:04.0933 1588 RFCOMM - ok

22:27:05.0052 1588 RoxMediaDB10 (05fc44d32a144925eae45570029fd6e1) C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe

22:27:05.0113 1588 RoxMediaDB10 - ok

22:27:05.0131 1588 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

22:27:05.0203 1588 RpcEptMapper - ok

22:27:05.0229 1588 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

22:27:05.0244 1588 RpcLocator - ok

22:27:05.0264 1588 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

22:27:05.0294 1588 RpcSs - ok

22:27:05.0328 1588 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

22:27:05.0378 1588 rspndr - ok

22:27:05.0416 1588 rt61x64 (60eb8a87357ca5b088b422d1e55a2405) C:\Windows\system32\DRIVERS\WMP54Gv41x64.sys

22:27:05.0460 1588 rt61x64 - ok

22:27:05.0514 1588 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys

22:27:05.0557 1588 RTL8167 - ok

22:27:05.0560 1588 RxFilter - ok

22:27:05.0591 1588 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys

22:27:05.0631 1588 s3cap - ok

22:27:05.0634 1588 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

22:27:05.0652 1588 SamSs - ok

22:27:05.0734 1588 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS

22:27:05.0753 1588 SASDIFSV - ok

22:27:05.0810 1588 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS

22:27:05.0825 1588 SASKUTIL - ok

22:27:05.0839 1588 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\DRIVERS\sbp2port.sys

22:27:05.0858 1588 sbp2port - ok

22:27:05.0891 1588 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

22:27:05.0942 1588 SCardSvr - ok

22:27:05.0947 1588 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

22:27:05.0989 1588 scfilter - ok

22:27:06.0017 1588 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

22:27:06.0081 1588 Schedule - ok

22:27:06.0105 1588 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

22:27:06.0131 1588 SCPolicySvc - ok

22:27:06.0156 1588 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

22:27:06.0201 1588 SDRSVC - ok

22:27:06.0213 1588 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

22:27:06.0270 1588 secdrv - ok

22:27:06.0279 1588 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

22:27:06.0312 1588 seclogon - ok

22:27:06.0328 1588 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

22:27:06.0372 1588 SENS - ok

22:27:06.0374 1588 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

22:27:06.0402 1588 SensrSvc - ok

22:27:06.0425 1588 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

22:27:06.0462 1588 Serenum - ok

22:27:06.0485 1588 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

22:27:06.0525 1588 Serial - ok

22:27:06.0548 1588 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys

22:27:06.0586 1588 sermouse - ok

22:27:06.0605 1588 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

22:27:06.0675 1588 SessionEnv - ok

22:27:06.0679 1588 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

22:27:06.0704 1588 sffdisk - ok

22:27:06.0707 1588 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

22:27:06.0722 1588 sffp_mmc - ok

22:27:06.0725 1588 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

22:27:06.0748 1588 sffp_sd - ok

22:27:06.0751 1588 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys

22:27:06.0765 1588 sfloppy - ok

22:27:06.0783 1588 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

22:27:06.0817 1588 SharedAccess - ok

22:27:06.0831 1588 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

22:27:06.0898 1588 ShellHWDetection - ok

22:27:06.0910 1588 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys

22:27:06.0931 1588 SiSRaid2 - ok

22:27:06.0942 1588 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys

22:27:06.0963 1588 SiSRaid4 - ok

22:27:06.0966 1588 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

22:27:07.0006 1588 Smb - ok

22:27:07.0022 1588 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

22:27:07.0062 1588 SNMPTRAP - ok

22:27:07.0074 1588 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

22:27:07.0087 1588 spldr - ok

22:27:07.0113 1588 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

22:27:07.0144 1588 Spooler - ok

22:27:07.0214 1588 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

22:27:07.0270 1588 sppsvc - ok

22:27:07.0283 1588 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

22:27:07.0320 1588 sppuinotify - ok

22:27:07.0365 1588 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

22:27:07.0435 1588 srv - ok

22:27:07.0453 1588 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

22:27:07.0499 1588 srv2 - ok

22:27:07.0529 1588 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

22:27:07.0549 1588 srvnet - ok

22:27:07.0563 1588 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

22:27:07.0699 1588 SSDPSRV - ok

22:27:07.0704 1588 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

22:27:07.0745 1588 SstpSvc - ok

22:27:07.0756 1588 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys

22:27:07.0779 1588 stexstor - ok

22:27:07.0824 1588 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

22:27:07.0861 1588 stisvc - ok

22:27:07.0923 1588 stllssvr (ff5eb78af7dfb68c2fb363537aaf753e) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe

