25 replies to this topic

[Dealt21]

I believe I have the Win32 virus, I have no idea which one, but a bunch of my processes show *32 and I have multiple iexplore.exe*32 on startup. I get huge spikes in my PC Usage and my windows firewall does not work. I tried running MalwareBytes, using an old system restore point, and a few other things. I am stumped and do not want to pay $60 for a program especially if it might not work. I think I need to manually remove this thing.

Can someone help please?

[screen317]

Hi and welcome to Malwarebytes,

What program is $60??

Confirm for me that your version of Windows is 64 bit.


Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

[Dealt21]

I have Windows 7 64 bit. I looked at multiple sites and a lot of companies want to charge $50-$60 one time fee to help solve problems with computers. Also, a lot of software is at least $20/month and some have long term commitments. Either way, I appreciate your help very much Chris.


DDS.txt
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31
Run by Dealt at 21:45:51 on 2012-08-14
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5883.4252 [GMT -7:00]
.
AV: Norton 360 *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\vcsFPService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\DigitalPersona\Bin\DpHostW.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\DigitalPersona\Bin\DPAgent.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [PlayNC Launcher]
uRun: [LicenseValidator] C:\Users\Dealt\AppData\Roaming\Identities\{A4AF10ED-BEF0-475B-9AFF-6E45B9BAD3BA}\LicenseValidator.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://vpn.chrobinson.com/dana-cached/sc/JuniperSetupClient.cab
TCP: Interfaces\{6210DDD4-BE91-4E86-9032-62D9A1DA0BB2} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6210DDD4-BE91-4E86-9032-62D9A1DA0BB2}\8497164747F50516C6D6F535072796E67637 : DhcpNameServer = 4.2.2.1
TCP: Interfaces\{6210DDD4-BE91-4E86-9032-62D9A1DA0BB2}\C416B65637964656D27657563747 : DhcpNameServer = 69.28.32.16 69.28.32.180 192.168.33.1
TCP: Interfaces\{6210DDD4-BE91-4E86-9032-62D9A1DA0BB2}\E454457454142575942554C4543535 : DhcpNameServer = 192.168.1.1
LSA: Notification Packages = DPPassFilter scecli
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: StartNow Toolbar Helper: {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
BHO-X64: StartNow Toolbar Helper - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Dealt\AppData\Roaming\Mozilla\Firefox\Profiles\oog7s3vl.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Download Manager\npfpdlm.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.brc -
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2010-11-11 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-18 103992]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-7-23 92216]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-6-29 27192]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-30 655944]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [2011-7-27 267488]
R2 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2010-2-23 1799472]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 clwvd;HP Webcam Splitter;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-7-30 250056]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-16 113120]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2012-08-15 01:15:05 -------- d-----w- C:\Users\Dealt\AppData\Roaming\SpeedyPC Software
2012-08-15 01:15:05 -------- d-----w- C:\Users\Dealt\AppData\Roaming\DriverCure
2012-08-15 01:14:51 -------- d-----w- C:\ProgramData\SpeedyPC Software
2012-08-15 00:53:30 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-15 00:21:46 -------- d-----w- C:\Users\Dealt\AppData\Roaming\Microsoft Installer
2012-08-15 00:21:46 -------- d-----w- C:\ProgramData\Java
2012-08-07 00:41:27 -------- d-----w- C:\Users\Dealt\AppData\Local\Downloaded Installations
2012-08-01 03:14:17 -------- d-----w- C:\Users\Dealt\AppData\Local\Macromedia
2012-07-31 04:55:29 -------- d-----w- C:\Users\Dealt\AppData\Roaming\Tific
2012-07-31 03:13:41 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-31 03:13:41 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-31 02:50:58 -------- d-sh--w- C:\Windows\System32\%APPDATA%
2012-07-31 02:46:38 251560 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys
2012-07-31 02:46:38 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2012-07-31 02:46:37 -------- d-----w- C:\Program Files (x86)\PC Tools
2012-07-31 02:46:09 -------- d-----w- C:\Users\Dealt\AppData\Roaming\TestApp
2012-07-31 02:46:09 -------- d-----w- C:\ProgramData\PC Tools
2012-07-31 02:40:38 -------- d-----w- C:\Users\Dealt\AppData\Local\Symantec
2012-07-31 02:36:11 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-31 02:33:58 -------- d-----w- C:\ProgramData\7531E8DA00489BE215D58117F875F002
2012-07-31 02:33:43 -------- d-----w- C:\Users\Dealt\AppData\Local\{217E550D-DAB8-11E1-8270-B8AC6F996F26}
2012-07-31 02:33:39 451072 ----a-w- C:\Users\Dealt\AppData\Roaming\dmdthc.dll
2012-07-31 02:32:48 -------- d-----w- C:\Users\Dealt\AppData\Roaming\Windows Search
2012-07-31 02:32:48 -------- d-----w- C:\Users\Dealt\AppData\Roaming\TeamViewer
2012-07-30 00:04:34 4323256 ----a-w- C:\Windows\SysWow64\GameMon.des
2012-07-30 00:04:25 4682 ----a-w- C:\Windows\SysWow64\npptNT2.sys
2012-07-30 00:04:24 5174 ----a-w- C:\Windows\SysWow64\nppt9x.vxd
2012-07-30 00:04:09 -------- d-----w- C:\Program Files\Common Files\INCA Shared
2012-07-29 20:04:50 -------- d-----w- C:\Users\Dealt\AppData\Local\Pando_Temp
2012-07-29 20:03:07 -------- d-----w- C:\Users\Dealt\AppData\Local\assembly
2012-07-29 20:02:14 -------- d-----w- C:\Program Files (x86)\NCSoft
2012-07-27 19:31:40 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{275C7CBE-4E5E-48A8-AA86-81F6365E2528}\mpengine.dll
.
==================== Find3M ====================
.
2012-08-15 00:54:44 328704 ----a-w- C:\Windows\System32\services.exe
2012-08-15 00:42:48 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-12 03:08:36 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-31 19:25:12 279656 ----a-w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 21:46:42.20 ===============

[Dealt21]

I just removed 3 more errors on MBAM. Once again, thanks very much. Here is the log. I also restarted the computer.

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.15.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Dealt :: DEALT-HP [administrator]

8/14/2012 9:49:28 PM
mbam-log-2012-08-14 (21-49-28).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 206337
Time elapsed: 2 minute(s), 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|LicenseValidator (Trojan.Proxy) -> Data: C:\Users\Dealt\AppData\Roaming\Identities\{A4AF10ED-BEF0-475B-9AFF-6E45B9BAD3BA}\LicenseValidator.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Dealt\AppData\Local\Temp\err_9_244_673530595_64.pdb (Trojan.Keylogger) -> Quarantined and deleted successfully.
C:\Users\Dealt\AppData\Roaming\Identities\{A4AF10ED-BEF0-475B-9AFF-6E45B9BAD3BA}\LicenseValidator.exe (Trojan.Proxy) -> Quarantined and deleted successfully.

(end)

[screen317]

Hi,

I'm afraid I have bad news.

Your logs reveal an information stealing trojan.


I would counsel you to disconnect this PC from the Internet immediately, and only reconnect to download any tools that are required. If you do any banking or other financial transactions on the PC or it if it contains any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.


You will need to change your passwords, and all other sensitive information, but only once your system is deemed clean.


With that said, please do the following.


Please visit this webpage for instructions for running ComboFix:
http://www.bleepingc...to-use-combofix

• When the tool is finished, it will produce a report for you.
  
• Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

[Dealt21]

Wow this is horrible news...I have done everything you asked and have reported the logs below. Now I am having a new problem. I try to open internet explorer or firefox and it says:

C:\Program Files (x86)\Internet Explorer\iexplore.exe
Illegal operation attempted on a registry key that has been marked for deletion.

Also multiple programs still have the *32 in processes.

