Chris1223C

SVChost.exe infected

19 posts in this topic

Hi. I've been having some trouble with "Svchost.exe". My Malwarebytes has been comming up with protected attacks and has had "Trojanagent.exe" in the scan. Please help. KKTHXBAI

-Chrisy -poo

Attach.txt

DDS.txt

Share this post


Link to post
Share on other sites

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_27

Run by Emma at 19:17:37 on 2012-04-13

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2324 [GMT -5:00]

.

AV: GFI Software VIPRE *Enabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}

SP: GFI Software VIPRE *Enabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: GFI Software VIPRE *Enabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe

C:\Program Files (x86)\PDF Complete\pdfsvc.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe

C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe

C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\WUDFHost.exe

C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\System32\StikyNot.exe

C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe

C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe

C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe

c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

c:\program files (x86)\teamviewer\version7\TeamViewer_Desktop.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

\\?\C:\Windows\system32\wbem\WMIADAP.EXE

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe

mRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe

mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe

mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [sBAMTray] "C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe"

mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GAMERS~1.LNK - C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab

DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

TCP: Interfaces\{61E841B5-5714-4002-9800-D39A7E25CE31} : DhcpNameServer = 192.168.1.254

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO-X64: Search Helper - No File

BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll

TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

mRun-x64: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe

mRun-x64: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe

mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [sBAMTray] "C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe"

mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Emma\AppData\Roaming\Mozilla\Firefox\Profiles\dosww82a.default\

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll

FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 amd_sata;amd_sata;C:\Windows\system32\drivers\amd_sata.sys --> C:\Windows\system32\drivers\amd_sata.sys [?]

R0 amd_xata;amd_xata;C:\Windows\system32\drivers\amd_xata.sys --> C:\Windows\system32\drivers\amd_xata.sys [?]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

R1 SbFw;SbFw;C:\Windows\system32\drivers\SbFw.sys --> C:\Windows\system32\drivers\SbFw.sys [?]

R1 SBRE;SBRE;C:\Windows\System32\drivers\SBREDrv.sys [2011-10-26 101112]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-2-28 2343816]

R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]

R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-13 654408]

R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]

R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-5-26 1127448]

R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]

R2 SBAMSvc;VIPRE Internet Security;C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe [2012-1-19 3289032]

R2 sbapifs;sbapifs;C:\Windows\system32\DRIVERS\sbapifs.sys --> C:\Windows\system32\DRIVERS\sbapifs.sys [?]

R2 SBPIMSvc;SB Recovery Service;C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe [2012-1-19 173424]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-9-25 2358656]

R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-1-19 3027840]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;C:\Windows\system32\DRIVERS\SBFWIM.sys --> C:\Windows\system32\DRIVERS\SBFWIM.sys [?]

R3 sbwtis;sbwtis;C:\Windows\system32\DRIVERS\sbwtis.sys --> C:\Windows\system32\DRIVERS\sbwtis.sys [?]

R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]

R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]

R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]

R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\drivers\usbfilter.sys --> C:\Windows\system32\drivers\usbfilter.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-15 158856]

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;C:\Windows\system32\DRIVERS\sbfwim.sys --> C:\Windows\system32\DRIVERS\sbfwim.sys [?]

S3 SbHips;SbHips;C:\Windows\system32\drivers\sbhips.sys --> C:\Windows\system32\drivers\sbhips.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-04-13 23:46:00 -------- d-sh--w- C:\$RECYCLE.BIN

2012-04-12 02:50:45 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys

2012-04-12 02:50:44 81408 ----a-w- C:\Windows\System32\imagehlp.dll

2012-04-12 02:50:44 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll

2012-04-12 02:50:43 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll

2012-04-12 02:50:42 5120 ----a-w- C:\Windows\SysWow64\wmi.dll

2012-04-12 02:50:42 5120 ----a-w- C:\Windows\System32\wmi.dll

2012-04-12 02:50:42 220672 ----a-w- C:\Windows\System32\wintrust.dll

2012-04-04 14:06:40 -------- d-----w- C:\TDSSKiller_Quarantine

2012-04-03 01:05:16 -------- d-----w- C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}