22:27:07.0960 1588 stllssvr - ok

22:27:07.0974 1588 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys

22:27:07.0988 1588 storflt - ok

22:27:08.0015 1588 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll

22:27:08.0052 1588 StorSvc - ok

22:27:08.0082 1588 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys

22:27:08.0114 1588 storvsc - ok

22:27:08.0123 1588 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

22:27:08.0136 1588 swenum - ok

22:27:08.0158 1588 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

22:27:08.0214 1588 swprv - ok

22:27:08.0260 1588 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

22:27:08.0303 1588 SysMain - ok

22:27:08.0314 1588 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

22:27:08.0353 1588 TabletInputService - ok

22:27:08.0373 1588 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

22:27:08.0415 1588 TapiSrv - ok

22:27:08.0427 1588 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

22:27:08.0467 1588 TBS - ok

22:27:08.0551 1588 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

22:27:08.0593 1588 Tcpip - ok

22:27:08.0613 1588 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

22:27:08.0643 1588 TCPIP6 - ok

22:27:08.0674 1588 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

22:27:08.0732 1588 tcpipreg - ok

22:27:08.0743 1588 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

22:27:08.0764 1588 TDPIPE - ok

22:27:08.0785 1588 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

22:27:08.0813 1588 TDTCP - ok

22:27:08.0825 1588 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

22:27:08.0882 1588 tdx - ok

22:27:08.0897 1588 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys

22:27:08.0914 1588 TermDD - ok

22:27:08.0935 1588 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

22:27:08.0981 1588 TermService - ok

22:27:08.0987 1588 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

22:27:09.0016 1588 Themes - ok

22:27:09.0052 1588 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

22:27:09.0093 1588 THREADORDER - ok

22:27:09.0108 1588 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

22:27:09.0157 1588 TrkWks - ok

22:27:09.0214 1588 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

22:27:09.0278 1588 TrustedInstaller - ok

22:27:09.0293 1588 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

22:27:09.0331 1588 tssecsrv - ok

22:27:09.0353 1588 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

22:27:09.0381 1588 TsUsbFlt - ok

22:27:09.0394 1588 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys

22:27:09.0433 1588 TsUsbGD - ok

22:27:09.0469 1588 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

22:27:09.0530 1588 tunnel - ok

22:27:09.0540 1588 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys

22:27:09.0560 1588 uagp35 - ok

22:27:09.0583 1588 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

22:27:09.0634 1588 udfs - ok

22:27:09.0650 1588 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

22:27:09.0677 1588 UI0Detect - ok

22:27:09.0696 1588 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

22:27:09.0735 1588 uliagpkx - ok

22:27:09.0748 1588 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

22:27:09.0804 1588 umbus - ok

22:27:09.0829 1588 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys

22:27:09.0877 1588 UmPass - ok

22:27:09.0908 1588 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll

22:27:09.0933 1588 UmRdpService - ok

22:27:09.0964 1588 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

22:27:10.0015 1588 upnphost - ok

22:27:10.0053 1588 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

22:27:10.0101 1588 usbccgp - ok

22:27:10.0128 1588 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

22:27:10.0163 1588 usbcir - ok

22:27:10.0189 1588 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys

22:27:10.0228 1588 usbehci - ok

22:27:10.0247 1588 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

22:27:10.0279 1588 usbhub - ok

22:27:10.0294 1588 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

22:27:10.0312 1588 usbohci - ok

22:27:10.0325 1588 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

22:27:10.0355 1588 usbprint - ok

22:27:10.0382 1588 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

22:27:10.0428 1588 usbscan - ok

22:27:10.0454 1588 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

22:27:10.0497 1588 USBSTOR - ok

22:27:10.0519 1588 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

22:27:10.0548 1588 usbuhci - ok

22:27:10.0568 1588 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

22:27:10.0635 1588 UxSms - ok

22:27:10.0664 1588 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

22:27:10.0686 1588 VaultSvc - ok

22:27:10.0710 1588 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

22:27:10.0734 1588 vdrvroot - ok

22:27:10.0748 1588 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

22:27:10.0801 1588 vds - ok

22:27:10.0814 1588 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

22:27:10.0835 1588 vga - ok

22:27:10.0850 1588 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

22:27:10.0894 1588 VgaSave - ok

22:27:10.0898 1588 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

22:27:10.0914 1588 vhdmp - ok

22:27:10.0923 1588 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

22:27:10.0946 1588 viaide - ok

22:27:10.0967 1588 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys

22:27:10.0988 1588 vmbus - ok

22:27:11.0009 1588 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys

22:27:11.0023 1588 VMBusHID - ok

22:27:11.0045 1588 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

22:27:11.0058 1588 volmgr - ok

22:27:11.0076 1588 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

22:27:11.0120 1588 volmgrx - ok

22:27:11.0134 1588 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

22:27:11.0155 1588 volsnap - ok

22:27:11.0185 1588 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys

22:27:11.0206 1588 vsmraid - ok

22:27:11.0252 1588 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

22:27:11.0310 1588 VSS - ok

22:27:11.0317 1588 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

22:27:11.0346 1588 vwifibus - ok

22:27:11.0377 1588 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

22:27:11.0421 1588 W32Time - ok

22:27:11.0432 1588 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys

22:27:11.0459 1588 WacomPen - ok

22:27:11.0466 1588 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

22:27:11.0521 1588 WANARP - ok

22:27:11.0522 1588 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

22:27:11.0549 1588 Wanarpv6 - ok

22:27:11.0604 1588 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

22:27:11.0657 1588 WatAdminSvc - ok

22:27:11.0682 1588 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

22:27:11.0929 1588 wbengine - ok

22:27:11.0964 1588 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

22:27:11.0997 1588 WbioSrvc - ok

22:27:12.0028 1588 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

22:27:12.0057 1588 wcncsvc - ok

22:27:12.0066 1588 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

22:27:12.0103 1588 WcsPlugInService - ok

22:27:12.0136 1588 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys

22:27:12.0172 1588 Wd - ok

22:27:12.0200 1588 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

22:27:12.0228 1588 Wdf01000 - ok

22:27:12.0241 1588 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

22:27:12.0323 1588 WdiServiceHost - ok

22:27:12.0325 1588 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

22:27:12.0342 1588 WdiSystemHost - ok

22:27:12.0357 1588 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

22:27:12.0393 1588 WebClient - ok

22:27:12.0409 1588 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

22:27:12.0444 1588 Wecsvc - ok

22:27:12.0447 1588 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

22:27:12.0475 1588 wercplsupport - ok

22:27:12.0496 1588 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

22:27:12.0540 1588 WerSvc - ok

22:27:12.0542 1588 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

22:27:12.0570 1588 WfpLwf - ok

22:27:12.0581 1588 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

22:27:12.0601 1588 WIMMount - ok

22:27:12.0619 1588 WinDefend - ok

22:27:12.0635 1588 WinHttpAutoProxySvc - ok

22:27:12.0685 1588 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

22:27:12.0739 1588 Winmgmt - ok

22:27:12.0801 1588 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

22:27:12.0875 1588 WinRM - ok

22:27:12.0927 1588 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

22:27:12.0969 1588 WinUsb - ok

22:27:12.0995 1588 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

22:27:13.0057 1588 Wlansvc - ok

22:27:13.0074 1588 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

22:27:13.0098 1588 WmiAcpi - ok

22:27:13.0133 1588 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

22:27:13.0171 1588 wmiApSrv - ok

22:27:13.0188 1588 WMPNetworkSvc - ok

22:27:13.0209 1588 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

22:27:13.0231 1588 WPCSvc - ok

22:27:13.0245 1588 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

22:27:13.0282 1588 WPDBusEnum - ok

22:27:13.0293 1588 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

22:27:13.0326 1588 ws2ifsl - ok

22:27:13.0337 1588 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll

22:27:13.0373 1588 wscsvc - ok

22:27:13.0375 1588 WSearch - ok

22:27:13.0427 1588 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll

22:27:13.0491 1588 wuauserv - ok

22:27:13.0504 1588 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

22:27:13.0543 1588 WudfPf - ok

22:27:13.0571 1588 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

22:27:13.0639 1588 WUDFRd - ok

22:27:13.0654 1588 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

22:27:13.0709 1588 wudfsvc - ok

22:27:13.0730 1588 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

22:27:13.0766 1588 WwanSvc - ok

22:27:13.0800 1588 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

22:27:13.0871 1588 \Device\Harddisk0\DR0 - ok

22:27:13.0885 1588 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1

22:27:14.0135 1588 \Device\Harddisk1\DR1 - ok

22:27:14.0141 1588 MBR (0x1B8) (fc8e34e9a4caa2509100a151426ddbf2) \Device\Harddisk2\DR4

22:27:15.0937 1588 \Device\Harddisk2\DR4 - ok

22:27:15.0965 1588 Boot (0x1200) (3c1c271841b94af5dbf239097e7abaaf) \Device\Harddisk0\DR0\Partition0

22:27:15.0966 1588 \Device\Harddisk0\DR0\Partition0 - ok

22:27:16.0011 1588 Boot (0x1200) (62424864b91a1c29ca218c68af661132) \Device\Harddisk0\DR0\Partition1

22:27:16.0013 1588 \Device\Harddisk0\DR0\Partition1 - ok

22:27:16.0013 1588 ============================================================

22:27:16.0013 1588 Scan finished

22:27:16.0013 1588 ============================================================

22:27:16.0022 6612 Detected object count: 0

22:27:16.0022 6612 Actual detected object count: 0

Link to post
Share on other sites

QuarantineReport.txt was basically empty:

Time : 17/04/2012 22:22:46

--------------------------

TDSSKiller Quarantine Information log

Version 1.0.0.4

***** START SCAN Tue 04/17/2012 23:57:21.55 *****

---------- TDSSKiller logs ----------

TDSSKiller.2.7.28.0_14.04.2012_18.11.42_log.txt

TDSSKiller.2.7.28.0_14.04.2012_18.26.05_log.txt

TDSSKiller.2.7.28.0_15.04.2012_08.01.26_log.txt

TDSSKiller.2.7.28.0_16.04.2012_21.06.11_log.txt

TDSSKiller.2.7.28.0_16.04.2012_22.04.10_log.txt

TDSSKiller.2.7.28.0_17.04.2012_07.26.58_log.txt

TDSSKiller.2.7.28.0_17.04.2012_22.26.08_log.txt

---------- TDSSStarter logs ----------

---------- DIR LIST ----------

C:\TDSSKiller_Quarantine\16.04.2012_22.04.10

C:\TDSSKiller_Quarantine\16.04.2012_21.06.11

C:\TDSSKiller_Quarantine\15.04.2012_08.01.27

C:\TDSSKiller_Quarantine\14.04.2012_18.26.05

C:\TDSSKiller_Quarantine\14.04.2012_18.11.44

C:\TDSSKiller_Quarantine\14.04.2012_18.11.44\susp0000

C:\TDSSKiller_Quarantine\14.04.2012_18.11.44\susp0000\object.ini

C:\TDSSKiller_Quarantine\14.04.2012_18.11.44\susp0000\svc0000

C:\TDSSKiller_Quarantine\14.04.2012_18.11.44\susp0000\svc0000\object.ini

C:\TDSSKiller_Quarantine\14.04.2012_18.11.44\susp0000\svc0000\tsk0000.ini

C:\TDSSKiller_Quarantine\14.04.2012_18.11.44\susp0000\svc0000\tsk0000.dta

C:\TDSSKiller_Quarantine\14.04.2012_18.26.05\susp0000

C:\TDSSKiller_Quarantine\14.04.2012_18.26.05\susp0000\object.ini

C:\TDSSKiller_Quarantine\14.04.2012_18.26.05\susp0000\svc0000

C:\TDSSKiller_Quarantine\14.04.2012_18.26.05\susp0000\svc0000\object.ini

C:\TDSSKiller_Quarantine\14.04.2012_18.26.05\susp0000\svc0000\tsk0000.dta

C:\TDSSKiller_Quarantine\14.04.2012_18.26.05\susp0000\svc0000\tsk0000.ini

C:\TDSSKiller_Quarantine\15.04.2012_08.01.27\susp0000

C:\TDSSKiller_Quarantine\15.04.2012_08.01.27\susp0000\object.ini

C:\TDSSKiller_Quarantine\15.04.2012_08.01.27\susp0000\svc0000

C:\TDSSKiller_Quarantine\15.04.2012_08.01.27\susp0000\svc0000\object.ini

C:\TDSSKiller_Quarantine\15.04.2012_08.01.27\susp0000\svc0000\tsk0000.ini

C:\TDSSKiller_Quarantine\15.04.2012_08.01.27\susp0000\svc0000\tsk0000.dta

C:\TDSSKiller_Quarantine\16.04.2012_21.06.11\susp0000

C:\TDSSKiller_Quarantine\16.04.2012_21.06.11\susp0000\object.ini

C:\TDSSKiller_Quarantine\16.04.2012_21.06.11\susp0000\svc0000

C:\TDSSKiller_Quarantine\16.04.2012_21.06.11\susp0000\svc0000\object.ini

C:\TDSSKiller_Quarantine\16.04.2012_21.06.11\susp0000\svc0000\tsk0000.dta

C:\TDSSKiller_Quarantine\16.04.2012_21.06.11\susp0000\svc0000\tsk0000.ini

C:\TDSSKiller_Quarantine\16.04.2012_22.04.10\susp0000

C:\TDSSKiller_Quarantine\16.04.2012_22.04.10\susp0000\object.ini

C:\TDSSKiller_Quarantine\16.04.2012_22.04.10\susp0000\svc0000

C:\TDSSKiller_Quarantine\16.04.2012_22.04.10\susp0000\svc0000\object.ini

C:\TDSSKiller_Quarantine\16.04.2012_22.04.10\susp0000\svc0000\tsk0000.dta

C:\TDSSKiller_Quarantine\16.04.2012_22.04.10\susp0000\svc0000\tsk0000.ini

---------- INI FILES ----------

=== C:\TDSSKiller_Quarantine\14.04.2012_18.11.44\susp0000\object.ini

[infectedObject]

Verdict: UnsignedFile.Multi.Generic

=== C:\TDSSKiller_Quarantine\14.04.2012_18.11.44\susp0000\svc0000\object.ini

[infectedObject]

Type: Service

Name: hpqcxs08

Type: n/a (0x20)

Start: Demand (0x3)

ImagePath: %SystemRoot%\system32\svchost.exe -k hpdevmgmt

=== C:\TDSSKiller_Quarantine\14.04.2012_18.11.44\susp0000\svc0000\tsk0000.ini

[infectedFile]

Type: Raw image

Src: C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll

md5: 0a3c6aa4a9fc38c20ba4eac2c3351c05

=== C:\TDSSKiller_Quarantine\14.04.2012_18.26.05\susp0000\object.ini

[infectedObject]

Verdict: UnsignedFile.Multi.Generic

=== C:\TDSSKiller_Quarantine\14.04.2012_18.26.05\susp0000\svc0000\object.ini

[infectedObject]

Type: Service

Name: hpqcxs08

Type: n/a (0x20)

Start: Demand (0x3)

ImagePath: %SystemRoot%\system32\svchost.exe -k hpdevmgmt

=== C:\TDSSKiller_Quarantine\14.04.2012_18.26.05\susp0000\svc0000\tsk0000.ini

[infectedFile]

Type: Raw image

Src: C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll

md5: 0a3c6aa4a9fc38c20ba4eac2c3351c05

=== C:\TDSSKiller_Quarantine\15.04.2012_08.01.27\susp0000\object.ini

[infectedObject]

Verdict: UnsignedFile.Multi.Generic

=== C:\TDSSKiller_Quarantine\15.04.2012_08.01.27\susp0000\svc0000\object.ini

[infectedObject]

Type: Service

Name: hpqcxs08

Type: n/a (0x20)

Start: Demand (0x3)

ImagePath: %SystemRoot%\system32\svchost.exe -k hpdevmgmt

=== C:\TDSSKiller_Quarantine\15.04.2012_08.01.27\susp0000\svc0000\tsk0000.ini

[infectedFile]

Type: Raw image

Src: C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll

md5: 0a3c6aa4a9fc38c20ba4eac2c3351c05

=== C:\TDSSKiller_Quarantine\16.04.2012_21.06.11\susp0000\object.ini

[infectedObject]

Verdict: UnsignedFile.Multi.Generic

=== C:\TDSSKiller_Quarantine\16.04.2012_21.06.11\susp0000\svc0000\object.ini

[infectedObject]

Type: Service

Name: hpqcxs08

Type: n/a (0x20)

Start: Demand (0x3)

ImagePath: %SystemRoot%\system32\svchost.exe -k hpdevmgmt

=== C:\TDSSKiller_Quarantine\16.04.2012_21.06.11\susp0000\svc0000\tsk0000.ini

[infectedFile]

Type: Raw image

Src: C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll

md5: 0a3c6aa4a9fc38c20ba4eac2c3351c05

=== C:\TDSSKiller_Quarantine\16.04.2012_22.04.10\susp0000\object.ini

[infectedObject]

Verdict: UnsignedFile.Multi.Generic

=== C:\TDSSKiller_Quarantine\16.04.2012_22.04.10\susp0000\svc0000\object.ini

[infectedObject]

Type: Service

Name: hpqcxs08

Type: n/a (0x20)

Start: Demand (0x3)

ImagePath: %SystemRoot%\system32\svchost.exe -k hpdevmgmt

=== C:\TDSSKiller_Quarantine\16.04.2012_22.04.10\susp0000\svc0000\tsk0000.ini

[infectedFile]

Type: Raw image

Src: C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll

md5: 0a3c6aa4a9fc38c20ba4eac2c3351c05

Link to post
Share on other sites

OK...Thanks

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

Note:

If you get the message Illegal operation attempted on registry key that has been marked for deletion. after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

MrC,

Ignore previous post, ComboFix finished shortly thereafter. Log follows:

ComboFix 12-04-17.01 - Dad 04/18/2012 9:13.1.4 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8097.6060 [GMT -4:00]

Running from: c:\users\Dad\Desktop\ComboFix.exe

AV: G Data TotalSecurity 2012 *Disabled/Updated* {39B780B4-63C2-05B0-3B40-8F7A21E4F496}

FW: G Data Personal Firewall *Disabled* {018C0191-29AD-04E8-101F-264FDF37B3ED}

SP: G Data TotalSecurity 2012 *Disabled/Updated* {82D66150-45F8-0A3E-01F0-B4085A63BE2B}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2012-03-18 to 2012-04-18 )))))))))))))))))))))))))))))))

.

.

