Jump to content

Yet another redirect virus problem


pblock
 Share

Recommended Posts

Hi, I'm not a computer moron, but i have had no real luck removing the virus on this computer, and am begging for some assistance. This is my girlfriends laptop, so I have no real idea of how she got the virus, but it has been redirecting and on occasion causing pop-ups. I haven't run anything crazy like combofix, but have been using malwarebytes, the full version. I have read some of the other threads on the topic and have a basic idea of how the process works, but I have never actually posted on the forum. Any help would be greatly appreciated.

Link to post
Share on other sites

Hello,

Welcome My name is mowman, and I will be helping you fix your problems.

If you do not make a reply in 3 days, we will have to close your topic.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the Options button at the top bar of this topic and Track this topic. The topics you are tracking can be found by clicking on My Topics at the top of any page.

Please take note of some guidelines for this fix:

•Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.

•If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.

•Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.

•Please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply.

Only attach them if requested or if they do not fit into the post

Please download TDSSKiller.zip

  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • Only if Malicious objects are found then ensure Cure is selected
      If suspicious objects are found select skip
    • Then click Continue > Reboot now

    [*]Copy and paste the log in your next reply

    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

Please download DDS by sUBs from one of the following links and save it to your desktop.


  • [*]Disable any script blocking protection (How to Disable your Security Programs)

    [*]Double click DDS icon to run the tool (may take up to 3 minutes to run)

    [*]When done, DDS.txt will open.

    [*]After a few moments, attach.txt will open in a second window.

    [*]Save both reports to your desktop.

---------------------------------------------------

  • Post the contents of the DDS.txt and Attach.txt in your next reply

Link to post
Share on other sites

11:09:14.0826 2804 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47

11:09:15.0481 2804 ============================================================

11:09:15.0481 2804 Current date / time: 2012/10/16 11:09:15.0481

11:09:15.0481 2804 SystemInfo:

11:09:15.0481 2804

11:09:15.0497 2804 OS Version: 6.1.7601 ServicePack: 1.0

11:09:15.0497 2804 Product type: Workstation

11:09:15.0497 2804 ComputerName: JAMIE-PC

11:09:15.0497 2804 UserName: Jamie

11:09:15.0497 2804 Windows directory: C:\Windows

11:09:15.0497 2804 System windows directory: C:\Windows

11:09:15.0497 2804 Running under WOW64

11:09:15.0497 2804 Processor architecture: Intel x64

11:09:15.0497 2804 Number of processors: 2

11:09:15.0497 2804 Page size: 0x1000

11:09:15.0497 2804 Boot type: Normal boot

11:09:15.0497 2804 ============================================================

11:09:17.0479 2804 BG loaded

11:09:18.0962 2804 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

11:09:19.0009 2804 ============================================================

11:09:19.0009 2804 \Device\Harddisk0\DR0:

11:09:19.0040 2804 MBR partitions:

11:09:19.0040 2804 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x23EF7800

11:09:19.0243 2804 ============================================================

11:09:19.0328 2804 C: <-> \Device\Harddisk0\DR0\Partition1

11:09:19.0328 2804 ============================================================

11:09:19.0328 2804 Initialize success

11:09:19.0328 2804 ============================================================

11:11:27.0008 3492 ============================================================

11:11:27.0008 3492 Scan started

11:11:27.0008 3492 Mode: Manual;

11:11:27.0008 3492 ============================================================

11:11:28.0756 3492 ================ Scan system memory ========================

11:11:28.0756 3492 System memory - ok

11:11:28.0756 3492 ================ Scan services =============================

11:11:28.0943 3492 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

11:11:28.0943 3492 1394ohci - ok

11:11:29.0005 3492 [ 5C368F4B04ED2A923E6AFCA2D37BAFF5 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys

11:11:29.0005 3492 Accelerometer - ok

11:11:29.0036 3492 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

11:11:29.0052 3492 ACPI - ok

11:11:29.0068 3492 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

11:11:29.0083 3492 AcpiPmi - ok

11:11:29.0177 3492 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

11:11:29.0177 3492 AdobeARMservice - ok

11:11:29.0239 3492 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys

11:11:29.0255 3492 adp94xx - ok

11:11:29.0317 3492 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys

11:11:29.0317 3492 adpahci - ok

11:11:29.0348 3492 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys

11:11:29.0364 3492 adpu320 - ok

11:11:29.0426 3492 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

11:11:29.0426 3492 AeLookupSvc - ok

11:11:29.0504 3492 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_5ea32181aefd3364\AESTSr64.exe

11:11:29.0504 3492 AESTFilters - ok

11:11:29.0551 3492 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys

11:11:29.0567 3492 AFD - ok

11:11:29.0614 3492 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

11:11:29.0614 3492 agp440 - ok

11:11:29.0660 3492 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

11:11:29.0676 3492 ALG - ok

11:11:29.0707 3492 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys

11:11:29.0707 3492 aliide - ok

11:11:29.0754 3492 [ 17E08CE1FAEA6D4BA6A155D56D18CC49 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe

11:11:29.0754 3492 AMD External Events Utility - ok

11:11:29.0770 3492 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys

11:11:29.0785 3492 amdide - ok

11:11:29.0816 3492 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

11:11:29.0816 3492 AmdK8 - ok

11:11:29.0832 3492 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys

11:11:29.0832 3492 AmdPPM - ok

11:11:29.0879 3492 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys

11:11:29.0879 3492 amdsata - ok

11:11:29.0910 3492 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys

11:11:29.0926 3492 amdsbs - ok

11:11:29.0972 3492 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys

11:11:29.0972 3492 amdxata - ok

11:11:30.0050 3492 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys

11:11:30.0050 3492 AppID - ok

11:11:30.0128 3492 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

11:11:30.0144 3492 AppIDSvc - ok

11:11:30.0206 3492 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll

11:11:30.0206 3492 Appinfo - ok

11:11:30.0472 3492 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

11:11:30.0487 3492 Apple Mobile Device - ok

11:11:30.0565 3492 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll

11:11:30.0581 3492 AppMgmt - ok

11:11:30.0737 3492 AppnApi - ok

11:11:30.0846 3492 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys

11:11:30.0862 3492 arc - ok

11:11:30.0908 3492 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys

11:11:30.0955 3492 arcsas - ok

11:11:31.0018 3492 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

11:11:31.0018 3492 AsyncMac - ok

11:11:31.0033 3492 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys

11:11:31.0033 3492 atapi - ok

11:11:31.0127 3492 [ 38562A6A9CB10844759EAF2B01A7FCD3 ] athr C:\Windows\system32\DRIVERS\athrx.sys

11:11:31.0142 3492 athr - ok

11:11:31.0236 3492 [ FB7602C5C508BE281368AAE0B61B51C6 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys

11:11:31.0236 3492 AtiHdmiService - ok

11:11:31.0423 3492 [ 58564C9A3DA71C633A236A791EE5ACA4 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys

11:11:31.0532 3492 atikmdag - ok

11:11:31.0610 3492 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys

11:11:31.0610 3492 AtiPcie - ok

11:11:31.0673 3492 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

11:11:31.0688 3492 AudioEndpointBuilder - ok

11:11:31.0704 3492 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

11:11:31.0720 3492 AudioSrv - ok

11:11:31.0766 3492 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll

11:11:31.0766 3492 AxInstSV - ok

11:11:31.0844 3492 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys

11:11:31.0844 3492 b06bdrv - ok

11:11:31.0891 3492 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

11:11:31.0907 3492 b57nd60a - ok

11:11:31.0969 3492 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

11:11:31.0969 3492 BDESVC - ok

11:11:32.0000 3492 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

11:11:32.0000 3492 Beep - ok

11:11:32.0047 3492 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll

11:11:32.0063 3492 BFE - ok

11:11:32.0125 3492 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll

11:11:32.0125 3492 BITS - ok

11:11:32.0172 3492 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

11:11:32.0172 3492 blbdrive - ok

11:11:32.0250 3492 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

11:11:32.0250 3492 Bonjour Service - ok

11:11:32.0281 3492 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

11:11:32.0297 3492 bowser - ok

11:11:32.0312 3492 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys

11:11:32.0328 3492 BrFiltLo - ok

11:11:32.0328 3492 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys

11:11:32.0328 3492 BrFiltUp - ok

11:11:32.0359 3492 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys

11:11:32.0359 3492 BridgeMP - ok

11:11:32.0406 3492 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\Windows\System32\browser.dll

11:11:32.0406 3492 Browser - ok

11:11:32.0422 3492 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

11:11:32.0437 3492 Brserid - ok

11:11:32.0453 3492 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

11:11:32.0453 3492 BrSerWdm - ok

11:11:32.0468 3492 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

11:11:32.0468 3492 BrUsbMdm - ok

11:11:32.0468 3492 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

11:11:32.0468 3492 BrUsbSer - ok

11:11:32.0484 3492 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys

11:11:32.0484 3492 BTHMODEM - ok

11:11:32.0500 3492 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

11:11:32.0515 3492 bthserv - ok

11:11:32.0546 3492 [ F0A71F51BC0F67085BEC96038DEA3465 ] cag C:\Program Files\Common Files\Deterministic Networks\Common Files\cag.sys

11:11:32.0546 3492 cag - ok

11:11:32.0578 3492 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

11:11:32.0578 3492 cdfs - ok

11:11:32.0624 3492 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

11:11:32.0624 3492 cdrom - ok

11:11:32.0656 3492 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll

11:11:32.0671 3492 CertPropSvc - ok

11:11:32.0687 3492 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys

11:11:32.0687 3492 circlass - ok

11:11:32.0749 3492 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

11:11:32.0765 3492 CLFS - ok

11:11:32.0827 3492 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

11:11:32.0827 3492 clr_optimization_v2.0.50727_32 - ok

11:11:32.0890 3492 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

11:11:32.0890 3492 clr_optimization_v2.0.50727_64 - ok

11:11:32.0968 3492 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

11:11:32.0968 3492 clr_optimization_v4.0.30319_32 - ok

11:11:33.0030 3492 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

11:11:33.0046 3492 clr_optimization_v4.0.30319_64 - ok

11:11:33.0108 3492 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

11:11:33.0108 3492 CmBatt - ok

11:11:33.0139 3492 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys

11:11:33.0139 3492 cmdide - ok

11:11:33.0202 3492 [ C4943B6C962E4B82197542447AD599F4 ] CNG C:\Windows\system32\Drivers\cng.sys

11:11:33.0202 3492 CNG - ok

11:11:33.0233 3492 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

11:11:33.0233 3492 Compbatt - ok

11:11:33.0248 3492 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys

11:11:33.0264 3492 CompositeBus - ok

11:11:33.0280 3492 COMSysApp - ok

11:11:33.0311 3492 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys

11:11:33.0311 3492 crcdisk - ok

11:11:33.0373 3492 [ 15597883FBE9B056F276ADA3AD87D9AF ] CryptSvc C:\Windows\system32\cryptsvc.dll

11:11:33.0373 3492 CryptSvc - ok

11:11:33.0436 3492 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys

11:11:33.0436 3492 CSC - ok

11:11:33.0482 3492 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll

11:11:33.0498 3492 CscService - ok

11:11:33.0560 3492 [ EB7439918F3E04B51CD8822FD8C8E018 ] ctxusbm C:\Windows\system32\DRIVERS\ctxusbm.sys

11:11:33.0560 3492 ctxusbm - ok

11:11:33.0607 3492 [ 34A6E7D3D1DA4D9121690C43CD254C56 ] ctxva51 C:\Windows\system32\DRIVERS\ctxva51.sys

11:11:33.0607 3492 ctxva51 - ok

11:11:33.0670 3492 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll

11:11:33.0685 3492 DcomLaunch - ok

11:11:33.0732 3492 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

11:11:33.0748 3492 defragsvc - ok

11:11:33.0763 3492 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

11:11:33.0779 3492 DfsC - ok

11:11:33.0810 3492 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll

11:11:33.0826 3492 Dhcp - ok

11:11:33.0857 3492 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

11:11:33.0872 3492 discache - ok

11:11:33.0904 3492 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys

11:11:33.0904 3492 Disk - ok

11:11:33.0950 3492 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys

11:11:33.0950 3492 dmvsc - ok

11:11:34.0013 3492 [ E9C75FFC6A7B8BB61CDA4857549DCEA4 ] DNE C:\Windows\system32\DRIVERS\dnelwf64.sys

11:11:34.0013 3492 DNE - ok

11:11:34.0060 3492 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

11:11:34.0060 3492 Dnscache - ok

11:11:34.0106 3492 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll

11:11:34.0122 3492 dot3svc - ok

11:11:34.0153 3492 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll

11:11:34.0153 3492 DPS - ok

11:11:34.0184 3492 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

11:11:34.0200 3492 drmkaud - ok

11:11:34.0262 3492 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

11:11:34.0278 3492 DXGKrnl - ok

11:11:34.0325 3492 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

11:11:34.0325 3492 EapHost - ok

11:11:34.0450 3492 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys

11:11:34.0528 3492 ebdrv - ok

11:11:34.0590 3492 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe

11:11:34.0590 3492 EFS - ok

11:11:34.0652 3492 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

11:11:34.0684 3492 ehRecvr - ok

11:11:34.0699 3492 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

11:11:34.0715 3492 ehSched - ok

11:11:34.0762 3492 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys

11:11:34.0777 3492 elxstor - ok

11:11:34.0793 3492 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys

11:11:34.0793 3492 ErrDev - ok

11:11:34.0871 3492 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

11:11:34.0871 3492 EventSystem - ok

11:11:34.0902 3492 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

11:11:34.0918 3492 exfat - ok

11:11:34.0964 3492 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

11:11:34.0964 3492 fastfat - ok

11:11:35.0042 3492 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe

11:11:35.0058 3492 Fax - ok

11:11:35.0074 3492 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys

11:11:35.0074 3492 fdc - ok

11:11:35.0120 3492 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

11:11:35.0136 3492 fdPHost - ok

11:11:35.0152 3492 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

11:11:35.0152 3492 FDResPub - ok

11:11:35.0167 3492 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

11:11:35.0183 3492 FileInfo - ok

11:11:35.0214 3492 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

11:11:35.0214 3492 Filetrace - ok

11:11:35.0276 3492 [ D778107D7C2A19D7E7A884A9F0D79581 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