2012-04-03 01:03:51 -------- d-----w- C:\Users\Emma\AppData\Roaming\hpqLog

2012-04-03 01:03:09 -------- d-----w- C:\Users\Emma\AppData\Roaming\WinBatch

2012-03-31 13:23:54 -------- d-----w- C:\Program Files\iTunes

2012-03-28 05:20:37 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll

2012-03-28 05:20:37 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll

2012-03-15 04:45:19 -------- d-----w- C:\Users\Emma\AppData\Roaming\MatSpoon

2012-03-15 04:45:17 -------- d-----w- C:\Program Files (x86)\MatSpoon

2012-03-15 04:19:34 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi

2012-03-15 03:57:50 -------- d-----w- C:\ProgramData\GFI Software

2012-03-15 03:57:12 60536 ----a-w- C:\Windows\System32\drivers\sbhips.sys

2012-03-15 03:56:47 256632 ----a-w- C:\Windows\System32\drivers\SbFw.sys

2012-03-15 03:56:47 119416 ----a-w- C:\Windows\System32\drivers\SbFwIm.sys

2012-03-15 03:56:46 57976 ----a-w- C:\Windows\System32\drivers\sbredrv.sys

2012-03-15 03:56:46 45936 ----a-w- C:\Windows\System32\sbbd.exe

2012-03-15 03:56:15 -------- d-----w- C:\ProgramData\Downloaded Installations

2012-03-15 03:54:58 -------- d-----w- C:\Users\Emma\AppData\Roaming\GFI Software

2012-03-15 03:28:36 3145728 ----a-w- C:\Windows\System32\win32k.sys

2012-03-15 03:27:43 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-03-15 03:27:42 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-03-15 03:27:42 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-03-15 03:27:35 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-03-15 03:27:34 1544192 ----a-w- C:\Windows\System32\DWrite.dll

2012-03-15 03:27:19 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll

2012-03-15 03:27:19 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

2012-03-15 03:27:18 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-03-15 03:27:17 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

.

==================== Find3M ====================

.

2012-04-04 20:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-03-15 09:45:23 88 ----a-w- C:\Users\Emma\AppData\Roaming\netstat.bat

2012-03-06 06:53:37 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-03-06 05:59:47 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-03-06 05:59:41 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll

2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll

2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-02-15 16:01:50 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys

2012-02-15 16:01:50 4547944 ----a-w- C:\Windows\System32\usbaaplrc.dll

2012-01-19 21:13:20 45936 ----a-w- C:\Windows\SysWow64\sbbd.exe

2012-01-17 14:24:02 84600 ----a-w- C:\Windows\System32\drivers\sbwtis.sys

.

============= FINISH: 19:19:01.31 ===============

Share this post


Link to post
Share on other sites

Hello and :welcome:

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Share this post


Link to post
Share on other sites

Okay, so this was one from yesterday.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_27

Run by Emma at 19:17:37 on 2012-04-13

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2324 [GMT -5:00]

.

AV: GFI Software VIPRE *Enabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}

SP: GFI Software VIPRE *Enabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: GFI Software VIPRE *Enabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe

C:\Program Files (x86)\PDF Complete\pdfsvc.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe

C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe

C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\WUDFHost.exe

C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\System32\StikyNot.exe

C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe

C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe

C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe

c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

c:\program files (x86)\teamviewer\version7\TeamViewer_Desktop.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

\\?\C:\Windows\system32\wbem\WMIADAP.EXE

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe

mRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe

mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe

mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [sBAMTray] "C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe"

mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GAMERS~1.LNK - C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab

DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

TCP: Interfaces\{61E841B5-5714-4002-9800-D39A7E25CE31} : DhcpNameServer = 192.168.1.254

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO-X64: Search Helper - No File

BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll

TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

mRun-x64: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe

mRun-x64: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe

mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [sBAMTray] "C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe"

mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Emma\AppData\Roaming\Mozilla\Firefox\Profiles\dosww82a.default\

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll

FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 amd_sata;amd_sata;C:\Windows\system32\drivers\amd_sata.sys --> C:\Windows\system32\drivers\amd_sata.sys [?]

R0 amd_xata;amd_xata;C:\Windows\system32\drivers\amd_xata.sys --> C:\Windows\system32\drivers\amd_xata.sys [?]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

R1 SbFw;SbFw;C:\Windows\system32\drivers\SbFw.sys --> C:\Windows\system32\drivers\SbFw.sys [?]

R1 SBRE;SBRE;C:\Windows\System32\drivers\SBREDrv.sys [2011-10-26 101112]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-2-28 2343816]

R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]

R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-13 654408]

R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]

R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-5-26 1127448]

R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]

R2 SBAMSvc;VIPRE Internet Security;C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe [2012-1-19 3289032]

R2 sbapifs;sbapifs;C:\Windows\system32\DRIVERS\sbapifs.sys --> C:\Windows\system32\DRIVERS\sbapifs.sys [?]

R2 SBPIMSvc;SB Recovery Service;C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe [2012-1-19 173424]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-9-25 2358656]

R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-1-19 3027840]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;C:\Windows\system32\DRIVERS\SBFWIM.sys --> C:\Windows\system32\DRIVERS\SBFWIM.sys [?]

R3 sbwtis;sbwtis;C:\Windows\system32\DRIVERS\sbwtis.sys --> C:\Windows\system32\DRIVERS\sbwtis.sys [?]

R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]

R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]

R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]

R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\drivers\usbfilter.sys --> C:\Windows\system32\drivers\usbfilter.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-15 158856]

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;C:\Windows\system32\DRIVERS\sbfwim.sys --> C:\Windows\system32\DRIVERS\sbfwim.sys [?]