2012-04-18 13:30 . 2012-04-18 13:30 -------- d-----w- c:\users\Nathan\AppData\Local\temp

2012-04-18 13:30 . 2012-04-18 13:30 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-04-18 13:30 . 2012-04-18 13:30 -------- d-----w- c:\users\Mom\AppData\Local\temp

2012-04-18 13:30 . 2012-04-18 13:30 -------- d-----w- c:\users\Matthew\AppData\Local\temp

2012-04-18 10:51 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B144A92B-AF3C-49D3-AF31-3458AD43BE36}\mpengine.dll

2012-04-17 11:31 . 2012-04-17 11:31 12872 ----a-w- c:\windows\system32\bootdelete.exe

2012-04-15 12:12 . 2012-04-15 12:26 -------- d-----w- c:\program files (x86)\PC Tools

2012-04-15 12:08 . 2012-02-24 14:36 230952 ----a-w- c:\windows\system32\drivers\PCTSD64.sys

2012-04-15 12:08 . 2012-04-15 12:26 -------- d-----w- c:\program files (x86)\Common Files\PC Tools

2012-04-15 12:08 . 2012-04-15 12:24 -------- d-----w- c:\programdata\PC Tools

2012-04-15 12:08 . 2012-04-15 12:08 -------- d-----w- c:\users\Dad\AppData\Roaming\TestApp

2012-04-15 04:25 . 2012-04-17 11:31 27936 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys

2012-04-15 01:11 . 2012-04-15 01:11 -------- d-----w- c:\users\Dad\AppData\Roaming\SUPERAntiSpyware.com

2012-04-15 01:11 . 2012-04-15 01:11 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-04-15 01:11 . 2012-04-15 01:11 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2012-04-14 23:59 . 2012-04-14 23:59 -------- d-----w- c:\program files (x86)\ESET

2012-04-14 22:28 . 2012-04-14 22:28 -------- d-----w- c:\program files\HitmanPro

2012-04-14 22:28 . 2012-04-14 22:58 -------- d-----w- c:\programdata\HitmanPro

2012-04-14 22:12 . 2012-04-17 02:11 -------- d-----w- C:\TDSSKiller_Quarantine

2012-04-14 20:29 . 2012-04-14 20:29 -------- d-----w- c:\users\Dad\AppData\Roaming\Malwarebytes

2012-04-14 20:29 . 2012-04-14 20:29 -------- d-----w- c:\programdata\Malwarebytes

2012-04-14 20:29 . 2012-04-14 20:29 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-04-14 20:29 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-04-14 20:13 . 2012-04-14 20:13 106488 ----a-w- c:\windows\system32\drivers\GRD.sys

2012-04-12 12:17 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-04-12 12:17 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll

2012-04-12 12:17 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-04-12 12:17 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll

2012-04-12 12:17 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll

2012-04-12 12:17 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-04-12 12:17 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2012-04-10 18:29 . 2012-04-14 13:29 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-04-10 18:25 . 2012-04-14 13:34 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-03-29 20:14 . 2012-03-29 20:15 -------- d-----w- c:\users\Nathan\AppData\Roaming\HpUpdate

2012-03-27 03:39 . 2012-04-14 22:14 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service

2012-03-27 03:39 . 2012-04-14 20:52 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe

2012-03-27 03:39 . 2012-04-14 20:52 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe

2012-03-27 02:52 . 2012-04-14 20:52 588728 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll

2012-03-27 02:52 . 2012-04-14 20:52 43960 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll

2012-03-27 02:20 . 2012-04-15 12:35 -------- d-----w- c:\program files\CCleaner

2012-03-27 02:07 . 2012-03-27 02:08 -------- d-----w- c:\program files\WON

2012-03-26 15:54 . 2000-08-14 14:39 1056768 ----a-w- c:\windows\SysWow64\ROBOEX32.DLL

2012-03-26 15:54 . 2000-08-14 14:39 54784 ----a-w- c:\windows\SysWow64\INETWH32.dll

2012-03-26 15:54 . 2000-08-14 14:34 233472 ----a-w- c:\windows\SysWow64\SNWValid.dll

2012-03-26 15:54 . 2000-08-14 14:34 1204224 ----a-w- c:\windows\SysWow64\SierraNW.DLL

2012-03-26 15:53 . 2000-08-14 14:33 44544 ----a-w- c:\windows\SysWow64\gif89.dll

2012-03-26 15:53 . 2012-03-27 02:07 -------- d-----w- c:\program files (x86)\Sierra On-Line

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-14 13:34 . 2011-07-17 23:50 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-02-23 14:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-02-17 06:38 . 2012-03-13 19:08 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-02-17 05:34 . 2012-03-13 19:08 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-02-17 04:58 . 2012-03-13 19:08 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-02-17 04:57 . 2012-03-13 19:08 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-02-14 22:55 . 2012-02-14 22:55 276248 ----a-w- c:\windows\SysWow64\IntelCpHeciSvc.exe

2012-02-14 22:55 . 2012-02-14 22:55 5886232 ----a-w- c:\windows\system32\GfxUI.exe

2012-02-14 22:55 . 2012-02-14 22:55 511768 ----a-w- c:\windows\system32\igfxsrvc.exe

2012-02-14 22:55 . 2012-02-14 22:55 440600 ----a-w- c:\windows\system32\igfxpers.exe

2012-02-14 22:55 . 2012-02-14 22:55 398616 ----a-w- c:\windows\system32\hkcmd.exe

2012-02-14 22:55 . 2012-02-14 22:55 250136 ----a-w- c:\windows\system32\igfxext.exe

2012-02-14 22:55 . 2012-02-14 22:55 184600 ----a-w- c:\windows\system32\difx64.exe

2012-02-14 22:55 . 2012-02-14 22:55 170264 ----a-w- c:\windows\system32\igfxtray.exe

2012-02-14 22:53 . 2012-02-14 22:53 90112 ----a-w- c:\windows\system32\igfxCoIn_v2653.dll

2012-02-14 22:47 . 2012-02-14 22:47 8086528 ----a-w- c:\windows\system32\igdumd64.dll

2012-02-14 22:47 . 2012-02-14 22:47 14692224 ----a-w- c:\windows\system32\drivers\igdkmd64.sys

2012-02-14 22:47 . 2012-02-14 22:47 963912 ----a-w- c:\windows\system32\igkrng600.bin

2012-02-14 22:47 . 2012-02-14 22:47 79360 ----a-w- c:\windows\system32\igdde64.dll