11:11:35.0292 3492 FLEXnet Licensing Service - ok

11:11:35.0339 3492 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys

11:11:35.0339 3492 flpydisk - ok

11:11:35.0370 3492 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

11:11:35.0386 3492 FltMgr - ok

11:11:35.0432 3492 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll

11:11:35.0464 3492 FontCache - ok

11:11:35.0510 3492 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

11:11:35.0526 3492 FontCache3.0.0.0 - ok

11:11:35.0542 3492 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

11:11:35.0542 3492 FsDepends - ok

11:11:35.0557 3492 [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

11:11:35.0557 3492 Fs_Rec - ok

11:11:35.0604 3492 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

11:11:35.0604 3492 fvevol - ok

11:11:35.0651 3492 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys

11:11:35.0651 3492 gagp30kx - ok

11:11:35.0698 3492 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

11:11:35.0713 3492 GEARAspiWDM - ok

11:11:35.0760 3492 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll

11:11:35.0776 3492 gpsvc - ok

11:11:35.0807 3492 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

11:11:35.0807 3492 hcw85cir - ok

11:11:35.0869 3492 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

11:11:35.0869 3492 HdAudAddService - ok

11:11:35.0900 3492 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

11:11:35.0916 3492 HDAudBus - ok

11:11:35.0932 3492 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys

11:11:35.0932 3492 HidBatt - ok

11:11:35.0947 3492 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys

11:11:35.0963 3492 HidBth - ok

11:11:35.0994 3492 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys

11:11:35.0994 3492 HidIr - ok

11:11:36.0025 3492 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll

11:11:36.0025 3492 hidserv - ok

11:11:36.0056 3492 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

11:11:36.0056 3492 HidUsb - ok

11:11:36.0103 3492 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll

11:11:36.0103 3492 hkmsvc - ok

11:11:36.0134 3492 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

11:11:36.0150 3492 HomeGroupListener - ok

11:11:36.0181 3492 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

11:11:36.0197 3492 HomeGroupProvider - ok

11:11:36.0228 3492 [ 4E0BEC0F78096FFD6D3314B497FC49D3 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys

11:11:36.0228 3492 hpdskflt - ok

11:11:36.0275 3492 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

11:11:36.0275 3492 HpSAMD - ok

11:11:36.0306 3492 [ FC7C13B5A9E9BE23B7AE72BBC7FDB278 ] hpsrv C:\Windows\system32\Hpservice.exe

11:11:36.0306 3492 hpsrv - ok

11:11:36.0368 3492 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

11:11:36.0384 3492 HTTP - ok

11:11:36.0446 3492 hwlrobok - ok

11:11:36.0493 3492 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

11:11:36.0509 3492 hwpolicy - ok

11:11:36.0524 3492 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys

11:11:36.0524 3492 i8042prt - ok

11:11:36.0587 3492 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

11:11:36.0587 3492 iaStorV - ok

11:11:36.0665 3492 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

11:11:36.0680 3492 idsvc - ok

11:11:36.0712 3492 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys

11:11:36.0712 3492 iirsp - ok

11:11:36.0774 3492 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll

11:11:36.0790 3492 IKEEXT - ok

11:11:36.0836 3492 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys

11:11:36.0836 3492 intelide - ok

11:11:36.0868 3492 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys

11:11:36.0883 3492 intelppm - ok

11:11:36.0914 3492 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

11:11:36.0914 3492 IPBusEnum - ok

11:11:36.0946 3492 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

11:11:36.0946 3492 IpFilterDriver - ok

11:11:36.0992 3492 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

11:11:37.0008 3492 iphlpsvc - ok

11:11:37.0024 3492 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

11:11:37.0024 3492 IPMIDRV - ok

11:11:37.0070 3492 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

11:11:37.0070 3492 IPNAT - ok

11:11:37.0148 3492 [ EE4C2A137C7088911A8919EFFC9812E7 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

11:11:37.0164 3492 iPod Service - ok

11:11:37.0211 3492 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

11:11:37.0211 3492 IRENUM - ok

11:11:37.0226 3492 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

11:11:37.0242 3492 isapnp - ok

11:11:37.0273 3492 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

11:11:37.0273 3492 iScsiPrt - ok

11:11:37.0320 3492 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

11:11:37.0320 3492 kbdclass - ok

11:11:37.0351 3492 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

11:11:37.0351 3492 kbdhid - ok

11:11:37.0382 3492 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe

11:11:37.0382 3492 KeyIso - ok

11:11:37.0429 3492 [ DA1E991A61CFDD755A589E206B97644B ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

11:11:37.0429 3492 KSecDD - ok

11:11:37.0445 3492 [ 7E33198D956943A4F11A5474C1E9106F ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

