Recommended for you -- pop up

trexkieser · May 14, 2012

Hello sir/madam,

Over the past few weeks a rather innocuous but bothersome malware has taken root in my laptop. When browsing certain sites (and I can find no rhyme or reason as to which it pops up on) a small window appears in the bottom left hand corner, often advertising some misunderstanding of the site that I am currently viewing ie. I was reading a literary article and the 'ad' displayed 'get literary help fast!' .

If closed it leaves a small white box titled 'Recommended for you' directly beneath it. I believe it has spread into my Rhapsody program, as it began popping up there and now displays an 'update needed' dialog box.

Any help would be appreciated,

T.

Logs:

DDS:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31

Run by Owner at 18:34:23 on 2012-05-14

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.2028 [GMT -4:00]

.

AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files\IDT\WDM\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\Hpservice.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\IDT\WDM\AESTSr64.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe

C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe

C:\Program Files (x86)\Autodesk\SketchBookPro2011\SketchBookSnapshot.exe

C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Citrix\ICA Client\concentr.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe

C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe

C:\Program Files\Autodesk\Inventor 2012\Moldflow\bin\mitsijm.exe

c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Common Files\Steam\SteamService.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe

C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Rhapsody\rhaphlpr.exe

C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE

C:\Windows\splwow64.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Rhapsody\rhapsody.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

mWinlogon: Userinit=userinit.exe,

BHO: MRI_DISABLED - No File

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

uRun: [Google Update] "C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

uRun: [AdobeBridge]

uRun: [Akamai NetSession Interface] "C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe"

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" UNATTENDED

mRun: [<NO NAME>]

mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup

mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\VZACCE~1.LNK - C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SKETCH~1.LNK - C:\Program Files (x86)\Autodesk\SketchBookPro2011\SketchBookSnapshot.exe

uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: rhapsody.com\rhap-app-4-0

Trusted Zone: rhapsody.com\rhapreg

Trusted Zone: soe.com

Trusted Zone: sony.com

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{4C55F16B-041D-4AD9-80B1-91A45423001A} : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{4C55F16B-041D-4AD9-80B1-91A45423001A}\2427F677E634865656471686D27657563747 : DhcpNameServer = 204.111.1.210 204.111.1.195

TCP: Interfaces\{4C55F16B-041D-4AD9-80B1-91A45423001A}\4527166756C6C4F6467656 : DhcpNameServer = 10.128.128.128

TCP: Interfaces\{4C55F16B-041D-4AD9-80B1-91A45423001A}\74059593B4 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{4C55F16B-041D-4AD9-80B1-91A45423001A}\74F6C646A556262716 : DhcpNameServer = 204.111.1.210 204.111.1.195

TCP: Interfaces\{4C55F16B-041D-4AD9-80B1-91A45423001A}\74F6C646A556262716D27657563747 : DhcpNameServer = 204.111.1.210 204.111.1.195

TCP: Interfaces\{4C55F16B-041D-4AD9-80B1-91A45423001A}\9736374677966696 : DhcpNameServer = 198.6.100.53 198.6.1.2

TCP: Interfaces\{4C55F16B-041D-4AD9-80B1-91A45423001A}\F4868456979797D27657563747 : DhcpNameServer = 204.111.1.210 204.111.1.195

Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

BHO-X64: MRI_DISABLED - No File

BHO-X64: AcroIEHelperStub - No File

BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

BHO-X64: 0x1 - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" UNATTENDED

mRun-x64: [(Default)]

mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup

mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

Hosts: 149.5.18.172 www.google-analytics.com.

Hosts: 149.5.18.172 ad-emea.doubleclick.net.

Hosts: 149.5.18.172 www.statcounter.com.

Hosts: 108.163.215.51 www.google-analytics.com.

Hosts: 108.163.215.51 ad-emea.doubleclick.net.

.

Note: multiple HOSTS entries found. Please refer to Attach.txt

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\9qd6c7cb.default\

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.71\npGoogleUpdate3.dll

FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

.

============= SERVICES / DRIVERS ===============

.

R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]

R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\system32\DRIVERS\ctxusbm.sys --> C:\Windows\system32\DRIVERS\ctxusbm.sys [?]

R1 DVMIO;DeviceVM IO Service;C:\Windows\system32\DRIVERS\dvmio.sys --> C:\Windows\system32\DRIVERS\dvmio.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]

R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-3-23 89600]

R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-4-8 86224]

R2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-4-8 110032]

R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]

R2 DvmMDES;DeviceVM Meta Data Export Service;C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-3-31 338168]

R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2009-12-16 102968]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-5-21 103992]

R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]

R2 HPWMISVC;HPWMISVC;C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-1-18 20480]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-7-1 13336]

R2 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit;C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-2-22 86016]

R2 mitsijm2012;Autodesk Moldflow Inventor Tool Suite Integration 2012 Job Manager;C:\Program Files\Autodesk\Inventor 2012\Moldflow\bin\mitsijm.exe [2010-12-7 848184]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-7-1 2320920]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]

R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]

S2 Autodesk Content Service;Autodesk Content Service;C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-2-2 18656]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 AmUStor;AM USB Stroage Driver;C:\Windows\system32\drivers\AmUStor.SYS --> C:\Windows\system32\drivers\AmUStor.SYS [?]

S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-6-22 1431888]

S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]

S3 NWUSBCDFIL64;Novatel Wireless Installation CD;C:\Windows\system32\DRIVERS\NwUsbCdFil64.sys --> C:\Windows\system32\DRIVERS\NwUsbCdFil64.sys [?]

S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;C:\Windows\system32\DRIVERS\nwusbser2.sys --> C:\Windows\system32\DRIVERS\nwusbser2.sys [?]

S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]

S4 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-26 652360]

.

=============== File Associations ===============

.

.scr=AutoCADScriptFile

.

=============== Created Last 30 ================

.

2012-05-09 20:18:18 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-05-09 20:18:16 3146240 ----a-w- C:\Windows\System32\win32k.sys

2012-05-09 20:18:15 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-05-09 20:18:14 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-05-09 20:18:12 1544704 ----a-w- C:\Windows\System32\DWrite.dll

2012-05-09 20:18:12 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-05-09 20:17:06 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys

2012-05-09 20:16:44 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-05-09 20:16:41 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2012-05-09 20:16:41 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll

2012-05-06 20:48:10 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-05-06 20:48:10 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-05-06 20:15:56 -------- d-----w- C:\Windows\System32\SPReview

2012-05-06 20:11:16 -------- d-----w- C:\Windows\System32\EventProviders

2012-05-04 17:51:25 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation

2012-05-04 17:50:12 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard

2012-04-30 15:33:40 -------- d-----w- C:\Users\Owner\AppData\Roaming\.minecraft

2012-04-23 10:17:36 -------- d-----w- C:\Program Files (x86)\Yahoo!

.

==================== Find3M ====================

.

2012-05-08 19:47:17 98848 ----a-w- C:\Windows\System32\drivers\avgntflt.sys

2012-05-06 20:28:52 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll

2012-05-06 20:28:51 175616 ----a-w- C:\Windows\System32\msclmd.dll

2012-04-30 14:26:21 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-03-06 05:59:41 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa(44).exe

2012-03-01 06:54:38 22896 ----a-w- C:\Windows\System32\drivers\fs_rec(35).sys

2012-03-01 06:46:16 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys

2012-03-01 06:38:27 220672 ----a-w- C:\Windows\System32\wintrust.dll

2012-03-01 06:33:50 81408 ----a-w- C:\Windows\System32\imagehlp.dll

2012-03-01 06:28:47 5120 ----a-w- C:\Windows\System32\wmi.dll

2012-03-01 05:40:44 5120 ----a-w- C:\Windows\SysWow64\wmi(47).dll

2012-03-01 05:37:41 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll

2012-03-01 05:33:23 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll

2012-03-01 05:29:16 5120 ----a-w- C:\Windows\SysWow64\wmi.dll

2012-02-28 07:34:23 17790976 ----a-w- C:\Windows\System32\mshtml(39).dll

2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll

2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll

2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-02-28 06:48:36 237056 ----a-w- C:\Windows\System32\url(40).dll

2012-02-28 06:47:09 85504 ----a-w- C:\Windows\System32\jsproxy(37).dll

2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-02-28 01:52:25 12281856 ----a-w- C:\Windows\SysWow64\mshtml(43).dll

2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll

2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

.

============= FINISH: 18:37:02.86 ===============

Attatch:

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 12/19/2010 7:41:01 PM

System Uptime: 5/10/2012 6:44:20 PM (96 hours ago)

.

Motherboard: Hewlett-Packard | | 1435

Processor: Intel® Core™ i3 CPU M 350 @ 2.27GHz | CPU | 1065/1066mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 447 GiB total, 254.732 GiB free.

D: is FIXED (NTFS) - 18 GiB total, 2.681 GiB free.

E: is FIXED (FAT32) - 0 GiB total, 0.087 GiB free.

F: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP210: 5/6/2012 4:15:52 PM - Windows 7 Service Pack 1

RP212: 5/7/2012 4:47:34 AM - Windows Modules Installer

RP213: 5/7/2012 6:51:23 PM - Windows Update

RP215: 5/10/2012 6:01:13 AM - Windows Modules Installer

RP216: 5/10/2012 6:02:09 AM - Windows Modules Installer

RP217: 5/12/2012 12:01:59 PM - Installed TEdit 3

.

==== Hosts File Hijack ======================

.

Hosts: 149.5.18.172 www.google-analytics.com.

Hosts: 149.5.18.172 ad-emea.doubleclick.net.

Hosts: 149.5.18.172 www.statcounter.com.

Hosts: 108.163.215.51 www.google-analytics.com.