Please help =(





ComboFix 12-08-14.05 - Dealt 08/14/2012 22:33:27.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5883.4232 [GMT -7:00]
Running from: c:\users\Dealt\Downloads\ComboFix.exe
AV: Norton 360 *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\program files (x86)\StartNow Toolbar
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_images.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_maps.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_news.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_videos.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_web.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_amazon.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_ebay.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_facebook.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_games.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_msn.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_shopping.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_travel.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_twitter.png
c:\program files (x86)\StartNow Toolbar\Resources\images\startnow_logo.png
c:\program files (x86)\StartNow Toolbar\Resources\installer.xml
c:\program files (x86)\StartNow Toolbar\Resources\protect\index.html
c:\program files (x86)\StartNow Toolbar\Resources\protect\NotIE6.css
c:\program files (x86)\StartNow Toolbar\Resources\protect\OnlyIE6.css
c:\program files (x86)\StartNow Toolbar\Resources\protect\SearchProtectIcon.png
c:\program files (x86)\StartNow Toolbar\Resources\protect\window.css
c:\program files (x86)\StartNow Toolbar\Resources\protect\window.js
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\index.html
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\LeftImage.png
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\NotIE6.css
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\OnlyIE6.css
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\window.css
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\window.js
c:\program files (x86)\StartNow Toolbar\Resources\skin\chevron_button.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_hover.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_normal.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_background.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_left.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_middle.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\separator.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\splitter.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png
c:\program files (x86)\StartNow Toolbar\Resources\toolbar.xml
c:\program files (x86)\StartNow Toolbar\Resources\update.xml
c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe
c:\program files (x86)\StartNow Toolbar\Toolbar32.dll
c:\program files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
c:\program files (x86)\StartNow Toolbar\uninstall.dat
c:\programdata\Java\jre6\bin\jwdeploy.dll
c:\users\Dealt\AppData\Local\assembly\tmp
c:\users\Dealt\AppData\Roaming\dmdthc.dll
c:\users\Dealt\AppData\Roaming\Help\coredb\storage
c:\users\Dealt\AppData\Roaming\Microsoft Installer
c:\users\Dealt\AUTORUN.INF
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Updater Service for StartNow Toolbar
-------\Service_Updater Service for StartNow Toolbar
.
.
((((((((((((((((((((((((( Files Created from 2012-07-15 to 2012-08-15 )))))))))))))))))))))))))))))))
.
.
2012-08-15 05:49 . 2012-08-15 05:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-15 01:15 . 2012-08-15 01:15 -------- d-----w- c:\users\Dealt\AppData\Roaming\SpeedyPC Software
2012-08-15 01:15 . 2012-08-15 01:15 -------- d-----w- c:\users\Dealt\AppData\Roaming\DriverCure
2012-08-15 01:14 . 2012-08-15 01:20 -------- d-----w- c:\programdata\SpeedyPC Software
2012-08-15 00:53 . 2012-08-15 02:34 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-15 00:21 . 2012-08-15 02:33 -------- d-----w- c:\programdata\Java
2012-08-07 00:41 . 2012-08-15 02:34 -------- d-----w- c:\users\Dealt\AppData\Local\Downloaded Installations
2012-08-01 03:14 . 2012-08-01 03:14 -------- d-----w- c:\users\Dealt\AppData\Local\Macromedia
2012-07-31 04:55 . 2012-07-31 04:55 -------- d-----w- c:\users\Dealt\AppData\Roaming\Tific
2012-07-31 03:13 . 2012-08-15 02:35 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-31 03:13 . 2012-07-03 20:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-31 02:50 . 2012-08-15 02:36 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-07-31 02:46 . 2012-08-15 02:35 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-07-31 02:46 . 2012-06-22 22:35 251560 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2012-07-31 02:46 . 2012-08-05 15:19 -------- d-----w- c:\program files (x86)\PC Tools
2012-07-31 02:46 . 2012-07-31 04:59 -------- d-----w- c:\programdata\PC Tools
2012-07-31 02:46 . 2012-07-31 02:46 -------- d-----w- c:\users\Dealt\AppData\Roaming\TestApp
2012-07-31 02:40 . 2012-07-31 02:40 -------- d-----w- c:\users\Dealt\AppData\Local\Symantec
2012-07-31 02:36 . 2012-08-15 00:42 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-31 02:33 . 2012-08-15 02:35 -------- d-----w- c:\programdata\7531E8DA00489BE215D58117F875F002
2012-07-31 02:33 . 2012-08-15 02:35 -------- d-----w- c:\users\Dealt\AppData\Local\{217E550D-DAB8-11E1-8270-B8AC6F996F26}
2012-07-31 02:32 . 2012-08-15 02:35 -------- d-----w- c:\users\Dealt\AppData\Roaming\Windows Search
2012-07-31 02:32 . 2012-07-31 02:32 -------- d-----w- c:\users\Dealt\AppData\Roaming\TeamViewer
2012-07-30 00:04 . 2011-03-28 19:51 4323256 ----a-w- c:\windows\SysWow64\GameMon.des
2012-07-30 00:04 . 2005-01-02 21:43 4682 ----a-w- c:\windows\SysWow64\npptNT2.sys
2012-07-30 00:04 . 2003-07-19 06:17 5174 ----a-w- c:\windows\SysWow64\nppt9x.vxd
2012-07-30 00:04 . 2012-07-30 00:04 -------- d-----w- c:\program files\Common Files\INCA Shared
2012-07-29 20:04 . 2012-08-15 02:35 -------- d-----w- c:\users\Dealt\AppData\Local\Pando_Temp
2012-07-29 20:03 . 2012-08-15 05:46 -------- d-----w- c:\users\Dealt\AppData\Local\assembly
2012-07-29 20:02 . 2012-08-15 02:28 -------- d-----w- c:\program files (x86)\NCSoft
2012-07-29 20:01 . 2012-07-29 20:01 -------- d-----w- c:\users\Dealt\AppData\Roaming\InstallShield
2012-07-27 19:31 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{275C7CBE-4E5E-48A8-AA86-81F6365E2528}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 00:54 . 2009-07-13 23:19 328704 ----a-w- c:\windows\system32\services.exe
2012-08-15 00:42 . 2012-02-22 02:03 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 13:19 . 2010-12-03 02:40 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-12 03:08 . 2012-07-11 13:22 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-06-09 05:43 . 2012-07-11 01:05 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-11 01:05 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 01:05 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 01:05 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 01:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 01:05 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 01:05 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-22 22:36 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 22:36 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-22 22:36 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 22:36 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 22:35 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-22 22:36 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-22 22:36 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-22 22:35 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:15 . 2012-06-22 22:36 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 05:50 . 2012-07-11 01:05 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 01:05 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:48 . 2012-07-11 01:05 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:45 . 2012-07-11 01:05 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 01:05 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 01:05 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 01:05 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 01:05 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 01:05 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-05-31 19:25 . 2011-01-19 02:59 279656 ----a-w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-08-05 1353080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-16 98304]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]
R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\NCSoft\Lineage II\system\GameGuard\dump_wmimmc.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-29 113120]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-02-09 239136]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-11-28 295424]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-21 1255736]
R3 X6va005;X6va005;c:\users\Dealt\AppData\Local\Temp\005BD38.tmp [x]
R3 X6va007;X6va007;c:\users\Dealt\AppData\Local\Temp\007E91A.tmp [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-09-04 834544]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-04-16 202752]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-07-23 92216]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 30520]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-06-30 27192]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-02-23 2192176]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-04-16 6403584]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-04-16 188928]
S3 clwvd;HP Webcam Splitter;c:\windows\system32\DRIVERS\clwvd.sys [2010-06-25 32880]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-31 00:42]
.
2012-08-03 c:\windows\Tasks\HPCeeScheduleForDealt.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-21 611896]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-06-18 8192]
"combofix"="c:\combofix\CF9641.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Dealt\AppData\Roaming\Mozilla\Firefox\Profiles\oog7s3vl.default\
FF - prefs.js: network.proxy.type - 0
FF - user.js: general.useragent.extra.brc -
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-PlayNC Launcher - (no file)
Wow6432Node-HKCU-Run-LicenseValidator - c:\users\Dealt\AppData\Roaming\Identities\{438EBED0-148C-4304-AFC0-33B3D6E98C5F}\LicenseValidator.exe
SafeBoot-62569525.sys
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe
AddRemove-StartNow Toolbar - c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}\bm_installer.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Dealt\AppData\Local\Temp\005BD38.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va007]
"ImagePath"="\??\c:\users\Dealt\AppData\Local\Temp\007E91A.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3981723584-2909675458-1956215312-1001\Software\SecuROM\License information*]
"datasecu"=hex:52,ea,be,24,ae,ed,23,13,ce,f9,04,37,e3,06,49,fa,63,56,1d,ab,25,
9f,c3,2b,3d,a0,02,9a,71,a9,5e,9c,35,42,fa,56,c6,f4,99,14,68,16,00,5c,16,08,\
"rkeysecu"=hex:d0,52,d8,15,20,2c,2e,a7,ef,72,84,69,98,e1,36,9a
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\DigitalPersona\Bin\DPAgent.exe
c:\program files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
.
**************************************************************************
.
Completion time: 2012-08-14 23:11:12 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-15 06:11
.
Pre-Run: 315,311,837,184 bytes free
Post-Run: 315,075,178,496 bytes free
.
- - End Of File - - 268E9203AFFF678D9AC0BCFF59F92995