11:11:37.0460 3492 KSecPkg - ok

11:11:37.0476 3492 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

11:11:37.0476 3492 ksthunk - ok

11:11:37.0523 3492 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

11:11:37.0538 3492 KtmRm - ok

11:11:37.0570 3492 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll

11:11:37.0585 3492 LanmanServer - ok

11:11:37.0616 3492 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

11:11:37.0632 3492 LanmanWorkstation - ok

11:11:37.0679 3492 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

11:11:37.0679 3492 lltdio - ok

11:11:37.0710 3492 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

11:11:37.0726 3492 lltdsvc - ok

11:11:37.0757 3492 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

11:11:37.0757 3492 lmhosts - ok

11:11:37.0819 3492 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys

11:11:37.0835 3492 LSI_FC - ok

11:11:37.0850 3492 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys

11:11:37.0866 3492 LSI_SAS - ok

11:11:37.0882 3492 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys

11:11:37.0882 3492 LSI_SAS2 - ok

11:11:37.0913 3492 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys

11:11:37.0928 3492 LSI_SCSI - ok

11:11:37.0944 3492 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

11:11:37.0960 3492 luafv - ok

11:11:37.0991 3492 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys

11:11:37.0991 3492 MBAMProtector - ok

11:11:38.0084 3492 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

11:11:38.0084 3492 MBAMScheduler - ok

11:11:38.0147 3492 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

11:11:38.0162 3492 MBAMService - ok

11:11:38.0240 3492 [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe

11:11:38.0240 3492 McComponentHostService - ok

11:11:38.0287 3492 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

11:11:38.0287 3492 Mcx2Svc - ok

11:11:38.0318 3492 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys

11:11:38.0334 3492 megasas - ok

11:11:38.0365 3492 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys

11:11:38.0365 3492 MegaSR - ok

11:11:38.0412 3492 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

11:11:38.0412 3492 MMCSS - ok

11:11:38.0443 3492 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

11:11:38.0443 3492 Modem - ok

11:11:38.0474 3492 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

11:11:38.0474 3492 monitor - ok

11:11:38.0506 3492 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

11:11:38.0506 3492 mouclass - ok

11:11:38.0537 3492 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

11:11:38.0537 3492 mouhid - ok

11:11:38.0552 3492 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

11:11:38.0568 3492 mountmgr - ok

11:11:38.0599 3492 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys

11:11:38.0599 3492 mpio - ok

11:11:38.0630 3492 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

11:11:38.0630 3492 mpsdrv - ok

11:11:38.0693 3492 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll

11:11:38.0708 3492 MpsSvc - ok

11:11:38.0740 3492 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

11:11:38.0740 3492 MRxDAV - ok

11:11:38.0786 3492 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

11:11:38.0786 3492 mrxsmb - ok

11:11:38.0833 3492 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

11:11:38.0833 3492 mrxsmb10 - ok

11:11:38.0864 3492 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

11:11:38.0864 3492 mrxsmb20 - ok

11:11:38.0896 3492 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys

11:11:38.0896 3492 msahci - ok

11:11:38.0927 3492 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

11:11:38.0927 3492 msdsm - ok

11:11:38.0958 3492 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

11:11:38.0974 3492 MSDTC - ok

11:11:39.0005 3492 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

11:11:39.0005 3492 Msfs - ok

11:11:39.0052 3492 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

11:11:39.0052 3492 mshidkmdf - ok

11:11:39.0083 3492 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

11:11:39.0083 3492 msisadrv - ok

11:11:39.0130 3492 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

11:11:39.0130 3492 MSiSCSI - ok

11:11:39.0145 3492 msiserver - ok

11:11:39.0176 3492 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

11:11:39.0192 3492 MSKSSRV - ok

11:11:39.0208 3492 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

11:11:39.0208 3492 MSPCLOCK - ok

11:11:39.0239 3492 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

11:11:39.0239 3492 MSPQM - ok

11:11:39.0270 3492 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

11:11:39.0286 3492 MsRPC - ok

11:11:39.0317 3492 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys

11:11:39.0317 3492 mssmbios - ok

11:11:39.0348 3492 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

11:11:39.0348 3492 MSTEE - ok

11:11:39.0379 3492 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys

11:11:39.0379 3492 MTConfig - ok

11:11:39.0395 3492 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

11:11:39.0395 3492 Mup - ok

11:11:39.0457 3492 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll

11:11:39.0457 3492 napagent - ok

11:11:39.0520 3492 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

11:11:39.0535 3492 NativeWifiP - ok

11:11:39.0582 3492 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys

11:11:39.0629 3492 NDIS - ok

11:11:39.0660 3492 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

11:11:39.0660 3492 NdisCap - ok

11:11:39.0676 3492 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

11:11:39.0691 3492 NdisTapi - ok

11:11:39.0707 3492 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

11:11:39.0707 3492 Ndisuio - ok

11:11:39.0722 3492 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

11:11:39.0738 3492 NdisWan - ok

11:11:39.0754 3492 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

11:11:39.0754 3492 NDProxy - ok

11:11:39.0769 3492 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

11:11:39.0769 3492 NetBIOS - ok

11:11:39.0800 3492 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

11:11:39.0800 3492 NetBT - ok

11:11:39.0832 3492 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe

11:11:39.0832 3492 Netlogon - ok

11:11:39.0894 3492 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

11:11:39.0910 3492 Netman - ok

11:11:39.0956 3492 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

11:11:39.0956 3492 netprofm - ok

11:11:40.0019 3492 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

11:11:40.0019 3492 NetTcpPortSharing - ok

11:11:40.0081 3492 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys

11:11:40.0081 3492 nfrd960 - ok

11:11:40.0112 3492 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll

11:11:40.0112 3492 NlaSvc - ok

11:11:40.0144 3492 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

11:11:40.0144 3492 Npfs - ok

11:11:40.0190 3492 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

11:11:40.0190 3492 nsi - ok

11:11:40.0206 3492 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

11:11:40.0206 3492 nsiproxy - ok

11:11:40.0268 3492 [ 2A2F756CFF853B7ADE376067F1C2BAE4 ] nsverctl C:\Program Files\Citrix\Secure Access Client\nsverctl.exe

11:11:40.0268 3492 nsverctl - ok

11:11:40.0331 3492 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

11:11:40.0346 3492 Ntfs - ok

11:11:40.0378 3492 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

11:11:40.0378 3492 Null - ok

11:11:40.0409 3492 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys

11:11:40.0424 3492 nvraid - ok

11:11:40.0456 3492 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys

11:11:40.0456 3492 nvstor - ok

11:11:40.0487 3492 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

11:11:40.0487 3492 nv_agp - ok

11:11:40.0502 3492 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

11:11:40.0502 3492 ohci1394 - ok

11:11:40.0534 3492 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

11:11:40.0549 3492 p2pimsvc - ok

11:11:40.0596 3492 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

11:11:40.0612 3492 p2psvc - ok

11:11:40.0643 3492 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys

11:11:40.0643 3492 Parport - ok

11:11:40.0674 3492 Partizan - ok

11:11:40.0705 3492 [ 871EADAC56B0A4C6512BBE32753CCF79 ] partmgr C:\Windows\system32\drivers\partmgr.sys

11:11:40.0705 3492 partmgr - ok

11:11:40.0736 3492 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

11:11:40.0736 3492 PcaSvc - ok

11:11:40.0768 3492 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys

11:11:40.0768 3492 pci - ok

11:11:40.0799 3492 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys

11:11:40.0799 3492 pciide - ok

11:11:40.0830 3492 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys

11:11:40.0846 3492 pcmcia - ok

11:11:40.0861 3492 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

11:11:40.0861 3492 pcw - ok

11:11:40.0892 3492 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

11:11:40.0908 3492 PEAUTH - ok

11:11:40.0986 3492 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll

11:11:41.0017 3492 PeerDistSvc - ok

11:11:41.0126 3492 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

11:11:41.0126 3492 PerfHost - ok

11:11:41.0236 3492 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll

11:11:41.0267 3492 pla - ok

11:11:41.0314 3492 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

11:11:41.0329 3492 PlugPlay - ok

11:11:41.0360 3492 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

11:11:41.0360 3492 PNRPAutoReg - ok

11:11:41.0392 3492 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

11:11:41.0407 3492 PNRPsvc - ok

11:11:41.0485 3492 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

11:11:41.0501 3492 PolicyAgent - ok

11:11:41.0548 3492 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll

11:11:41.0548 3492 Power - ok

11:11:41.0579 3492 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

11:11:41.0594 3492 PptpMiniport - ok

11:11:41.0611 3492 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys

11:11:41.0627 3492 Processor - ok

11:11:41.0658 3492 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll

11:11:41.0658 3492 ProfSvc - ok

11:11:41.0689 3492 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe

11:11:41.0689 3492 ProtectedStorage - ok

11:11:41.0736 3492 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys

11:11:41.0736 3492 Psched - ok

11:11:41.0798 3492 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys

11:11:41.0829 3492 ql2300 - ok

11:11:41.0861 3492 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys

11:11:41.0861 3492 ql40xx - ok

11:11:41.0907 3492 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

11:11:41.0923 3492 QWAVE - ok

11:11:41.0970 3492 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

11:11:41.0970 3492 QWAVEdrv - ok

11:11:41.0985 3492 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

11:11:41.0985 3492 RasAcd - ok

11:11:42.0032 3492 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

11:11:42.0032 3492 RasAgileVpn - ok

11:11:42.0048 3492 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

11:11:42.0063 3492 RasAuto - ok

11:11:42.0095 3492 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

11:11:42.0095 3492 Rasl2tp - ok

11:11:42.0126 3492 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll

11:11:42.0141 3492 RasMan - ok

11:11:42.0157 3492 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

11:11:42.0157 3492 RasPppoe - ok

11:11:42.0188 3492 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

11:11:42.0188 3492 RasSstp - ok

11:11:42.0219 3492 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

11:11:42.0219 3492 rdbss - ok

11:11:42.0251 3492 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

11:11:42.0251 3492 rdpbus - ok

11:11:42.0297 3492 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

11:11:42.0297 3492 RDPCDD - ok

11:11:42.0344 3492 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys

11:11:42.0344 3492 RDPDR - ok

11:11:42.0360 3492 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

11:11:42.0375 3492 RDPENCDD - ok

11:11:42.0407 3492 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

11:11:42.0407 3492 RDPREFMP - ok

11:11:42.0453 3492 [ 6D76E6433574B058ADCB0C50DF834492 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