Hosts: 108.163.215.51 ad-emea.doubleclick.net.

Hosts: 108.163.215.51 www.statcounter.com.

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

7-Zip 9.20

Acrobat.com

ActiveCheck component for HP Active Support Library

Adobe AIR

Adobe Flash Player 10 Plugin

Adobe Flash Player 11 ActiveX

Adobe Reader X (10.1.1)

Adobe Shockwave Player

Adobe Story

Akamai NetSession Interface

Alcor Micro USB Card Reader

Audacity 1.2.6

Audacity 1.3.13 (Unicode)

Autodesk Content Service

Autodesk Material Library 2012

Autodesk Material Library Base Resolution Image Library 2012

Autodesk Material Library Low Resolution Image Library 2012

Autodesk Material Library Medium Resolution Image Library 2012

Autodesk SketchBookPro 2011

Avira Free Antivirus

AVS Screen Capture version 2.0.1

AVS Update Manager 1.0

AVS Video Editor 6

AVS Video Recorder 2.4

AVS4YOU Software Navigator 1.4

Bejeweled 2 Deluxe

Blackhawk Striker 2

Blasterball 3

Build-a-lot 2

Cake Mania

Chuzzle Deluxe

Citrix online plug-in - web

Citrix online plug-in (DV)

Citrix online plug-in (HDX)

Citrix online plug-in (USB)

Citrix online plug-in (Web)

Corel Painter Sketch Pad

Corel SketchPad - ICA

CyberLink DVD Suite

D3DX10

Demigod

Diner Dash 2 Restaurant Rescue

Dora's Carnival Adventure

DVD Menu Pack for HP MediaSmart Video

Enclave

Escape Rosecliff Island

ESU for Microsoft Windows 7

EverQuest II

Faerie Solitaire

FARO LS 1.1.406.58

FATE

Finale NotePad 2011

Google Chrome

HP Advisor

HP Customer Experience Enhancements

HP Game Console

HP Games

HP MediaSmart CinemaNow 2.0

HP MediaSmart DVD

HP MediaSmart Internet TV

HP MediaSmart Music

HP MediaSmart Photo

HP MediaSmart Video

HP MediaSmart Webcam

HP MediaSmart/TouchSmart Netflix

HP Photo Creations

HP QuickWeb Installer

HP Setup

HP Software Framework

HP Support Assistant

HP Update

HP User Guides 0164

HPAsset component for HP Active Support Library

IconHandler 32 bit

IDT Audio

Intel® Control Center

Intel® Graphics Media Accelerator Driver

Intel® Management Engine Components

Intel® Rapid Storage Technology

IPM

Java Auto Updater

Java™ 6 Update 31

Jewel Quest 3

Jewel Quest Solitaire 2

Junk Mail filter update

LabelPrint

LightScribe System Software

Malwarebytes Anti-Malware version 1.60.1.1000

Microsoft .NET Framework 1.1

Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office 2010

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Standard 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft WSE 3.0 Runtime

Microsoft XNA Framework Redistributable 4.0

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Microsoft_VC90_MFCLOC_x86

Mobile Broadband Generic Drivers

MotionDV STUDIO 6.0E LE for DV

Movie Theme Pack for HP MediaSmart Video

Mozilla Firefox (3.6.13)

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML4 Parser

Multimedia Fusion 2

Mystery P.I. - The New York Fortune

Norton Online Backup

Painter Sketch Pad

PaintTool SAI Ver.1

Pando Media Booster

Penguins!

Plants vs. Zombies

Poker Superstars III

Polar Bowler

Polar Golfer

Realtek Ethernet Controller Driver For Windows 7

Recovery Manager

Registration

Rhapsody

Roxio CinemaNow 2.0

Sanctum

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition

Space Hulk Mod 1.3.1

Steam

Stronghold Crusader

Supreme Commander 2

Terrafirma

Terraria

TextTwist 2

Tropico 3 - Steam Special Edition

Unity Web Player

Universe Sandbox

Unreal Tournament 2004

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2598290) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

VBA (2627.01)

Virtual Families

Virtual Villagers - The Secret City

VZAccess Manager for Novatel

Warcraft III

Warcraft III: All Products

Warhammer® 40,000®: Dawn of War® II – Retribution™

WarhammerÂ® 40,000Â„¢: Dawn of WarÂ® II

WarhammerÂ® 40,000Â„¢: Dawn of WarÂ® II Â€“ Chaos RisingÂ„¢

Wheel of Fortune 2

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Movie Maker 2.6

Yahoo! Toolbar

Zuma's Revenge

.

==== Event Viewer Messages From Past Week ========

.

5/9/2012 3:53:39 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.

5/12/2012 3:59:11 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IKEEXT service.

5/12/2012 3:58:41 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.

5/12/2012 1:54:07 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HP Wireless Assistant Service service.

5/10/2012 6:46:41 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

5/10/2012 6:46:41 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

5/10/2012 6:46:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

5/10/2012 6:46:26 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.

5/10/2012 6:45:53 PM, Error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.

5/10/2012 6:45:51 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Autodesk Content Service service to connect.

5/10/2012 6:45:51 PM, Error: Service Control Manager [7000] - The Autodesk Content Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

.

==== End Of File ===========================

MrCharlie · May 15, 2012

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system (don't run any other options, they're not all bad!)

Post back the report.

MrC

trexkieser · May 15, 2012

Thank you MrC.

RogueKiller V7.4.4 [05/08/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: Owner [Admin rights]

Mode: Scan -- Date: 05/15/2012 14:31:54

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 3 ¤¤¤

[HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

::1 localhost

149.5.18.172 www.google-analytics.com.

149.5.18.172 ad-emea.doubleclick.net.

149.5.18.172 www.statcounter.com.

108.163.215.51 www.google-analytics.com.

108.163.215.51 ad-emea.doubleclick.net.

108.163.215.51 www.statcounter.com.

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK5056GSY +++++

--- User ---

[MBR] 8cb1935d26cc8ae8785163c0ef6cb4a1

[bSP] f5b1b516e234f240afe1f0c29c2286cf : Windows Vista/7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 457709 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 937797632 | Size: 18927 Mo

3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 976560128 | Size: 103 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[2].txt >>

RKreport[1].txt ; RKreport[2].txt

MrCharlie · May 15, 2012

Next........

Please make sure system restore is running and create a new restore point before continuing.

XP <===> Vista & W7

XP users > please back up the registry using ERUNT.

-----------------------------------------

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

------------------------

Click the Start Scan button.

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

trexkieser · May 15, 2012

15:21:59.0232 0704 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18

15:21:59.0563 0704 ============================================================

15:21:59.0563 0704 Current date / time: 2012/05/06 15:21:59.0563

15:21:59.0563 0704 SystemInfo:

15:21:59.0563 0704

15:21:59.0563 0704 OS Version: 6.1.7600 ServicePack: 0.0

15:21:59.0563 0704 Product type: Workstation

15:21:59.0563 0704 ComputerName: OWNER-PC

15:21:59.0564 0704 UserName: Owner

15:21:59.0564 0704 Windows directory: C:\Windows

15:21:59.0564 0704 System windows directory: C:\Windows

15:21:59.0564 0704 Running under WOW64

15:21:59.0564 0704 Processor architecture: Intel x64

15:21:59.0564 0704 Number of processors: 4

15:21:59.0564 0704 Page size: 0x1000

15:21:59.0564 0704 Boot type: Normal boot

15:21:59.0564 0704 ============================================================

15:22:00.0485 0704 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

15:22:00.0494 0704 ============================================================

15:22:00.0494 0704 \Device\Harddisk0\DR0:

15:22:00.0494 0704 MBR partitions:

15:22:00.0494 0704 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800

15:22:00.0494 0704 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x37DF6800

15:22:00.0494 0704 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x37E5A800, BlocksNum 0x24F7800

15:22:00.0494 0704 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830

15:22:00.0495 0704 ============================================================

15:22:00.0522 0704 C: <-> \Device\Harddisk0\DR0\Partition1

15:22:00.0570 0704 D: <-> \Device\Harddisk0\DR0\Partition2

15:22:00.0582 0704 E: <-> \Device\Harddisk0\DR0\Partition3

15:22:00.0582 0704 ============================================================

15:22:00.0582 0704 Initialize success

15:22:00.0582 0704 ============================================================

15:22:03.0142 5644 ============================================================

15:22:03.0142 5644 Scan started

15:22:03.0142 5644 Mode: Manual;

15:22:03.0142 5644 ============================================================

15:22:04.0029 5644 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys

15:22:04.0046 5644 1394ohci - ok

15:22:04.0080 5644 Accelerometer (1cffe9c06e66a57dae1452e449a58240) C:\Windows\system32\DRIVERS\Accelerometer.sys

15:22:04.0088 5644 Accelerometer - ok

15:22:04.0152 5644 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys

15:22:04.0168 5644 ACPI - ok

15:22:04.0198 5644 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys

15:22:04.0205 5644 AcpiPmi - ok

15:22:04.0304 5644 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

15:22:04.0336 5644 AdobeARMservice - ok

15:22:04.0431 5644 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

15:22:04.0452 5644 adp94xx - ok

15:22:04.0498 5644 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

15:22:04.0515 5644 adpahci - ok

15:22:04.0549 5644 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

15:22:04.0563 5644 adpu320 - ok

15:22:04.0592 5644 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

15:22:04.0593 5644 AeLookupSvc - ok

15:22:04.0686 5644 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe

15:22:04.0700 5644 AESTFilters - ok

15:22:04.0819 5644 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys

15:22:04.0832 5644 AFD - ok

15:22:04.0894 5644 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys

15:22:04.0906 5644 agp440 - ok

15:22:04.0932 5644 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

15:22:04.0943 5644 ALG - ok

15:22:04.0976 5644 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys

15:22:04.0983 5644 aliide - ok

15:22:04.0996 5644 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys

15:22:05.0004 5644 amdide - ok

15:22:05.0033 5644 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

15:22:05.0045 5644 AmdK8 - ok

15:22:05.0066 5644 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

15:22:05.0078 5644 AmdPPM - ok

15:22:05.0127 5644 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys

15:22:05.0139 5644 amdsata - ok

15:22:05.0171 5644 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

15:22:05.0186 5644 amdsbs - ok

15:22:05.0224 5644 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys

15:22:05.0232 5644 amdxata - ok

15:22:05.0266 5644 AmUStor (37ea167782af19301af9c05804948bb2) C:\Windows\system32\drivers\AmUStor.SYS