DDS Report

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31
Run by Dealt at 23:18:41 on 2012-08-14
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5883.4459 [GMT -7:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\vcsFPService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\DigitalPersona\Bin\DpHostW.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\DigitalPersona\Bin\DPAgent.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://vpn.chrobinson.com/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6210DDD4-BE91-4E86-9032-62D9A1DA0BB2} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6210DDD4-BE91-4E86-9032-62D9A1DA0BB2}\8497164747F50516C6D6F535072796E67637 : DhcpNameServer = 4.2.2.1
TCP: Interfaces\{6210DDD4-BE91-4E86-9032-62D9A1DA0BB2}\C416B65637964656D27657563747 : DhcpNameServer = 69.28.32.16 69.28.32.180 192.168.33.1
TCP: Interfaces\{6210DDD4-BE91-4E86-9032-62D9A1DA0BB2}\E454457454142575942554C4543535 : DhcpNameServer = 192.168.1.1
LSA: Notification Packages = DPPassFilter scecli
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Dealt\AppData\Roaming\Mozilla\Firefox\Profiles\oog7s3vl.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Download Manager\npfpdlm.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.brc -
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2010-11-11 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-7-23 92216]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-6-29 27192]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-30 655944]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2010-2-23 1799472]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 clwvd;HP Webcam Splitter;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-18 103992]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-7-30 250056]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-16 113120]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2012-08-15 05:52:22 -------- d-----w- C:\$RECYCLE.BIN
2012-08-15 05:31:18 98816 ----a-w- C:\Windows\sed.exe
2012-08-15 05:31:18 518144 ----a-w- C:\Windows\SWREG.exe
2012-08-15 05:31:18 256000 ----a-w- C:\Windows\PEV.exe
2012-08-15 05:31:18 208896 ----a-w- C:\Windows\MBR.exe
2012-08-15 01:15:05 -------- d-----w- C:\Users\Dealt\AppData\Roaming\SpeedyPC Software
2012-08-15 01:15:05 -------- d-----w- C:\Users\Dealt\AppData\Roaming\DriverCure
2012-08-15 01:14:51 -------- d-----w- C:\ProgramData\SpeedyPC Software
2012-08-15 00:53:30 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-15 00:21:46 -------- d-----w- C:\ProgramData\Java
2012-08-07 00:41:27 -------- d-----w- C:\Users\Dealt\AppData\Local\Downloaded Installations
2012-08-01 03:14:17 -------- d-----w- C:\Users\Dealt\AppData\Local\Macromedia
2012-07-31 04:55:29 -------- d-----w- C:\Users\Dealt\AppData\Roaming\Tific
2012-07-31 03:13:41 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-31 03:13:41 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-31 02:50:58 -------- d-sh--w- C:\Windows\System32\%APPDATA%
2012-07-31 02:46:38 251560 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys
2012-07-31 02:46:38 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2012-07-31 02:46:37 -------- d-----w- C:\Program Files (x86)\PC Tools
2012-07-31 02:46:09 -------- d-----w- C:\Users\Dealt\AppData\Roaming\TestApp
2012-07-31 02:46:09 -------- d-----w- C:\ProgramData\PC Tools
2012-07-31 02:40:38 -------- d-----w- C:\Users\Dealt\AppData\Local\Symantec
2012-07-31 02:36:11 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-31 02:33:58 -------- d-----w- C:\ProgramData\7531E8DA00489BE215D58117F875F002
2012-07-31 02:33:43 -------- d-----w- C:\Users\Dealt\AppData\Local\{217E550D-DAB8-11E1-8270-B8AC6F996F26}
2012-07-31 02:32:48 -------- d-----w- C:\Users\Dealt\AppData\Roaming\Windows Search
2012-07-31 02:32:48 -------- d-----w- C:\Users\Dealt\AppData\Roaming\TeamViewer
2012-07-30 00:04:34 4323256 ----a-w- C:\Windows\SysWow64\GameMon.des
2012-07-30 00:04:25 4682 ----a-w- C:\Windows\SysWow64\npptNT2.sys
2012-07-30 00:04:24 5174 ----a-w- C:\Windows\SysWow64\nppt9x.vxd
2012-07-30 00:04:09 -------- d-----w- C:\Program Files\Common Files\INCA Shared
2012-07-29 20:04:50 -------- d-----w- C:\Users\Dealt\AppData\Local\Pando_Temp
2012-07-29 20:03:07 -------- d-----w- C:\Users\Dealt\AppData\Local\assembly
2012-07-29 20:02:14 -------- d-----w- C:\Program Files (x86)\NCSoft
2012-07-27 19:31:40 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{275C7CBE-4E5E-48A8-AA86-81F6365E2528}\mpengine.dll
.
==================== Find3M ====================
.
2012-08-15 00:54:44 328704 ----a-w- C:\Windows\System32\services.exe
2012-08-15 00:42:48 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-12 03:08:36 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-31 19:25:12 279656 ----a-w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 23:18:59.27 ===============

[Dealt21]

Semi Good News...when I restarted this morning I did not have an errors when opening up browsers. Looks like that problem is gone. It also looks like I have less processes infected by the *32 at the end...only 5 at the moment. Another thing about this trojan is that I have a lot of start/stop type connectivity because of spike in pc usage.

Second set of Semi Good News, windows firewall is back up and running, it actually shows it as "On" when I go into it. Looks like this problem is getting handled slowly but surely...

Once again, thanks very much for your help. I am going to shut the computer down for the day as you suggested and I will be back tonight to work on it some more.

[Dealt21]

Hey Chris just got home, I have the logs posted above so when you get on let me know what to do next. Thank you.

[Dealt21]

It has been a couple of days, can someone please help me out? Some of my programs still have *32...explorer, firefox, Steam, etc.

[Dealt21]

Bumping topic

[Dealt21]

Bump

[Dealt21]

Still need help, someone please help.

[Dealt21]

Any mods out there that can help? Been 4 days now.

[Dealt21]

Leaving for the day soon, just wanted to give this thread one last bump in hopes that someone can follow up.

Thanks all.

[screen317]

Hi,

You need to stop bumping. Every time you do, you get pushed to the bottom of my queue. Please stop.


The *32 processes are not malware. That is how 64bit Windows runs 32bit processes.


Please describe what issues remain.



Run TFC by OldTimer to clear temporary files:

• Please download TFC from here and save it to your desktop.
  
• Close any open programs and Internet browsers.
  
• Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  
• Please be patient as clearing out temp files may take a while.
  
• Once it completes you may be prompted to restart your computer, please do so.
  
• Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.

• Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  
• Execute the file TDSSKiller.exe by double-clicking on it.
  
• Wait for the scan and disinfection process to be over.
  
• When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).
The log is like UtilityName.Version_Date_Time_log.txt.
for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.



Next, please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.

• Tick the box next to YES, I accept the Terms of Use.
  
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan
  Wait for the scan to finish
  
• Export the threats found (if any), and post them here.

Next, please download AdwCleaner by Xplode onto your Desktop.

• Double click on AdwCleaner.exe to run the tool.
  
• Click on Search.
  
• A logfile will automatically open after the scan has finished.
  
• Please post the content of that logfile in your reply.
  
• You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

Next, download my Security Check from here or here.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

[Dealt21]

Sorry, I was unable to find the log after I ran it the first time, I ended up deleting one item...but I ran TDSKiller again so you could see the log.