2012-02-14 22:47 . 2012-02-14 22:47 261208 ----a-w- c:\windows\system32\igfcg600m.bin

2012-02-14 22:44 . 2012-02-14 22:44 6120960 ----a-w- c:\windows\SysWow64\igdumd32.dll

2012-02-14 22:44 . 2012-02-14 22:44 58880 ----a-w- c:\windows\SysWow64\igdde32.dll

2012-02-14 22:42 . 2012-02-14 22:42 9605632 ----a-w- c:\windows\system32\igd10umd64.dll

2012-02-14 22:35 . 2012-02-14 22:35 7794688 ----a-w- c:\windows\SysWow64\igd10umd32.dll

2012-02-14 22:07 . 2012-02-14 22:07 18125312 ----a-w- c:\windows\system32\ig4icd64.dll

2012-02-14 21:59 . 2012-02-14 21:59 13209600 ----a-w- c:\windows\SysWow64\ig4icd32.dll

2012-02-14 21:57 . 2012-02-14 21:57 439808 ----a-w- c:\windows\system32\igfxresn.lrc

2012-02-14 21:57 . 2012-02-14 21:57 439296 ----a-w- c:\windows\system32\igfxrrom.lrc

2012-02-14 21:57 . 2012-02-14 21:57 438784 ----a-w- c:\windows\system32\igfxrhrv.lrc

2012-02-14 21:57 . 2012-02-14 21:57 438272 ----a-w- c:\windows\system32\igfxrsky.lrc

2012-02-14 21:57 . 2012-02-14 21:57 437760 ----a-w- c:\windows\system32\igfxrtrk.lrc

2012-02-14 21:57 . 2012-02-14 21:57 437760 ----a-w- c:\windows\system32\igfxrsve.lrc

2012-02-14 21:57 . 2012-02-14 21:57 437760 ----a-w- c:\windows\system32\igfxrslv.lrc

2012-02-14 21:57 . 2012-02-14 21:57 437248 ----a-w- c:\windows\system32\igfxrtha.lrc

2012-02-14 21:57 . 2012-02-14 21:57 439296 ----a-w- c:\windows\system32\igfxrrus.lrc

2012-02-14 21:57 . 2012-02-14 21:57 438784 ----a-w- c:\windows\system32\igfxrptg.lrc

2012-02-14 21:57 . 2012-02-14 21:57 438784 ----a-w- c:\windows\system32\igfxrplk.lrc

2012-02-14 21:57 . 2012-02-14 21:57 438784 ----a-w- c:\windows\system32\igfxrita.lrc

2012-02-14 21:57 . 2012-02-14 21:57 437760 ----a-w- c:\windows\system32\igfxrptb.lrc

2012-02-14 21:57 . 2012-02-14 21:57 437760 ----a-w- c:\windows\system32\igfxrnor.lrc

2012-02-14 21:57 . 2012-02-14 21:57 432128 ----a-w- c:\windows\system32\igfxrjpn.lrc

2012-02-14 21:57 . 2012-02-14 21:57 430592 ----a-w- c:\windows\system32\igfxrkor.lrc

2012-02-14 21:57 . 2012-02-14 21:57 440320 ----a-w- c:\windows\system32\igfxrell.lrc

2012-02-14 21:57 . 2012-02-14 21:57 439808 ----a-w- c:\windows\system32\igfxrfra.lrc

2012-02-14 21:57 . 2012-02-14 21:57 438784 ----a-w- c:\windows\system32\igfxrdeu.lrc

2012-02-14 21:57 . 2012-02-14 21:57 438272 ----a-w- c:\windows\system32\igfxrhun.lrc

2012-02-14 21:57 . 2012-02-14 21:57 438272 ----a-w- c:\windows\system32\igfxrfin.lrc

2012-02-14 21:57 . 2012-02-14 21:57 435712 ----a-w- c:\windows\system32\igfxrheb.lrc

2012-02-14 21:57 . 2012-02-14 21:57 438784 ----a-w- c:\windows\system32\igfxrnld.lrc

2012-02-14 21:57 . 2012-02-14 21:57 438272 ----a-w- c:\windows\system32\igfxrcsy.lrc

2012-02-14 21:57 . 2012-02-14 21:57 437248 ----a-w- c:\windows\system32\igfxrdan.lrc

2012-02-14 21:57 . 2012-02-14 21:57 429056 ----a-w- c:\windows\system32\igfxrcht.lrc

2012-02-14 21:57 . 2012-02-14 21:57 428544 ----a-w- c:\windows\system32\igfxrchs.lrc

2012-02-14 21:57 . 2012-02-14 21:57 435712 ----a-w- c:\windows\system32\igfxrara.lrc

2012-02-14 21:57 . 2012-02-14 21:57 126976 ----a-w- c:\windows\system32\igfxcpl.cpl

2012-02-14 21:57 . 2012-02-14 21:57 386048 ----a-w- c:\windows\system32\igfxpph.dll

2012-02-14 21:57 . 2012-02-14 21:57 410624 ----a-w- c:\windows\system32\igfxTMM.dll

2012-02-14 21:57 . 2012-02-14 21:57 28672 ----a-w- c:\windows\system32\igfxexps.dll

2012-02-14 21:57 . 2011-07-16 22:41 63488 ----a-w- c:\windows\system32\igfxsrvc.dll

2012-02-14 21:56 . 2011-07-16 22:41 110592 ----a-w- c:\windows\system32\hccutils.dll

2012-02-14 21:56 . 2012-02-14 21:56 9216 ----a-w- c:\windows\system32\IGFXDEVLib.dll

2012-02-14 21:56 . 2012-02-14 21:56 430080 ----a-w- c:\windows\system32\igfxdev.dll

2012-02-14 21:56 . 2012-02-14 21:56 172032 ----a-w- c:\windows\system32\gfxSrvc.dll

2012-02-14 21:56 . 2012-02-14 21:56 286208 ----a-w- c:\windows\system32\igfxrenu.lrc