11:11:42.0453 3492 RDPWD - ok

11:11:42.0485 3492 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

11:11:42.0500 3492 rdyboost - ok

11:11:42.0547 3492 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

11:11:42.0547 3492 RemoteAccess - ok

11:11:42.0594 3492 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

11:11:42.0594 3492 RemoteRegistry - ok

11:11:42.0626 3492 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

11:11:42.0626 3492 RpcEptMapper - ok

11:11:42.0657 3492 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

11:11:42.0657 3492 RpcLocator - ok

11:11:42.0704 3492 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll

11:11:42.0720 3492 RpcSs - ok

11:11:42.0751 3492 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

11:11:42.0751 3492 rspndr - ok

11:11:42.0798 3492 [ ABCB5A38A0D85BDF69B7877E1AD1EED5 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys

11:11:42.0813 3492 RTL8167 - ok

11:11:42.0844 3492 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys

11:11:42.0844 3492 s3cap - ok

11:11:42.0860 3492 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe

11:11:42.0876 3492 SamSs - ok

11:11:42.0907 3492 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

11:11:42.0907 3492 sbp2port - ok

11:11:42.0922 3492 SBRE - ok

11:11:42.0985 3492 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

11:11:42.0985 3492 SCardSvr - ok

11:11:43.0047 3492 [ B2F50286DC82B93C013E3FC57BA1A956 ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys

11:11:43.0047 3492 SCDEmu - ok

11:11:43.0094 3492 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

11:11:43.0094 3492 scfilter - ok

11:11:43.0156 3492 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll

11:11:43.0172 3492 Schedule - ok

11:11:43.0203 3492 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll

11:11:43.0203 3492 SCPolicySvc - ok

11:11:43.0250 3492 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

11:11:43.0250 3492 SDRSVC - ok

11:11:43.0297 3492 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

11:11:43.0312 3492 secdrv - ok

11:11:43.0328 3492 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll

11:11:43.0344 3492 seclogon - ok

11:11:43.0359 3492 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll

11:11:43.0359 3492 SENS - ok

11:11:43.0375 3492 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

11:11:43.0390 3492 SensrSvc - ok

11:11:43.0406 3492 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys

11:11:43.0406 3492 Serenum - ok

11:11:43.0437 3492 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys

11:11:43.0437 3492 Serial - ok

11:11:43.0484 3492 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys

11:11:43.0484 3492 sermouse - ok

11:11:43.0546 3492 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll

11:11:43.0546 3492 SessionEnv - ok

11:11:43.0578 3492 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

11:11:43.0578 3492 sffdisk - ok

11:11:43.0593 3492 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

11:11:43.0593 3492 sffp_mmc - ok

11:11:43.0609 3492 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

11:11:43.0609 3492 sffp_sd - ok

11:11:43.0641 3492 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys

11:11:43.0641 3492 sfloppy - ok

11:11:43.0672 3492 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll

11:11:43.0688 3492 SharedAccess - ok

11:11:43.0735 3492 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll

11:11:43.0735 3492 ShellHWDetection - ok

11:11:43.0766 3492 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys

11:11:43.0766 3492 SiSRaid2 - ok

11:11:43.0797 3492 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys

11:11:43.0797 3492 SiSRaid4 - ok

11:11:43.0844 3492 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

11:11:43.0844 3492 Smb - ok

11:11:43.0906 3492 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

11:11:43.0906 3492 SNMPTRAP - ok

11:11:43.0937 3492 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

11:11:43.0937 3492 spldr - ok

11:11:43.0984 3492 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe

11:11:44.0000 3492 Spooler - ok

11:11:44.0109 3492 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe

11:11:44.0171 3492 sppsvc - ok

11:11:44.0203 3492 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

11:11:44.0218 3492 sppuinotify - ok

11:11:44.0265 3492 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys

11:11:44.0281 3492 srv - ok

11:11:44.0296 3492 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

11:11:44.0312 3492 srv2 - ok

11:11:44.0343 3492 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

11:11:44.0343 3492 srvnet - ok

11:11:44.0374 3492 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

11:11:44.0390 3492 SSDPSRV - ok

11:11:44.0421 3492 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

11:11:44.0421 3492 SstpSvc - ok

11:11:44.0530 3492 [ 9528A9C0939156EAE5C1AC927287D808 ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_5ea32181aefd3364\STacSV64.exe

11:11:44.0530 3492 STacSV - ok

11:11:44.0577 3492 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys

11:11:44.0577 3492 stexstor - ok

11:11:44.0639 3492 [ 674A9977E356C4ECF184374FF96FACC4 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys

11:11:44.0639 3492 STHDA - ok

11:11:44.0702 3492 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll

11:11:44.0717 3492 stisvc - ok

11:11:44.0749 3492 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys

11:11:44.0764 3492 storflt - ok

11:11:44.0795 3492 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll

11:11:44.0795 3492 StorSvc - ok

11:11:44.0827 3492 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys

11:11:44.0827 3492 storvsc - ok

11:11:44.0873 3492 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys

11:11:44.0873 3492 swenum - ok

11:11:44.0920 3492 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

11:11:44.0936 3492 swprv - ok

11:11:45.0014 3492 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll

11:11:45.0045 3492 SysMain - ok

11:11:45.0076 3492 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

11:11:45.0092 3492 TabletInputService - ok

11:11:45.0107 3492 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

11:11:45.0123 3492 TapiSrv - ok

11:11:45.0154 3492 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

11:11:45.0170 3492 TBS - ok

11:11:45.0248 3492 [ FC62769E7BFF2896035AEED399108162 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

11:11:45.0295 3492 Tcpip - ok

11:11:45.0373 3492 [ FC62769E7BFF2896035AEED399108162 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