13:02:28.0110 3380 TDSS rootkit removing tool 2.8.7.0 Aug 20 2012 17:30:03
13:02:28.0594 3380 ============================================================
13:02:28.0594 3380 Current date / time: 2012/08/20 13:02:28.0594
13:02:28.0594 3380 SystemInfo:
13:02:28.0594 3380
13:02:28.0594 3380 OS Version: 6.1.7601 ServicePack: 1.0
13:02:28.0594 3380 Product type: Workstation
13:02:28.0594 3380 ComputerName: DEALT-HP
13:02:28.0594 3380 UserName: Dealt
13:02:28.0594 3380 Windows directory: C:\Windows
13:02:28.0594 3380 System windows directory: C:\Windows
13:02:28.0594 3380 Running under WOW64
13:02:28.0594 3380 Processor architecture: Intel x64
13:02:28.0594 3380 Number of processors: 4
13:02:28.0594 3380 Page size: 0x1000
13:02:28.0594 3380 Boot type: Normal boot
13:02:28.0594 3380 ============================================================
13:02:29.0592 3380 BG loaded
13:02:29.0920 3380 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:02:29.0920 3380 ============================================================
13:02:29.0920 3380 \Device\Harddisk0\DR0:
13:02:29.0920 3380 MBR partitions:
13:02:29.0920 3380 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
13:02:29.0920 3380 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x48034800
13:02:29.0920 3380 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x48098800, BlocksNum 0x278B800
13:02:29.0920 3380 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x4A824000, BlocksNum 0x33AB0
13:02:29.0920 3380 ============================================================
13:02:29.0951 3380 C: <-> \Device\Harddisk0\DR0\Partition2
13:02:30.0013 3380 D: <-> \Device\Harddisk0\DR0\Partition3
13:02:30.0013 3380 ============================================================
13:02:30.0013 3380 Initialize success
13:02:30.0013 3380 ============================================================
13:02:31.0636 4324 ============================================================
13:02:31.0636 4324 Scan started
13:02:31.0636 4324 Mode: Manual;
13:02:31.0636 4324 ============================================================
13:02:33.0305 4324 ================ Scan system memory ========================
13:02:33.0305 4324 System memory - ok
13:02:33.0305 4324 ================ Scan services =============================
13:02:33.0523 4324 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
13:02:33.0523 4324 1394ohci - ok
13:02:33.0586 4324 [ 1CFFE9C06E66A57DAE1452E449A58240 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
13:02:33.0586 4324 Accelerometer - ok
13:02:33.0648 4324 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
13:02:33.0664 4324 ACPI - ok
13:02:33.0711 4324 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
13:02:33.0711 4324 AcpiPmi - ok
13:02:33.0867 4324 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:02:33.0867 4324 AdobeFlashPlayerUpdateSvc - ok
13:02:33.0929 4324 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
13:02:33.0945 4324 adp94xx - ok
13:02:33.0991 4324 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
13:02:33.0991 4324 adpahci - ok
13:02:34.0069 4324 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
13:02:34.0069 4324 adpu320 - ok
13:02:34.0101 4324 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
13:02:34.0101 4324 AeLookupSvc - ok
13:02:34.0225 4324 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe
13:02:34.0225 4324 AESTFilters - ok
13:02:34.0303 4324 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
13:02:34.0319 4324 AFD - ok
13:02:34.0381 4324 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
13:02:34.0381 4324 agp440 - ok
13:02:34.0428 4324 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
13:02:34.0444 4324 ALG - ok
13:02:34.0475 4324 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
13:02:34.0475 4324 aliide - ok
13:02:34.0553 4324 [ F233AFD413A378E54A41F115C4D7B45A ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
13:02:34.0553 4324 AMD External Events Utility - ok
13:02:34.0569 4324 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
13:02:34.0569 4324 amdide - ok
13:02:34.0631 4324 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
13:02:34.0631 4324 AmdK8 - ok
13:02:34.0834 4324 [ 4EFCAD891762E4620DADBCC0D8B0CC08 ] amdkmdag C:\Windows\system32\DRIVERS\atipmdag.sys
13:02:34.0865 4324 amdkmdag - ok
13:02:34.0896 4324 [ 38B1E1ACD54D7671A6A3E96E6BBF2BFF ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
13:02:34.0912 4324 amdkmdap - ok
13:02:34.0959 4324 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
13:02:34.0959 4324 AmdPPM - ok
13:02:35.0005 4324 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
13:02:35.0005 4324 amdsata - ok
13:02:35.0052 4324 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
13:02:35.0068 4324 amdsbs - ok
13:02:35.0083 4324 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
13:02:35.0083 4324 amdxata - ok
13:02:35.0146 4324 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
13:02:35.0146 4324 AppID - ok
13:02:35.0177 4324 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
13:02:35.0177 4324 AppIDSvc - ok
13:02:35.0239 4324 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
13:02:35.0239 4324 Appinfo - ok
13:02:35.0411 4324 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:02:35.0411 4324 Apple Mobile Device - ok
13:02:35.0505 4324 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
13:02:35.0505 4324 arc - ok
13:02:35.0536 4324 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
13:02:35.0536 4324 arcsas - ok
13:02:35.0598 4324 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
13:02:35.0598 4324 AsyncMac - ok
13:02:35.0645 4324 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
13:02:35.0645 4324 atapi - ok
13:02:35.0739 4324 [ 96ABF88241F90FF647E55C934C55C2F1 ] athr C:\Windows\system32\DRIVERS\athrx.sys
13:02:35.0754 4324 athr - ok
13:02:35.0848 4324 [ 2D648572BA9A610952FCAFBA1E119C2D ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
13:02:35.0848 4324 AtiHdmiService - ok
13:02:35.0926 4324 [ C07A040D6B5A42DD41EE386CF90974C8 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
13:02:35.0926 4324 AtiPcie - ok
13:02:36.0004 4324 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:02:36.0004 4324 AudioEndpointBuilder - ok
13:02:36.0019 4324 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
13:02:36.0035 4324 AudioSrv - ok
13:02:36.0097 4324 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
13:02:36.0097 4324 AxInstSV - ok
13:02:36.0160 4324 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
13:02:36.0175 4324 b06bdrv - ok
13:02:36.0253 4324 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
13:02:36.0253 4324 b57nd60a - ok
13:02:36.0347 4324 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
13:02:36.0347 4324 BDESVC - ok
13:02:36.0409 4324 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
13:02:36.0409 4324 Beep - ok
13:02:36.0487 4324 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
13:02:36.0487 4324 BFE - ok
13:02:36.0534 4324 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
13:02:36.0534 4324 blbdrive - ok
13:02:36.0581 4324 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
13:02:36.0581 4324 bowser - ok
13:02:36.0612 4324 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:02:36.0612 4324 BrFiltLo - ok
13:02:36.0643 4324 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:02:36.0643 4324 BrFiltUp - ok
13:02:36.0675 4324 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
13:02:36.0690 4324 BridgeMP - ok
13:02:36.0721 4324 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\Windows\System32\browser.dll
13:02:36.0721 4324 Browser - ok
13:02:36.0768 4324 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
13:02:36.0768 4324 Brserid - ok
13:02:36.0815 4324 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
13:02:36.0815 4324 BrSerWdm - ok
13:02:36.0815 4324 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
13:02:36.0831 4324 BrUsbMdm - ok
13:02:36.0831 4324 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
13:02:36.0846 4324 BrUsbSer - ok
13:02:36.0877 4324 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
13:02:36.0877 4324 BTHMODEM - ok
13:02:36.0909 4324 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
13:02:36.0909 4324 bthserv - ok
13:02:36.0955 4324 catchme - ok
13:02:37.0002 4324 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
13:02:37.0002 4324 cdfs - ok
13:02:37.0080 4324 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
13:02:37.0080 4324 cdrom - ok
13:02:37.0127 4324 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
13:02:37.0143 4324 CertPropSvc - ok
13:02:37.0189 4324 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
13:02:37.0189 4324 circlass - ok
13:02:37.0221 4324 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
13:02:37.0236 4324 CLFS - ok
13:02:37.0330 4324 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:02:37.0330 4324 clr_optimization_v2.0.50727_32 - ok
13:02:37.0392 4324 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:02:37.0392 4324 clr_optimization_v2.0.50727_64 - ok
13:02:37.0501 4324 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:02:37.0611 4324 clr_optimization_v4.0.30319_32 - ok
13:02:37.0673 4324 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:02:37.0689 4324 clr_optimization_v4.0.30319_64 - ok
13:02:37.0751 4324 [ 9573E8C7C3B3D1625FD941841FD0859C ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys
13:02:37.0751 4324 clwvd - ok
13:02:37.0798 4324 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
13:02:37.0798 4324 CmBatt - ok
13:02:37.0860 4324 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
13:02:37.0860 4324 cmdide - ok
13:02:37.0907 4324 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
13:02:37.0907 4324 CNG - ok
13:02:37.0938 4324 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
13:02:37.0938 4324 Compbatt - ok
13:02:37.0985 4324 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
13:02:37.0985 4324 CompositeBus - ok
13:02:38.0016 4324 COMSysApp - ok
13:02:38.0047 4324 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
13:02:38.0047 4324 crcdisk - ok
13:02:38.0094 4324 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
13:02:38.0094 4324 CryptSvc - ok
13:02:38.0219 4324 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
13:02:38.0219 4324 cvhsvc - ok
13:02:38.0281 4324 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
13:02:38.0281 4324 DcomLaunch - ok
13:02:38.0359 4324 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
13:02:38.0359 4324 defragsvc - ok
13:02:38.0406 4324 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
13:02:38.0406 4324 DfsC - ok
13:02:38.0484 4324 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
13:02:38.0484 4324 Dhcp - ok
13:02:38.0500 4324 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
13:02:38.0500 4324 discache - ok
13:02:38.0562 4324 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
13:02:38.0562 4324 Disk - ok
13:02:38.0625 4324 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
13:02:38.0625 4324 Dnscache - ok
13:02:38.0671 4324 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
13:02:38.0687 4324 dot3svc - ok
13:02:38.0765 4324 [ 3E6B2753A09D46958F5D0DF8E1B650CA ] DpHost C:\Program Files\DigitalPersona\Bin\DpHostW.exe
13:02:38.0781 4324 DpHost - ok
13:02:38.0812 4324 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
13:02:38.0812 4324 DPS - ok
13:02:38.0874 4324 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
13:02:38.0874 4324 drmkaud - ok
13:02:39.0093 4324 dump_wmimmc - ok
13:02:39.0139 4324 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
13:02:39.0155 4324 DXGKrnl - ok
13:02:39.0202 4324 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
13:02:39.0202 4324 EapHost - ok
13:02:39.0295 4324 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
13:02:39.0358 4324 ebdrv - ok
13:02:39.0389 4324 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
13:02:39.0389 4324 EFS - ok
13:02:39.0467 4324 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
13:02:39.0483 4324 ehRecvr - ok
13:02:39.0514 4324 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
13:02:39.0514 4324 ehSched - ok
13:02:39.0576 4324 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
13:02:39.0576 4324 elxstor - ok