2012-02-14 21:56 . 2012-02-14 21:56 142336 ----a-w- c:\windows\system32\igfxdo.dll

2012-02-14 21:56 . 2012-02-14 21:56 9007616 ----a-w- c:\windows\system32\igfxress.dll

2012-02-14 21:55 . 2012-02-14 21:55 25088 ----a-w- c:\windows\SysWow64\igfxexps32.dll

2012-02-14 21:54 . 2012-02-14 21:54 321024 ----a-w- c:\windows\SysWow64\igfxdv32.dll

2012-02-14 21:53 . 2012-02-14 21:53 524800 ----a-w- c:\windows\system32\iglhsip64.dll

2012-02-14 21:53 . 2012-02-14 21:53 519680 ----a-w- c:\windows\SysWow64\iglhsip32.dll

2012-02-14 21:53 . 2012-02-14 21:53 2967040 ----a-w- c:\windows\system32\igfxcmjit64.dll

2012-02-14 21:53 . 2012-02-14 21:53 237056 ----a-w- c:\windows\SysWow64\igfxcmrt32.dll

2012-02-14 21:53 . 2012-02-14 21:53 2321408 ----a-w- c:\windows\SysWow64\igfxcmjit32.dll

2012-02-14 21:53 . 2012-02-14 21:53 213504 ----a-w- c:\windows\system32\iglhcp64.dll

2012-02-14 21:53 . 2012-02-14 21:53 193024 ----a-w- c:\windows\system32\igfxcmrt64.dll

2012-02-14 21:53 . 2012-02-14 21:53 177152 ----a-w- c:\windows\SysWow64\iglhcp32.dll

2012-02-10 06:36 . 2012-03-13 23:53 1544192 ----a-w- c:\windows\system32\DWrite.dll

2012-02-10 05:38 . 2012-03-13 23:53 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-02-07 15:02 . 2012-02-07 15:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX

2012-02-03 04:34 . 2012-03-13 23:53 3145728 ----a-w- c:\windows\system32\win32k.sys

2012-01-25 06:38 . 2012-03-13 19:08 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-01-25 06:38 . 2012-03-13 19:08 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-01-25 06:33 . 2012-03-13 19:08 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 4785536]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]

"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-09-07 43608]

"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]

"NVC"="c:\program files (x86)\Nortel\Nortel VPN Client\Nvc.exe" [2008-12-11 1762576]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]

"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-06-19 494064]

"ASUS ShellProcess Execute"="c:\program files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe" [2010-11-25 252544]

"G Data AntiVirus Tray Application"="c:\program files (x86)\G Data\TotalSecurity\AVKTray\AVKTray.exe" [2011-08-19 921096]

"GDFirewallTray"="c:\program files (x86)\G Data\TotalSecurity\Firewall\GDFirewallTray.exe" [2011-11-08 1616392]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]

"nomtray"="c:\program files\NetMotion Client\nomtray.exe" [2011-08-26 561240]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]

.

c:\users\Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

AutoMailer.lnk - c:\troopmaster software\AutoMailer\AutoMailer.exe [2011-7-16 73728]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Google Calendar Sync.lnk - c:\program files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"midi3"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-17 136176]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]

R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [x]

R3 cphs;Intel® Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-02-14 276248]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]

R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]

R3 GdNetMon;G Data Network Monitor;c:\windows\system32\drivers\GdNetMon64.sys [x]

R3 GDTunerSvc;G Data Tuner Service;c:\program files (x86)\G Data\TotalSecurity\AVKTuner\AVKTunerService.exe [2011-05-20 960504]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-17 136176]

R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [x]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-14 129976]

R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [x]

S0 mv91cons;Marvell 91xx Config Device Driver;c:\windows\system32\DRIVERS\mv91cons.sys [x]

S0 mvs91xx;mvs91xx;c:\windows\system32\DRIVERS\mvs91xx.sys [x]

S0 NMutilnt;NetMotion Utility Driver;c:\windows\system32\drivers\nmutilnt.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]

S1 fsclm;FIPS Encryption Driver;c:\windows\system32\drivers\fsclm.sys [x]

S1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [x]

S1 gdwfpcd;G Data WFP CD;c:\windows\system32\drivers\gdwfpcd64.sys [x]

S1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [x]

S1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [x]

S1 NMDRV;NetMotion Client Driver;c:\program files\NetMotion Client\nmdrv.sys [2011-08-26 1001560]

S1 NMRoam;NetMotion Roaming Detection Daemon;c:\windows\system32\DRIVERS\nmroam.sys [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [2010-11-03 918144]

S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [2010-12-02 915584]

S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2010-10-21 586880]

S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-03-13 74912]

S2 AVKProxy;G Data AntiVirus Proxy;c:\program files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2011-11-08 1499656]

S2 AVKService;G Data Scheduler;c:\program files (x86)\G Data\TotalSecurity\AVK\AVKService.exe [2011-05-03 409608]

S2 AVKWCtl;G Data Filesystem Monitor;c:\program files (x86)\G Data\TotalSecurity\AVK\AVKWCtlX64.exe [2011-10-28 2191808]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]

S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]

S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]

S2 MESSERV;NetMotion Client;c:\program files\NetMotion Client\messerv.exe [2011-08-26 1626200]

S2 NvcSvcMgr;Nortel VPN Client;c:\program files (x86)\Nortel\Nortel VPN Client\NvcSvcMgr.exe [2008-12-11 615704]

S2 nvcwfpco;nvcwfpco;c:\windows\system32\DRIVERS\nvcwfpco.sys [x]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]

S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]

S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]

S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]

S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]

S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]

S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]

S3 GDBackupSvc;G Data Backup Service;c:\program files (x86)\G Data\TotalSecurity\AVKBackup\AVKBackupService.exe [2011-10-28 1498616]

S3 GDFwSvc;G Data Personal Firewall;c:\program files (x86)\G Data\TotalSecurity\Firewall\GDFwSvcx64.exe [2011-08-10 1556816]

S3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys [x]

S3 GDScan;G Data Scanner;c:\program files (x86)\Common Files\G Data\GDScan\GDScan.exe [2011-10-28 457536]

S3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 nmvnic;NMVNIC Network Adapter;c:\windows\system32\DRIVERS\nmvnic.sys [x]

S3 NT_NvcA;Nortel VPN Adapter;c:\windows\system32\DRIVERS\ntnvca.sys [x]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]

S3 rt61x64;Linksys Wireless-G PCI Adapter Driver;c:\windows\system32\DRIVERS\WMP54Gv41x64.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 98909069

*Deregistered* - 98909069

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-18 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 13:34]

.