S3 SbHips;SbHips;C:\Windows\system32\drivers\sbhips.sys --> C:\Windows\system32\drivers\sbhips.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-04-13 23:46:00 -------- d-sh--w- C:\$RECYCLE.BIN

2012-04-12 02:50:45 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys

2012-04-12 02:50:44 81408 ----a-w- C:\Windows\System32\imagehlp.dll

2012-04-12 02:50:44 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll

2012-04-12 02:50:43 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll

2012-04-12 02:50:42 5120 ----a-w- C:\Windows\SysWow64\wmi.dll

2012-04-12 02:50:42 5120 ----a-w- C:\Windows\System32\wmi.dll

2012-04-12 02:50:42 220672 ----a-w- C:\Windows\System32\wintrust.dll

2012-04-04 14:06:40 -------- d-----w- C:\TDSSKiller_Quarantine

2012-04-03 01:05:16 -------- d-----w- C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}

2012-04-03 01:03:51 -------- d-----w- C:\Users\Emma\AppData\Roaming\hpqLog

2012-04-03 01:03:09 -------- d-----w- C:\Users\Emma\AppData\Roaming\WinBatch

2012-03-31 13:23:54 -------- d-----w- C:\Program Files\iTunes

2012-03-28 05:20:37 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll

2012-03-28 05:20:37 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll

2012-03-15 04:45:19 -------- d-----w- C:\Users\Emma\AppData\Roaming\MatSpoon

2012-03-15 04:45:17 -------- d-----w- C:\Program Files (x86)\MatSpoon

2012-03-15 04:19:34 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi

2012-03-15 03:57:50 -------- d-----w- C:\ProgramData\GFI Software

2012-03-15 03:57:12 60536 ----a-w- C:\Windows\System32\drivers\sbhips.sys

2012-03-15 03:56:47 256632 ----a-w- C:\Windows\System32\drivers\SbFw.sys

2012-03-15 03:56:47 119416 ----a-w- C:\Windows\System32\drivers\SbFwIm.sys

2012-03-15 03:56:46 57976 ----a-w- C:\Windows\System32\drivers\sbredrv.sys

2012-03-15 03:56:46 45936 ----a-w- C:\Windows\System32\sbbd.exe

2012-03-15 03:56:15 -------- d-----w- C:\ProgramData\Downloaded Installations

2012-03-15 03:54:58 -------- d-----w- C:\Users\Emma\AppData\Roaming\GFI Software

2012-03-15 03:28:36 3145728 ----a-w- C:\Windows\System32\win32k.sys

2012-03-15 03:27:43 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-03-15 03:27:42 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-03-15 03:27:42 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-03-15 03:27:35 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-03-15 03:27:34 1544192 ----a-w- C:\Windows\System32\DWrite.dll

2012-03-15 03:27:19 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll

2012-03-15 03:27:19 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

2012-03-15 03:27:18 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-03-15 03:27:17 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

.

==================== Find3M ====================

.

2012-04-04 20:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-03-15 09:45:23 88 ----a-w- C:\Users\Emma\AppData\Roaming\netstat.bat

2012-03-06 06:53:37 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-03-06 05:59:47 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-03-06 05:59:41 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll

2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll

2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-02-15 16:01:50 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys

2012-02-15 16:01:50 4547944 ----a-w- C:\Windows\System32\usbaaplrc.dll

2012-01-19 21:13:20 45936 ----a-w- C:\Windows\SysWow64\sbbd.exe

2012-01-17 14:24:02 84600 ----a-w- C:\Windows\System32\drivers\sbwtis.sys

.

============= FINISH: 19:19:01.31 ===============

Share this post


Link to post
Share on other sites

But, I think that was after my, ComboFix run. Here's the log for my, Combofix run.ComboFix 12-04-13.01 - Emma 13/04/2012 18:17:21.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2311 [GMT -5:00]

Running from: c:\users\Emma\Desktop\ComboFix.exe

AV: GFI Software VIPRE *Disabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}

FW: GFI Software VIPRE *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}

SP: GFI Software VIPRE *Disabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Emma\001.JPG

c:\users\Emma\002.JPG

c:\users\Emma\003.JPG

c:\users\Emma\004.JPG

c:\users\Emma\005.JPG

c:\users\Emma\006.JPG

c:\users\Emma\007.JPG

c:\users\Emma\008.JPG

c:\users\Emma\009.JPG

c:\users\Emma\010.JPG

c:\users\Emma\011.JPG

c:\windows\security\Database\tmp.edb

.

.

((((((((((((((((((((((((( Files Created from 2012-03-13 to 2012-04-13 )))))))))))))))))))))))))))))))

.

.