11:11:45.0404 3492 TCPIP6 - ok

11:11:45.0451 3492 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

11:11:45.0451 3492 tcpipreg - ok

11:11:45.0497 3492 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

11:11:45.0497 3492 TDPIPE - ok

11:11:45.0529 3492 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

11:11:45.0544 3492 TDTCP - ok

11:11:45.0560 3492 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

11:11:45.0560 3492 tdx - ok

11:11:45.0591 3492 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys

11:11:45.0591 3492 TermDD - ok

11:11:45.0653 3492 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll

11:11:45.0669 3492 TermService - ok

11:11:45.0700 3492 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

11:11:45.0700 3492 Themes - ok

11:11:45.0731 3492 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

11:11:45.0747 3492 THREADORDER - ok

11:11:45.0763 3492 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

11:11:45.0778 3492 TrkWks - ok

11:11:45.0825 3492 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

11:11:45.0841 3492 TrustedInstaller - ok

11:11:45.0872 3492 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

11:11:45.0887 3492 tssecsrv - ok

11:11:45.0919 3492 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

11:11:45.0919 3492 TsUsbFlt - ok

11:11:45.0950 3492 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys

11:11:45.0950 3492 TsUsbGD - ok

11:11:45.0981 3492 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

11:11:45.0981 3492 tunnel - ok

11:11:45.0997 3492 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys

11:11:45.0997 3492 uagp35 - ok

11:11:46.0043 3492 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

11:11:46.0059 3492 udfs - ok

11:11:46.0106 3492 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

11:11:46.0106 3492 UI0Detect - ok

11:11:46.0137 3492 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

11:11:46.0153 3492 uliagpkx - ok

11:11:46.0168 3492 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

11:11:46.0168 3492 umbus - ok

11:11:46.0184 3492 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys

11:11:46.0184 3492 UmPass - ok

11:11:46.0231 3492 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll

11:11:46.0246 3492 UmRdpService - ok

11:11:46.0293 3492 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

11:11:46.0293 3492 upnphost - ok

11:11:46.0340 3492 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys

11:11:46.0355 3492 USBAAPL64 - ok

11:11:46.0387 3492 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

11:11:46.0402 3492 usbccgp - ok

11:11:46.0433 3492 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

11:11:46.0433 3492 usbcir - ok

11:11:46.0465 3492 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

11:11:46.0465 3492 usbehci - ok

11:11:46.0511 3492 [ 6648C6D7323A2CE0C4776C36CEFBCB14 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys

11:11:46.0511 3492 usbfilter - ok

11:11:46.0543 3492 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

11:11:46.0558 3492 usbhub - ok

11:11:46.0589 3492 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys

11:11:46.0589 3492 usbohci - ok

11:11:46.0621 3492 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

11:11:46.0621 3492 usbprint - ok

11:11:46.0667 3492 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

11:11:46.0667 3492 usbscan - ok

11:11:46.0714 3492 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

11:11:46.0714 3492 USBSTOR - ok

11:11:46.0745 3492 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys

11:11:46.0745 3492 usbuhci - ok

11:11:46.0792 3492 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys

11:11:46.0792 3492 usbvideo - ok

11:11:46.0823 3492 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

11:11:46.0823 3492 UxSms - ok

11:11:46.0855 3492 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe

11:11:46.0855 3492 VaultSvc - ok

11:11:46.0901 3492 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

11:11:46.0901 3492 vdrvroot - ok

11:11:46.0948 3492 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe

11:11:46.0964 3492 vds - ok

11:11:46.0995 3492 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

11:11:46.0995 3492 vga - ok

11:11:47.0026 3492 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

11:11:47.0026 3492 VgaSave - ok

11:11:47.0042 3492 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

11:11:47.0057 3492 vhdmp - ok

11:11:47.0073 3492 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys

11:11:47.0089 3492 viaide - ok

11:11:47.0120 3492 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys

11:11:47.0135 3492 vmbus - ok

11:11:47.0151 3492 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys

11:11:47.0167 3492 VMBusHID - ok

11:11:47.0182 3492 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

11:11:47.0182 3492 volmgr - ok

11:11:47.0229 3492 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

11:11:47.0229 3492 volmgrx - ok

11:11:47.0260 3492 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys

11:11:47.0276 3492 volsnap - ok

11:11:47.0307 3492 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys

11:11:47.0323 3492 vsmraid - ok

11:11:47.0385 3492 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe

11:11:47.0432 3492 VSS - ok

11:11:47.0463 3492 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys

11:11:47.0463 3492 vwifibus - ok

11:11:47.0494 3492 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys

11:11:47.0494 3492 vwififlt - ok

11:11:47.0541 3492 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

11:11:47.0557 3492 W32Time - ok

11:11:47.0588 3492 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys

11:11:47.0588 3492 WacomPen - ok

11:11:47.0635 3492 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

11:11:47.0635 3492 WANARP - ok

11:11:47.0650 3492 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

11:11:47.0650 3492 Wanarpv6 - ok

11:11:47.0728 3492 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

11:11:47.0759 3492 WatAdminSvc - ok

11:11:47.0837 3492 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe

11:11:47.0884 3492 wbengine - ok

11:11:47.0900 3492 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

11:11:47.0915 3492 WbioSrvc - ok

11:11:47.0947 3492 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll

11:11:47.0962 3492 wcncsvc - ok

11:11:47.0978 3492 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

11:11:47.0993 3492 WcsPlugInService - ok

11:11:48.0025 3492 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys

11:11:48.0040 3492 Wd - ok

11:11:48.0071 3492 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

11:11:48.0087 3492 Wdf01000 - ok

11:11:48.0118 3492 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

11:11:48.0134 3492 WdiServiceHost - ok

11:11:48.0149 3492 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

11:11:48.0149 3492 WdiSystemHost - ok

11:11:48.0196 3492 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll

11:11:48.0196 3492 WebClient - ok

11:11:48.0243 3492 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

11:11:48.0259 3492 Wecsvc - ok

11:11:48.0290 3492 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

11:11:48.0290 3492 wercplsupport - ok

11:11:48.0321 3492 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

11:11:48.0321 3492 WerSvc - ok

11:11:48.0352 3492 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

11:11:48.0352 3492 WfpLwf - ok

11:11:48.0383 3492 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

11:11:48.0383 3492 WIMMount - ok

11:11:48.0415 3492 WinDefend - ok

11:11:48.0430 3492 WinHttpAutoProxySvc - ok

11:11:48.0477 3492 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

11:11:48.0477 3492 Winmgmt - ok

11:11:48.0539 3492 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll

11:11:48.0571 3492 WinRM - ok

11:11:48.0633 3492 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys

11:11:48.0633 3492 WinUsb - ok

11:11:48.0664 3492 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

11:11:48.0680 3492 Wlansvc - ok

11:11:48.0727 3492 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys

11:11:48.0727 3492 WmiAcpi - ok

11:11:48.0773 3492 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

11:11:48.0789 3492 wmiApSrv - ok

11:11:48.0820 3492 WMPNetworkSvc - ok

11:11:48.0851 3492 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

11:11:48.0867 3492 WPCSvc - ok

11:11:48.0898 3492 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

11:11:48.0898 3492 WPDBusEnum - ok

11:11:48.0945 3492 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

11:11:48.0945 3492 ws2ifsl - ok

11:11:48.0976 3492 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll

11:11:48.0992 3492 wscsvc - ok

11:11:48.0992 3492 WSearch - ok

11:11:49.0117 3492 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

11:11:49.0163 3492 wuauserv - ok

11:11:49.0210 3492 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

11:11:49.0210 3492 WudfPf - ok

11:11:49.0226 3492 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

11:11:49.0241 3492 WUDFRd - ok

11:11:49.0288 3492 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

11:11:49.0288 3492 wudfsvc - ok

11:11:49.0319 3492 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll

11:11:49.0335 3492 WwanSvc - ok

11:11:49.0382 3492 ================ Scan global ===============================

11:11:49.0413 3492 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

11:11:49.0444 3492 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll

11:11:49.0475 3492 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll

11:11:49.0507 3492 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

11:11:49.0538 3492 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

11:11:49.0553 3492 [Global] - ok

11:11:49.0553 3492 ================ Scan MBR ==================================

11:11:49.0569 3492 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

11:11:49.0834 3492 \Device\Harddisk0\DR0 - ok

11:11:49.0834 3492 ================ Scan VBR ==================================

11:11:49.0834 3492 [ AF57A54B49AE26EC62BEAED885B5D58B ] \Device\Harddisk0\DR0\Partition1

11:11:49.0850 3492 \Device\Harddisk0\DR0\Partition1 - ok

11:11:49.0850 3492 ============================================================

11:11:49.0850 3492 Scan finished

11:11:49.0850 3492 ============================================================

11:11:49.0897 2980 Detected object count: 0

11:11:49.0897 2980 Actual detected object count: 0

DDS (Ver_2012-10-14.05) - NTFS_AMD64

Internet Explorer: 9.0.8112.16421

Run by Jamie at 11:01:39 on 2012-10-16

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3836.2656 [GMT -5:00]

.

