Jump to content

redirect, blocked by Malwarebytes but not detected on scan


Recommended Posts

I was being directed to galagoogle or something similar. I tried my regular antivirus, fsecure online scan, malwarebytes, adwcleaner, the windows malicious software remover, suprantispyware, spybot search and destroy, and a couple of kaspersky programs.

I also ran MB, kaspersky, and windows remover in both safe mode and safe mode with networking.

None of them detect anything beyond a few cookies and similar. But my internet speed opening new pages is seriously degraded and while I am no longer redirected, I constantly get a popup saying

"MalwareBytes Antimalware

Successfully blocked access to a potentially malicious website: 93.170.104.62

type: outgoing

port 51234, process: chrome.exe (the port varies as does the process, but chrome is the most common)"

Also in task manager all my chrome processes, steam, malware bytes and some others have a *32 which they did not previously have.

I am running Toshiba notebook Intel Pentium B950 @ 2.10 GHz

64 bit

windows 7 premium, service pack 1, auto update active

Here are the requested logs from the pinned thread.

Thank you

Attach.txt

DDS.txt

Link to post
Share on other sites

Malwarebytes Anti-Malware (Trial) 1.70.0.1100

www.malwarebytes.org

Database version: v2013.01.06.08

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Tyler :: TYLER-LAPTOP [administrator]

Protection: Enabled

06/01/2013 7:33:43 PM

mbam-log-2013-01-06 (19-33-43).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 207392

Time elapsed: 7 minute(s), 24 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

DDS

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.5.1

Run by Tyler at 19:42:39 on 2013-01-06

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.3986.1542 [GMT -7:00]

.

AV: TELUS security services *Enabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}

SP: TELUS security services *Enabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

.

============== Running Processes ===============

.

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\windows\system32\taskhost.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Intel\iCLS Client\HeciServer.exe

C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe

C:\Program Files (x86)\TELUS\TELUS security services\10.0.41.60099\RpsSecurityAwareR.exe

C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe

C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler64.exe

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\TELUS\TELUS security advisor\ServicepointService.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\Steam\steam.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

C:\Program Files (x86)\TELUS\TELUS security advisor\Tsa.exe

C:\windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Common Files\Steam\SteamService.exe

C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\TELUS\TELUS security services\10.0.41.60099\Rps.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\windows\system32\taskeng.exe

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Internet Explorer\IELowutil.exe

C:\windows\sysWOW64\wbem\wmiprvse.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.toshiba.ca/welcome/?w=20

uWindow Title = Presented by TOSHIBA Leading Innovation >>>

uDefault_Page_URL = hxxp://www.toshiba.ca/welcome/?w=20

mStart Page = hxxp://www.toshiba.ca/welcome/?w=20

mDefault_Page_URL = hxxp://www.toshiba.ca/welcome/?w=20

uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

mWinlogon: Userinit = userinit.exe,

BHO: {1036AD63-AEAC-460B-9060-C96005D4DC86} - <orphaned>

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1505\6.6.1091\TmIEPlg32.dll

BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll

BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Vuze Remote Toolbar: {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"

mRun: [Tsa.exe] "C:\Program Files (x86)\TELUS\TELUS security advisor\Tsa.exe" /AUTORUN

mRun: [TELUS security services] "C:\Program Files (x86)\TELUS\TELUS security services\10.0.41.60099\RPS.exe" -set Silent "1" SplashURL ""

mRun: [sDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

TCP: NameServer = 192.168.1.254 192.168.1.254

TCP: Interfaces\{D4297182-DE5C-4525-A260-03BEBEFBA422} : DHCPNameServer = 192.168.1.254 192.168.1.254

TCP: Interfaces\{D4297182-DE5C-4525-A260-03BEBEFBA422}\2516D616461675962756C6563737 : DHCPNameServer = 4.2.2.1

TCP: Interfaces\{D4297182-DE5C-4525-A260-03BEBEFBA422}\543484F40224143554 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{D4297182-DE5C-4525-A260-03BEBEFBA422}\7474 : DHCPNameServer = 192.168.10.1

TCP: Interfaces\{D4297182-DE5C-4525-A260-03BEBEFBA422}\84F64756C61427473775962756C6563737 : DHCPNameServer = 4.2.2.1

Handler: navnet - {AD6E5643-7B0C-46AA-95AD-9773FF2A857A} - C:\Program Files (x86)\NavNetApp\ComUtilities.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll

Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1505\6.6.1091\TmIEPlg32.dll

Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

x64-mStart Page = hxxp://www.toshiba.ca/welcome/?w=20

x64-mDefault_Page_URL = hxxp://www.toshiba.ca/welcome/?w=20

x64-BHO: {1036AD63-AEAC-460B-9060-C96005D4DC86} - <orphaned>

x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1505\6.6.1091\TmIEPlg.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll

x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe

x64-Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"

x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\windows\System32\igfxpers.exe

x64-Handler: navnet - {AD6E5643-7B0C-46AA-95AD-9773FF2A857A} - <orphaned>

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll

x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1505\6.6.1091\TmIEPlg.dll

x64-Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\windows\System32\drivers\iusb3hcs.sys [2012-1-5 16152]

R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2009-6-24 482384]

R2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2012-8-5 267480]

R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]

R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-6-17 128280]

R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-6-17 161560]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-28 682344]

R2 Radialpoint Security Services;TELUS security services;C:\Program Files (x86)\TELUS\TELUS security services\10.0.41.60099\RpsSecurityAwareR.exe [2012-8-5 154632]

R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-12-24 1103392]

R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-12-24 1369624]

R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-12-24 168384]

R2 ServicepointService;ServicepointService;C:\Program Files (x86)\TELUS\TELUS security advisor\ServicepointService.exe [2012-8-5 10294584]

R2 tmevtmgr;tmevtmgr;C:\windows\System32\drivers\tmevtmgr.sys [2012-8-5 67664]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-6-17 363800]

R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-12-6 331264]

R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\windows\System32\drivers\iusb3hub.sys [2012-1-5 355096]

R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\windows\System32\drivers\iusb3xhc.sys [2012-1-5 786200]

R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2012-12-28 24176]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2012-6-17 251496]

R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2012-6-17 565352]

R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2012-6-17 1145448]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-28 398184]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]

S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2012-6-17 48488]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-8-7 1255736]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2013-01-06 20:10:52 -------- d-----w- C:\Users\Tyler\AppData\Roaming\AnvSoft

2013-01-06 20:10:22 -------- d-----w- C:\Program Files (x86)\AnvSoft

2013-01-06 15:59:25 -------- d-----w- C:\Program Files (x86)\Conduit

2013-01-06 15:59:21 -------- d-----w- C:\Users\Tyler\AppData\Local\Conduit

2013-01-06 15:59:19 -------- d-----w- C:\Program Files (x86)\Vuze_Remote

2013-01-06 15:58:52 -------- d-----w- C:\Program Files (x86)\Vuze

2013-01-05 22:15:28 -------- d-----w- C:\ProgramData\Kaspersky Lab

2012-12-28 23:21:00 -------- d-----w- C:\Users\Tyler\AppData\Roaming\Malwarebytes

2012-12-28 23:20:42 -------- d-----w- C:\ProgramData\Malwarebytes

2012-12-28 23:20:39 24176 ----a-w- C:\windows\System32\drivers\mbam.sys

2012-12-28 23:20:39 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-12-28 07:48:53 -------- d-----w- C:\Program Files (x86)\FileASSASSIN

2012-12-26 20:52:31 39184 ----a-w- C:\windows\System32\Partizan.exe

2012-12-26 20:47:13 2 --shatr- C:\windows\winstart.bat

2012-12-26 20:47:10 -------- d-----w- C:\ProgramData\RegRun

2012-12-26 20:47:08 35816 ----a-w- C:\windows\SysWow64\drivers\Partizan.sys

2012-12-26 20:47:01 12800 ----a-w- C:\windows\SysWow64\drivers\UnHackMeDrv.sys

2012-12-26 20:46:55 -------- d-----w- C:\Program Files (x86)\UnHackMe

2012-12-24 22:40:21 -------- d-----w- C:\Program Files (x86)\Calibre2

2012-12-24 10:02:57 -------- d-----r- C:\Program Files (x86)\Skype

2012-12-24 09:32:12 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2012-12-24 09:31:57 17272 ----a-w- C:\windows\System32\sdnclean64.exe

2012-12-24 09:31:50 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2

2012-12-24 09:31:10 -------- d-----w- C:\Users\Tyler\AppData\Local\Programs

2012-12-23 04:40:45 -------- d-----w- C:\Users\Tyler\AppData\Local\Windows Live

2012-12-23 04:30:44 -------- d-----w- C:\Users\Tyler\Tracing

2012-12-21 14:31:34 34304 ----a-w- C:\windows\SysWow64\atmlib.dll

2012-12-21 14:31:33 46080 ----a-w- C:\windows\System32\atmlib.dll

2012-12-21 14:31:33 367616 ----a-w- C:\windows\System32\atmfd.dll

2012-12-21 14:31:32 295424 ----a-w- C:\windows\SysWow64\atmfd.dll

2012-12-12 01:46:54 2048 ----a-w- C:\windows\SysWow64\tzres.dll

2012-12-12 01:46:54 2048 ----a-w- C:\windows\System32\tzres.dll

2012-12-12 01:46:09 3149824 ----a-w- C:\windows\System32\win32k.sys

2012-12-12 01:44:18 478208 ----a-w- C:\windows\System32\dpnet.dll

2012-12-12 01:44:18 376832 ----a-w- C:\windows\SysWow64\dpnet.dll

.