15:22:05.0277 5644 AmUStor - ok

15:22:05.0435 5644 AntiVirSchedulerService (72709089a54bdc1c5b16bc4a4b926567) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

15:22:05.0438 5644 AntiVirSchedulerService - ok

15:22:05.0489 5644 AntiVirService (42f88bfbb76f7a63e381829479b18518) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

15:22:05.0491 5644 AntiVirService - ok

15:22:05.0524 5644 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys

15:22:05.0533 5644 AppID - ok

15:22:05.0558 5644 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

15:22:05.0567 5644 AppIDSvc - ok

15:22:05.0579 5644 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll

15:22:05.0582 5644 Appinfo - ok

15:22:05.0625 5644 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

15:22:05.0637 5644 arc - ok

15:22:05.0661 5644 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

15:22:05.0673 5644 arcsas - ok

15:22:05.0776 5644 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

15:22:05.0787 5644 aspnet_state - ok

15:22:05.0811 5644 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

15:22:05.0820 5644 AsyncMac - ok

15:22:05.0869 5644 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys

15:22:05.0878 5644 atapi - ok

15:22:05.0964 5644 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll

15:22:05.0975 5644 AudioEndpointBuilder - ok

15:22:05.0991 5644 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll

15:22:06.0000 5644 AudioSrv - ok

15:22:06.0118 5644 Autodesk Content Service (1992c2a1867d95aa3a0802539358d162) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe

15:22:06.0122 5644 Autodesk Content Service - ok

15:22:06.0169 5644 avgntflt (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys

15:22:06.0171 5644 avgntflt - ok

15:22:06.0200 5644 avipbb (852e3c0a60d368c487949e55ad52a47f) C:\Windows\system32\DRIVERS\avipbb.sys

15:22:06.0200 5644 avipbb - ok

15:22:06.0231 5644 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys

15:22:06.0239 5644 avkmgr - ok

15:22:06.0282 5644 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll

15:22:06.0294 5644 AxInstSV - ok

15:22:06.0364 5644 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

15:22:06.0384 5644 b06bdrv - ok

15:22:06.0430 5644 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

15:22:06.0446 5644 b57nd60a - ok

15:22:06.0489 5644 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

15:22:06.0500 5644 BDESVC - ok

15:22:06.0517 5644 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

15:22:06.0522 5644 Beep - ok

15:22:06.0590 5644 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll

15:22:06.0603 5644 BFE - ok

15:22:06.0687 5644 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll

15:22:06.0703 5644 BITS - ok

15:22:06.0743 5644 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

15:22:06.0751 5644 blbdrive - ok

15:22:06.0788 5644 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys

15:22:06.0799 5644 bowser - ok

15:22:06.0832 5644 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

15:22:06.0838 5644 BrFiltLo - ok

15:22:06.0856 5644 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

15:22:06.0860 5644 BrFiltUp - ok

15:22:06.0895 5644 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll

15:22:06.0898 5644 Browser - ok

15:22:06.0940 5644 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

15:22:06.0957 5644 Brserid - ok

15:22:06.0975 5644 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

15:22:06.0983 5644 BrSerWdm - ok

15:22:07.0002 5644 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

15:22:07.0007 5644 BrUsbMdm - ok

15:22:07.0022 5644 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

15:22:07.0027 5644 BrUsbSer - ok

15:22:07.0076 5644 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys

15:22:07.0085 5644 BthEnum - ok

15:22:07.0105 5644 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

15:22:07.0115 5644 BTHMODEM - ok

15:22:07.0148 5644 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys

15:22:07.0159 5644 BthPan - ok

15:22:07.0227 5644 BTHPORT (21084ceb85280468c9aca3c805c0f8cf) C:\Windows\System32\Drivers\BTHport.sys

15:22:07.0245 5644 BTHPORT - ok

15:22:07.0276 5644 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

15:22:07.0276 5644 bthserv - ok

15:22:07.0326 5644 BTHUSB (8504842634dd144c075b6b0c982ccec4) C:\Windows\System32\Drivers\BTHUSB.sys

15:22:07.0337 5644 BTHUSB - ok

15:22:07.0364 5644 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

15:22:07.0374 5644 cdfs - ok

15:22:07.0410 5644 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys

15:22:07.0425 5644 cdrom - ok

15:22:07.0451 5644 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll

15:22:07.0462 5644 CertPropSvc - ok

15:22:07.0488 5644 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

15:22:07.0499 5644 circlass - ok

15:22:07.0538 5644 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

15:22:07.0545 5644 CLFS - ok

15:22:07.0613 5644 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

15:22:07.0646 5644 clr_optimization_v2.0.50727_32 - ok

15:22:07.0707 5644 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

15:22:07.0720 5644 clr_optimization_v2.0.50727_64 - ok

15:22:07.0778 5644 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

15:22:07.0792 5644 clr_optimization_v4.0.30319_32 - ok

15:22:07.0831 5644 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

15:22:07.0835 5644 clr_optimization_v4.0.30319_64 - ok

15:22:07.0869 5644 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

15:22:07.0875 5644 CmBatt - ok

15:22:07.0900 5644 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys

15:22:07.0910 5644 cmdide - ok

15:22:07.0969 5644 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys

15:22:07.0993 5644 CNG - ok

15:22:08.0013 5644 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

15:22:08.0021 5644 Compbatt - ok

15:22:08.0055 5644 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys

15:22:08.0064 5644 CompositeBus - ok

15:22:08.0082 5644 COMSysApp - ok

15:22:08.0105 5644 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

15:22:08.0113 5644 crcdisk - ok

15:22:08.0153 5644 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll

15:22:08.0159 5644 CryptSvc - ok

15:22:08.0213 5644 ctxusbm (ba8e5b2291c01ef71ca80e25f0c79d55) C:\Windows\system32\DRIVERS\ctxusbm.sys

15:22:08.0225 5644 ctxusbm - ok

15:22:08.0280 5644 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll

15:22:08.0290 5644 DcomLaunch - ok

15:22:08.0382 5644 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

15:22:08.0399 5644 defragsvc - ok

15:22:08.0461 5644 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys

15:22:08.0473 5644 DfsC - ok

15:22:08.0508 5644 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll

15:22:08.0514 5644 Dhcp - ok

15:22:08.0539 5644 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

15:22:08.0540 5644 discache - ok

15:22:08.0586 5644 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

15:22:08.0598 5644 Disk - ok

15:22:08.0651 5644 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll

15:22:08.0656 5644 Dnscache - ok

15:22:08.0692 5644 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll

15:22:08.0708 5644 dot3svc - ok

15:22:08.0733 5644 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll

15:22:08.0737 5644 DPS - ok

15:22:08.0761 5644 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

15:22:08.0765 5644 drmkaud - ok

15:22:08.0805 5644 DVMIO (a298aea9fca253e7eff040a08c7c6376) C:\Windows\system32\DRIVERS\dvmio.sys

15:22:08.0812 5644 DVMIO - ok

15:22:08.0907 5644 DvmMDES (b66b5b27c8c9881f90435a1f7fe370c3) C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe

15:22:08.0914 5644 DvmMDES - ok

15:22:09.0005 5644 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys

15:22:09.0034 5644 DXGKrnl - ok

15:22:09.0057 5644 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

15:22:09.0061 5644 EapHost - ok

15:22:09.0283 5644 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

15:22:09.0343 5644 ebdrv - ok

15:22:09.0450 5644 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe

15:22:09.0453 5644 EFS - ok

15:22:09.0538 5644 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe

15:22:09.0567 5644 ehRecvr - ok

15:22:09.0595 5644 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

15:22:09.0611 5644 ehSched - ok

15:22:09.0690 5644 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

15:22:09.0710 5644 elxstor - ok

15:22:09.0741 5644 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys

15:22:09.0747 5644 ErrDev - ok

15:22:09.0806 5644 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

15:22:09.0814 5644 EventSystem - ok

15:22:09.0861 5644 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

15:22:09.0875 5644 exfat - ok

15:22:09.0895 5644 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

15:22:09.0906 5644 fastfat - ok

15:22:09.0971 5644 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe

15:22:09.0984 5644 Fax - ok

15:22:09.0999 5644 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

15:22:10.0007 5644 fdc - ok

15:22:10.0029 5644 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

15:22:10.0031 5644 fdPHost - ok

15:22:10.0039 5644 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

15:22:10.0042 5644 FDResPub - ok

15:22:10.0061 5644 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

15:22:10.0072 5644 FileInfo - ok

15:22:10.0088 5644 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

15:22:10.0095 5644 Filetrace - ok

15:22:10.0258 5644 FLEXnet Licensing Service 64 (5cee6cd43ae5844c49300ea0b1e557ee) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe

15:22:10.0281 5644 FLEXnet Licensing Service 64 - ok

15:22:10.0377 5644 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

15:22:10.0377 5644 flpydisk - ok

15:22:10.0438 5644 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys

15:22:10.0460 5644 FltMgr - ok

15:22:10.0573 5644 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll

15:22:10.0593 5644 FontCache - ok

15:22:10.0645 5644 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

15:22:10.0647 5644 FontCache3.0.0.0 - ok

15:22:10.0661 5644 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

15:22:10.0671 5644 FsDepends - ok

15:22:10.0698 5644 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys

15:22:10.0706 5644 Fs_Rec - ok

15:22:10.0752 5644 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys

15:22:10.0756 5644 fvevol - ok

15:22:10.0784 5644 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

15:22:10.0795 5644 gagp30kx - ok

15:22:10.0891 5644 GameConsoleService (e53ee18a21c025deabcfe0f72fc481bb) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe

15:22:10.0914 5644 GameConsoleService - ok

15:22:10.0985 5644 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll

15:22:10.0999 5644 gpsvc - ok

15:22:11.0023 5644 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

15:22:11.0034 5644 hcw85cir - ok

15:22:11.0084 5644 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys

15:22:11.0105 5644 HdAudAddService - ok

15:22:11.0135 5644 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys

15:22:11.0138 5644 HDAudBus - ok

15:22:11.0174 5644 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys

15:22:11.0184 5644 HECIx64 - ok

15:22:11.0201 5644 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

15:22:11.0208 5644 HidBatt - ok

15:22:11.0230 5644 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

15:22:11.0240 5644 HidBth - ok

15:22:11.0258 5644 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

15:22:11.0267 5644 HidIr - ok

15:22:11.0282 5644 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

15:22:11.0292 5644 hidserv - ok

15:22:11.0319 5644 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys

15:22:11.0321 5644 HidUsb - ok

15:22:11.0346 5644 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll

15:22:11.0358 5644 hkmsvc - ok

15:22:11.0383 5644 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll

15:22:11.0389 5644 HomeGroupListener - ok

15:22:11.0413 5644 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll

15:22:11.0413 5644 HomeGroupProvider - ok

15:22:11.0528 5644 HP Health Check Service (45a12cacb97b4f15858fcfd59355a1e9) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

15:22:11.0531 5644 HP Health Check Service - ok

15:22:11.0623 5644 HP Wireless Assistant Service (a2de0a67c77ebc6dfad3d55232790add) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe

15:22:11.0626 5644 HP Wireless Assistant Service - ok

15:22:11.0660 5644 HPDrvMntSvc.exe (c958976c7daaf47084a33ebbc6e28b84) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

15:22:11.0695 5644 HPDrvMntSvc.exe - ok

15:22:11.0727 5644 hpdskflt (05712fddbd45a5864eb326faabc6a4e3) C:\Windows\system32\DRIVERS\hpdskflt.sys

15:22:11.0736 5644 hpdskflt - ok

15:22:11.0820 5644 hpqwmiex (09fbd4c4db2fd84b9ab1c5bfdcc95559) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

15:22:11.0833 5644 hpqwmiex - ok

15:22:11.0875 5644 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys

15:22:11.0886 5644 HpSAMD - ok

15:22:11.0894 5644 hpsrv (aa036cc5f5221d9b915f4d4dce74ba9a) C:\Windows\system32\Hpservice.exe

15:22:11.0896 5644 hpsrv - ok

15:22:11.0927 5644 HPWMISVC (b6492d01712a22ff3fea25a999dbd321) C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

15:22:11.0928 5644 HPWMISVC - ok

15:22:11.0990 5644 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys

15:22:12.0001 5644 HTTP - ok

15:22:12.0016 5644 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys

15:22:12.0017 5644 hwpolicy - ok

15:22:12.0039 5644 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

15:22:12.0053 5644 i8042prt - ok

15:22:12.0114 5644 iaStor (a5f72bb0d024e7e463344105be613ae4) C:\Windows\system32\DRIVERS\iaStor.sys

15:22:12.0121 5644 iaStor - ok

15:22:12.0184 5644 IAStorDataMgrSvc (1e7999fe262b0a5fb84485c3a9ad06f1) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

15:22:12.0186 5644 IAStorDataMgrSvc - ok

15:22:12.0244 5644 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys

15:22:12.0262 5644 iaStorV - ok

15:22:12.0346 5644 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

15:22:12.0397 5644 idsvc - ok

15:22:13.0110 5644 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys

15:22:13.0360 5644 igfx - ok

15:22:13.0477 5644 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

15:22:13.0486 5644 iirsp - ok

15:22:13.0563 5644 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll

15:22:13.0577 5644 IKEEXT - ok

15:22:13.0619 5644 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys

15:22:13.0630 5644 Impcd - ok

15:22:13.0685 5644 IntcDAud (03c74719d48056a1078f3a51ceb76baa) C:\Windows\system32\DRIVERS\IntcDAud.sys

15:22:13.0699 5644 IntcDAud - ok

15:22:13.0712 5644 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys

15:22:13.0721 5644 intelide - ok

15:22:13.0751 5644 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

15:22:13.0754 5644 intelppm - ok

15:22:13.0768 5644 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

15:22:13.0780 5644 IPBusEnum - ok

15:22:13.0799 5644 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys

15:22:13.0810 5644 IpFilterDriver - ok

15:22:13.0856 5644 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll

15:22:13.0868 5644 iphlpsvc - ok

15:22:13.0897 5644 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys

15:22:13.0909 5644 IPMIDRV - ok

15:22:13.0921 5644 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

15:22:13.0932 5644 IPNAT - ok

15:22:13.0962 5644 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

15:22:13.0968 5644 IRENUM - ok

15:22:13.0988 5644 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys

15:22:13.0996 5644 isapnp - ok

15:22:14.0028 5644 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys

15:22:14.0045 5644 iScsiPrt - ok

15:22:14.0066 5644 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

15:22:14.0076 5644 kbdclass - ok

15:22:14.0096 5644 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys

15:22:14.0104 5644 kbdhid - ok

15:22:14.0141 5644 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

15:22:14.0144 5644 KeyIso - ok

15:22:14.0164 5644 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys

15:22:14.0177 5644 KSecDD - ok

15:22:14.0200 5644 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys

15:22:14.0215 5644 KSecPkg - ok

15:22:14.0231 5644 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

15:22:14.0238 5644 ksthunk - ok

15:22:14.0284 5644 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

15:22:14.0306 5644 KtmRm - ok

15:22:14.0358 5644 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll

15:22:14.0365 5644 LanmanServer - ok

15:22:14.0396 5644 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll

15:22:14.0403 5644 LanmanWorkstation - ok

15:22:14.0498 5644 LightScribeService (fa4a45c179ab0e0f1a31b9751d4b18d7) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

15:22:14.0509 5644 LightScribeService - ok

15:22:14.0534 5644 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

15:22:14.0544 5644 lltdio - ok

15:22:14.0604 5644 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

15:22:14.0621 5644 lltdsvc - ok

15:22:14.0646 5644 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

15:22:14.0648 5644 lmhosts - ok

15:22:14.0721 5644 LMS (dbc1136a62bd4decc3632df650284c2e) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

15:22:14.0727 5644 LMS - ok

15:22:14.0765 5644 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

15:22:14.0776 5644 LSI_FC - ok

15:22:14.0795 5644 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

15:22:14.0807 5644 LSI_SAS - ok

15:22:14.0836 5644 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

15:22:14.0846 5644 LSI_SAS2 - ok

15:22:14.0870 5644 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

15:22:14.0881 5644 LSI_SCSI - ok

15:22:14.0909 5644 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

15:22:14.0912 5644 luafv - ok

15:22:14.0966 5644 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys

15:22:14.0974 5644 MBAMProtector - ok

15:22:15.0082 5644 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

15:22:15.0094 5644 MBAMService - ok

15:22:15.0107 5644 MCSTRM - ok

15:22:15.0136 5644 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll

15:22:15.0148 5644 Mcx2Svc - ok

15:22:15.0173 5644 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

15:22:15.0182 5644 megasas - ok

15:22:15.0219 5644 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

15:22:15.0234 5644 MegaSR - ok

15:22:15.0346 5644 mi-raysat_3dsmax2012_64 (0af89452a8ce3928168f4e5b2208c68b) C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe

15:22:15.0360 5644 mi-raysat_3dsmax2012_64 - ok

15:22:15.0494 5644 mitsijm2012 (29731e3f45a70312e82a72ea96483171) C:\Program Files\Autodesk\Inventor 2012\Moldflow\bin\mitsijm.exe