13:02:39.0607 4324 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
13:02:39.0623 4324 ErrDev - ok
13:02:39.0685 4324 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
13:02:39.0685 4324 EventSystem - ok
13:02:39.0717 4324 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
13:02:39.0717 4324 exfat - ok
13:02:39.0748 4324 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
13:02:39.0748 4324 fastfat - ok
13:02:39.0826 4324 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
13:02:39.0826 4324 Fax - ok
13:02:39.0857 4324 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
13:02:39.0857 4324 fdc - ok
13:02:39.0919 4324 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
13:02:39.0919 4324 fdPHost - ok
13:02:39.0935 4324 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
13:02:39.0935 4324 FDResPub - ok
13:02:39.0951 4324 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
13:02:39.0951 4324 FileInfo - ok
13:02:39.0966 4324 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
13:02:39.0966 4324 Filetrace - ok
13:02:39.0982 4324 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
13:02:39.0982 4324 flpydisk - ok
13:02:40.0029 4324 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
13:02:40.0029 4324 FltMgr - ok
13:02:40.0107 4324 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
13:02:40.0122 4324 FontCache - ok
13:02:40.0185 4324 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:02:40.0185 4324 FontCache3.0.0.0 - ok
13:02:40.0231 4324 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
13:02:40.0231 4324 FsDepends - ok
13:02:40.0263 4324 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
13:02:40.0263 4324 Fs_Rec - ok
13:02:40.0341 4324 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
13:02:40.0341 4324 fvevol - ok
13:02:40.0372 4324 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
13:02:40.0372 4324 gagp30kx - ok
13:02:40.0465 4324 [ CE16683CFD11FE70BDE435DDA5EA1FCA ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
13:02:40.0465 4324 GameConsoleService - ok
13:02:40.0528 4324 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:02:40.0528 4324 GEARAspiWDM - ok
13:02:40.0575 4324 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
13:02:40.0590 4324 gpsvc - ok
13:02:40.0637 4324 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
13:02:40.0637 4324 hamachi - ok
13:02:40.0653 4324 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
13:02:40.0668 4324 hcw85cir - ok
13:02:40.0715 4324 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:02:40.0731 4324 HdAudAddService - ok
13:02:40.0809 4324 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
13:02:40.0809 4324 HDAudBus - ok
13:02:40.0824 4324 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
13:02:40.0824 4324 HidBatt - ok
13:02:40.0855 4324 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
13:02:40.0855 4324 HidBth - ok
13:02:40.0871 4324 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
13:02:40.0871 4324 HidIr - ok
13:02:40.0902 4324 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
13:02:40.0902 4324 hidserv - ok
13:02:40.0965 4324 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
13:02:40.0965 4324 HidUsb - ok
13:02:41.0011 4324 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
13:02:41.0011 4324 hkmsvc - ok
13:02:41.0058 4324 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:02:41.0058 4324 HomeGroupListener - ok
13:02:41.0105 4324 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:02:41.0105 4324 HomeGroupProvider - ok
13:02:41.0199 4324 [ 3A09322A8AA8B0C79036686A0EBE7B4C ] HP Wireless Assistant Service C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
13:02:41.0199 4324 HP Wireless Assistant Service - ok
13:02:41.0292 4324 [ BC5F7EC2100E5F6A57DF6EA1B08D8D7F ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
13:02:41.0292 4324 HPDrvMntSvc.exe - ok
13:02:41.0339 4324 [ 05712FDDBD45A5864EB326FAABC6A4E3 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
13:02:41.0355 4324 hpdskflt - ok
13:02:41.0370 4324 [ D1A45A5FF3B4CD53909B55EEF35C374B ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
13:02:41.0370 4324 hpqwmiex - ok
13:02:41.0433 4324 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
13:02:41.0433 4324 HpSAMD - ok
13:02:41.0464 4324 [ AA036CC5F5221D9B915F4D4DCE74BA9A ] hpsrv C:\Windows\system32\Hpservice.exe
13:02:41.0464 4324 hpsrv - ok
13:02:41.0542 4324 [ 5AA89E152634954E15E9DB265C6A8557 ] HPWMISVC C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
13:02:41.0542 4324 HPWMISVC - ok
13:02:41.0620 4324 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
13:02:41.0620 4324 HTTP - ok
13:02:41.0667 4324 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
13:02:41.0667 4324 hwpolicy - ok
13:02:41.0729 4324 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
13:02:41.0745 4324 i8042prt - ok
13:02:41.0807 4324 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
13:02:41.0807 4324 iaStorV - ok
13:02:41.0885 4324 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:02:41.0901 4324 idsvc - ok
13:02:42.0057 4324 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
13:02:42.0181 4324 igfx - ok
13:02:42.0228 4324 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
13:02:42.0228 4324 iirsp - ok
13:02:42.0306 4324 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
13:02:42.0306 4324 IKEEXT - ok
13:02:42.0322 4324 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
13:02:42.0322 4324 intelide - ok
13:02:42.0369 4324 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
13:02:42.0369 4324 intelppm - ok
13:02:42.0400 4324 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
13:02:42.0415 4324 IPBusEnum - ok
13:02:42.0447 4324 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:02:42.0462 4324 IpFilterDriver - ok
13:02:42.0540 4324 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
13:02:42.0540 4324 iphlpsvc - ok
13:02:42.0571 4324 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
13:02:42.0571 4324 IPMIDRV - ok
13:02:42.0634 4324 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
13:02:42.0634 4324 IPNAT - ok
13:02:42.0712 4324 [ 50D6CCC6FF5561F9F56946B3E6164FB8 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
13:02:42.0727 4324 iPod Service - ok
13:02:42.0790 4324 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
13:02:42.0790 4324 IRENUM - ok
13:02:42.0852 4324 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
13:02:42.0852 4324 isapnp - ok
13:02:42.0899 4324 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
13:02:42.0899 4324 iScsiPrt - ok
13:02:42.0915 4324 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
13:02:42.0915 4324 kbdclass - ok
13:02:42.0977 4324 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
13:02:42.0977 4324 kbdhid - ok
13:02:43.0008 4324 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
13:02:43.0008 4324 KeyIso - ok
13:02:43.0039 4324 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
13:02:43.0039 4324 KSecDD - ok
13:02:43.0071 4324 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
13:02:43.0086 4324 KSecPkg - ok
13:02:43.0102 4324 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
13:02:43.0102 4324 ksthunk - ok
13:02:43.0164 4324 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
13:02:43.0164 4324 KtmRm - ok
13:02:43.0242 4324 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
13:02:43.0242 4324 LanmanServer - ok
13:02:43.0305 4324 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:02:43.0305 4324 LanmanWorkstation - ok
13:02:43.0351 4324 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
13:02:43.0351 4324 lltdio - ok
13:02:43.0383 4324 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
13:02:43.0383 4324 lltdsvc - ok
13:02:43.0398 4324 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
13:02:43.0398 4324 lmhosts - ok
13:02:43.0476 4324 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
13:02:43.0476 4324 LSI_FC - ok
13:02:43.0492 4324 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
13:02:43.0507 4324 LSI_SAS - ok
13:02:43.0539 4324 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:02:43.0539 4324 LSI_SAS2 - ok
13:02:43.0554 4324 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:02:43.0554 4324 LSI_SCSI - ok
13:02:43.0601 4324 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
13:02:43.0601 4324 luafv - ok
13:02:43.0663 4324 [ DC8490812A3B72811AE534F423B4C206 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
13:02:43.0663 4324 MBAMProtector - ok
13:02:43.0710 4324 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
13:02:43.0726 4324 MBAMService - ok
13:02:43.0773 4324 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
13:02:43.0773 4324 Mcx2Svc - ok
13:02:43.0804 4324 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
13:02:43.0804 4324 megasas - ok
13:02:43.0835 4324 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
13:02:43.0835 4324 MegaSR - ok
13:02:43.0866 4324 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
13:02:43.0866 4324 MMCSS - ok
13:02:43.0882 4324 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
13:02:43.0882 4324 Modem - ok
13:02:43.0929 4324 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
13:02:43.0944 4324 monitor - ok
13:02:43.0975 4324 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
13:02:43.0975 4324 mouclass - ok
13:02:44.0022 4324 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
13:02:44.0022 4324 mouhid - ok
13:02:44.0069 4324 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
13:02:44.0069 4324 mountmgr - ok
13:02:44.0163 4324 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:02:44.0163 4324 MozillaMaintenance - ok
13:02:44.0209 4324 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
13:02:44.0209 4324 mpio - ok
13:02:44.0241 4324 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
13:02:44.0241 4324 mpsdrv - ok
13:02:44.0319 4324 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
13:02:44.0319 4324 MpsSvc - ok
13:02:44.0365 4324 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
13:02:44.0365 4324 MRxDAV - ok
13:02:44.0397 4324 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
13:02:44.0397 4324 mrxsmb - ok
13:02:44.0459 4324 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:02:44.0459 4324 mrxsmb10 - ok
13:02:44.0475 4324 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:02:44.0475 4324 mrxsmb20 - ok
13:02:44.0521 4324 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
13:02:44.0521 4324 msahci - ok
13:02:44.0568 4324 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
13:02:44.0568 4324 msdsm - ok
13:02:44.0599 4324 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
13:02:44.0599 4324 MSDTC - ok
13:02:44.0646 4324 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
13:02:44.0662 4324 Msfs - ok
13:02:44.0677 4324 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
13:02:44.0677 4324 mshidkmdf - ok
13:02:44.0709 4324 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
13:02:44.0724 4324 msisadrv - ok
13:02:44.0771 4324 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
13:02:44.0771 4324 MSiSCSI - ok
13:02:44.0787 4324 msiserver - ok
13:02:44.0818 4324 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
13:02:44.0833 4324 MSKSSRV - ok
13:02:44.0849 4324 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
13:02:44.0849 4324 MSPCLOCK - ok
13:02:44.0849 4324 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
13:02:44.0849 4324 MSPQM - ok
13:02:44.0911 4324 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
13:02:44.0911 4324 MsRPC - ok
13:02:44.0943 4324 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
13:02:44.0943 4324 mssmbios - ok
13:02:44.0958 4324 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
13:02:44.0958 4324 MSTEE - ok
13:02:44.0974 4324 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
13:02:44.0974 4324 MTConfig - ok
13:02:45.0021 4324 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
13:02:45.0021 4324 Mup - ok
13:02:45.0083 4324 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
13:02:45.0083 4324 napagent - ok
13:02:45.0130 4324 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
13:02:45.0130 4324 NativeWifiP - ok
13:02:45.0192 4324 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
13:02:45.0208 4324 NDIS - ok
13:02:45.0255 4324 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