==================== Find3M ====================

.

2012-11-14 06:11:44 2312704 ----a-w- C:\windows\System32\jscript9.dll

2012-11-14 06:04:11 1392128 ----a-w- C:\windows\System32\wininet.dll

2012-11-14 06:02:49 1494528 ----a-w- C:\windows\System32\inetcpl.cpl

2012-11-14 05:57:46 599040 ----a-w- C:\windows\System32\vbscript.dll

2012-11-14 05:57:35 173056 ----a-w- C:\windows\System32\ieUnatt.exe

2012-11-14 05:52:40 2382848 ----a-w- C:\windows\System32\mshtml.tlb

2012-11-14 02:09:22 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll

2012-11-14 01:58:15 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl

2012-11-14 01:57:37 1129472 ----a-w- C:\windows\SysWow64\wininet.dll

2012-11-14 01:49:25 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe

2012-11-14 01:48:27 420864 ----a-w- C:\windows\SysWow64\vbscript.dll

2012-11-14 01:44:42 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb

2012-10-16 08:38:37 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38:34 350208 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39:52 561664 ----a-w- C:\windows\apppatch\AcLayers.dll

2012-10-09 18:17:13 55296 ----a-w- C:\windows\System32\dhcpcsvc6.dll

2012-10-09 18:17:13 226816 ----a-w- C:\windows\System32\dhcpcore6.dll

2012-10-09 17:40:31 44032 ----a-w- C:\windows\SysWow64\dhcpcsvc6.dll

2012-10-09 17:40:31 193536 ----a-w- C:\windows\SysWow64\dhcpcore6.dll

.

============= FINISH: 19:44:39.69 ===============

Thank you so much for your time.

attach.txt

Link to post
Share on other sites

  • Staff

Hi,

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

If after ComboFix reboots you get a message about an "Invalid Option Registry Key Marked for Deletion," please reboot again and the error will go away.

-screen317

Link to post
Share on other sites

ComboFix 13-01-06.01 - Tyler 07/01/2013 17:25:03.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.3986.2170 [GMT -7:00]

Running from: c:\users\Tyler\Downloads\ComboFix.exe

AV: TELUS security services *Enabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}

SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

SP: TELUS security services *Enabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Resident AV is active

.

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

c:\users\Tyler\AppData\Roaming\PlantsVsZombiesSetup_20110727_2_1.com

.

.

((((((((((((((((((((((((( Files Created from 2012-12-08 to 2013-01-08 )))))))))))))))))))))))))))))))

.

.

2013-01-08 01:39 . 2013-01-08 01:39 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-01-06 20:10 . 2013-01-06 20:10 -------- d-----w- c:\users\Tyler\AppData\Roaming\AnvSoft

2013-01-06 20:10 . 2013-01-06 20:10 -------- d-----w- c:\program files (x86)\AnvSoft

2013-01-06 15:59 . 2013-01-06 15:59 -------- d-----w- c:\program files (x86)\Conduit

2013-01-06 15:59 . 2013-01-06 15:59 -------- d-----w- c:\users\Tyler\AppData\Local\Conduit

2013-01-06 15:58 . 2013-01-06 15:59 -------- d-----w- c:\program files (x86)\Vuze

2013-01-05 22:15 . 2013-01-05 22:15 -------- d-----w- c:\programdata\Kaspersky Lab

2012-12-28 23:21 . 2012-12-28 23:21 -------- d-----w- c:\users\Tyler\AppData\Roaming\Malwarebytes

2012-12-28 23:20 . 2012-12-28 23:20 -------- d-----w- c:\programdata\Malwarebytes

2012-12-28 23:20 . 2012-12-28 23:29 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-12-28 23:20 . 2012-12-14 23:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-12-28 07:48 . 2012-12-28 07:48 -------- d-----w- c:\program files (x86)\FileASSASSIN

2012-12-26 20:52 . 2012-12-26 20:52 39184 ----a-w- c:\windows\system32\Partizan.exe

2012-12-26 20:47 . 2012-12-26 20:47 2 --shatr- c:\windows\winstart.bat

2012-12-26 20:47 . 2013-01-06 18:03 -------- d-----w- c:\programdata\RegRun

2012-12-26 20:47 . 2012-12-26 20:47 35816 ----a-w- c:\windows\SysWow64\drivers\Partizan.sys

2012-12-26 20:47 . 2012-12-25 20:06 12800 ----a-w- c:\windows\SysWow64\drivers\UnHackMeDrv.sys

2012-12-26 20:46 . 2013-01-02 00:17 -------- d-----w- c:\program files (x86)\UnHackMe

2012-12-24 22:40 . 2012-12-28 23:09 -------- d-----w- c:\program files (x86)\Calibre2

2012-12-24 10:03 . 2012-12-24 17:15 -------- d-----w- c:\users\Tyler\AppData\Roaming\Skype

2012-12-24 10:02 . 2012-12-24 10:02 -------- d-----w- c:\program files (x86)\Common Files\Skype

2012-12-24 10:02 . 2012-12-24 10:02 -------- d-----r- c:\program files (x86)\Skype

2012-12-24 09:32 . 2012-12-26 07:30 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-12-24 09:31 . 2009-01-25 19:14 17272 ----a-w- c:\windows\system32\sdnclean64.exe

2012-12-24 09:31 . 2012-12-24 09:32 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2

2012-12-24 09:31 . 2012-12-24 09:31 -------- d-----w- c:\users\Tyler\AppData\Local\Programs

2012-12-23 04:40 . 2013-01-02 00:18 -------- d-----w- c:\users\Tyler\AppData\Local\Windows Live

2012-12-23 04:30 . 2013-01-06 00:23 -------- d-----w- c:\users\Tyler\Tracing

2012-12-21 14:31 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2012-12-21 14:31 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll

2012-12-21 14:31 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll

2012-12-21 14:31 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

2012-12-12 01:46 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll

2012-12-12 01:46 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-12-12 01:46 . 2012-11-22 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys

2012-12-12 01:44 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll

2012-12-12 01:44 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-28 22:58 . 2012-08-06 09:04 67413224 ----a-w- c:\windows\system32\MRT.exe

2012-10-16 08:38 . 2012-11-27 22:00 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38 . 2012-11-27 22:00 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39 . 2012-11-27 22:00 561664 ----a-w- c:\windows\apppatch\AcLayers.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\Vuze_Remote\prxtbVuze.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-12-04 1354736]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-04-14 39408]

"Spybot-S&D Cleaning"="c:\program files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" [2012-11-13 3713032]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-07-27 35768]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-05 291608]

"Tsa.exe"="c:\program files (x86)\TELUS\TELUS security advisor\Tsa.exe" [2012-03-09 10208568]

"TELUS security services"="c:\program files (x86)\TELUS\TELUS security services\10.0.41.60099\RPS.exe" [2012-04-18 541400]

"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]

R3 TDEIO;TDEIO;c:\windows\SysWOW64\sysprep\BOOTPRIO\tdeio64.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-08 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-01-05 16152]

S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-06-24 482384]

S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]

S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-03 628448]

S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-02-21 128280]

S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2012-02-21 161560]

S2 Radialpoint Security Services;TELUS security services;c:\program files (x86)\TELUS\TELUS security services\10.0.41.60099\RpsSecurityAwareR.exe [2012-04-18 154632]

S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-11-13 1103392]

S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-11-13 1369624]

S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-11-13 168384]

S2 ServicepointService;ServicepointService;c:\program files (x86)\TELUS\TELUS security advisor\ServicepointService.exe [2012-03-09 10294584]

S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2010-09-17 67664]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-02-29 363800]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-06 331264]

S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-01-05 355096]

S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-01-05 786200]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2011-08-17 251496]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-24 565352]

S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-07-18 1145448]

.

.

Contents of the 'Scheduled Tasks' folder

.

2013-01-08 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 06:29]

.

2013-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-14 06:42]

.

2013-01-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-14 06:42]

.

2013-01-06 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job

- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]

.

2013-01-07 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job

- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-03-16 12459112]

"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]

"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2010-09-17 192008]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-05-10 170264]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-05-10 398616]

"Persistence"="c:\windows\system32\igfxpers.exe" [2012-05-10 440088]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.toshiba.ca/welcome/?w=20

mDefault_Page_URL = hxxp://www.toshiba.ca/welcome/?w=20

mStart Page = hxxp://www.toshiba.ca/welcome/?w=20

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 192.168.1.254 192.168.1.254

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{1036AD63-AEAC-460B-9060-C96005D4DC86} - (no file)

WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]

"value"="?\08\01\06\16.6\14"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-01-07 18:46:04

ComboFix-quarantined-files.txt 2013-01-08 01:46

.

Pre-Run: 392,496,144,384 bytes free

Post-Run: 393,601,007,616 bytes free

.

- - End Of File - - E4FF78218B08615BA79611746CEC0CD0

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.5.1

Run by Tyler at 18:51:24 on 2013-01-07

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.3986.1939 [GMT -7:00]

.

AV: TELUS security services *Enabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}

SP: TELUS security services *Enabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

.

============== Running Processes ===============

.