15:22:15.0527 5644 mitsijm2012 - ok

15:22:15.0609 5644 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

15:22:15.0627 5644 MMCSS - ok

15:22:15.0661 5644 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

15:22:15.0669 5644 Modem - ok

15:22:15.0696 5644 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

15:22:15.0697 5644 monitor - ok

15:22:15.0728 5644 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

15:22:15.0739 5644 mouclass - ok

15:22:15.0759 5644 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

15:22:15.0761 5644 mouhid - ok

15:22:15.0790 5644 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys

15:22:15.0792 5644 mountmgr - ok

15:22:15.0815 5644 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys

15:22:15.0831 5644 mpio - ok

15:22:15.0852 5644 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

15:22:15.0861 5644 mpsdrv - ok

15:22:15.0923 5644 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll

15:22:15.0941 5644 MpsSvc - ok

15:22:15.0966 5644 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys

15:22:15.0980 5644 MRxDAV - ok

15:22:16.0015 5644 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys

15:22:16.0029 5644 mrxsmb - ok

15:22:16.0066 5644 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys

15:22:16.0083 5644 mrxsmb10 - ok

15:22:16.0101 5644 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys

15:22:16.0123 5644 mrxsmb20 - ok

15:22:16.0156 5644 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys

15:22:16.0164 5644 msahci - ok

15:22:16.0195 5644 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys

15:22:16.0212 5644 msdsm - ok

15:22:16.0251 5644 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

15:22:16.0267 5644 MSDTC - ok

15:22:16.0290 5644 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

15:22:16.0297 5644 Msfs - ok

15:22:16.0318 5644 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

15:22:16.0322 5644 mshidkmdf - ok

15:22:16.0341 5644 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys

15:22:16.0348 5644 msisadrv - ok

15:22:16.0377 5644 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

15:22:16.0390 5644 MSiSCSI - ok

15:22:16.0396 5644 msiserver - ok

15:22:16.0428 5644 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

15:22:16.0432 5644 MSKSSRV - ok

15:22:16.0472 5644 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

15:22:16.0476 5644 MSPCLOCK - ok

15:22:16.0482 5644 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

15:22:16.0487 5644 MSPQM - ok

15:22:16.0525 5644 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys

15:22:16.0542 5644 MsRPC - ok

15:22:16.0562 5644 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

15:22:16.0564 5644 mssmbios - ok

15:22:16.0578 5644 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

15:22:16.0582 5644 MSTEE - ok

15:22:16.0590 5644 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

15:22:16.0597 5644 MTConfig - ok

15:22:16.0607 5644 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

15:22:16.0617 5644 Mup - ok

15:22:16.0679 5644 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll

15:22:16.0690 5644 napagent - ok

15:22:16.0731 5644 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

15:22:16.0750 5644 NativeWifiP - ok

15:22:16.0829 5644 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys

15:22:16.0845 5644 NDIS - ok

15:22:16.0863 5644 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

15:22:16.0871 5644 NdisCap - ok

15:22:16.0903 5644 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

15:22:16.0910 5644 NdisTapi - ok

15:22:16.0925 5644 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys

15:22:16.0934 5644 Ndisuio - ok

15:22:16.0961 5644 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys

15:22:16.0976 5644 NdisWan - ok

15:22:16.0989 5644 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys

15:22:16.0998 5644 NDProxy - ok

15:22:17.0011 5644 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

15:22:17.0019 5644 NetBIOS - ok

15:22:17.0052 5644 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys

15:22:17.0058 5644 NetBT - ok

15:22:17.0084 5644 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

15:22:17.0087 5644 Netlogon - ok

15:22:17.0145 5644 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

15:22:17.0154 5644 Netman - ok

15:22:17.0238 5644 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

15:22:17.0271 5644 NetMsmqActivator - ok

15:22:17.0278 5644 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

15:22:17.0280 5644 NetPipeActivator - ok

15:22:17.0332 5644 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

15:22:17.0341 5644 netprofm - ok

15:22:17.0348 5644 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

15:22:17.0350 5644 NetTcpActivator - ok

15:22:17.0359 5644 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

15:22:17.0362 5644 NetTcpPortSharing - ok

15:22:17.0879 5644 NETw5s64 (24f64343f14a119308456e1ca7507b26) C:\Windows\system32\DRIVERS\NETw5s64.sys

15:22:18.0025 5644 NETw5s64 - ok

15:22:18.0471 5644 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys

15:22:18.0574 5644 netw5v64 - ok

15:22:19.0173 5644 NETwNs64 (b9c587bdaa61a689883439d5ae6fe7f3) C:\Windows\system32\DRIVERS\NETwNs64.sys

15:22:19.0309 5644 NETwNs64 - ok

15:22:19.0438 5644 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

15:22:19.0448 5644 nfrd960 - ok

15:22:19.0490 5644 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll

15:22:19.0498 5644 NlaSvc - ok

15:22:19.0510 5644 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

15:22:19.0518 5644 Npfs - ok

15:22:19.0528 5644 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

15:22:19.0532 5644 nsi - ok

15:22:19.0544 5644 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

15:22:19.0545 5644 nsiproxy - ok

15:22:19.0680 5644 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys

15:22:19.0729 5644 Ntfs - ok

15:22:19.0828 5644 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

15:22:19.0833 5644 Null - ok

15:22:19.0877 5644 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys

15:22:19.0890 5644 nvraid - ok

15:22:19.0918 5644 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys

15:22:19.0931 5644 nvstor - ok

15:22:19.0977 5644 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys

15:22:19.0990 5644 nv_agp - ok

15:22:20.0056 5644 NWADI (952ab3bdef38a7391aa05bc8c6028f15) C:\Windows\system32\DRIVERS\NWADIenum.sys

15:22:20.0062 5644 NWADI - ok

15:22:20.0095 5644 NWUSBCDFIL64 (de3abd010d9734cd4ad4e0ba81f50b63) C:\Windows\system32\DRIVERS\NwUsbCdFil64.sys

15:22:20.0102 5644 NWUSBCDFIL64 - ok

15:22:20.0151 5644 NWUSBModem (6ae72c04633788c3c3b71b5beb17183c) C:\Windows\system32\DRIVERS\nwusbmdm.sys

15:22:20.0164 5644 NWUSBModem - ok

15:22:20.0205 5644 NWUSBPort (6ae72c04633788c3c3b71b5beb17183c) C:\Windows\system32\DRIVERS\nwusbser.sys

15:22:20.0218 5644 NWUSBPort - ok

15:22:20.0243 5644 NWUSBPort2 (6ae72c04633788c3c3b71b5beb17183c) C:\Windows\system32\DRIVERS\nwusbser2.sys

15:22:20.0257 5644 NWUSBPort2 - ok

15:22:20.0382 5644 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

15:22:20.0410 5644 odserv - ok

15:22:20.0452 5644 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys

15:22:20.0463 5644 ohci1394 - ok

15:22:20.0501 5644 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

15:22:20.0536 5644 ose - ok

15:22:20.0592 5644 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

15:22:20.0600 5644 p2pimsvc - ok

15:22:20.0656 5644 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

15:22:20.0666 5644 p2psvc - ok

15:22:20.0688 5644 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

15:22:20.0699 5644 Parport - ok

15:22:20.0731 5644 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys

15:22:20.0742 5644 partmgr - ok

15:22:20.0763 5644 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

15:22:20.0763 5644 PcaSvc - ok

15:22:20.0803 5644 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys

15:22:20.0808 5644 pci - ok

15:22:20.0835 5644 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys

15:22:20.0840 5644 pciide - ok

15:22:20.0881 5644 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

15:22:20.0899 5644 pcmcia - ok

15:22:20.0919 5644 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

15:22:20.0928 5644 pcw - ok

15:22:20.0982 5644 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

15:22:21.0014 5644 PEAUTH - ok

15:22:21.0098 5644 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

15:22:21.0107 5644 PerfHost - ok

15:22:21.0227 5644 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll

15:22:21.0269 5644 pla - ok

15:22:21.0336 5644 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll

15:22:21.0346 5644 PlugPlay - ok

15:22:21.0358 5644 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

15:22:21.0369 5644 PNRPAutoReg - ok

15:22:21.0400 5644 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

15:22:21.0407 5644 PNRPsvc - ok

15:22:21.0460 5644 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll

15:22:21.0471 5644 PolicyAgent - ok

15:22:21.0505 5644 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

15:22:21.0511 5644 Power - ok

15:22:21.0557 5644 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys

15:22:21.0560 5644 PptpMiniport - ok

15:22:21.0591 5644 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

15:22:21.0602 5644 Processor - ok

15:22:21.0640 5644 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll

15:22:21.0646 5644 ProfSvc - ok

15:22:21.0668 5644 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

15:22:21.0671 5644 ProtectedStorage - ok

15:22:21.0704 5644 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys

15:22:21.0706 5644 Psched - ok

15:22:21.0795 5644 PSI_SVC_2 (a6a7ad767bf5141665f5c675f671b3e1) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

15:22:21.0811 5644 PSI_SVC_2 - ok

15:22:21.0940 5644 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

15:22:21.0979 5644 ql2300 - ok

15:22:22.0088 5644 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

15:22:22.0102 5644 ql40xx - ok

15:22:22.0140 5644 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

15:22:22.0158 5644 QWAVE - ok

15:22:22.0178 5644 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

15:22:22.0187 5644 QWAVEdrv - ok

15:22:22.0206 5644 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

15:22:22.0211 5644 RasAcd - ok

15:22:22.0235 5644 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

15:22:22.0237 5644 RasAgileVpn - ok

15:22:22.0254 5644 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

15:22:22.0270 5644 RasAuto - ok

15:22:22.0292 5644 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys

15:22:22.0305 5644 Rasl2tp - ok

15:22:22.0358 5644 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll

15:22:22.0366 5644 RasMan - ok

15:22:22.0393 5644 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

15:22:22.0396 5644 RasPppoe - ok

15:22:22.0428 5644 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

15:22:22.0431 5644 RasSstp - ok

15:22:22.0482 5644 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys

15:22:22.0502 5644 rdbss - ok

15:22:22.0528 5644 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

15:22:22.0535 5644 rdpbus - ok

15:22:22.0547 5644 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

15:22:22.0547 5644 RDPCDD - ok

15:22:22.0576 5644 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

15:22:22.0577 5644 RDPENCDD - ok

15:22:22.0597 5644 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

15:22:22.0598 5644 RDPREFMP - ok

15:22:22.0648 5644 RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys

15:22:22.0661 5644 RDPWD - ok

15:22:22.0699 5644 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys

15:22:22.0716 5644 rdyboost - ok

15:22:22.0742 5644 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

15:22:22.0754 5644 RemoteAccess - ok

15:22:22.0789 5644 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

15:22:22.0805 5644 RemoteRegistry - ok

15:22:22.0846 5644 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys

15:22:22.0849 5644 RFCOMM - ok

15:22:22.0869 5644 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

15:22:22.0879 5644 RpcEptMapper - ok

15:22:22.0901 5644 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

15:22:22.0907 5644 RpcLocator - ok

15:22:22.0948 5644 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll

15:22:22.0958 5644 RpcSs - ok

15:22:22.0990 5644 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

15:22:23.0001 5644 rspndr - ok

15:22:23.0040 5644 RTL8167 (7ea8d2eb9bbfd2ab8a3117a1e96d3b3a) C:\Windows\system32\DRIVERS\Rt64win7.sys