13:02:45.0255 4324 NdisCap - ok
13:02:45.0301 4324 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
13:02:45.0301 4324 NdisTapi - ok
13:02:45.0364 4324 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
13:02:45.0364 4324 Ndisuio - ok
13:02:45.0411 4324 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
13:02:45.0411 4324 NdisWan - ok
13:02:45.0442 4324 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
13:02:45.0442 4324 NDProxy - ok
13:02:45.0489 4324 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
13:02:45.0489 4324 NetBIOS - ok
13:02:45.0551 4324 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
13:02:45.0551 4324 NetBT - ok
13:02:45.0567 4324 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
13:02:45.0567 4324 Netlogon - ok
13:02:45.0629 4324 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
13:02:45.0629 4324 Netman - ok
13:02:45.0645 4324 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
13:02:45.0645 4324 netprofm - ok
13:02:45.0676 4324 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:02:45.0676 4324 NetTcpPortSharing - ok
13:02:45.0832 4324 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
13:02:45.0941 4324 netw5v64 - ok
13:02:45.0988 4324 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
13:02:45.0988 4324 nfrd960 - ok
13:02:46.0050 4324 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
13:02:46.0050 4324 NlaSvc - ok
13:02:46.0066 4324 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
13:02:46.0066 4324 Npfs - ok
13:02:46.0097 4324 npggsvc - ok
13:02:46.0113 4324 NPPTNT2 - ok
13:02:46.0144 4324 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
13:02:46.0144 4324 nsi - ok
13:02:46.0159 4324 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
13:02:46.0159 4324 nsiproxy - ok
13:02:46.0237 4324 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
13:02:46.0269 4324 Ntfs - ok
13:02:46.0300 4324 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
13:02:46.0300 4324 Null - ok
13:02:46.0331 4324 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
13:02:46.0347 4324 nvraid - ok
13:02:46.0362 4324 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
13:02:46.0378 4324 nvstor - ok
13:02:46.0393 4324 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
13:02:46.0393 4324 nv_agp - ok
13:02:46.0425 4324 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
13:02:46.0440 4324 ohci1394 - ok
13:02:46.0503 4324 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:02:46.0503 4324 ose - ok
13:02:46.0705 4324 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:02:46.0815 4324 osppsvc - ok
13:02:46.0861 4324 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
13:02:46.0861 4324 p2pimsvc - ok
13:02:46.0908 4324 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
13:02:46.0908 4324 p2psvc - ok
13:02:46.0939 4324 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
13:02:46.0939 4324 Parport - ok
13:02:46.0986 4324 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
13:02:46.0986 4324 partmgr - ok
13:02:47.0002 4324 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
13:02:47.0002 4324 PcaSvc - ok
13:02:47.0049 4324 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
13:02:47.0049 4324 pci - ok
13:02:47.0080 4324 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
13:02:47.0080 4324 pciide - ok
13:02:47.0111 4324 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
13:02:47.0111 4324 pcmcia - ok
13:02:47.0158 4324 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
13:02:47.0158 4324 pcw - ok
13:02:47.0173 4324 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
13:02:47.0173 4324 PEAUTH - ok
13:02:47.0267 4324 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
13:02:47.0267 4324 PerfHost - ok
13:02:47.0345 4324 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
13:02:47.0376 4324 pla - ok
13:02:47.0439 4324 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
13:02:47.0439 4324 PlugPlay - ok
13:02:47.0470 4324 PnkBstrA - ok
13:02:47.0501 4324 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
13:02:47.0501 4324 PNRPAutoReg - ok
13:02:47.0517 4324 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
13:02:47.0517 4324 PNRPsvc - ok
13:02:47.0563 4324 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
13:02:47.0579 4324 PolicyAgent - ok
13:02:47.0610 4324 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
13:02:47.0610 4324 Power - ok
13:02:47.0657 4324 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
13:02:47.0657 4324 PptpMiniport - ok
13:02:47.0688 4324 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
13:02:47.0688 4324 Processor - ok
13:02:47.0719 4324 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
13:02:47.0735 4324 ProfSvc - ok
13:02:47.0751 4324 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:02:47.0751 4324 ProtectedStorage - ok
13:02:47.0813 4324 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
13:02:47.0813 4324 Psched - ok
13:02:47.0860 4324 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
13:02:47.0891 4324 ql2300 - ok
13:02:47.0922 4324 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
13:02:47.0922 4324 ql40xx - ok
13:02:47.0953 4324 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
13:02:47.0953 4324 QWAVE - ok
13:02:47.0969 4324 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
13:02:47.0985 4324 QWAVEdrv - ok
13:02:47.0985 4324 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
13:02:47.0985 4324 RasAcd - ok
13:02:48.0031 4324 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
13:02:48.0031 4324 RasAgileVpn - ok
13:02:48.0063 4324 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
13:02:48.0063 4324 RasAuto - ok
13:02:48.0094 4324 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
13:02:48.0094 4324 Rasl2tp - ok
13:02:48.0156 4324 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
13:02:48.0156 4324 RasMan - ok
13:02:48.0187 4324 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
13:02:48.0187 4324 RasPppoe - ok
13:02:48.0234 4324 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
13:02:48.0234 4324 RasSstp - ok
13:02:48.0265 4324 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
13:02:48.0281 4324 rdbss - ok
13:02:48.0297 4324 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
13:02:48.0312 4324 rdpbus - ok
13:02:48.0312 4324 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
13:02:48.0312 4324 RDPCDD - ok
13:02:48.0359 4324 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
13:02:48.0359 4324 RDPENCDD - ok
13:02:48.0375 4324 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
13:02:48.0375 4324 RDPREFMP - ok
13:02:48.0421 4324 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
13:02:48.0421 4324 RDPWD - ok
13:02:48.0468 4324 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
13:02:48.0468 4324 rdyboost - ok
13:02:48.0546 4324 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
13:02:48.0546 4324 RemoteAccess - ok
13:02:48.0562 4324 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
13:02:48.0577 4324 RemoteRegistry - ok
13:02:48.0593 4324 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
13:02:48.0593 4324 RpcEptMapper - ok
13:02:48.0624 4324 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
13:02:48.0624 4324 RpcLocator - ok
13:02:48.0671 4324 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\System32\rpcss.dll
13:02:48.0671 4324 RpcSs - ok
13:02:48.0733 4324 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
13:02:48.0733 4324 rspndr - ok
13:02:48.0796 4324 [ 3CEEE53BBF8BA284FF44585CEC0162FE ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
13:02:48.0796 4324 RSUSBSTOR - ok
13:02:48.0858 4324 [ 777FC2C418465404E3D8A290DC247D24 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
13:02:48.0858 4324 RTL8167 - ok
13:02:48.0874 4324 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
13:02:48.0874 4324 SamSs - ok
13:02:48.0905 4324 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
13:02:48.0921 4324 sbp2port - ok
13:02:48.0952 4324 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
13:02:48.0952 4324 SCardSvr - ok
13:02:48.0999 4324 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
13:02:48.0999 4324 scfilter - ok
13:02:49.0045 4324 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
13:02:49.0061 4324 Schedule - ok
13:02:49.0108 4324 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
13:02:49.0108 4324 SCPolicySvc - ok
13:02:49.0155 4324 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
13:02:49.0170 4324 sdbus - ok
13:02:49.0201 4324 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
13:02:49.0217 4324 SDRSVC - ok
13:02:49.0264 4324 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
13:02:49.0264 4324 secdrv - ok
13:02:49.0295 4324 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
13:02:49.0295 4324 seclogon - ok
13:02:49.0326 4324 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
13:02:49.0326 4324 SENS - ok
13:02:49.0357 4324 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
13:02:49.0357 4324 SensrSvc - ok
13:02:49.0373 4324 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
13:02:49.0373 4324 Serenum - ok
13:02:49.0404 4324 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
13:02:49.0404 4324 Serial - ok
13:02:49.0435 4324 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
13:02:49.0435 4324 sermouse - ok
13:02:49.0482 4324 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
13:02:49.0482 4324 SessionEnv - ok
13:02:49.0529 4324 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
13:02:49.0529 4324 sffdisk - ok
13:02:49.0576 4324 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
13:02:49.0576 4324 sffp_mmc - ok
13:02:49.0591 4324 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
13:02:49.0591 4324 sffp_sd - ok
13:02:49.0623 4324 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
13:02:49.0623 4324 sfloppy - ok
13:02:49.0701 4324 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
13:02:49.0701 4324 Sftfs - ok
13:02:49.0794 4324 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
13:02:49.0810 4324 sftlist - ok
13:02:49.0825 4324 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
13:02:49.0825 4324 Sftplay - ok
13:02:49.0841 4324 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
13:02:49.0841 4324 Sftredir - ok
13:02:49.0857 4324 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
13:02:49.0857 4324 Sftvol - ok
13:02:49.0888 4324 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
13:02:49.0888 4324 sftvsa - ok
13:02:49.0950 4324 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
13:02:49.0950 4324 SharedAccess - ok
13:02:49.0997 4324 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:02:49.0997 4324 ShellHWDetection - ok
13:02:50.0059 4324 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:02:50.0059 4324 SiSRaid2 - ok
13:02:50.0091 4324 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
13:02:50.0091 4324 SiSRaid4 - ok
13:02:50.0153 4324 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
13:02:50.0153 4324 Smb - ok
13:02:50.0231 4324 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
13:02:50.0231 4324 SNMPTRAP - ok
13:02:50.0231 4324 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
13:02:50.0231 4324 spldr - ok
13:02:50.0278 4324 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
13:02:50.0293 4324 Spooler - ok
13:02:50.0387 4324 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
13:02:50.0418 4324 sppsvc - ok
13:02:50.0449 4324 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
13:02:50.0449 4324 sppuinotify - ok
13:02:50.0512 4324 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
13:02:50.0512 4324 srv - ok
13:02:50.0527 4324 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
13:02:50.0527 4324 srv2 - ok
13:02:50.0590 4324 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
13:02:50.0605 4324 SrvHsfHDA - ok
13:02:50.0668 4324 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
13:02:50.0699 4324 SrvHsfV92 - ok
13:02:50.0746 4324 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
13:02:50.0761 4324 SrvHsfWinac - ok
13:02:50.0793 4324 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
13:02:50.0793 4324 srvnet - ok
13:02:50.0871 4324 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