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\windows\system32\taskhost.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Intel\iCLS Client\HeciServer.exe

C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

C:\Program Files (x86)\TELUS\TELUS security services\10.0.41.60099\RpsSecurityAwareR.exe

C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe

C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler64.exe

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\TELUS\TELUS security advisor\ServicepointService.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

C:\windows\system32\SearchIndexer.exe

C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\windows\system32\taskeng.exe

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\windows\system32\notepad.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.toshiba.ca/welcome/?w=20

mStart Page = hxxp://www.toshiba.ca/welcome/?w=20

mDefault_Page_URL = hxxp://www.toshiba.ca/welcome/?w=20

uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

BHO: {1036AD63-AEAC-460B-9060-C96005D4DC86} - <orphaned>

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1505\6.6.1091\TmIEPlg32.dll

BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll

BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Vuze Remote Toolbar: {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"

mRun: [Tsa.exe] "C:\Program Files (x86)\TELUS\TELUS security advisor\Tsa.exe" /AUTORUN

mRun: [TELUS security services] "C:\Program Files (x86)\TELUS\TELUS security services\10.0.41.60099\RPS.exe" -set Silent "1" SplashURL ""

mRun: [sDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

TCP: NameServer = 192.168.1.254 192.168.1.254

TCP: Interfaces\{D4297182-DE5C-4525-A260-03BEBEFBA422} : DHCPNameServer = 192.168.1.254 192.168.1.254

TCP: Interfaces\{D4297182-DE5C-4525-A260-03BEBEFBA422}\2516D616461675962756C6563737 : DHCPNameServer = 4.2.2.1

TCP: Interfaces\{D4297182-DE5C-4525-A260-03BEBEFBA422}\543484F40224143554 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{D4297182-DE5C-4525-A260-03BEBEFBA422}\7474 : DHCPNameServer = 192.168.10.1

TCP: Interfaces\{D4297182-DE5C-4525-A260-03BEBEFBA422}\84F64756C61427473775962756C6563737 : DHCPNameServer = 4.2.2.1

Handler: navnet - {AD6E5643-7B0C-46AA-95AD-9773FF2A857A} - C:\Program Files (x86)\NavNetApp\ComUtilities.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll

Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1505\6.6.1091\TmIEPlg32.dll

Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

x64-mStart Page = hxxp://www.toshiba.ca/welcome/?w=20

x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1505\6.6.1091\TmIEPlg.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll

x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe

x64-Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"

x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\windows\System32\igfxpers.exe

x64-Handler: navnet - {AD6E5643-7B0C-46AA-95AD-9773FF2A857A} - <orphaned>

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll

x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1505\6.6.1091\TmIEPlg.dll

x64-Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\windows\System32\drivers\iusb3hcs.sys [2012-1-5 16152]

R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2009-6-24 482384]

R2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2012-8-5 267480]

R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]

R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-6-17 128280]

R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-6-17 161560]

R2 Radialpoint Security Services;TELUS security services;C:\Program Files (x86)\TELUS\TELUS security services\10.0.41.60099\RpsSecurityAwareR.exe [2012-8-5 154632]

R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-12-24 1103392]

R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-12-24 1369624]

R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-12-24 168384]

R2 ServicepointService;ServicepointService;C:\Program Files (x86)\TELUS\TELUS security advisor\ServicepointService.exe [2012-8-5 10294584]

R2 tmevtmgr;tmevtmgr;C:\windows\System32\drivers\tmevtmgr.sys [2012-8-5 67664]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-6-17 363800]

R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-12-6 331264]

R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\windows\System32\drivers\iusb3hub.sys [2012-1-5 355096]

R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\windows\System32\drivers\iusb3xhc.sys [2012-1-5 786200]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2012-6-17 251496]

R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2012-6-17 565352]

R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2012-6-17 1145448]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-28 398184]

S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-28 682344]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]

S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2012-6-17 48488]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2012-12-28 24176]

S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-8-7 1255736]

.

=============== Created Last 30 ================

.

2013-01-08 00:20:38 256000 ----a-w- C:\windows\PEV.exe

2013-01-08 00:20:38 208896 ----a-w- C:\windows\MBR.exe

2013-01-08 00:20:37 98816 ----a-w- C:\windows\sed.exe

2013-01-06 20:10:52 -------- d-----w- C:\Users\Tyler\AppData\Roaming\AnvSoft

2013-01-06 20:10:22 -------- d-----w- C:\Program Files (x86)\AnvSoft

2013-01-06 15:59:25 -------- d-----w- C:\Program Files (x86)\Conduit

2013-01-06 15:59:21 -------- d-----w- C:\Users\Tyler\AppData\Local\Conduit

2013-01-06 15:59:19 -------- d-----w- C:\Program Files (x86)\Vuze_Remote

2013-01-06 15:58:52 -------- d-----w- C:\Program Files (x86)\Vuze

2013-01-05 22:15:28 -------- d-----w- C:\ProgramData\Kaspersky Lab

2012-12-28 23:21:00 -------- d-----w- C:\Users\Tyler\AppData\Roaming\Malwarebytes

2012-12-28 23:20:42 -------- d-----w- C:\ProgramData\Malwarebytes

2012-12-28 23:20:39 24176 ----a-w- C:\windows\System32\drivers\mbam.sys

2012-12-28 23:20:39 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-12-28 07:48:53 -------- d-----w- C:\Program Files (x86)\FileASSASSIN

2012-12-26 20:52:31 39184 ----a-w- C:\windows\System32\Partizan.exe

2012-12-26 20:47:13 2 --shatr- C:\windows\winstart.bat

2012-12-26 20:47:10 -------- d-----w- C:\ProgramData\RegRun

2012-12-26 20:47:08 35816 ----a-w- C:\windows\SysWow64\drivers\Partizan.sys

2012-12-26 20:47:01 12800 ----a-w- C:\windows\SysWow64\drivers\UnHackMeDrv.sys

2012-12-26 20:46:55 -------- d-----w- C:\Program Files (x86)\UnHackMe

2012-12-24 22:40:21 -------- d-----w- C:\Program Files (x86)\Calibre2

2012-12-24 10:02:57 -------- d-----r- C:\Program Files (x86)\Skype

2012-12-24 09:32:12 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2012-12-24 09:31:57 17272 ----a-w- C:\windows\System32\sdnclean64.exe

2012-12-24 09:31:50 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2

2012-12-24 09:31:10 -------- d-----w- C:\Users\Tyler\AppData\Local\Programs

2012-12-23 04:40:45 -------- d-----w- C:\Users\Tyler\AppData\Local\Windows Live

2012-12-23 04:30:44 -------- d-----w- C:\Users\Tyler\Tracing

2012-12-21 14:31:34 34304 ----a-w- C:\windows\SysWow64\atmlib.dll

2012-12-21 14:31:33 46080 ----a-w- C:\windows\System32\atmlib.dll

2012-12-21 14:31:33 367616 ----a-w- C:\windows\System32\atmfd.dll

2012-12-21 14:31:32 295424 ----a-w- C:\windows\SysWow64\atmfd.dll

2012-12-12 01:46:54 2048 ----a-w- C:\windows\SysWow64\tzres.dll

2012-12-12 01:46:54 2048 ----a-w- C:\windows\System32\tzres.dll

2012-12-12 01:46:09 3149824 ----a-w- C:\windows\System32\win32k.sys

2012-12-12 01:44:18 478208 ----a-w- C:\windows\System32\dpnet.dll

2012-12-12 01:44:18 376832 ----a-w- C:\windows\SysWow64\dpnet.dll

.

==================== Find3M ====================

.

2012-11-14 06:11:44 2312704 ----a-w- C:\windows\System32\jscript9.dll

2012-11-14 06:04:11 1392128 ----a-w- C:\windows\System32\wininet.dll

2012-11-14 06:02:49 1494528 ----a-w- C:\windows\System32\inetcpl.cpl

2012-11-14 05:57:46 599040 ----a-w- C:\windows\System32\vbscript.dll

2012-11-14 05:57:35 173056 ----a-w- C:\windows\System32\ieUnatt.exe

2012-11-14 05:52:40 2382848 ----a-w- C:\windows\System32\mshtml.tlb

2012-11-14 02:09:22 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll

2012-11-14 01:58:15 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl

2012-11-14 01:57:37 1129472 ----a-w- C:\windows\SysWow64\wininet.dll

2012-11-14 01:49:25 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe

2012-11-14 01:48:27 420864 ----a-w- C:\windows\SysWow64\vbscript.dll

2012-11-14 01:44:42 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb

2012-10-16 08:38:37 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38:34 350208 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39:52 561664 ----a-w- C:\windows\apppatch\AcLayers.dll

.

============= FINISH: 18:53:19.23 ===============

I wasnt sure if you wanted the Attach file as well so I included it just in case.

Thank you again for your time.

Attach (2).txt

Link to post
Share on other sites

  • Staff

Hi,

Please see:

Forum Piracy Policy

We will not assist users that are obviously using illegal software.

If any such evidence is found you will be given the benefit of the doubt and the opportunity to completely uninstall and delete any such data from your system.

During the scanning process if any further evidence shows up your topic will be closed and no further assistance will be provided.

If you're using Peer 2 Peer software such as uTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

It's likely why your issue began in the first place.

Link to post
Share on other sites

  • Staff

Hello,

Run TFC by OldTimer to clear temporary files:

  • Please download TFC from here and save it to your desktop.
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Export the threats found (if any), and post them here.