15:22:23.0045 5644 RTL8167 - ok

15:22:23.0068 5644 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

15:22:23.0070 5644 SamSs - ok

15:22:23.0092 5644 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys

15:22:23.0105 5644 sbp2port - ok

15:22:23.0133 5644 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

15:22:23.0150 5644 SCardSvr - ok

15:22:23.0164 5644 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys

15:22:23.0173 5644 scfilter - ok

15:22:23.0265 5644 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll

15:22:23.0287 5644 Schedule - ok

15:22:23.0319 5644 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll

15:22:23.0321 5644 SCPolicySvc - ok

15:22:23.0352 5644 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys

15:22:23.0363 5644 sdbus - ok

15:22:23.0399 5644 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll

15:22:23.0420 5644 SDRSVC - ok

15:22:23.0436 5644 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll

15:22:23.0447 5644 seclogon - ok

15:22:23.0478 5644 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

15:22:23.0483 5644 SENS - ok

15:22:23.0510 5644 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

15:22:23.0521 5644 SensrSvc - ok

15:22:23.0550 5644 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

15:22:23.0556 5644 Serenum - ok

15:22:23.0593 5644 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

15:22:23.0605 5644 Serial - ok

15:22:23.0632 5644 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

15:22:23.0639 5644 sermouse - ok

15:22:23.0676 5644 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll

15:22:23.0689 5644 SessionEnv - ok

15:22:23.0717 5644 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys

15:22:23.0723 5644 sffdisk - ok

15:22:23.0740 5644 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys

15:22:23.0746 5644 sffp_mmc - ok

15:22:23.0761 5644 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys

15:22:23.0766 5644 sffp_sd - ok

15:22:23.0796 5644 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

15:22:23.0801 5644 sfloppy - ok

15:22:23.0846 5644 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

15:22:23.0866 5644 SharedAccess - ok

15:22:23.0907 5644 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll

15:22:23.0917 5644 ShellHWDetection - ok

15:22:23.0958 5644 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

15:22:23.0968 5644 SiSRaid2 - ok

15:22:23.0991 5644 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

15:22:24.0002 5644 SiSRaid4 - ok

15:22:24.0034 5644 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

15:22:24.0046 5644 Smb - ok

15:22:24.0083 5644 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

15:22:24.0095 5644 SNMPTRAP - ok

15:22:24.0111 5644 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

15:22:24.0118 5644 spldr - ok

15:22:24.0181 5644 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe

15:22:24.0193 5644 Spooler - ok

15:22:24.0424 5644 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe

15:22:24.0488 5644 sppsvc - ok

15:22:24.0580 5644 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

15:22:24.0594 5644 sppuinotify - ok

15:22:24.0670 5644 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys

15:22:24.0692 5644 srv - ok

15:22:24.0727 5644 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys

15:22:24.0750 5644 srv2 - ok

15:22:24.0798 5644 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS

15:22:24.0813 5644 SrvHsfHDA - ok

15:22:24.0917 5644 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS

15:22:24.0950 5644 SrvHsfV92 - ok

15:22:25.0066 5644 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS

15:22:25.0091 5644 SrvHsfWinac - ok

15:22:25.0137 5644 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys

15:22:25.0151 5644 srvnet - ok

15:22:25.0207 5644 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

15:22:25.0214 5644 SSDPSRV - ok

15:22:25.0237 5644 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

15:22:25.0242 5644 SstpSvc - ok

15:22:25.0342 5644 STacSV (b2d8b364a831427a5741f6c408fa8ae3) C:\Program Files\IDT\WDM\STacSV64.exe

15:22:25.0348 5644 STacSV - ok

15:22:25.0402 5644 Steam Client Service - ok

15:22:25.0436 5644 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

15:22:25.0447 5644 stexstor - ok

15:22:25.0517 5644 STHDA (ef5acde92ba3f691bbfef781cb063501) C:\Windows\system32\DRIVERS\stwrt64.sys

15:22:25.0527 5644 STHDA - ok

15:22:25.0595 5644 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll

15:22:25.0609 5644 stisvc - ok

15:22:25.0632 5644 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

15:22:25.0639 5644 swenum - ok

15:22:25.0695 5644 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

15:22:25.0718 5644 swprv - ok

15:22:25.0855 5644 SynTP (961cfac2a5318e212f459d651f28e0a4) C:\Windows\system32\DRIVERS\SynTP.sys

15:22:25.0894 5644 SynTP - ok

15:22:26.0085 5644 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll

15:22:26.0119 5644 SysMain - ok

15:22:26.0188 5644 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll

15:22:26.0202 5644 TabletInputService - ok

15:22:26.0239 5644 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll

15:22:26.0248 5644 TapiSrv - ok

15:22:26.0279 5644 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

15:22:26.0285 5644 TBS - ok

15:22:26.0450 5644 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys

15:22:26.0514 5644 Tcpip - ok

15:22:26.0746 5644 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys

15:22:26.0771 5644 TCPIP6 - ok

15:22:26.0853 5644 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys

15:22:26.0862 5644 tcpipreg - ok

15:22:26.0894 5644 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

15:22:26.0899 5644 TDPIPE - ok

15:22:26.0933 5644 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys

15:22:26.0940 5644 TDTCP - ok

15:22:26.0966 5644 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys

15:22:26.0977 5644 tdx - ok

15:22:26.0990 5644 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys

15:22:27.0001 5644 TermDD - ok

15:22:27.0069 5644 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll

15:22:27.0100 5644 TermService - ok

15:22:27.0121 5644 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

15:22:27.0125 5644 Themes - ok

15:22:27.0151 5644 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

15:22:27.0154 5644 THREADORDER - ok

15:22:27.0181 5644 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

15:22:27.0187 5644 TrkWks - ok

15:22:27.0226 5644 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe

15:22:27.0229 5644 TrustedInstaller - ok

15:22:27.0259 5644 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys

15:22:27.0267 5644 tssecsrv - ok

15:22:27.0304 5644 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys

15:22:27.0317 5644 tunnel - ok

15:22:27.0353 5644 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

15:22:27.0363 5644 uagp35 - ok

15:22:27.0412 5644 udfs (c06e6f4679ceb8f430b90a51d76d8d3c) C:\Windows\system32\DRIVERS\udfs.sys

15:22:27.0429 5644 udfs - ok

15:22:27.0460 5644 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

15:22:27.0474 5644 UI0Detect - ok

15:22:27.0501 5644 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys

15:22:27.0512 5644 uliagpkx - ok

15:22:27.0542 5644 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys

15:22:27.0552 5644 umbus - ok

15:22:27.0586 5644 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

15:22:27.0596 5644 UmPass - ok

15:22:27.0822 5644 UNS (7466809e6da561d60c2f1ce8ede3c73f) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

15:22:27.0863 5644 UNS - ok

15:22:27.0980 5644 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

15:22:27.0990 5644 upnphost - ok

15:22:28.0052 5644 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys

15:22:28.0055 5644 usbccgp - ok

15:22:28.0086 5644 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys

15:22:28.0106 5644 usbcir - ok

15:22:28.0128 5644 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\drivers\usbehci.sys