2012-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-17 23:51]

.

2012-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-17 23:51]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Bluetooth Connection Assistant"="LBTWIZ.EXE -silent" [X]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-19 11613288]

"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-13 617120]

"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-13 379552]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-14 170264]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-14 398616]

"Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-14 440600]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

Trusted Zone: intuit.com\ttlc

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

DPF: {444785F1-DE89-4295-863A-D46C3A781394} - hxxp://webplayer.unity3d.com/download_webplayer-2.x/UnityWebPlayer.cab

FF - ProfilePath - c:\users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\4zx6rji9.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.foxnews.com/

.

- - - - ORPHANS REMOVED - - - -

.

SafeBoot-96511959.sys

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-04-18 10:17:55

ComboFix-quarantined-files.txt 2012-04-18 14:17

.

Pre-Run: 424,792,461,312 bytes free

Post-Run: 425,191,378,944 bytes free

.

- - End Of File - - 1FC4BA06FBD14D7F7FE106BBBD7CB847

Link to post
Share on other sites

Download TFC to your desktop

Close any open windows.

Double click the TFC icon to run the program

TFC will close all open programs itself in order to run,

Click the Start button to begin the process.

Allow TFC to run uninterrupted.

The program should not take long to finish it's job

Once its finished it should automatically reboot your machine,

if it doesn't, manually reboot to ensure a complete clean

----------------------------------------

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how it is, MrC

Link to post
Share on other sites

Nothing found:

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.04.18.05

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Dad :: SHAGGY [administrator]

4/18/2012 10:39:02 AM

mbam-log-2012-04-18 (10-39-02).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 263800

Time elapsed: 3 minute(s), 35 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

I'm still getting redirected from both Google and Yahoo search results.

This is when you use Internet Explorer to search??

---------------------------

also..please do this:

You have out date Java on the system, older versions are vulnerable to malware.

Please go to your control panels add/remove programs and uninstall these:

Java™ 6 Update 26

Then download and install the latest version Java™ 6 Update 31.

http://www.java.com/...load/manual.jsp <---latest version

http://www.java.com/...d/installed.jsp <---verify your Java

MrC

Link to post
Share on other sites

OK, we have to run a couple of more scans:

Download aswMBR to your desktop.

http://public.avast....erek/aswMBR.exe

Double click the aswMBR.exe to run it.

If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".

Click the "Scan" button to start scan.

On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

MrC

Link to post
Share on other sites

Log follows:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-04-18 20:49:24

-----------------------------

20:49:24.166 OS Version: Windows x64 6.1.7601 Service Pack 1

20:49:24.166 Number of processors: 4 586 0x2A07

20:49:24.166 ComputerName: SHAGGY UserName: Dad

20:49:24.930 Initialize success

20:50:15.464 AVAST engine defs: 12041802

20:50:22.390 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-3

20:50:22.406 Disk 0 Vendor: Intel___ 1.0. Size: 476937MB BusType: 8

20:50:22.406 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2

20:50:22.406 Disk 1 Vendor: Size: 476937MB BusType: 0

20:50:22.406 Disk 2 \Device\Harddisk2\DR2 -> \Device\Sbp2\Verbatim&Desktop Combo Drive&0&00d00112_e0006c96_Instance00

20:50:22.406 Disk 2 Vendor: Ext_Hard Size: 953869MB BusType: 4

20:50:22.452 Disk 0 MBR read successfully

20:50:22.452 Disk 0 MBR scan

20:50:22.530 Disk 0 Windows 7 default MBR code

20:50:22.624 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048

20:50:22.640 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476835 MB offset 206848

20:50:22.655 Disk 0 scanning C:\Windows\system32\drivers

20:50:35.931 Service scanning

20:50:56.726 Modules scanning

20:50:56.726 Disk 0 trace - called modules:

20:50:56.741 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll

20:50:56.741 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800a396060]

20:50:56.741 3 CLASSPNP.SYS[fffff88001c5143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-3[0xfffffa80090ed050]

20:50:57.927 AVAST engine scan C:\Windows

20:51:03.449 AVAST engine scan C:\Windows\system32

20:54:34.377 AVAST engine scan C:\Windows\system32\drivers

20:54:49.135 AVAST engine scan C:\Users\Dad

20:56:46.322 AVAST engine scan C:\ProgramData

20:59:39.233 Scan finished successfully

21:00:55.548 Disk 0 MBR has been saved successfully to "C:\Users\Dad\Desktop\MBR.dat"

21:00:55.548 The log file has been saved successfully to "C:\Users\Dad\Desktop\aswMBR.txt"

Link to post
Share on other sites

I think the redirects are due to one or more Mozilla Firefox addons.

I went ahead and uninstalled Firefox, deleted user profiles, and reinstalled. After reinstallation, I restored my bookmarks and only enabled those addons that were shown by Mozilla as being up to date.

So far, so good...

Link to post
Share on other sites

Great, I was actually going to suggest that next:

http://www.howtogeek...ninstalling-it/

----------------------

Some cleanup to do:

Please Uninstall ComboFix:

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

---------------------------------

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

-------------------------------

You have out date Java on the system, older versions are vulnerable to malware.

Please go to your control panels add/remove programs and uninstall these:

Java™ 6 Update 26

Then download and install the latest version Java™ 6 Update 31.

http://www.java.com/...load/manual.jsp <---latest version

http://www.java.com/...d/installed.jsp <---verify your Java

-----------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.