2012-04-13 23:21 . 2012-04-13 23:21 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-04-12 02:50 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-04-12 02:50 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll

2012-04-12 02:50 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-04-12 02:50 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-04-12 02:50 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll

2012-04-12 02:50 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll

2012-04-12 02:50 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2012-04-04 14:06 . 2012-04-13 22:38 -------- d-----w- C:\TDSSKiller_Quarantine

2012-04-03 01:05 . 2012-04-03 01:05 -------- d-----w- c:\programdata\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}

2012-04-03 01:03 . 2012-04-03 01:07 -------- d-----w- c:\users\Emma\AppData\Roaming\hpqLog

2012-04-03 01:03 . 2012-04-03 01:03 -------- d-----w- c:\users\Emma\AppData\Roaming\WinBatch

2012-03-31 13:23 . 2012-03-31 13:24 -------- d-----w- c:\program files\iTunes

2012-03-28 05:20 . 2012-03-28 05:20 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll

2012-03-28 05:20 . 2012-03-28 05:20 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll

2012-03-28 01:09 . 2012-03-28 01:09 -------- d-----r- C:\MSOCache

2012-03-15 04:45 . 2012-03-15 04:45 -------- d-----w- c:\users\Emma\AppData\Roaming\MatSpoon

2012-03-15 04:45 . 2012-03-15 04:45 -------- d-----w- c:\program files (x86)\MatSpoon

2012-03-15 04:19 . 2012-03-15 04:19 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi

2012-03-15 03:57 . 2012-03-15 03:57 -------- d-----w- c:\programdata\GFI Software

2012-03-15 03:57 . 2012-01-17 14:24 60536 ----a-w- c:\windows\system32\drivers\sbhips.sys

2012-03-15 03:56 . 2012-01-17 14:24 256632 ----a-w- c:\windows\system32\drivers\SbFw.sys

2012-03-15 03:56 . 2011-09-29 17:16 119416 ----a-w- c:\windows\system32\drivers\SbFwIm.sys

2012-03-15 03:56 . 2012-01-19 21:13 45936 ----a-w- c:\windows\system32\sbbd.exe

2012-03-15 03:56 . 2011-10-26 19:23 57976 ----a-w- c:\windows\system32\drivers\sbredrv.sys

2012-03-15 03:56 . 2012-03-15 03:56 -------- d-----w- c:\programdata\Downloaded Installations

2012-03-15 03:54 . 2012-03-15 03:54 -------- d-----w- c:\users\Emma\AppData\Roaming\GFI Software

2012-03-15 03:28 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys

2012-03-15 03:27 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-03-15 03:27 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-03-15 03:27 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-03-15 03:27 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-03-15 03:27 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll

2012-03-15 03:27 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-03-15 03:27 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-03-15 03:27 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-03-15 03:27 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-04 20:56 . 2011-09-26 11:38 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-15 09:45 . 2011-11-15 12:00 88 ----a-w- c:\users\Emma\AppData\Roaming\netstat.bat

2012-02-15 16:01 . 2012-02-15 16:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys

2012-02-15 16:01 . 2012-02-15 16:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll

2012-01-19 21:13 . 2012-01-19 21:13 45936 ----a-w- c:\windows\SysWow64\sbbd.exe

2012-01-17 14:24 . 2012-01-17 14:24 84600 ----a-w- c:\windows\system32\drivers\sbwtis.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-15 4785536]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17148552]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-12 102400]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]

"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-02-01 656920]

"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

"SBAMTray"="c:\program files (x86)\GFI Software\VIPRE\SBAMTray.exe" [2012-01-19 3050352]

"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

GamersFirst LIVE!.lnk - c:\program files (x86)\GamersFirst\LIVE!\Live.exe [2011-8-15 2589808]

McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

R2 SBAMSvc;VIPRE Internet Security;c:\program files (x86)\GFI Software\VIPRE\SBAMSvc.exe [2012-01-19 3289032]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-15 158856]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [x]

R3 SbHips;SbHips;c:\windows\system32\drivers\sbhips.sys [x]

R3 sbwtis;sbwtis;c:\windows\system32\DRIVERS\sbwtis.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [x]

S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [x]

S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-10-26 57976]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]

S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]

S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]

S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2011-02-01 1127448]

S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]

S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [x]

S2 SBPIMSvc;SB Recovery Service;c:\program files (x86)\GFI Software\VIPRE\SBPIMSvc.exe [2012-01-19 173424]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-30 2358656]

S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-10 c:\windows\Tasks\HPCeeScheduleForEmma.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

FF - ProfilePath - c:\users\Emma\AppData\Roaming\Mozilla\Firefox\Profiles\dosww82a.default\

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe

SafeBoot-63193613.sys

AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]

"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

.

**************************************************************************

.

Completion time: 2012-04-13 18:25:42 - machine was rebooted

ComboFix-quarantined-files.txt 2012-04-13 23:25

.

Pre-Run: 624,323,342,336 bytes free

Post-Run: 624,388,648,960 bytes free

.

- - End Of File - - 02B2EFB2D5CFCF96B668C6EDB6118D06

Share this post


Link to post
Share on other sites

I didn't ask for DDS or combofix logs, I asked for a TDSSkiller log, please see my previous post. :)

Share this post


Link to post
Share on other sites

Okay, sorry here it is.