15:22:28.0137 5644 usbehci - ok

15:22:28.0171 5644 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys

15:22:28.0176 5644 usbhub - ok

15:22:28.0214 5644 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys

15:22:28.0221 5644 usbohci - ok

15:22:28.0255 5644 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

15:22:28.0265 5644 usbprint - ok

15:22:28.0307 5644 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS

15:22:28.0321 5644 USBSTOR - ok

15:22:28.0338 5644 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys

15:22:28.0348 5644 usbuhci - ok

15:22:28.0394 5644 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys

15:22:28.0407 5644 usbvideo - ok

15:22:28.0440 5644 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

15:22:28.0444 5644 UxSms - ok

15:22:28.0476 5644 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

15:22:28.0479 5644 VaultSvc - ok

15:22:28.0506 5644 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys

15:22:28.0517 5644 vdrvroot - ok

15:22:28.0560 5644 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe

15:22:28.0584 5644 vds - ok

15:22:28.0605 5644 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

15:22:28.0614 5644 vga - ok

15:22:28.0634 5644 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

15:22:28.0642 5644 VgaSave - ok

15:22:28.0677 5644 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys

15:22:28.0695 5644 vhdmp - ok

15:22:28.0712 5644 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys

15:22:28.0720 5644 viaide - ok

15:22:28.0739 5644 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys

15:22:28.0750 5644 volmgr - ok

15:22:28.0781 5644 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys

15:22:28.0786 5644 volmgrx - ok

15:22:28.0812 5644 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys

15:22:28.0831 5644 volsnap - ok

15:22:28.0869 5644 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

15:22:28.0882 5644 vsmraid - ok

15:22:28.0988 5644 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe

15:22:29.0031 5644 VSS - ok

15:22:29.0116 5644 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

15:22:29.0126 5644 vwifibus - ok

15:22:29.0153 5644 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

15:22:29.0163 5644 vwififlt - ok

15:22:29.0204 5644 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

15:22:29.0214 5644 W32Time - ok

15:22:29.0243 5644 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

15:22:29.0252 5644 WacomPen - ok

15:22:29.0279 5644 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

15:22:29.0290 5644 WANARP - ok

15:22:29.0306 5644 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

15:22:29.0308 5644 Wanarpv6 - ok

15:22:29.0397 5644 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

15:22:29.0450 5644 WatAdminSvc - ok

15:22:29.0548 5644 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe

15:22:29.0591 5644 wbengine - ok

15:22:29.0679 5644 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

15:22:29.0698 5644 WbioSrvc - ok

15:22:29.0739 5644 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll

15:22:29.0762 5644 wcncsvc - ok

15:22:29.0777 5644 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

15:22:29.0791 5644 WcsPlugInService - ok

15:22:29.0827 5644 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

15:22:29.0836 5644 Wd - ok

15:22:29.0895 5644 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

15:22:29.0923 5644 Wdf01000 - ok

15:22:29.0943 5644 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

15:22:29.0950 5644 WdiServiceHost - ok

15:22:29.0957 5644 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

15:22:29.0963 5644 WdiSystemHost - ok

15:22:30.0005 5644 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll

15:22:30.0028 5644 WebClient - ok

15:22:30.0065 5644 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

15:22:30.0087 5644 Wecsvc - ok

15:22:30.0108 5644 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

15:22:30.0115 5644 wercplsupport - ok

15:22:30.0138 5644 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

15:22:30.0148 5644 WerSvc - ok

15:22:30.0191 5644 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

15:22:30.0197 5644 WfpLwf - ok

15:22:30.0221 5644 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

15:22:30.0230 5644 WIMMount - ok

15:22:30.0272 5644 WinDefend - ok

15:22:30.0291 5644 WinHttpAutoProxySvc - ok

15:22:30.0348 5644 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

15:22:30.0354 5644 Winmgmt - ok

15:22:30.0491 5644 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll

15:22:30.0544 5644 WinRM - ok

15:22:30.0678 5644 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys

15:22:30.0691 5644 WinUsb - ok

15:22:30.0769 5644 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

15:22:30.0788 5644 Wlansvc - ok

15:22:31.0012 5644 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

15:22:31.0052 5644 wlidsvc - ok

15:22:31.0142 5644 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

15:22:31.0144 5644 WmiAcpi - ok

15:22:31.0202 5644 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

15:22:31.0216 5644 wmiApSrv - ok

15:22:31.0256 5644 WMPNetworkSvc - ok

15:22:31.0288 5644 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

15:22:31.0298 5644 WPCSvc - ok

15:22:31.0330 5644 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll

15:22:31.0350 5644 WPDBusEnum - ok

15:22:31.0366 5644 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

15:22:31.0374 5644 ws2ifsl - ok

15:22:31.0413 5644 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\System32\wscsvc.dll

15:22:31.0419 5644 wscsvc - ok

15:22:31.0425 5644 WSearch - ok

15:22:31.0575 5644 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll

15:22:31.0619 5644 wuauserv - ok

15:22:31.0708 5644 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys

15:22:31.0722 5644 WudfPf - ok

15:22:31.0747 5644 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys

15:22:31.0761 5644 WUDFRd - ok

15:22:31.0787 5644 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll

15:22:31.0794 5644 wudfsvc - ok

15:22:31.0833 5644 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

15:22:31.0854 5644 WwanSvc - ok

15:22:31. 0904 5644 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys

15:22:31.0928 5644 yukonw7 - ok

15:22:31.0964 5644 MBR (0x1B8) (bedd45a04d3808f82d00a1c306c92e8d) \Device\Harddisk0\DR0

15:22:32.0004 5644 \Device\Harddisk0\DR0 - ok

15:22:32.0038 5644 Boot (0x1200) (44b6c38a327eadf9cdf53455da1c1202) \Device\Harddisk0\DR0\Partition0

15:22:32.0041 5644 \Device\Harddisk0\DR0\Partition0 - ok

15:22:32.0057 5644 Boot (0x1200) (2777a3ebb39b45f3277e6370078c61f8) \Device\Harddisk0\DR0\Partition1

15:22:32.0059 5644 \Device\Harddisk0\DR0\Partition1 - ok

15:22:32.0087 5644 Boot (0x1200) (266f07572af185bd5bc54a920f2a29de) \Device\Harddisk0\DR0\Partition2

15:22:32.0090 5644 \Device\Harddisk0\DR0\Partition2 - ok

15:22:32.0111 5644 Boot (0x1200) (f59a1c43cbd600bec9682ea17123276f) \Device\Harddisk0\DR0\Partition3

15:22:32.0112 5644 \Device\Harddisk0\DR0\Partition3 - ok

15:22:32.0113 5644 ============================================================

15:22:32.0114 5644 Scan finished

15:22:32.0114 5644 ============================================================

15:22:32.0139 2932 Detected object count: 0

15:22:32.0139 2932 Actual detected object count: 0

15:22:53.0456 5212 Deinitialize success

MrCharlie · May 15, 2012

OK, that scan was clean....no rootkits...

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

Note:

If you get the message Illegal operation attempted on registry key that has been marked for deletion. after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

trexkieser · May 15, 2012

ComboFix 12-05-15.04 - Owner 05/15/2012 15:46:14.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.2393 [GMT -4:00]

Running from: c:\users\Owner\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\install.exe

c:\programdata\53E1592ACA.sys

c:\users\Mom\AppData\Roaming\87689C

c:\users\Owner\AppData\Roaming\87689C

c:\users\Owner\Documents\~WRL1346.tmp

c:\windows\Downloaded Program Files\IDropPTB.dll

c:\windows\SysWow64\odbcad32.exe

.

((((((((((((((((((((((((( Files Created from 2012-04-15 to 2012-05-15 )))))))))))))))))))))))))))))))

.

2012-05-15 19:56 . 2012-05-15 19:56 -------- d-----w- c:\users\Secondary Admin\AppData\Local\temp

2012-05-15 19:56 . 2012-05-15 19:56 -------- d-----w- c:\users\Mom\AppData\Local\temp

2012-05-15 19:56 . 2012-05-15 19:56 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-05-15 19:56 . 2012-05-15 19:56 -------- d-----w- c:\users\Dad\AppData\Local\temp

2012-05-09 20:18 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-09 20:18 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys

2012-05-09 20:18 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-05-09 20:18 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-05-09 20:18 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll

2012-05-09 20:18 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-05-09 20:17 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys

2012-05-09 20:16 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-05-09 20:16 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll

2012-05-09 20:16 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2012-05-06 20:48 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-05-06 20:48 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-05-06 20:15 . 2012-05-06 20:15 -------- d-----w- c:\windows\system32\SPReview

2012-05-06 20:11 . 2012-05-06 20:11 -------- d-----w- c:\windows\system32\EventProviders

2012-05-04 17:51 . 2012-05-04 17:51 -------- d-----w- c:\program files (x86)\NVIDIA Corporation

2012-05-04 17:50 . 2012-05-06 23:55 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard

2012-04-30 15:33 . 2012-04-30 15:33 -------- d-----w- c:\users\Owner\AppData\Roaming\.minecraft

2012-04-30 14:26 . 2012-05-06 23:51 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-04-30 14:26 . 2012-05-06 23:51 -------- d-----w- c:\program files (x86)\Java

2012-04-23 16:53 . 2012-04-23 16:53 -------- d-----w- c:\users\Mom\AppData\Roaming\Avira

2012-04-23 10:17 . 2012-04-23 10:17 -------- d-----w- c:\users\Owner\AppData\Roaming\Yahoo!

2012-04-23 10:17 . 2012-04-23 10:17 -------- d-----w- c:\programdata\Yahoo! Companion

2012-04-23 10:17 . 2012-05-06 23:51 -------- d-----w- c:\program files (x86)\Yahoo!

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-08 19:47 . 2012-04-08 06:08 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2012-05-08 19:47 . 2012-04-08 06:08 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys

2012-05-06 20:28 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

2012-05-06 20:28 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2012-04-30 14:26 . 2011-06-30 19:56 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-03-30 10:37 . 2012-03-30 10:37 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2012-03-30 10:37 . 2012-03-30 10:37 161792 ----a-w- c:\windows\SysWow64\msls31.dll

2012-03-30 10:37 . 2012-03-30 10:37 1103360 ----a-w- c:\windows\SysWow64\urlmon(47).dll

2012-03-30 10:37 . 2012-03-30 10:37 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2012-03-30 10:37 . 2012-03-30 10:37 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll

2012-03-30 10:37 . 2012-03-30 10:37 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2012-03-30 10:37 . 2012-03-30 10:37 74752 ----a-w- c:\windows\SysWow64\iesetup.dll

2012-03-30 10:37 . 2012-03-30 10:37 63488 ----a-w- c:\windows\SysWow64\tdc.ocx

2012-03-30 10:37 . 2012-03-30 10:37 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2012-03-30 10:37 . 2012-03-30 10:37 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2012-03-30 10:37 . 2012-03-30 10:37 367104 ----a-w- c:\windows\SysWow64\html.iec

2012-03-30 10:37 . 2012-03-30 10:37 35840 ----a-w- c:\windows\SysWow64\imgutil.dll

2012-03-30 10:37 . 2012-03-30 10:37 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll

2012-03-30 10:37 . 2012-03-30 10:37 152064 ----a-w- c:\windows\SysWow64\wextract.exe

2012-03-30 10:37 . 2012-03-30 10:37 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2012-03-30 10:37 . 2012-03-30 10:37 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-03-30 10:37 . 2012-03-30 10:37 11776 ----a-w- c:\windows\SysWow64\mshta.exe

2012-03-30 10:37 . 2012-03-30 10:37 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2012-03-30 10:37 . 2012-03-30 10:37 101888 ----a-w- c:\windows\SysWow64\admparse.dll