13:02:50.0871 4324 SSDPSRV - ok
13:02:50.0886 4324 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
13:02:50.0886 4324 SstpSvc - ok
13:02:50.0964 4324 [ F009AA51B87E2CF6E89C16DDFE61ABB3 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
13:02:50.0980 4324 STacSV - ok
13:02:51.0027 4324 Steam Client Service - ok
13:02:51.0042 4324 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
13:02:51.0058 4324 stexstor - ok
13:02:51.0105 4324 [ E0428C27010305E3C54315BE7078725B ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
13:02:51.0105 4324 STHDA - ok
13:02:51.0167 4324 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
13:02:51.0167 4324 stisvc - ok
13:02:51.0214 4324 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
13:02:51.0214 4324 swenum - ok
13:02:51.0245 4324 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
13:02:51.0245 4324 swprv - ok
13:02:51.0354 4324 [ 961CFAC2A5318E212F459D651F28E0A4 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
13:02:51.0354 4324 SynTP - ok
13:02:51.0448 4324 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
13:02:51.0463 4324 SysMain - ok
13:02:51.0495 4324 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:02:51.0510 4324 TabletInputService - ok
13:02:51.0557 4324 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
13:02:51.0557 4324 TapiSrv - ok
13:02:51.0573 4324 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
13:02:51.0588 4324 TBS - ok
13:02:51.0666 4324 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
13:02:51.0713 4324 Tcpip - ok
13:02:51.0775 4324 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
13:02:51.0791 4324 TCPIP6 - ok
13:02:51.0838 4324 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
13:02:51.0838 4324 tcpipreg - ok
13:02:51.0900 4324 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
13:02:51.0900 4324 TDPIPE - ok
13:02:51.0931 4324 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
13:02:51.0931 4324 TDTCP - ok
13:02:51.0978 4324 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
13:02:51.0978 4324 tdx - ok
13:02:52.0025 4324 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
13:02:52.0025 4324 TermDD - ok
13:02:52.0087 4324 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
13:02:52.0087 4324 TermService - ok
13:02:52.0119 4324 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
13:02:52.0119 4324 Themes - ok
13:02:52.0134 4324 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
13:02:52.0150 4324 THREADORDER - ok
13:02:52.0165 4324 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
13:02:52.0165 4324 TrkWks - ok
13:02:52.0243 4324 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:02:52.0243 4324 TrustedInstaller - ok
13:02:52.0275 4324 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
13:02:52.0275 4324 tssecsrv - ok
13:02:52.0337 4324 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
13:02:52.0337 4324 TsUsbFlt - ok
13:02:52.0399 4324 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
13:02:52.0415 4324 tunnel - ok
13:02:52.0431 4324 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
13:02:52.0431 4324 uagp35 - ok
13:02:52.0477 4324 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
13:02:52.0493 4324 udfs - ok
13:02:52.0555 4324 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
13:02:52.0555 4324 UI0Detect - ok
13:02:52.0571 4324 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
13:02:52.0571 4324 uliagpkx - ok
13:02:52.0618 4324 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
13:02:52.0618 4324 umbus - ok
13:02:52.0649 4324 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
13:02:52.0649 4324 UmPass - ok
13:02:52.0680 4324 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
13:02:52.0680 4324 upnphost - ok
13:02:52.0774 4324 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
13:02:52.0774 4324 USBAAPL64 - ok
13:02:52.0821 4324 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
13:02:52.0821 4324 usbccgp - ok
13:02:52.0883 4324 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
13:02:52.0883 4324 usbcir - ok
13:02:52.0914 4324 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
13:02:52.0914 4324 usbehci - ok
13:02:52.0961 4324 [ 2C780746DC44A28FE67004DC58173F05 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
13:02:52.0961 4324 usbfilter - ok
13:02:52.0992 4324 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
13:02:52.0992 4324 usbhub - ok
13:02:53.0008 4324 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
13:02:53.0008 4324 usbohci - ok
13:02:53.0039 4324 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
13:02:53.0039 4324 usbprint - ok
13:02:53.0070 4324 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:02:53.0070 4324 USBSTOR - ok
13:02:53.0086 4324 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
13:02:53.0086 4324 usbuhci - ok
13:02:53.0148 4324 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
13:02:53.0148 4324 usbvideo - ok
13:02:53.0179 4324 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
13:02:53.0179 4324 UxSms - ok
13:02:53.0195 4324 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
13:02:53.0195 4324 VaultSvc - ok
13:02:53.0257 4324 [ 2662F24C7AEE2A32CEBDEC907A5366F1 ] vcsFPService C:\Windows\system32\vcsFPService.exe
13:02:53.0273 4324 vcsFPService - ok
13:02:53.0335 4324 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
13:02:53.0335 4324 vdrvroot - ok
13:02:53.0382 4324 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
13:02:53.0398 4324 vds - ok
13:02:53.0445 4324 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
13:02:53.0445 4324 vga - ok
13:02:53.0491 4324 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
13:02:53.0491 4324 VgaSave - ok
13:02:53.0523 4324 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
13:02:53.0538 4324 vhdmp - ok
13:02:53.0585 4324 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
13:02:53.0585 4324 viaide - ok
13:02:53.0616 4324 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
13:02:53.0632 4324 volmgr - ok
13:02:53.0679 4324 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
13:02:53.0679 4324 volmgrx - ok
13:02:53.0710 4324 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
13:02:53.0725 4324 volsnap - ok
13:02:53.0788 4324 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
13:02:53.0788 4324 vsmraid - ok
13:02:53.0850 4324 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
13:02:53.0881 4324 VSS - ok
13:02:53.0897 4324 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
13:02:53.0897 4324 vwifibus - ok
13:02:53.0928 4324 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
13:02:53.0928 4324 vwififlt - ok
13:02:53.0959 4324 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
13:02:53.0959 4324 W32Time - ok
13:02:53.0991 4324 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
13:02:54.0006 4324 WacomPen - ok
13:02:54.0053 4324 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
13:02:54.0053 4324 WANARP - ok
13:02:54.0069 4324 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
13:02:54.0069 4324 Wanarpv6 - ok
13:02:54.0147 4324 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
13:02:54.0178 4324 WatAdminSvc - ok
13:02:54.0271 4324 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
13:02:54.0334 4324 wbengine - ok
13:02:54.0365 4324 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
13:02:54.0365 4324 WbioSrvc - ok
13:02:54.0412 4324 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
13:02:54.0427 4324 wcncsvc - ok
13:02:54.0427 4324 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:02:54.0443 4324 WcsPlugInService - ok
13:02:54.0474 4324 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
13:02:54.0474 4324 Wd - ok
13:02:54.0505 4324 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
13:02:54.0521 4324 Wdf01000 - ok
13:02:54.0521 4324 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
13:02:54.0521 4324 WdiServiceHost - ok
13:02:54.0537 4324 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
13:02:54.0537 4324 WdiSystemHost - ok
13:02:54.0583 4324 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
13:02:54.0583 4324 WebClient - ok
13:02:54.0599 4324 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
13:02:54.0599 4324 Wecsvc - ok
13:02:54.0615 4324 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
13:02:54.0615 4324 wercplsupport - ok
13:02:54.0661 4324 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
13:02:54.0661 4324 WerSvc - ok
13:02:54.0708 4324 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
13:02:54.0708 4324 WfpLwf - ok
13:02:54.0724 4324 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
13:02:54.0724 4324 WIMMount - ok
13:02:54.0771 4324 WinDefend - ok
13:02:54.0771 4324 WinHttpAutoProxySvc - ok
13:02:54.0833 4324 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
13:02:54.0833 4324 Winmgmt - ok
13:02:54.0911 4324 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
13:02:54.0958 4324 WinRM - ok
13:02:55.0020 4324 [ FE88B288356E7B47B74B13372ADD906D ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys
13:02:55.0020 4324 WinUSB - ok
13:02:55.0067 4324 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
13:02:55.0067 4324 Wlansvc - ok
13:02:55.0239 4324 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:02:55.0254 4324 wlidsvc - ok
13:02:55.0285 4324 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
13:02:55.0285 4324 WmiAcpi - ok
13:02:55.0332 4324 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
13:02:55.0348 4324 wmiApSrv - ok
13:02:55.0410 4324 WMPNetworkSvc - ok
13:02:55.0441 4324 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
13:02:55.0441 4324 WPCSvc - ok
13:02:55.0488 4324 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
13:02:55.0488 4324 WPDBusEnum - ok
13:02:55.0519 4324 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
13:02:55.0519 4324 ws2ifsl - ok
13:02:55.0597 4324 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
13:02:55.0597 4324 wscsvc - ok
13:02:55.0597 4324 WSearch - ok
13:02:55.0691 4324 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
13:02:55.0707 4324 wuauserv - ok
13:02:55.0753 4324 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
13:02:55.0753 4324 WudfPf - ok
13:02:55.0769 4324 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
13:02:55.0769 4324 WUDFRd - ok
13:02:55.0816 4324 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
13:02:55.0816 4324 wudfsvc - ok
13:02:55.0847 4324 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
13:02:55.0863 4324 WwanSvc - ok
13:02:56.0034 4324 X6va005 - ok
13:02:56.0081 4324 X6va007 - ok
13:02:56.0143 4324 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
13:02:56.0143 4324 yukonw7 - ok
13:02:56.0175 4324 ================ Scan global ===============================
13:02:56.0206 4324 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
13:02:56.0253 4324 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
13:02:56.0268 4324 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
13:02:56.0284 4324 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
13:02:56.0315 4324 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
13:02:56.0331 4324 [Global] - ok
13:02:56.0331 4324 ================ Scan MBR ==================================
13:02:56.0346 4324 [ 05EA830A07DE0D4CF91B6A7DF2BC9D91 ] \Device\Harddisk0\DR0
13:02:56.0658 4324 \Device\Harddisk0\DR0 - ok
13:02:56.0658 4324 ================ Scan VBR ==================================
13:02:56.0658 4324 [ 86B8966AF5A7E8101034E8343F95F99E ] \Device\Harddisk0\DR0\Partition1
13:02:56.0674 4324 \Device\Harddisk0\DR0\Partition1 - ok
13:02:56.0689 4324 [ FD5CCC962A2890D400C330EB053C9DD5 ] \Device\Harddisk0\DR0\Partition2
13:02:56.0689 4324 \Device\Harddisk0\DR0\Partition2 - ok
13:02:56.0721 4324 [ 2961E085EE5EDB7FA3FDFA29D130CC2F ] \Device\Harddisk0\DR0\Partition3
13:02:56.0721 4324 \Device\Harddisk0\DR0\Partition3 - ok
13:02:56.0736 4324 [ 1AD6C90623E5BBECEB4AA8AF75EB5723 ] \Device\Harddisk0\DR0\Partition4
13:02:56.0736 4324 \Device\Harddisk0\DR0\Partition4 - ok
13:02:56.0736 4324 ============================================================
13:02:56.0736 4324 Scan finished
13:02:56.0736 4324 ============================================================
13:02:56.0752 2728 Detected object count: 0
13:02:56.0752 2728 Actual detected object count: 0