23:28:13.0204 4496 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05

23:28:13.0735 4496 ============================================================

23:28:13.0735 4496 Current date / time: 2012/04/14 23:28:13.0735

23:28:13.0735 4496 SystemInfo:

23:28:13.0735 4496

23:28:13.0735 4496 OS Version: 6.1.7601 ServicePack: 1.0

23:28:13.0735 4496 Product type: Workstation

23:28:13.0735 4496 ComputerName: EMMA-HP

23:28:13.0735 4496 UserName: Emma

23:28:13.0735 4496 Windows directory: C:\Windows

23:28:13.0735 4496 System windows directory: C:\Windows

23:28:13.0735 4496 Running under WOW64

23:28:13.0735 4496 Processor architecture: Intel x64

23:28:13.0735 4496 Number of processors: 2

23:28:13.0735 4496 Page size: 0x1000

23:28:13.0735 4496 Boot type: Normal boot

23:28:13.0735 4496 ============================================================

23:28:15.0217 4496 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

23:28:15.0248 4496 \Device\Harddisk0\DR0:

23:28:15.0248 4496 MBR used

23:28:15.0248 4496 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

23:28:15.0248 4496 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x55E9D000

23:28:15.0248 4496 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x55ECF800, BlocksNum 0x1676000

23:28:15.0295 4496 Initialize success

23:28:15.0295 4496 ============================================================

23:30:07.0861 4036 ============================================================

23:30:07.0861 4036 Scan started

23:30:07.0861 4036 Mode: Manual; SigCheck; TDLFS;

23:30:07.0861 4036 ============================================================

23:30:09.0109 4036 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

23:30:09.0795 4036 !SASCORE - ok

23:30:09.0920 4036 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

23:30:10.0014 4036 1394ohci - ok

23:30:10.0061 4036 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

23:30:10.0076 4036 ACPI - ok

23:30:10.0107 4036 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

23:30:10.0201 4036 AcpiPmi - ok

23:30:10.0232 4036 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys

23:30:10.0263 4036 adp94xx - ok

23:30:10.0310 4036 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys

23:30:10.0341 4036 adpahci - ok

23:30:10.0404 4036 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys

23:30:10.0435 4036 adpu320 - ok

23:30:10.0466 4036 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

23:30:10.0607 4036 AeLookupSvc - ok

23:30:10.0700 4036 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

23:30:10.0778 4036 AFD - ok

23:30:10.0825 4036 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

23:30:10.0841 4036 agp440 - ok

23:30:10.0872 4036 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

23:30:10.0950 4036 ALG - ok

23:30:10.0965 4036 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

23:30:11.0012 4036 aliide - ok

23:30:11.0090 4036 AMD External Events Utility (ca0d6c1390f4b3baf2a0a69d1a7f8332) C:\Windows\system32\atiesrxx.exe

23:30:11.0199 4036 AMD External Events Utility - ok

23:30:11.0246 4036 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

23:30:11.0293 4036 amdide - ok

23:30:11.0340 4036 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys

23:30:11.0387 4036 AmdK8 - ok

23:30:11.0574 4036 amdkmdag (75e4baca583ae02c11e9ac8747e2abe0) C:\Windows\system32\DRIVERS\atikmdag.sys

23:30:11.0777 4036 amdkmdag - ok

23:30:11.0823 4036 amdkmdap (b765cf4b32f347be747b21ae22641025) C:\Windows\system32\DRIVERS\atikmpag.sys

23:30:11.0855 4036 amdkmdap - ok

23:30:11.0886 4036 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys

23:30:11.0901 4036 AmdPPM - ok

23:30:11.0964 4036 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

23:30:11.0995 4036 amdsata - ok

23:30:12.0042 4036 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys

23:30:12.0073 4036 amdsbs - ok

23:30:12.0120 4036 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

23:30:12.0151 4036 amdxata - ok

23:30:12.0182 4036 amd_sata (caee7c1afc9f1c9ee8dd11acd18d22e7) C:\Windows\system32\drivers\amd_sata.sys

23:30:12.0245 4036 amd_sata - ok

23:30:12.0260 4036 amd_xata (23726116b4fbcc84fc45b95157c08f5f) C:\Windows\system32\drivers\amd_xata.sys

23:30:12.0291 4036 amd_xata - ok

23:30:12.0369 4036 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

23:30:12.0510 4036 AppID - ok

23:30:12.0557 4036 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

23:30:12.0603 4036 AppIDSvc - ok

23:30:12.0635 4036 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

23:30:12.0681 4036 Appinfo - ok

23:30:12.0806 4036 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

23:30:12.0837 4036 Apple Mobile Device - ok

23:30:12.0884 4036 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys

23:30:12.0900 4036 arc - ok

23:30:12.0931 4036 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys

23:30:12.0978 4036 arcsas - ok

23:30:13.0071 4036 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

23:30:13.0118 4036 aspnet_state - ok

23:30:13.0149 4036 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

23:30:13.0212 4036 AsyncMac - ok

23:30:13.0259 4036 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

23:30:13.0274 4036 atapi - ok

23:30:13.0337 4036 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\drivers\AtiPcie64.sys