Next, please download AdwCleaner by Xplode onto your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

Next, download my Security Check from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

21:28:30.0276 0656 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

21:28:31.0011 0656 ============================================================

21:28:31.0011 0656 Current date / time: 2013/01/15 21:28:31.0011

21:28:31.0011 0656 SystemInfo:

21:28:31.0011 0656

21:28:31.0011 0656 OS Version: 6.1.7601 ServicePack: 1.0

21:28:31.0011 0656 Product type: Workstation

21:28:31.0011 0656 ComputerName: TYLER-LAPTOP

21:28:31.0011 0656 UserName: Tyler

21:28:31.0011 0656 Windows directory: C:\windows

21:28:31.0011 0656 System windows directory: C:\windows

21:28:31.0011 0656 Running under WOW64

21:28:31.0011 0656 Processor architecture: Intel x64

21:28:31.0011 0656 Number of processors: 2

21:28:31.0011 0656 Page size: 0x1000

21:28:31.0012 0656 Boot type: Normal boot

21:28:31.0012 0656 ============================================================

21:28:31.0596 0656 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

21:28:31.0600 0656 ============================================================

21:28:31.0600 0656 \Device\Harddisk0\DR0:

21:28:31.0601 0656 MBR partitions:

21:28:31.0601 0656 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x38778000

21:28:31.0601 0656 ============================================================

21:28:31.0627 0656 C: <-> \Device\Harddisk0\DR0\Partition1

21:28:31.0627 0656 ============================================================

21:28:31.0627 0656 Initialize success

21:28:31.0627 0656 ============================================================

21:28:33.0079 5344 ============================================================

21:28:33.0079 5344 Scan started

21:28:33.0079 5344 Mode: Manual;

21:28:33.0079 5344 ============================================================

21:28:34.0032 5344 ================ Scan system memory ========================

21:28:34.0032 5344 System memory - ok

21:28:34.0032 5344 ================ Scan services =============================

21:28:34.0357 5344 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys

21:28:34.0362 5344 1394ohci - ok

21:28:34.0436 5344 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys

21:28:34.0441 5344 ACPI - ok

21:28:34.0504 5344 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys

21:28:34.0506 5344 AcpiPmi - ok

21:28:34.0593 5344 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

21:28:34.0595 5344 AdobeARMservice - ok

21:28:34.0713 5344 [ 0D4C486A24A711A45FD83ACDF4D18506 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

21:28:34.0715 5344 AdobeFlashPlayerUpdateSvc - ok

21:28:34.0782 5344 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys

21:28:34.0789 5344 adp94xx - ok

21:28:34.0847 5344 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys

21:28:34.0852 5344 adpahci - ok

21:28:34.0875 5344 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys

21:28:34.0879 5344 adpu320 - ok

21:28:34.0926 5344 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll

21:28:34.0928 5344 AeLookupSvc - ok

21:28:34.0985 5344 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys

21:28:34.0991 5344 AFD - ok

21:28:35.0025 5344 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys

21:28:35.0027 5344 agp440 - ok

21:28:35.0058 5344 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe

21:28:35.0061 5344 ALG - ok

21:28:35.0089 5344 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys

21:28:35.0090 5344 aliide - ok

21:28:35.0106 5344 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys

21:28:35.0108 5344 amdide - ok

21:28:35.0127 5344 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys

21:28:35.0129 5344 AmdK8 - ok

21:28:35.0144 5344 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\drivers\amdppm.sys

21:28:35.0146 5344 AmdPPM - ok

21:28:35.0183 5344 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys

21:28:35.0185 5344 amdsata - ok

21:28:35.0205 5344 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys

21:28:35.0208 5344 amdsbs - ok

21:28:35.0225 5344 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys

21:28:35.0226 5344 amdxata - ok

21:28:35.0340 5344 [ E8494519BCB9E3B1B72E5604993A76E3 ] Amsp C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe

21:28:35.0342 5344 Amsp - ok

21:28:35.0363 5344 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys

21:28:35.0366 5344 AppID - ok

21:28:35.0392 5344 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll

21:28:35.0394 5344 AppIDSvc - ok

21:28:35.0410 5344 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll

21:28:35.0412 5344 Appinfo - ok

21:28:35.0457 5344 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys

21:28:35.0459 5344 arc - ok

21:28:35.0469 5344 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys

21:28:35.0472 5344 arcsas - ok

21:28:35.0493 5344 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys

21:28:35.0495 5344 AsyncMac - ok

21:28:35.0518 5344 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys

21:28:35.0519 5344 atapi - ok

21:28:35.0569 5344 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll

21:28:35.0578 5344 AudioEndpointBuilder - ok

21:28:35.0589 5344 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll

21:28:35.0594 5344 AudioSrv - ok

21:28:35.0629 5344 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll

21:28:35.0632 5344 AxInstSV - ok

21:28:35.0672 5344 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys

21:28:35.0678 5344 b06bdrv - ok

21:28:35.0717 5344 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys

21:28:35.0721 5344 b57nd60a - ok

21:28:35.0760 5344 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll

21:28:35.0762 5344 BDESVC - ok

21:28:35.0783 5344 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys

21:28:35.0785 5344 Beep - ok

21:28:35.0826 5344 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll

21:28:35.0835 5344 BFE - ok

21:28:35.0881 5344 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\system32\qmgr.dll

21:28:35.0892 5344 BITS - ok

21:28:35.0932 5344 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys

21:28:35.0934 5344 blbdrive - ok

21:28:35.0957 5344 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys

21:28:35.0959 5344 bowser - ok

21:28:35.0990 5344 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys

21:28:35.0991 5344 BrFiltLo - ok

21:28:36.0019 5344 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys

21:28:36.0020 5344 BrFiltUp - ok

21:28:36.0067 5344 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\windows\system32\DRIVERS\bridge.sys

21:28:36.0069 5344 BridgeMP - ok

21:28:36.0108 5344 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll

21:28:36.0111 5344 Browser - ok

21:28:36.0151 5344 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys

21:28:36.0155 5344 Brserid - ok

21:28:36.0166 5344 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys

21:28:36.0168 5344 BrSerWdm - ok

21:28:36.0206 5344 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys

21:28:36.0208 5344 BrUsbMdm - ok

21:28:36.0216 5344 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys

21:28:36.0218 5344 BrUsbSer - ok

21:28:36.0234 5344 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys

21:28:36.0236 5344 BTHMODEM - ok

21:28:36.0276 5344 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll

21:28:36.0278 5344 bthserv - ok

21:28:36.0312 5344 catchme - ok

21:28:36.0342 5344 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys

21:28:36.0344 5344 cdfs - ok

21:28:36.0377 5344 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys

21:28:36.0380 5344 cdrom - ok

21:28:36.0419 5344 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll

21:28:36.0421 5344 CertPropSvc - ok

21:28:36.0451 5344 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys

21:28:36.0453 5344 circlass - ok

21:28:36.0481 5344 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys

21:28:36.0486 5344 CLFS - ok

21:28:36.0570 5344 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

21:28:36.0572 5344 clr_optimization_v2.0.50727_32 - ok

21:28:36.0650 5344 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

21:28:36.0653 5344 clr_optimization_v2.0.50727_64 - ok

21:28:36.0729 5344 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

21:28:36.0731 5344 clr_optimization_v4.0.30319_32 - ok

21:28:36.0774 5344 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

21:28:36.0775 5344 clr_optimization_v4.0.30319_64 - ok

21:28:36.0803 5344 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys

21:28:36.0805 5344 CmBatt - ok

21:28:36.0818 5344 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys

21:28:36.0820 5344 cmdide - ok

21:28:36.0875 5344 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys

21:28:36.0881 5344 CNG - ok

21:28:36.0970 5344 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\drivers\compbatt.sys

21:28:36.0971 5344 Compbatt - ok

21:28:36.0980 5344 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys

21:28:36.0982 5344 CompositeBus - ok

21:28:36.0996 5344 COMSysApp - ok

21:28:37.0044 5344 [ 723E3512D6D1FF75E5398981B38FCEF7 ] cphs C:\windows\SysWow64\IntelCpHeciSvc.exe

21:28:37.0048 5344 cphs - ok

21:28:37.0061 5344 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys

21:28:37.0063 5344 crcdisk - ok

21:28:37.0125 5344 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll

21:28:37.0128 5344 CryptSvc - ok

21:28:37.0162 5344 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll

21:28:37.0169 5344 DcomLaunch - ok

21:28:37.0196 5344 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll

21:28:37.0200 5344 defragsvc - ok

21:28:37.0230 5344 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys

21:28:37.0232 5344 DfsC - ok

21:28:37.0273 5344 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll

21:28:37.0278 5344 Dhcp - ok

21:28:37.0317 5344 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys

21:28:37.0319 5344 discache - ok

21:28:37.0344 5344 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys

21:28:37.0346 5344 Disk - ok

21:28:37.0369 5344 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll

21:28:37.0372 5344 Dnscache - ok

21:28:37.0388 5344 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll

21:28:37.0392 5344 dot3svc - ok

21:28:37.0412 5344 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll

21:28:37.0415 5344 DPS - ok

21:28:37.0451 5344 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys

21:28:37.0453 5344 drmkaud - ok

21:28:37.0486 5344 [ 85DBF6EC7BDFA6187F4A1EC8F3145CD0 ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys

21:28:37.0493 5344 DXGKrnl - ok

21:28:37.0530 5344 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll

21:28:37.0533 5344 EapHost - ok

21:28:37.0619 5344 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys

21:28:37.0687 5344 ebdrv - ok

21:28:37.0748 5344 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe

21:28:37.0750 5344 EFS - ok

21:28:37.0809 5344 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe

21:28:37.0818 5344 ehRecvr - ok

21:28:37.0835 5344 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe

21:28:37.0837 5344 ehSched - ok

21:28:37.0878 5344 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys

21:28:37.0885 5344 elxstor - ok

21:28:37.0900 5344 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys

21:28:37.0902 5344 ErrDev - ok

21:28:37.0940 5344 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll

21:28:37.0946 5344 EventSystem - ok

21:28:37.0967 5344 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys

21:28:37.0970 5344 exfat - ok

21:28:37.0999 5344 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys

21:28:38.0002 5344 fastfat - ok

21:28:38.0038 5344 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe

21:28:38.0047 5344 Fax - ok

21:28:38.0070 5344 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys

21:28:38.0072 5344 fdc - ok

21:28:38.0101 5344 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll

21:28:38.0103 5344 fdPHost - ok

21:28:38.0117 5344 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll

21:28:38.0119 5344 FDResPub - ok

21:28:38.0148 5344 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys

21:28:38.0151 5344 FileInfo - ok

21:28:38.0154 5344 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys

21:28:38.0157 5344 Filetrace - ok

21:28:38.0177 5344 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys

21:28:38.0179 5344 flpydisk - ok

21:28:38.0209 5344 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys

21:28:38.0213 5344 FltMgr - ok

21:28:38.0345 5344 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll

21:28:38.0359 5344 FontCache - ok

21:28:38.0436 5344 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

21:28:38.0438 5344 FontCache3.0.0.0 - ok

21:28:38.0462 5344 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys

21:28:38.0464 5344 FsDepends - ok

21:28:38.0499 5344 [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr C:\windows\system32\DRIVERS\fssfltr.sys

21:28:38.0501 5344 fssfltr - ok

21:28:38.0601 5344 [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe

21:28:38.0618 5344 fsssvc - ok

21:28:38.0647 5344 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys

21:28:38.0649 5344 Fs_Rec - ok

21:28:38.0671 5344 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys

21:28:38.0675 5344 fvevol - ok

21:28:38.0706 5344 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys

21:28:38.0708 5344 gagp30kx - ok

21:28:38.0782 5344 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

21:28:38.0785 5344 GamesAppService - ok

21:28:38.0825 5344 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll

21:28:38.0837 5344 gpsvc - ok

21:28:38.0890 5344 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

21:28:38.0892 5344 gupdate - ok

21:28:38.0902 5344 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

21:28:38.0904 5344 gupdatem - ok

21:28:38.0949 5344 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys

21:28:38.0951 5344 hcw85cir - ok

21:28:39.0021 5344 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys

21:28:39.0033 5344 HdAudAddService - ok

21:28:39.0053 5344 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys

21:28:39.0055 5344 HDAudBus - ok

21:28:39.0070 5344 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys

21:28:39.0072 5344 HidBatt - ok

21:28:39.0097 5344 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\drivers\hidbth.sys

21:28:39.0099 5344 HidBth - ok

21:28:39.0124 5344 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys

21:28:39.0126 5344 HidIr - ok

21:28:39.0152 5344 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\System32\hidserv.dll

21:28:39.0154 5344 hidserv - ok

21:28:39.0198 5344 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys

21:28:39.0200 5344 HidUsb - ok

21:28:39.0235 5344 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll

21:28:39.0238 5344 hkmsvc - ok

21:28:39.0269 5344 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll

21:28:39.0273 5344 HomeGroupListener - ok

21:28:39.0299 5344 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll

21:28:39.0303 5344 HomeGroupProvider - ok

21:28:39.0326 5344 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys

21:28:39.0329 5344 HpSAMD - ok

21:28:39.0372 5344 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys

21:28:39.0381 5344 HTTP - ok

21:28:39.0398 5344 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys

21:28:39.0400 5344 hwpolicy - ok

21:28:39.0429 5344 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys

21:28:39.0431 5344 i8042prt - ok

21:28:39.0470 5344 [ C224331A54571C8C9162F7714400BBBD ] iaStor C:\windows\system32\DRIVERS\iaStor.sys

21:28:39.0474 5344 iaStor - ok

21:28:39.0504 5344 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys

21:28:39.0510 5344 iaStorV - ok

21:28:39.0581 5344 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

21:28:39.0591 5344 idsvc - ok

21:28:39.0868 5344 [ 9AA61DC7AA32C1D1260C4267FF07E0C1 ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys

21:28:40.0119 5344 igfx - ok

21:28:40.0169 5344 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys

21:28:40.0171 5344 iirsp - ok

21:28:40.0215 5344 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll

21:28:40.0225 5344 IKEEXT - ok

21:28:40.0336 5344 [ 7C49C45A86CC0CD59C36701FB2A91E77 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys

21:28:40.0362 5344 IntcAzAudAddService - ok

21:28:40.0409 5344 [ 6C9FFFECA9FED31347D211C5D1FFBD2D ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys

21:28:40.0413 5344 IntcDAud - ok

21:28:40.0493 5344 [ 832CE330DD987227B7DEA8C03F22AEFA ] Intel® Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe

21:28:40.0497 5344 Intel® Capability Licensing Service Interface - ok

21:28:40.0538 5344 [ 896AA2F1D79662B17D5DBBE588E24E30 ] Intel® ME Service C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

21:28:40.0540 5344 Intel® ME Service - ok

21:28:40.0558 5344 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys

21:28:40.0560 5344 intelide - ok

21:28:40.0602 5344 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys

21:28:40.0603 5344 intelppm - ok

21:28:40.0636 5344 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll

21:28:40.0639 5344 IPBusEnum - ok

21:28:40.0651 5344 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys

21:28:40.0653 5344 IpFilterDriver - ok

21:28:40.0703 5344 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\windows\System32\iphlpsvc.dll

21:28:40.0711 5344 iphlpsvc - ok

21:28:40.0728 5344 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys

21:28:40.0730 5344 IPMIDRV - ok

21:28:40.0752 5344 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys

21:28:40.0755 5344 IPNAT - ok

21:28:40.0781 5344 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys

21:28:40.0783 5344 IRENUM - ok

21:28:40.0799 5344 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys

21:28:40.0801 5344 isapnp - ok

21:28:40.0837 5344 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys

21:28:40.0842 5344 iScsiPrt - ok

21:28:40.0909 5344 [ 8E4577C6E0D3114170509159DE658907 ] iusb3hcs C:\windows\system32\DRIVERS\iusb3hcs.sys

21:28:40.0910 5344 iusb3hcs - ok

21:28:40.0933 5344 [ FE76346E9B57DA575BD1B3BD0CCAD7FF ] iusb3hub C:\windows\system32\DRIVERS\iusb3hub.sys

21:28:40.0936 5344 iusb3hub - ok

21:28:40.0956 5344 [ 1008CD90DA2198FFD250298DEB9DF160 ] iusb3xhc C:\windows\system32\DRIVERS\iusb3xhc.sys

21:28:40.0961 5344 iusb3xhc - ok

21:28:41.0000 5344 [ 3C6630473DD42FFC57D9F5564F533127 ] jhi_service C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

21:28:41.0002 5344 jhi_service - ok

21:28:41.0022 5344 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys

21:28:41.0023 5344 kbdclass - ok

21:28:41.0057 5344 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys

21:28:41.0058 5344 kbdhid - ok

21:28:41.0071 5344 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe

21:28:41.0072 5344 KeyIso - ok

21:28:41.0104 5344 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys

21:28:41.0106 5344 KSecDD - ok

21:28:41.0111 5344 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys

21:28:41.0114 5344 KSecPkg - ok

21:28:41.0143 5344 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys

21:28:41.0145 5344 ksthunk - ok

21:28:41.0181 5344 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll

21:28:41.0186 5344 KtmRm - ok

21:28:41.0233 5344 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\System32\srvsvc.dll

21:28:41.0237 5344 LanmanServer - ok

21:28:41.0268 5344 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll

21:28:41.0271 5344 LanmanWorkstation - ok

21:28:41.0306 5344 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys

21:28:41.0309 5344 lltdio - ok

21:28:41.0326 5344 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll

21:28:41.0331 5344 lltdsvc - ok

21:28:41.0371 5344 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll

21:28:41.0373 5344 lmhosts - ok

21:28:41.0431 5344 [ 2B23FAA39D8F949ED5EEE03ECA50BCD5 ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

21:28:41.0433 5344 LMS - ok

21:28:41.0456 5344 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys

21:28:41.0459 5344 LSI_FC - ok

21:28:41.0485 5344 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys

21:28:41.0488 5344 LSI_SAS - ok

21:28:41.0499 5344 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys

21:28:41.0502 5344 LSI_SAS2 - ok

21:28:41.0521 5344 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys

21:28:41.0523 5344 LSI_SCSI - ok

21:28:41.0542 5344 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys

21:28:41.0545 5344 luafv - ok

21:28:41.0595 5344 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\windows\system32\drivers\mbam.sys

21:28:41.0596 5344 MBAMProtector - ok

21:28:41.0665 5344 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

21:28:41.0704 5344 MBAMScheduler - ok

21:28:41.0738 5344 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

21:28:41.0789 5344 MBAMService - ok

21:28:41.0817 5344 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll

21:28:41.0820 5344 Mcx2Svc - ok

21:28:41.0840 5344 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys

21:28:41.0842 5344 megasas - ok

21:28:41.0877 5344 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys

21:28:41.0882 5344 MegaSR - ok

21:28:41.0919 5344 [ 6B01B7414A105B9E51652089A03027CF ] MEIx64 C:\windows\system32\DRIVERS\HECIx64.sys