[Dealt21]

ESET Online Scanner:

Found 11 threats, guess I still have a lot to clean.

C:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe.vir Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar\Toolbar32.dll.vir a variant of Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe.vir a variant of Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\ProgramData\Java\jre6\bin\jwdeploy.dll.vir a variant of Win32/PSW.Agent.NSP trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Dealt\AppData\Roaming\dmdthc.dll.vir a variant of Win32/Medfos.BQ trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\14.08.2012_17.52.16\zasubsys0000\file0000\tsk0000.dta Win64/Patched.B.Gen trojan deleted - quarantined
C:\TDSSKiller_Quarantine\14.08.2012_17.52.16\zasubsys0000\zafs0000\tsk0002.dta Win64/Sirefef.AL trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\14.08.2012_17.52.16\zasubsys0000\zafs0000\tsk0003.dta Win64/Sirefef.AH trojan cleaned by deleting - quarantined
C:\Users\Dealt\AppData\Local\{217E550D-DAB8-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul JS/Redirector.NIQ trojan cleaned by deleting - quarantined
C:\Users\Dealt\AppData\Roaming\Windows Search\{2B35B55B-8A44-4B1F-BA13-F31A28BE8A02}\Validator.exe Win32/Gataka.B trojan cleaned by deleting - quarantined
C:\Users\Dealt\Downloads\registryboosterplc.exe Win32/RegistryBooster application cleaned by deleting - quarantined

[Dealt21]

AdwCleaner Results:

# AdwCleaner v1.801 - Logfile created 08/20/2012 at 14:48:12
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Dealt - DEALT-HP
# Boot Mode : Normal
# Running from : C:\Users\Dealt\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\Dealt\AppData\Local\OpenCandy
Folder Found : C:\Users\Dealt\AppData\Roaming\OpenCandy
File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk

***** [Registry] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\Toolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\Toolbar.BandObject
Key Found : HKLM\SOFTWARE\Classes\Toolbar.BandObject.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject
Key Found : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject.1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\StartNow Toolbar
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\Toolbar.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\Toolbar.BandObject
[x64] Key Found : HKLM\SOFTWARE\Classes\Toolbar.BandObject.1
[x64] Key Found : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject
[x64] Key Found : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject.1
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
Key Found : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6857AC4A-95B4-4E2C-B2D2-8A235FCCEF4A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6857AC4A-95B4-4E2C-B2D2-8A235FCCEF4A}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
[x64] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Users\Dealt\AppData\Roaming\Mozilla\Firefox\Profiles\oog7s3vl.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2877 octets] - [20/08/2012 14:48:12]

########## EOF - C:\AdwCleaner[R1].txt - [3005 octets] ##########

[Dealt21]

Here are the results of the security check.

My computer right now is running fine. I do not see any obvious problems, but I just want to make sure the system is clean. I currently am not doing financial transactions on this machine as I am not sure if I still have any programs that can steal my information.

I will not bump this post and I will wait patiently for a response. Thank you for your help in this matter.

Results of screen317's Security Check version 0.99.46
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
Java™ 6 Update 31
Java version out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (14.0.1)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
ESET ESET Online Scanner OnlineCmdLineScanner.exe
windows defender MpCmdRun.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 9%
````````````````````End of Log``````````````````````

[screen317]

Great news. Things are looking good from here.

• Please close all open programs and internet browsers.
  
• Double click on adwcleaner.exe to run the tool.
  
• Click on Delete.
  
• Confirm each time with OK.
  
• Your computer will be rebooted automatically. A text file will open after the restart.
  
• Please post the content of that logfile in your reply.
  
• You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number

Run TFC by OldTimer to clear temporary files:

• Open TFC.exe if you already have it. If not, please download TFC from here and save it to your desktop.
  
• Close any open programs and Internet browsers.
  
• Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  
• Please be patient as clearing out temp files may take a while.
  
• Once it completes you may be prompted to restart your computer, please do so.
  
• Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.



After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):

Adobe Reader
Java™ 6 Update 31

Restart your computer.

Get the latest version of Java, Adobe Reader, and Adobe Flash Player.


Reboot.


Click Start, type in Windows Update, and click on Windows Update when it appears. Download and install all available updates, including Internet Explorer 9.


Reboot. Check again to make sure no updates remain.


Let me know how things are running now.