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_5ea32181aefd3364\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\Hpservice.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_5ea32181aefd3364\AESTSr64.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files\Citrix\Secure Access Client\nsverctl.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\rundll32.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files\Citrix\Secure Access Client\nsload.exe

C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Program Files (x86)\PowerISO\PWRISOVM.EXE

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

C:\Program Files (x86)\QuickTime\QTTask.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Citrix\ICA Client\concentr.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\Citrix\ICA Client\WFCRUN32.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Users\Jamie\AppData\Local\Temp\Rar$EX24.720\TDSSKiller.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uSearch Bar = Preserve

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

uRun: [Google Update] "C:\Users\Jamie\AppData\Local\Google\Update\GoogleUpdate.exe" /c

mRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup

dRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe -update activex

StartupFolder: C:\Users\Jamie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CITRIX~1.LNK - C:\Program Files\Citrix\Secure Access Client\nsload.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ONLINE~1.LNK - C:\Windows\Installer\{913778D3-E1D8-4B55-9246-3308C54D3162}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

LSP: mswsock.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: NameServer = 97.64.183.164 97.64.209.37

TCP: Interfaces\{1B928863-A243-4E52-8A6F-ECEE343E67CD} : DHCPNameServer = 97.64.183.164 97.64.209.37

TCP: Interfaces\{1B928863-A243-4E52-8A6F-ECEE343E67CD}\07F607F677966696 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{1B928863-A243-4E52-8A6F-ECEE343E67CD}\16266763 : DHCPNameServer = 172.20.100.1

TCP: Interfaces\{1B928863-A243-4E52-8A6F-ECEE343E67CD}\2375942554333353 : DHCPNameServer = 192.168.1.254

TCP: Interfaces\{1B928863-A243-4E52-8A6F-ECEE343E67CD}\D6160736D607 : DHCPNameServer = 75.75.75.75 75.75.76.76

Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

SSODL: WebCheck - <orphaned>

SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4

x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe

x64-Run: [sBRegRebootCleaner] "C:\Program Files (x86)\Ad-Aware Antivirus\SBRC.exe"

x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2012-3-19 89536]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]

R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_5ea32181aefd3364\AESTSr64.exe [2011-7-10 89600]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-9-22 203264]

R2 cag;Citrix cag plugin for Access Gateway;C:\Program Files\Common Files\Deterministic Networks\Common Files\cag.sys [2011-6-9 100952]

R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-13 30520]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-15 399432]

R2 nsverctl;Citrix Secure Access Client Service;C:\Program Files\Citrix\Secure Access Client\nsverctl.exe [2011-9-27 154776]

R3 ctxva51;Citrix Virtual Adapter;C:\Windows\System32\drivers\ctxva51.sys [2011-9-27 45720]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-8-18 25928]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-3-1 187392]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-7-10 34872]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-15 676936]

S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]

S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-5-10 51712]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-7-10 1255736]

.

=============== Created Last 30 ================

.

.

==================== Find3M ====================

.

2012-10-16 04:41:04 5110 ----a-w- C:\Windows\System32\PerfStringBackup.TMP

2012-09-07 22:04:46 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

.

============= FINISH: 11:02:12.64 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-10-14.05)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 7/10/2011 6:32:26 PM

System Uptime: 10/16/2012 10:23:49 AM (1 hours ago)

.

Motherboard: Hewlett-Packard | | 3656

Processor: AMD Turion Neo X2 Dual Core Processor L625 | Socket AM2/S1G2 | 1600/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 287 GiB total, 208.054 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: SBRE

Device ID: ROOT\LEGACY_SBRE\0000

Manufacturer:

Name: SBRE

PNP Device ID: ROOT\LEGACY_SBRE\0000

Service: SBRE

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: Windows Firewall Authorization Driver

Device ID: ROOT\LEGACY_MPSDRV\0000

Manufacturer:

Name: Windows Firewall Authorization Driver

PNP Device ID: ROOT\LEGACY_MPSDRV\0000

Service: mpsdrv

.

==== System Restore Points ===================

.

RP145: 8/27/2012 10:04:25 PM - Removed Ad-Aware Antivirus.

RP146: 9/5/2012 8:45:35 PM - Windows Update

RP148: 9/8/2012 9:39:14 AM - Windows Defender Checkpoint

RP150: 9/9/2012 1:51:32 PM - Windows Defender Checkpoint

RP152: 9/10/2012 7:01:22 PM - Windows Defender Checkpoint

RP154: 9/17/2012 8:24:06 PM - Windows Defender Checkpoint

RP156: 9/24/2012 7:18:23 PM - Windows Defender Checkpoint

RP158: 10/1/2012 6:09:19 PM - Windows Defender Checkpoint

RP160: 10/2/2012 8:12:08 PM - Windows Defender Checkpoint

RP162: 10/4/2012 6:03:52 PM - Windows Defender Checkpoint

RP164: 10/5/2012 6:47:03 PM - Windows Defender Checkpoint

RP166: 10/10/2012 7:11:14 PM - Windows Defender Checkpoint

RP168: 10/12/2012 10:34:04 PM - Windows Defender Checkpoint

RP170: 10/14/2012 5:06:21 PM - Windows Defender Checkpoint

RP172: 10/15/2012 6:42:33 PM - Windows Defender Checkpoint

.

==== Installed Programs ======================

.

µTorrent

Adobe AIR

Adobe Flash Player 11 ActiveX 64-bit

Adobe Reader X (10.1.4)

AMD USB Filter Driver

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ATI Catalyst Install Manager

Bonjour

Broadcom 802.11 Wireless LAN Adapter

Canon MP250 series MP Drivers

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Common

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Citrix Access Gateway Plug-in

Citrix online plug-in

Citrix online plug-in (DV)

Citrix online plug-in (HDX)

Citrix online plug-in (PNA)

Citrix online plug-in (SSON)

Citrix online plug-in (USB)

Citrix online plug-in (Web)

Compatibility Pack for the 2007 Office system

Google Chrome

Google Toolbar for Internet Explorer

IDT Audio

iTunes

Java Auto Updater

Java 6 Update 26

Malwarebytes Anti-Malware version 1.65.0.1400

McAfee Security Scan Plus

Microsoft .NET Framework 4 Client Profile

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

OpenOffice.org 3.3

PowerISO

QuickTime

Rosetta Stone V3

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Usmleworld QBank

WinRAR 4.01 (32-bit)

.

==== Event Viewer Messages From Past Week ========

.

10/16/2012 12:04:59 AM, Error: ACPI [5] - AMLI: ACPI BIOS is attempting to write to an illegal IO port address (0x71), which lies in the 0x70 - 0x71 protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.

10/16/2012 10:52:41 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.