21:28:41.0920 5344 MEIx64 - ok

21:28:41.0961 5344 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll

21:28:41.0964 5344 MMCSS - ok

21:28:41.0980 5344 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys

21:28:41.0982 5344 Modem - ok

21:28:42.0015 5344 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys

21:28:42.0016 5344 monitor - ok

21:28:42.0028 5344 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys

21:28:42.0030 5344 mouclass - ok

21:28:42.0055 5344 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys

21:28:42.0057 5344 mouhid - ok

21:28:42.0072 5344 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys

21:28:42.0074 5344 mountmgr - ok

21:28:42.0089 5344 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys

21:28:42.0093 5344 mpio - ok

21:28:42.0108 5344 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys

21:28:42.0111 5344 mpsdrv - ok

21:28:42.0143 5344 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll

21:28:42.0153 5344 MpsSvc - ok

21:28:42.0169 5344 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys

21:28:42.0172 5344 MRxDAV - ok

21:28:42.0204 5344 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys

21:28:42.0206 5344 mrxsmb - ok

21:28:42.0217 5344 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys

21:28:42.0222 5344 mrxsmb10 - ok

21:28:42.0239 5344 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys

21:28:42.0241 5344 mrxsmb20 - ok

21:28:42.0264 5344 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\DRIVERS\msahci.sys

21:28:42.0266 5344 msahci - ok

21:28:42.0280 5344 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys

21:28:42.0283 5344 msdsm - ok

21:28:42.0300 5344 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe

21:28:42.0304 5344 MSDTC - ok

21:28:42.0326 5344 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys

21:28:42.0327 5344 Msfs - ok

21:28:42.0346 5344 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys

21:28:42.0347 5344 mshidkmdf - ok

21:28:42.0354 5344 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys

21:28:42.0356 5344 msisadrv - ok

21:28:42.0377 5344 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll

21:28:42.0380 5344 MSiSCSI - ok

21:28:42.0384 5344 msiserver - ok

21:28:42.0419 5344 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys

21:28:42.0421 5344 MSKSSRV - ok

21:28:42.0429 5344 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys

21:28:42.0431 5344 MSPCLOCK - ok

21:28:42.0438 5344 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys

21:28:42.0440 5344 MSPQM - ok

21:28:42.0461 5344 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys

21:28:42.0466 5344 MsRPC - ok

21:28:42.0484 5344 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys

21:28:42.0485 5344 mssmbios - ok

21:28:42.0498 5344 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys

21:28:42.0500 5344 MSTEE - ok

21:28:42.0519 5344 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys

21:28:42.0521 5344 MTConfig - ok

21:28:42.0535 5344 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys

21:28:42.0537 5344 Mup - ok

21:28:42.0573 5344 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll

21:28:42.0580 5344 napagent - ok

21:28:42.0620 5344 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys

21:28:42.0625 5344 NativeWifiP - ok

21:28:42.0686 5344 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys

21:28:42.0697 5344 NDIS - ok

21:28:42.0739 5344 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys

21:28:42.0740 5344 NdisCap - ok

21:28:42.0761 5344 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys

21:28:42.0763 5344 NdisTapi - ok

21:28:42.0779 5344 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys

21:28:42.0780 5344 Ndisuio - ok

21:28:42.0792 5344 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys

21:28:42.0795 5344 NdisWan - ok

21:28:42.0818 5344 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys

21:28:42.0820 5344 NDProxy - ok

21:28:42.0857 5344 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys

21:28:42.0858 5344 NetBIOS - ok

21:28:42.0872 5344 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys

21:28:42.0876 5344 NetBT - ok

21:28:42.0905 5344 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe

21:28:42.0907 5344 Netlogon - ok

21:28:42.0956 5344 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll

21:28:42.0962 5344 Netman - ok

21:28:42.0985 5344 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll

21:28:42.0991 5344 netprofm - ok

21:28:43.0019 5344 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

21:28:43.0022 5344 NetTcpPortSharing - ok

21:28:43.0060 5344 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys

21:28:43.0062 5344 nfrd960 - ok

21:28:43.0084 5344 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\windows\System32\nlasvc.dll

21:28:43.0089 5344 NlaSvc - ok

21:28:43.0106 5344 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys

21:28:43.0107 5344 Npfs - ok

21:28:43.0134 5344 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll

21:28:43.0136 5344 nsi - ok

21:28:43.0151 5344 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys

21:28:43.0153 5344 nsiproxy - ok

21:28:43.0211 5344 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\windows\system32\drivers\Ntfs.sys

21:28:43.0229 5344 Ntfs - ok

21:28:43.0260 5344 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys

21:28:43.0261 5344 Null - ok

21:28:43.0292 5344 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys

21:28:43.0295 5344 nvraid - ok

21:28:43.0310 5344 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys

21:28:43.0313 5344 nvstor - ok

21:28:43.0342 5344 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys

21:28:43.0345 5344 nv_agp - ok

21:28:43.0360 5344 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys

21:28:43.0362 5344 ohci1394 - ok

21:28:43.0394 5344 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll

21:28:43.0399 5344 p2pimsvc - ok

21:28:43.0415 5344 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll

21:28:43.0422 5344 p2psvc - ok

21:28:43.0442 5344 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys

21:28:43.0445 5344 Parport - ok

21:28:43.0463 5344 Partizan - ok

21:28:43.0492 5344 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys

21:28:43.0494 5344 partmgr - ok

21:28:43.0525 5344 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll

21:28:43.0529 5344 PcaSvc - ok

21:28:43.0556 5344 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys

21:28:43.0559 5344 pci - ok

21:28:43.0579 5344 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\DRIVERS\pciide.sys

21:28:43.0581 5344 pciide - ok

21:28:43.0623 5344 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys

21:28:43.0627 5344 pcmcia - ok

21:28:43.0642 5344 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys

21:28:43.0643 5344 pcw - ok

21:28:43.0667 5344 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys

21:28:43.0676 5344 PEAUTH - ok

21:28:43.0760 5344 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe

21:28:43.0763 5344 PerfHost - ok

21:28:43.0822 5344 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll

21:28:43.0839 5344 pla - ok

21:28:43.0879 5344 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll

21:28:43.0885 5344 PlugPlay - ok

21:28:43.0912 5344 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll

21:28:43.0915 5344 PNRPAutoReg - ok

21:28:43.0927 5344 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll

21:28:43.0930 5344 PNRPsvc - ok

21:28:43.0963 5344 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll

21:28:43.0970 5344 PolicyAgent - ok

21:28:43.0988 5344 [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power C:\windows\system32\umpo.dll

21:28:43.0992 5344 Power - ok

21:28:44.0022 5344 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys

21:28:44.0025 5344 PptpMiniport - ok

21:28:44.0040 5344 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys

21:28:44.0043 5344 Processor - ok

21:28:44.0076 5344 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll

21:28:44.0079 5344 ProfSvc - ok

21:28:44.0094 5344 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe

21:28:44.0096 5344 ProtectedStorage - ok

21:28:44.0123 5344 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys

21:28:44.0125 5344 Psched - ok

21:28:44.0188 5344 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys

21:28:44.0205 5344 ql2300 - ok

21:28:44.0227 5344 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys

21:28:44.0230 5344 ql40xx - ok

21:28:44.0260 5344 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll

21:28:44.0265 5344 QWAVE - ok

21:28:44.0290 5344 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys

21:28:44.0292 5344 QWAVEdrv - ok

21:28:44.0363 5344 [ E6E6FF608EBCE808298F8EF08D1DDABA ] Radialpoint Security Services C:\Program Files (x86)\TELUS\TELUS security services\10.0.41.60099\RpsSecurityAwareR.exe

21:28:44.0365 5344 Radialpoint Security Services - ok

21:28:44.0384 5344 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys

21:28:44.0385 5344 RasAcd - ok

21:28:44.0419 5344 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys

21:28:44.0420 5344 RasAgileVpn - ok

21:28:44.0449 5344 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll

21:28:44.0452 5344 RasAuto - ok

21:28:44.0476 5344 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys

21:28:44.0479 5344 Rasl2tp - ok

21:28:44.0512 5344 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll

21:28:44.0518 5344 RasMan - ok

21:28:44.0534 5344 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys

21:28:44.0536 5344 RasPppoe - ok

21:28:44.0556 5344 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys

21:28:44.0559 5344 RasSstp - ok

21:28:44.0573 5344 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys

21:28:44.0577 5344 rdbss - ok

21:28:44.0602 5344 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\drivers\rdpbus.sys

21:28:44.0604 5344 rdpbus - ok

21:28:44.0620 5344 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys

21:28:44.0621 5344 RDPCDD - ok

21:28:44.0634 5344 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys

21:28:44.0635 5344 RDPENCDD - ok

21:28:44.0648 5344 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys

21:28:44.0650 5344 RDPREFMP - ok

21:28:44.0679 5344 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys

21:28:44.0683 5344 RDPWD - ok

21:28:44.0716 5344 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys

21:28:44.0719 5344 rdyboost - ok

21:28:44.0745 5344 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll

21:28:44.0748 5344 RemoteAccess - ok

21:28:44.0772 5344 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll

21:28:44.0775 5344 RemoteRegistry - ok

21:28:44.0803 5344 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll

21:28:44.0806 5344 RpcEptMapper - ok

21:28:44.0833 5344 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe

21:28:44.0835 5344 RpcLocator - ok

21:28:44.0907 5344 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll

21:28:44.0912 5344 RpcSs - ok

21:28:44.0930 5344 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys

21:28:44.0932 5344 rspndr - ok

21:28:44.0965 5344 [ BB1C3DF1D6CC0972E9C7268A19E62D2E ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys

21:28:44.0967 5344 RSUSBSTOR - ok

21:28:45.0003 5344 [ 9140DB0911DE035FED0A9A77A2D156EA ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys

21:28:45.0007 5344 RTL8167 - ok

21:28:45.0057 5344 [ F33E70E48A54A7A1BFBEEB4F3B273E4A ] RTL8192Ce C:\windows\system32\DRIVERS\rtl8192Ce.sys

21:28:45.0064 5344 RTL8192Ce - ok

21:28:45.0072 5344 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe

21:28:45.0073 5344 SamSs - ok

21:28:45.0095 5344 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys

21:28:45.0098 5344 sbp2port - ok

21:28:45.0130 5344 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll

21:28:45.0135 5344 SCardSvr - ok

21:28:45.0159 5344 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys

21:28:45.0161 5344 scfilter - ok

21:28:45.0197 5344 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll

21:28:45.0210 5344 Schedule - ok

21:28:45.0231 5344 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll

21:28:45.0233 5344 SCPolicySvc - ok

21:28:45.0262 5344 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll

21:28:45.0266 5344 SDRSVC - ok

21:28:45.0335 5344 [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe

21:28:45.0342 5344 SDScannerService - ok

21:28:45.0418 5344 [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

21:28:45.0427 5344 SDUpdateService - ok

21:28:45.0479 5344 [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

21:28:45.0481 5344 SDWSCService - ok

21:28:45.0500 5344 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys

21:28:45.0502 5344 secdrv - ok

21:28:45.0525 5344 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll

21:28:45.0527 5344 seclogon - ok

21:28:45.0556 5344 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\system32\sens.dll

21:28:45.0559 5344 SENS - ok

21:28:45.0570 5344 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll

21:28:45.0573 5344 SensrSvc - ok

21:28:45.0595 5344 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\drivers\serenum.sys

21:28:45.0597 5344 Serenum - ok

21:28:45.0633 5344 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\drivers\serial.sys

21:28:45.0635 5344 Serial - ok

21:28:45.0660 5344 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys

21:28:45.0662 5344 sermouse - ok

21:28:45.0944 5344 [ 92FE5797E7FB6E405254AF0EBC9A53B4 ] ServicepointService C:\Program Files (x86)\TELUS\TELUS security advisor\ServicepointService.exe

21:28:46.0005 5344 ServicepointService - ok

21:28:46.0032 5344 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll

21:28:46.0036 5344 SessionEnv - ok

21:28:46.0055 5344 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys

21:28:46.0057 5344 sffdisk - ok

21:28:46.0074 5344 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys

21:28:46.0076 5344 sffp_mmc - ok

21:28:46.0094 5344 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys

21:28:46.0095 5344 sffp_sd - ok

21:28:46.0107 5344 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys

21:28:46.0108 5344 sfloppy - ok

21:28:46.0132 5344 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll

21:28:46.0137 5344 SharedAccess - ok

21:28:46.0163 5344 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll

21:28:46.0169 5344 ShellHWDetection - ok

21:28:46.0200 5344 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys

21:28:46.0202 5344 SiSRaid2 - ok

21:28:46.0217 5344 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys

21:28:46.0220 5344 SiSRaid4 - ok

21:28:46.0257 5344 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe

21:28:46.0259 5344 SkypeUpdate - ok

21:28:46.0294 5344 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys

21:28:46.0296 5344 Smb - ok

21:28:46.0345 5344 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe

21:28:46.0347 5344 SNMPTRAP - ok

21:28:46.0354 5344 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys

21:28:46.0355 5344 spldr - ok

21:28:46.0392 5344 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe

21:28:46.0397 5344 Spooler - ok

21:28:46.0472 5344 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe

21:28:46.0495 5344 sppsvc - ok

21:28:46.0514 5344 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll

21:28:46.0517 5344 sppuinotify - ok

21:28:46.0544 5344 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys

21:28:46.0550 5344 srv - ok

21:28:46.0566 5344 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys

21:28:46.0571 5344 srv2 - ok

21:28:46.0584 5344 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys

21:28:46.0587 5344 srvnet - ok

21:28:46.0615 5344 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll

21:28:46.0620 5344 SSDPSRV - ok

21:28:46.0634 5344 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll

21:28:46.0637 5344 SstpSvc - ok

21:28:46.0689 5344 Steam Client Service - ok

21:28:46.0706 5344 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys

21:28:46.0708 5344 stexstor - ok

21:28:46.0738 5344 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll

21:28:46.0746 5344 stisvc - ok

21:28:46.0769 5344 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys

21:28:46.0770 5344 swenum - ok

21:28:46.0805 5344 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll

21:28:46.0813 5344 swprv - ok

21:28:46.0873 5344 [ B868E292FBA5B62B9FC71572A5FAEF5C ] SynTP C:\windows\system32\DRIVERS\SynTP.sys

21:28:46.0876 5344 SynTP - ok

21:28:46.0942 5344 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll

21:28:46.0962 5344 SysMain - ok

21:28:46.0971 5344 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll

21:28:46.0974 5344 TabletInputService - ok

21:28:47.0002 5344 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll

21:28:47.0008 5344 TapiSrv - ok

21:28:47.0020 5344 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll

21:28:47.0023 5344 TBS - ok

21:28:47.0095 5344 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\windows\system32\drivers\tcpip.sys

21:28:47.0116 5344 Tcpip - ok

21:28:47.0172 5344 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys

21:28:47.0185 5344 TCPIP6 - ok

21:28:47.0226 5344 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys

21:28:47.0228 5344 tcpipreg - ok

21:28:47.0275 5344 TDEIO - ok

21:28:47.0298 5344 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys

21:28:47.0300 5344 TDPIPE - ok

21:28:47.0312 5344 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys

21:28:47.0314 5344 TDTCP - ok

21:28:47.0339 5344 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys

21:28:47.0342 5344 tdx - ok

21:28:47.0356 5344 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys

21:28:47.0358 5344 TermDD - ok

21:28:47.0391 5344 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll

21:28:47.0400 5344 TermService - ok

21:28:47.0410 5344 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll

21:28:47.0413 5344 Themes - ok

21:28:47.0429 5344 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll

21:28:47.0431 5344 THREADORDER - ok

21:28:47.0464 5344 [ 73AAFFDD2AC3C8814B26C440E5DD9DD4 ] tmactmon C:\windows\system32\DRIVERS\tmactmon.sys

21:28:47.0466 5344 tmactmon - ok

21:28:47.0484 5344 [ 360E61217D4E1E333583D0C721057F70 ] tmcomm C:\windows\system32\DRIVERS\tmcomm.sys

21:28:47.0485 5344 tmcomm - ok

21:28:47.0503 5344 [ 699D34EB7C670139CA23A65372BD5743 ] tmevtmgr C:\windows\system32\DRIVERS\tmevtmgr.sys

21:28:47.0504 5344 tmevtmgr - ok

21:28:47.0545 5344 [ 262198EFB734012BFCD17E7479AE4A09 ] tmtdi C:\windows\system32\DRIVERS\tmtdi.sys

21:28:47.0546 5344 tmtdi - ok

21:28:47.0589 5344 [ 09FF7B0B1B5C3D225495CB6F5A9B39F8 ] tos_sps64 C:\windows\system32\DRIVERS\tos_sps64.sys

21:28:47.0595 5344 tos_sps64 - ok

21:28:47.0621 5344 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll

21:28:47.0625 5344 TrkWks - ok

21:28:47.0670 5344 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe

21:28:47.0673 5344 TrustedInstaller - ok

21:28:47.0698 5344 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys

21:28:47.0700 5344 tssecsrv - ok

21:28:47.0723 5344 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys

21:28:47.0725 5344 TsUsbFlt - ok

21:28:47.0744 5344 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys

21:28:47.0746 5344 TsUsbGD - ok

21:28:47.0781 5344 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys

21:28:47.0784 5344 tunnel - ok

21:28:47.0803 5344 [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ C:\windows\system32\DRIVERS\TVALZ_O.SYS

21:28:47.0804 5344 TVALZ - ok

21:28:47.0816 5344 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys

21:28:47.0818 5344 uagp35 - ok

21:28:47.0843 5344 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys

21:28:47.0847 5344 udfs - ok

21:28:47.0877 5344 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe

21:28:47.0880 5344 UI0Detect - ok

21:28:47.0899 5344 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys

21:28:47.0901 5344 uliagpkx - ok

21:28:47.0929 5344 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys

21:28:47.0930 5344 umbus - ok

21:28:47.0956 5344 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\drivers\umpass.sys

21:28:47.0957 5344 UmPass - ok

21:28:48.0047 5344 [ 3C5405EF78576E8E4D791EB18F6856A8 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