2012-03-30 10:37 . 2012-03-30 10:37 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2012-03-30 10:37 . 2012-03-30 10:37 85504 ----a-w- c:\windows\system32\iesetup.dll

2012-03-30 10:37 . 2012-03-30 10:37 76800 ----a-w- c:\windows\system32\tdc.ocx

2012-03-30 10:37 . 2012-03-30 10:37 603648 ----a-w- c:\windows\system32\vbscript.dll

2012-03-30 10:37 . 2012-03-30 10:37 49664 ----a-w- c:\windows\system32\imgutil.dll

2012-03-30 10:37 . 2012-03-30 10:37 48640 ----a-w- c:\windows\system32\mshtmler.dll

2012-03-30 10:37 . 2012-03-30 10:37 448512 ----a-w- c:\windows\system32\html.iec

2012-03-30 10:37 . 2012-03-30 10:37 30720 ----a-w- c:\windows\system32\licmgr10.dll

2012-03-30 10:37 . 2012-03-30 10:37 222208 ----a-w- c:\windows\system32\msls31.dll

2012-03-30 10:37 . 2012-03-30 10:37 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-03-30 10:37 . 2012-03-30 10:37 165888 ----a-w- c:\windows\system32\iexpress.exe

2012-03-30 10:37 . 2012-03-30 10:37 160256 ----a-w- c:\windows\system32\wextract.exe

2012-03-30 10:37 . 2012-03-30 10:37 135168 ----a-w- c:\windows\system32\IEAdvpack.dll

2012-03-30 10:37 . 2012-03-30 10:37 12288 ----a-w- c:\windows\system32\mshta.exe

2012-03-30 10:37 . 2012-03-30 10:37 114176 ----a-w- c:\windows\system32\admparse.dll

2012-03-30 10:37 . 2012-03-30 10:37 111616 ----a-w- c:\windows\system32\iesysprep.dll

2012-03-06 05:59 . 2012-04-13 09:46 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa(44).exe

2012-03-01 06:54 . 2012-04-13 09:42 22896 ----a-w- c:\windows\system32\drivers\fs_rec(35).sys

2012-03-01 06:46 . 2012-04-13 09:42 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-03-01 06:38 . 2012-04-13 09:42 220672 ----a-w- c:\windows\system32\wintrust.dll

2012-03-01 06:33 . 2012-04-13 09:42 81408 ----a-w- c:\windows\system32\imagehlp.dll

2012-03-01 06:28 . 2012-04-13 09:42 5120 ----a-w- c:\windows\system32\wmi.dll

2012-03-01 05:40 . 2012-04-13 09:42 5120 ----a-w- c:\windows\SysWow64\wmi(47).dll

2012-03-01 05:37 . 2012-04-13 09:42 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-03-01 05:33 . 2012-04-13 09:42 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-03-01 05:29 . 2012-04-13 09:42 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2012-02-28 07:34 . 2012-04-13 09:47 17790976 ----a-w- c:\windows\system32\mshtml(39).dll

2012-02-28 06:56 . 2012-04-13 09:47 2311168 ----a-w- c:\windows\system32\jscript9.dll

2012-02-28 06:49 . 2012-04-13 09:47 1390080 ----a-w- c:\windows\system32\wininet.dll

2012-02-28 06:48 . 2012-04-13 09:47 1493504 ----a-w- c:\windows\system32\inetcpl.cpl

2012-02-28 06:48 . 2012-04-13 09:47 237056 ----a-w- c:\windows\system32\url(40).dll

2012-02-28 06:47 . 2012-04-13 09:47 85504 ----a-w- c:\windows\system32\jsproxy(37).dll

2012-02-28 06:42 . 2012-04-13 09:47 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-02-28 01:52 . 2012-04-13 09:47 12281856 ----a-w- c:\windows\SysWow64\mshtml(43).dll

2012-02-28 01:18 . 2012-04-13 09:47 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-02-28 01:11 . 2012-04-13 09:47 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-02-28 01:11 . 2012-04-13 09:47 1127424 ----a-w- c:\windows\SysWow64\wininet.dll

2012-02-28 01:03 . 2012-04-13 09:47 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-02-17 06:38 . 2012-03-13 19:05 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-02-17 05:34 . 2012-03-13 19:05 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-02-17 04:58 . 2012-03-13 19:05 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-02-17 04:57 . 2012-03-13 19:05 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-11-22 2736128]

"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-08-11 1242448]

"Akamai NetSession Interface"="c:\users\Owner\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-04-27 284696]

"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" [2009-12-03 3331944]

"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2011-04-25 305088]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

.

c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

VZAccess Manager.lnk - c:\program files (x86)\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe [2008-10-20 1778992]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

SketchBook Snapshot.lnk - c:\program files (x86)\Autodesk\SketchBookPro2011\SketchBookSnapshot.exe [2010-9-8 721408]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-06-06 17:55 937920 ----a-w- c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

R2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-02-02 18656]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit;c:\program files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-02-23 86016]

R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-06-22 1431888]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]

R3 NWUSBCDFIL64;Novatel Wireless Installation CD;c:\windows\system32\DRIVERS\NwUsbCdFil64.sys [x]

R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\DRIVERS\nwusbser2.sys [x]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]

R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]

S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]

S1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2011-03-24 89600]

S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]

S2 DvmMDES;DeviceVM Meta Data Export Service;c:\swsetup\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-04-01 338168]

S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2009-12-16 102968]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-05-21 103992]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]

S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-01-18 20480]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-27 13336]

S2 mitsijm2012;Autodesk Moldflow Inventor Tool Suite Integration 2012 Job Manager;c:\program files\Autodesk\Inventor 2012\Moldflow\bin\mitsijm.exe [2010-12-07 848184]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 50519510

*Deregistered* - 50519510

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2010-11-22 18:18 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-05-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-794388881-2271578310-1446570140-1000Core.job

- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-26 04:09]

.

2012-05-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-794388881-2271578310-1446570140-1000UA.job

- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-26 04:09]

.

2012-05-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-794388881-2271578310-1446570140-1003Core.job

- c:\users\Mom\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-02 20:35]

.

2012-05-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-794388881-2271578310-1446570140-1003UA.job

- c:\users\Mom\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-02 20:35]

.

2012-04-23 c:\windows\Tasks\HPCeeScheduleForOwner.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]

.

--------- x86-64 -----------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-08-17 323072]

"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-20 611896]

"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-01-18 451072]

"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2009-12-16 8192]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-03-24 525312]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: rhapsody.com\rhap-app-4-0

Trusted Zone: rhapsody.com\rhapreg

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\9qd6c7cb.default\

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-AdobeBridge - (no file)

MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-PaintToolSAI - c:\users\Owner\Desktop\PaintToolSAI\uninst.exe

AddRemove-{BC0893A6-19F5-4902-9A0F-5D96AF3B6396}_is1 - c:\program files\Steam\steamapps\common\dawn of war ii - retribution\unins000.exe

AddRemove-{E92D47A1-D27D-430A-8368-0BAFD956507D} - c:\program files (x86)\InstallShield Installation Information\{E92D47A1-D27D-430A-8368-0BAFD956507D}\setup.exe

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-794388881-2271578310-1446570140-1000\Software\SecuROM\License information*]

"datasecu"=hex:7d,ce,e8,5f,67,2b,06,d7,b0,3f,eb,79,22,78,20,be,cd,12,89,48,e7,

21,ff,a9,aa,ad,60,fc,29,ee,44,9b,a9,10,e7,48,98,60,94,2d,c1,6a,67,51,0e,7c,\

"rkeysecu"=hex:fb,c0,67,02,2f,9e,9d,27,a7,c0,d7,dc,a5,b2,7d,b3

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-05-15 16:03:44

ComboFix-quarantined-files.txt 2012-05-15 20:03

.

Pre-Run: 272,224,526,336 bytes free

Post-Run: 275,219,922,944 bytes free

.

- - End Of File - - 2536419543725E15F73CAD1FDEE96114

MrCharlie · May 15, 2012

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how it is, MrC

trexkieser · May 15, 2012

Malwarebytes Anti-Malware (Trial) 1.60.1.1000

www.malwarebytes.org

Database version: v2012.04.06.02

Windows 7 x64 NTFS

Internet Explorer 9.0.8112.16421

Owner :: OWNER-PC [administrator]

Protection: Enabled

4/6/2012 12:50:17 AM

mbam-log-2012-04-06 (00-50-17).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 261587

Time elapsed: 11 minute(s), 24 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 1

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Users\Owner\Downloads\SoftonicDownloader_for_painttool-sai.exe (PUP.BundleOffer.Downloader.S) -> Quarantined and deleted successfully.

(end)

MrCharlie · May 15, 2012

How is it??? MrC

trexkieser · May 15, 2012

It appears to have worked! After scanning through some of the trouble sites it hasn't popped up a single time. Thank you very much for the time spent!

A quick question, I'm getting a new laptop soon, what antivirus programs/setup would you recommend?

MrCharlie · May 15, 2012

That's Good News!

A quick question, I'm getting a new laptop soon, what antivirus programs/setup would you recommend?

MSE and MB > it's all in my Preventive Maintenance (see below)

-------------------------------

A little clean up to do.....

Please Uninstall ComboFix:

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

---------------------------------

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

-------------------------------

You have out date Java on the system, older versions are vulnerable to malware.

Please go to your control panels add/remove programs and uninstall these:

Java Auto Updater

Java™ 6 Update 31

Then download and install the latest version Java™ 7 Update 4

http://www.java.com/...load/manual.jsp <---latest version

http://www.java.com/...d/installed.jsp <---verify your Java

-----------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

LDTate · May 16, 2012

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Recommended for you -- pop up

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information