23:30:13.0368 4036 AtiPcie - ok

23:30:13.0430 4036 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

23:30:13.0477 4036 AudioEndpointBuilder - ok

23:30:13.0493 4036 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

23:30:13.0524 4036 AudioSrv - ok

23:30:13.0555 4036 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

23:30:13.0664 4036 AxInstSV - ok

23:30:13.0695 4036 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys

23:30:13.0758 4036 b06bdrv - ok

23:30:13.0820 4036 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

23:30:13.0867 4036 b57nd60a - ok

23:30:13.0914 4036 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

23:30:13.0977 4036 BDESVC - ok

23:30:13.0993 4036 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

23:30:14.0040 4036 Beep - ok

23:30:14.0086 4036 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

23:30:14.0211 4036 BFE - ok

23:30:14.0289 4036 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll

23:30:14.0367 4036 BITS - ok

23:30:14.0414 4036 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys

23:30:14.0461 4036 blbdrive - ok

23:30:14.0570 4036 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe

23:30:14.0617 4036 Bonjour Service - ok

23:30:14.0664 4036 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

23:30:14.0757 4036 bowser - ok

23:30:14.0773 4036 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys

23:30:14.0804 4036 BrFiltLo - ok

23:30:14.0820 4036 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys

23:30:14.0866 4036 BrFiltUp - ok

23:30:14.0913 4036 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys

23:30:14.0976 4036 BridgeMP - ok

23:30:15.0007 4036 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

23:30:15.0038 4036 Browser - ok

23:30:15.0054 4036 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

23:30:15.0147 4036 Brserid - ok

23:30:15.0178 4036 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

23:30:15.0225 4036 BrSerWdm - ok

23:30:15.0256 4036 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

23:30:15.0288 4036 BrUsbMdm - ok

23:30:15.0319 4036 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

23:30:15.0350 4036 BrUsbSer - ok

23:30:15.0381 4036 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys

23:30:15.0428 4036 BTHMODEM - ok

23:30:15.0459 4036 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

23:30:15.0522 4036 bthserv - ok

23:30:15.0537 4036 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

23:30:15.0600 4036 cdfs - ok

23:30:15.0631 4036 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

23:30:15.0678 4036 cdrom - ok

23:30:15.0724 4036 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

23:30:15.0787 4036 CertPropSvc - ok

23:30:15.0818 4036 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys

23:30:15.0849 4036 circlass - ok

23:30:15.0912 4036 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

23:30:15.0927 4036 CLFS - ok

23:30:16.0005 4036 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

23:30:16.0036 4036 clr_optimization_v2.0.50727_32 - ok

23:30:16.0099 4036 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

23:30:16.0130 4036 clr_optimization_v2.0.50727_64 - ok

23:30:16.0192 4036 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

23:30:16.0317 4036 clr_optimization_v4.0.30319_32 - ok

23:30:16.0348 4036 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

23:30:16.0364 4036 clr_optimization_v4.0.30319_64 - ok

23:30:16.0473 4036 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys

23:30:16.0520 4036 CmBatt - ok

23:30:16.0567 4036 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

23:30:16.0598 4036 cmdide - ok

23:30:16.0629 4036 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

23:30:16.0692 4036 CNG - ok

23:30:16.0723 4036 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys

23:30:16.0738 4036 Compbatt - ok

23:30:16.0770 4036 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

23:30:16.0816 4036 CompositeBus - ok

23:30:16.0832 4036 COMSysApp - ok

23:30:16.0863 4036 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys

23:30:16.0879 4036 crcdisk - ok

23:30:16.0910 4036 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll

23:30:16.0957 4036 CryptSvc - ok

23:30:17.0082 4036 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

23:30:17.0113 4036 cvhsvc - ok

23:30:17.0160 4036 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

23:30:17.0222 4036 DcomLaunch - ok

23:30:17.0269 4036 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

23:30:17.0316 4036 defragsvc - ok

23:30:17.0347 4036 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

23:30:17.0409 4036 DfsC - ok

23:30:17.0440 4036 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

23:30:17.0503 4036 Dhcp - ok

23:30:17.0534 4036 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

23:30:17.0612 4036 discache - ok

23:30:17.0659 4036 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys

23:30:17.0659 4036 Disk - ok

23:30:17.0706 4036 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

23:30:17.0752 4036 Dnscache - ok

23:30:17.0768 4036 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

23:30:17.0846 4036 dot3svc - ok

23:30:17.0877 4036 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

23:30:17.0924 4036 DPS - ok

23:30:17.0971 4036 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

23:30:18.0002 4036 drmkaud - ok

23:30:18.0049 4036 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

23:30:18.0096 4036 DXGKrnl - ok

23:30:18.0142 4036 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

23:30:18.0189 4036 EapHost - ok

23:30:18.0267 4036 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys

23:30:18.0376 4036 ebdrv - ok

23:30:18.0423 4036 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

23:30:18.0470 4036 EFS - ok

23:30:18.0548 4036 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

23:30:18.0626 4036 ehRecvr - ok

23:30:18.0642 4036 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

23:30:18.0673 4036 ehSched - ok

23:30:18.0735 4036 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys

23:30:18.0782 4036 elxstor - ok

23:30:18.0813 4036 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

23:30:18.0844 4036 ErrDev - ok

23:30:18.0907 4036 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

23:30:18.0954 4036 EventSystem - ok

23:30:18.0985 4036 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

23:30:19.0032 4036 exfat - ok

23:30:19.0063 4036 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

23:30:19.0156 4036 fastfat - ok

23:30:19.0203 4036 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

23:30:19.0281 4036 Fax - ok

23:30:19.0312 4036 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys

23:30:19.0344 4036 fdc - ok

23:30:19.0375 4036 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

23:30:19.0437 4036 fdPHost - ok

23:30:19.0468 4036 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

23:30:19.0515 4036 FDResPub - ok

23:30:19.0546 4036 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

23:30:19.0578 4036 FileInfo - ok

23:30:19.0609 4036 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

23:30:19.0671 4036 Filetrace - ok

23:30:19.0702 4036 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys

23:30:19.0718 4036 flpydisk - ok

23:30:19.0749 4036 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

23:30:19.0780 4036 FltMgr - ok

23:30:19.0812 4036 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

23:30:19.0952 4036 FontCache - ok

23:30:20.0014 4036 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

23:30:20.0046 4036 FontCache3.0.0.0 - ok

23:30:20.0077 4036 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

23:30:20.0108 4036 FsDepends - ok

23:30:20.0139 4036 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

23:30:20.0155 4036 Fs_Rec - ok

23:30:20.0202 4036 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

23:30:20.0233 4036 fvevol - ok

23:30:20.0280 4036 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys

23:30:20.0311 4036 gagp30kx - ok

23:30:20.0373 4036 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

23:30:20.0404 4036 GamesAppService - ok

23:30:20.0467 4036 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

23:30:20.0498 4036 GEARAspiWDM - ok

23:30:20.0545 4036 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

23:30:20.0576 4036 gpsvc - ok

23:30:20.0623 4036 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys

23:30:20.0638 4036 hamachi - ok

23:30:20.0732 4036 Hamachi2Svc (d483dbaef409e8ab7477c28615fcd853) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

23:30:20.0779 4036 Hamachi2Svc - ok

23:30:20.0810 4036 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

23:30:20.0872 4036 hcw85cir - ok

23:30:20.0904 4036 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

23:30:20.0950 4036 HdAudAddService - ok

23:30:20.0997 4036 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

23:30:21.0028 4036 HDAudBus - ok

23:30:21.0060 4036 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys

23:30:21.0106 4036 HidBatt - ok

23:30:21.0184 4036 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys

23:30:21.0231 4036 HidBth - ok

23:30:21.0262 4036 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys

23:30:21.0309 4036 HidIr - ok

23:30:21.0340 4036 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll

23:30:21.0387 4036 hidserv - ok

23:30:21.0418 4036 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

23:30:21.0450 4036 HidUsb - ok

23:30:21.0481 4036 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

23:30:21.0528 4036 hkmsvc - ok

23:30:21.0559 4036 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

23:30:21.0606 4036 HomeGroupListener - ok

23:30:21.0637 4036 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

23:30:21.0668 4036 HomeGroupProvider - ok

23:30:21.0762 4036 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

23:30:21.0824 4036 HP Support Assistant Service - ok

23:30:21.0902 4036 HPClientSvc (6a181452d4e240b8ecc7614b9a19bde9) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

23:30:21.0949 4036 HPClientSvc - ok

23:30:21.0996 4036 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

23:30:22.0027 4036 hpqwmiex - ok

23:30:22.0089 4036 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

23:30:22.0120 4036 HpSAMD - ok

23:30:22.0167 4036 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

23:30:22.0261 4036 HTTP - ok

23:30:22.0261 4036 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

23:30:22.0292 4036 hwpolicy - ok

23:30:22.0354 4036 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

23:30:22.0386 4036 i8042prt - ok

23:30:22.0432 4036 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

23:30:22.0479 4036 iaStorV - ok

23:30:22.0542 4036 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

23:30:22.0588 4036 idsvc - ok

23:30:22.0744 4036 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys

23:30:22.0947 4036 igfx - ok

23:30:22.0994 4036 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys

23:30:23.0056 4036 iirsp - ok

23:30:23.0088 4036 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

23:30:23.0150 4036 IKEEXT - ok

23:30:23.0228 4036 IntcAzAudAddService (589b94a9b73a0e819ff873743a480834) C:\Windows\system32\drivers\RTKVHD64.sys