21:28:48.0050 5344 UNS - ok

21:28:48.0076 5344 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll

21:28:48.0082 5344 upnphost - ok

21:28:48.0104 5344 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys

21:28:48.0107 5344 usbccgp - ok

21:28:48.0128 5344 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys

21:28:48.0131 5344 usbcir - ok

21:28:48.0150 5344 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys

21:28:48.0152 5344 usbehci - ok

21:28:48.0189 5344 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys

21:28:48.0193 5344 usbhub - ok

21:28:48.0211 5344 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys

21:28:48.0213 5344 usbohci - ok

21:28:48.0241 5344 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys

21:28:48.0243 5344 usbprint - ok

21:28:48.0342 5344 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys

21:28:48.0344 5344 usbscan - ok

21:28:48.0362 5344 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS

21:28:48.0365 5344 USBSTOR - ok

21:28:48.0394 5344 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys

21:28:48.0396 5344 usbuhci - ok

21:28:48.0440 5344 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys

21:28:48.0443 5344 usbvideo - ok

21:28:48.0472 5344 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll

21:28:48.0475 5344 UxSms - ok

21:28:48.0483 5344 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe

21:28:48.0484 5344 VaultSvc - ok

21:28:48.0509 5344 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys

21:28:48.0510 5344 vdrvroot - ok

21:28:48.0539 5344 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe

21:28:48.0547 5344 vds - ok

21:28:48.0567 5344 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys

21:28:48.0569 5344 vga - ok

21:28:48.0584 5344 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys

21:28:48.0586 5344 VgaSave - ok

21:28:48.0602 5344 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys

21:28:48.0606 5344 vhdmp - ok

21:28:48.0625 5344 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys

21:28:48.0627 5344 viaide - ok

21:28:48.0654 5344 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys

21:28:48.0656 5344 volmgr - ok

21:28:48.0677 5344 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys

21:28:48.0682 5344 volmgrx - ok

21:28:48.0704 5344 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\windows\system32\drivers\volsnap.sys

21:28:48.0707 5344 volsnap - ok

21:28:48.0739 5344 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys

21:28:48.0742 5344 vsmraid - ok

21:28:48.0797 5344 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe

21:28:48.0809 5344 VSS - ok

21:28:48.0827 5344 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys

21:28:48.0829 5344 vwifibus - ok

21:28:48.0872 5344 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys

21:28:48.0874 5344 vwififlt - ok

21:28:48.0915 5344 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys

21:28:48.0917 5344 vwifimp - ok

21:28:48.0949 5344 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll

21:28:48.0955 5344 W32Time - ok

21:28:48.0975 5344 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys

21:28:48.0977 5344 WacomPen - ok

21:28:49.0000 5344 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys

21:28:49.0003 5344 WANARP - ok

21:28:49.0018 5344 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys

21:28:49.0019 5344 Wanarpv6 - ok

21:28:49.0079 5344 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe

21:28:49.0094 5344 WatAdminSvc - ok

21:28:49.0142 5344 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe

21:28:49.0160 5344 wbengine - ok

21:28:49.0178 5344 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll

21:28:49.0182 5344 WbioSrvc - ok

21:28:49.0218 5344 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll

21:28:49.0224 5344 wcncsvc - ok

21:28:49.0236 5344 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll

21:28:49.0239 5344 WcsPlugInService - ok

21:28:49.0263 5344 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys

21:28:49.0264 5344 Wd - ok

21:28:49.0309 5344 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys

21:28:49.0319 5344 Wdf01000 - ok

21:28:49.0343 5344 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll

21:28:49.0347 5344 WdiServiceHost - ok

21:28:49.0350 5344 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll

21:28:49.0353 5344 WdiSystemHost - ok

21:28:49.0374 5344 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll

21:28:49.0379 5344 WebClient - ok

21:28:49.0391 5344 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll

21:28:49.0396 5344 Wecsvc - ok

21:28:49.0424 5344 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll

21:28:49.0427 5344 wercplsupport - ok

21:28:49.0450 5344 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll

21:28:49.0453 5344 WerSvc - ok

21:28:49.0461 5344 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys

21:28:49.0462 5344 WfpLwf - ok

21:28:49.0492 5344 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys

21:28:49.0494 5344 WIMMount - ok

21:28:49.0508 5344 WinDefend - ok

21:28:49.0513 5344 WinHttpAutoProxySvc - ok

21:28:49.0563 5344 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll

21:28:49.0567 5344 Winmgmt - ok

21:28:49.0626 5344 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll

21:28:49.0650 5344 WinRM - ok

21:28:49.0699 5344 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll

21:28:49.0711 5344 Wlansvc - ok

21:28:49.0773 5344 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

21:28:49.0775 5344 wlcrasvc - ok

21:28:49.0837 5344 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

21:28:49.0852 5344 wlidsvc - ok

21:28:49.0878 5344 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\DRIVERS\wmiacpi.sys

21:28:49.0879 5344 WmiAcpi - ok

21:28:49.0906 5344 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe

21:28:49.0910 5344 wmiApSrv - ok

21:28:49.0941 5344 WMPNetworkSvc - ok

21:28:49.0967 5344 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll

21:28:49.0969 5344 WPCSvc - ok

21:28:49.0985 5344 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll

21:28:49.0988 5344 WPDBusEnum - ok

21:28:50.0010 5344 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys

21:28:50.0012 5344 ws2ifsl - ok

21:28:50.0040 5344 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\system32\wscsvc.dll

21:28:50.0043 5344 wscsvc - ok

21:28:50.0047 5344 WSearch - ok

21:28:50.0108 5344 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll

21:28:50.0136 5344 wuauserv - ok

21:28:50.0160 5344 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\windows\system32\drivers\WudfPf.sys

21:28:50.0163 5344 WudfPf - ok

21:28:50.0191 5344 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys

21:28:50.0195 5344 WUDFRd - ok

21:28:50.0220 5344 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\windows\System32\WUDFSvc.dll

21:28:50.0223 5344 wudfsvc - ok

21:28:50.0245 5344 [ F0B1D8725FAB9F4A559CCC91A960FCE0 ] WwanSvc C:\windows\System32\wwansvc.dll

21:28:50.0250 5344 WwanSvc - ok

21:28:50.0272 5344 ================ Scan global ===============================

21:28:50.0297 5344 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll

21:28:50.0331 5344 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\windows\system32\winsrv.dll

21:28:50.0339 5344 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\windows\system32\winsrv.dll

21:28:50.0363 5344 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll

21:28:50.0392 5344 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe

21:28:50.0396 5344 [Global] - ok

21:28:50.0397 5344 ================ Scan MBR ==================================

21:28:50.0408 5344 [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0

21:28:50.0634 5344 \Device\Harddisk0\DR0 - ok

21:28:50.0635 5344 ================ Scan VBR ==================================

21:28:50.0643 5344 [ 952C4584D5D595A10AF3BC2D7E2F8A5C ] \Device\Harddisk0\DR0\Partition1

21:28:50.0645 5344 \Device\Harddisk0\DR0\Partition1 - ok

21:28:50.0646 5344 ============================================================

21:28:50.0646 5344 Scan finished

21:28:50.0646 5344 ============================================================

21:28:50.0657 3820 Detected object count: 0

21:28:50.0657 3820 Actual detected object count: 0

21:29:11.0242 6956 Deinitialize success

Link to post
Share on other sites

# AdwCleaner v2.105 - Logfile created 01/15/2013 at 22:52:47

# Updated 08/01/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Tyler - TYLER-LAPTOP

# Boot Mode : Normal

# Running from : C:\Users\Tyler\Downloads\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

File Found : C:\END

Folder Found : C:\Program Files (x86)\Conduit

Folder Found : C:\Users\Tyler\AppData\Local\Conduit

Folder Found : C:\Users\Tyler\AppData\LocalLow\Conduit

Folder Found : C:\Users\Tyler\AppData\LocalLow\PriceGong

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Found : HKCU\Software\AppDataLow\Software\PriceGong

Key Found : HKCU\Software\AppDataLow\Software\SmartBar

Key Found : HKCU\Software\Conduit

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2504091

Key Found : HKLM\Software\Conduit

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstallerStub_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstallerStub_RASMANCS

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Google Chrome v24.0.1312.52

File : C:\Users\Tyler\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [3400 octets] - [01/01/2013 16:58:32]

AdwCleaner[R2].txt - [1502 octets] - [15/01/2013 22:52:47]

AdwCleaner[s1].txt - [3424 octets] - [01/01/2013 17:08:37]

########## EOF - C:\AdwCleaner[R2].txt - [1622 octets] ##########

Link to post
Share on other sites

Results of screen317's Security Check version 0.99.57

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

TELUS security services

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Spybot - Search & Destroy

Malwarebytes Anti-Malware version 1.70.0.1100

JavaFX 2.1.1

Java 6 Update 30

Java version out of Date!

Adobe Reader 10.1.5 Adobe Reader out of Date!

Google Chrome 24.0.1312.52

````````Process Check: objlist.exe by Laurent````````

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

Spybot Teatimer.exe is disabled!

Malwarebytes' Anti-Malware mbamscheduler.exe

Trend Micro AMSP coreServiceShell.exe

Trend Micro UniClient UiFrmWrk uiWatchDog.exe

Trend Micro AMSP coreFrameworkHost.exe

Trend Micro UniClient UiFrmWrk uiSeAgnt.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 3%

````````````````````End of Log``````````````````````

Link to post
Share on other sites

  • Staff

Hi,

The *32 is normal since you're on a 64bit version of Windows..

Run TFC by OldTimer to clear temporary files:

  • Open TFC.exe if you already have it. If not, please download TFC from here and save it to your desktop.
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck and TDSSKiller.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):

JavaFX 2.1.1

Java™ 6 Update 30

Adobe Reader 10.1.5

Spybot (if you don't use it and update it frequently)

Restart your computer.

Get the latest version of Java, Adobe Reader, and Adobe Flash Player.

Click Start, type in Windows Update, and click on Windows Update when it appears. Install all available updates.

Let me know what issues remain.

Link to post
Share on other sites

  • 1 month later...

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.