10/15/2012 7:03:57 PM, Error: ACPI [5] - AMLI: ACPI BIOS is attempting to write to an illegal IO port address (0x70), which lies in the 0x70 - 0x71 protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.

10/15/2012 11:37:18 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.

10/15/2012 11:36:57 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom SBRE

10/15/2012 11:36:54 PM, Error: Service Control Manager [7023] - The Sandboxu service terminated with the following error: The specified module could not be found.

10/15/2012 11:36:52 PM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error: Cannot create a file when that file already exists.

10/15/2012 11:36:52 PM, Error: Service Control Manager [7000] - The Windows Firewall Authorization Driver service failed to start due to the following error: Cannot create a file when that file already exists.

10/15/2012 11:36:47 PM, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter

.

==== End Of File ===========================

Thanks again

Link to post
Share on other sites

Download Combofix from either of the links below, and save it to your desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.

  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error

Link to post
Share on other sites

ComboFix 12-10-16.02 - Jamie 10/16/2012 20:27:36.1.2 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3836.2433 [GMT -5:00]

Running from: c:\users\Jamie\Desktop\ComboFix.exe

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Jamie\AppData\Local\Temp\{A33A1E10-D358-4DFC-9650-27254C491C41}\fpb.tmp

c:\windows\assembly\tmp\U

.

.

((((((((((((((((((((((((( Files Created from 2012-09-17 to 2012-10-17 )))))))))))))))))))))))))))))))

.

.

2012-10-17 01:39 . 2012-10-17 01:39 -------- d-----w- c:\users\Public\AppData\Local\temp

2012-10-17 01:39 . 2012-10-17 01:39 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-10-16 16:09 . 2012-10-16 16:09 208216 ----a-w- c:\windows\system32\drivers\04935156.sys

2012-10-16 16:06 . 2012-10-16 16:06 -------- d-----w- C:\TDSSKiller_Quarantine

2012-10-11 00:10 . 2012-10-11 00:10 -------- d-----w- c:\program files\Microsoft Silverlight

2012-10-11 00:10 . 2012-10-11 00:10 -------- d-----w- c:\program files (x86)\Microsoft Silverlight

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-16 16:14 . 2011-10-11 00:37 5110 ----a-w- c:\windows\system32\PerfStringBackup.TMP

2012-09-07 22:04 . 2011-08-18 18:17 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-28 06:49 . 2012-09-06 01:46 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9076C1E7-5E12-4CE7-A5CA-09E3A27D6E91}\mpengine.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-13 98304]

"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2011-06-15 307200]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]

"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2012-03-28 309184]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"FlashPlayerUpdate"="c:\windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe" [bU]

.

c:\users\Jamie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Citrix Access Gateway.lnk - c:\program files\Citrix\Secure Access Client\nsload.exe [2011-9-27 1523864]

McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

Online plug-in.lnk - c:\windows\Installer\{913778D3-E1D8-4B55-9246-3308C54D3162}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe [2012-8-31 77824]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0BBD.exe /d \Device\HarddiskVolume1\Program Files (x86)\Ad-Aware Antivirus\Definitions\0BBD.exe /d \Device\HarddiskVolume1\Program Files (x86)\Ad-Aware Antivirus\Definitions\0BBD.exe /d \Device\HarddiskVolume1\Program Files (x86)\Ad-Aware Antivirus\Definitions\0BBD.exe /d \Device\HarddiskVolume1\Program Files (x86)\Ad-Aware Antivirus\Definitions\0BBD.exe /d \Device\HarddiskVolume1\Program Files (x86)\Ad-Aware Antivirus\Definitions\0BBD.exe /d \Device\HarddiskVolume1\Program Files (x86)\Ad-Aware Antivirus\Definitions\0BBD.exe /d \Device\HarddiskVolume1\Program Files (x86)\Ad-Aware Antivirus\Definitions\0SBBD.exe /d \Device\HarddiskVolume1\Program Files (x86)\Ad-Aware Antivirus\Definitions

.

R1 hwlrobok;hwlrobok;c:\windows\system32\drivers\hwlrobok.sys [x]

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-10 1255736]

S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2012-03-19 89536]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_5ea32181aefd3364\AESTSr64.exe [2009-03-02 89600]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-09-22 203264]

S2 cag;Citrix cag plugin for Access Gateway;c:\program files\Common Files\Deterministic Networks\Common Files\cag.sys [2011-06-09 100952]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-14 30520]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]

S2 nsverctl;Citrix Secure Access Client Service;c:\program files\Citrix\Secure Access Client\nsverctl.exe [2011-09-27 154776]

S3 ctxva51;Citrix Virtual Adapter;c:\windows\system32\DRIVERS\ctxva51.sys [2011-09-27 45720]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-02 187392]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-04-03 34872]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 08162572

*NewlyCreated* - 12169813

*Deregistered* - 08162572

*Deregistered* - 12169813

.

Contents of the 'Scheduled Tasks' folder

.

2012-10-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3996044527-1223710297-2653187080-1000Core.job

- c:\users\Jamie\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-20 15:57]

.

2012-10-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3996044527-1223710297-2653187080-1000UA.job

- c:\users\Jamie\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-20 15:57]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-09-21 487424]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

AppnApi

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 97.64.183.164 97.64.209.37

.

- - - - ORPHANS REMOVED - - - -

.

SafeBoot-12169813.sys

HKLM-Run-SBRegRebootCleaner - c:\program files (x86)\Ad-Aware Antivirus\SBRC.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{3543619C-D563-43F7-95EA-4DA7E1CC396A}"=hex:51,66,7a,6c,4c,1d,38,12,f2,62,50,

31,51,9b,99,06,ea,fc,0e,e7,e4,92,7d,7e

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:09,f0,96,be,54,b1,cc,01

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b4,57,d5,4d,22,29,e9,41,96,73,d3,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b4,57,d5,4d,22,29,e9,41,96,73,d3,\

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-10-16 20:55:57

ComboFix-quarantined-files.txt 2012-10-17 01:55

ComboFix2.txt 2012-07-05 00:56

.

Pre-Run: 223,317,827,584 bytes free

Post-Run: 223,451,099,136 bytes free

.

- - End Of File - - 57A57E4AE2AD1E874E833587CB3DDDA4

Link to post
Share on other sites

Please download AdwCleaner from here and save it to your desktop.

  • Right click on AdwCleaner.exe and click "Run as Administrator" to run the tool.
  • Click on Delete.

A logfile will automatically open after the scan has finished.

Please post the content of that logfile in your reply.

You can find the logfile at C:\AdwCleaner[Rn].txt as well - (n is the scan number.)

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Next

ESET Online Scanner

I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.

Please don't go surfing while your resident protection is disabled!

Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.

  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the esetOnline.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.

    3. Check esetAcceptTerms.png
    4. Click the Start button.
    5. Accept any security warnings from your browser.
    6. Check esetScanArchives.png
    7. Make sure that the option "Remove found threats" is not checked
    8. Push the Start button.
    9. ESET will then download updates for itself, install itself, and begin
      scanning your computer. Please be patient as this can take some time.
    10. When the scan completes, push esetListThreats.png
    11. Push esetExport.png, and save the file to your desktop using a unique name, such as
      ESETScan. Include the contents of this report in your next reply.
    12. Push the Back button.
    13. Push Finish


      http://www.eset.com/onlinescan/
      Also tell me how the computer is running now.
Link to post
Share on other sites

  • 1 month later...
  • 3 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.