23:30:23.0322 4036 IntcAzAudAddService - ok

23:30:23.0353 4036 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

23:30:23.0384 4036 intelide - ok

23:30:23.0415 4036 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys

23:30:23.0446 4036 intelppm - ok

23:30:23.0478 4036 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

23:30:23.0540 4036 IPBusEnum - ok

23:30:23.0571 4036 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

23:30:23.0618 4036 IpFilterDriver - ok

23:30:23.0665 4036 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

23:30:23.0727 4036 iphlpsvc - ok

23:30:23.0743 4036 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

23:30:23.0790 4036 IPMIDRV - ok

23:30:23.0805 4036 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

23:30:23.0868 4036 IPNAT - ok

23:30:23.0930 4036 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe

23:30:24.0008 4036 iPod Service - ok

23:30:24.0039 4036 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

23:30:24.0086 4036 IRENUM - ok

23:30:24.0117 4036 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

23:30:24.0133 4036 isapnp - ok

23:30:24.0164 4036 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

23:30:24.0195 4036 iScsiPrt - ok

23:30:24.0226 4036 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

23:30:24.0242 4036 kbdclass - ok

23:30:24.0273 4036 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

23:30:24.0304 4036 kbdhid - ok

23:30:24.0351 4036 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

23:30:24.0351 4036 KeyIso - ok

23:30:24.0382 4036 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

23:30:24.0414 4036 KSecDD - ok

23:30:24.0445 4036 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

23:30:24.0476 4036 KSecPkg - ok

23:30:24.0507 4036 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

23:30:24.0585 4036 ksthunk - ok

23:30:24.0648 4036 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

23:30:24.0710 4036 KtmRm - ok

23:30:24.0757 4036 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll

23:30:24.0819 4036 LanmanServer - ok

23:30:24.0850 4036 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

23:30:24.0882 4036 LanmanWorkstation - ok

23:30:24.0928 4036 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

23:30:24.0991 4036 lltdio - ok

23:30:25.0022 4036 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

23:30:25.0100 4036 lltdsvc - ok

23:30:25.0131 4036 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

23:30:25.0178 4036 lmhosts - ok

23:30:25.0209 4036 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys

23:30:25.0240 4036 LSI_FC - ok

23:30:25.0272 4036 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys

23:30:25.0303 4036 LSI_SAS - ok

23:30:25.0318 4036 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys

23:30:25.0365 4036 LSI_SAS2 - ok

23:30:25.0412 4036 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys

23:30:25.0428 4036 LSI_SCSI - ok

23:30:25.0459 4036 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

23:30:25.0521 4036 luafv - ok

23:30:25.0568 4036 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys

23:30:26.0052 4036 MBAMProtector - ok

23:30:26.0145 4036 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

23:30:26.0161 4036 MBAMService - ok

23:30:26.0208 4036 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe

23:30:26.0239 4036 McComponentHostService - ok

23:30:26.0270 4036 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

23:30:26.0286 4036 Mcx2Svc - ok

23:30:26.0317 4036 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys

23:30:26.0348 4036 megasas - ok

23:30:26.0364 4036 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys

23:30:26.0395 4036 MegaSR - ok

23:30:26.0442 4036 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

23:30:26.0488 4036 MMCSS - ok

23:30:26.0520 4036 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

23:30:26.0566 4036 Modem - ok

23:30:26.0613 4036 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

23:30:26.0644 4036 monitor - ok

23:30:26.0676 4036 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

23:30:26.0707 4036 mouclass - ok

23:30:26.0738 4036 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

23:30:26.0800 4036 mouhid - ok

23:30:26.0847 4036 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

23:30:26.0863 4036 mountmgr - ok

23:30:26.0894 4036 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

23:30:26.0925 4036 mpio - ok

23:30:26.0941 4036 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

23:30:27.0003 4036 mpsdrv - ok

23:30:27.0315 4036 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

23:30:27.0424 4036 MpsSvc - ok

23:30:27.0456 4036 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

23:30:27.0502 4036 MRxDAV - ok

23:30:27.0565 4036 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

23:30:27.0658 4036 mrxsmb - ok

23:30:27.0705 4036 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

23:30:27.0752 4036 mrxsmb10 - ok

23:30:27.0783 4036 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

23:30:27.0799 4036 mrxsmb20 - ok

23:30:27.0830 4036 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

23:30:27.0861 4036 msahci - ok

23:30:27.0892 4036 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

23:30:27.0924 4036 msdsm - ok

23:30:27.0986 4036 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

23:30:28.0033 4036 MSDTC - ok

23:30:28.0064 4036 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

23:30:28.0095 4036 Msfs - ok

23:30:28.0126 4036 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

23:30:28.0189 4036 mshidkmdf - ok

23:30:28.0220 4036 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

23:30:28.0236 4036 msisadrv - ok

23:30:28.0267 4036 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

23:30:28.0329 4036 MSiSCSI - ok

23:30:28.0345 4036 msiserver - ok

23:30:28.0376 4036 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

23:30:28.0438 4036 MSKSSRV - ok

23:30:28.0470 4036 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

23:30:28.0532 4036 MSPCLOCK - ok

23:30:28.0563 4036 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

23:30:28.0610 4036 MSPQM - ok

23:30:28.0641 4036 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

23:30:28.0672 4036 MsRPC - ok

23:30:28.0704 4036 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

23:30:28.0704 4036 mssmbios - ok

23:30:28.0735 4036 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

23:30:28.0782 4036 MSTEE - ok

23:30:28.0828 4036 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys

23:30:28.0875 4036 MTConfig - ok

23:30:28.0906 4036 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

23:30:28.0938 4036 Mup - ok

23:30:28.0969 4036 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

23:30:29.0047 4036 napagent - ok

23:30:29.0078 4036 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

23:30:29.0140 4036 NativeWifiP - ok

23:30:29.0203 4036 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

23:30:29.0234 4036 NDIS - ok

23:30:29.0281 4036 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

23:30:29.0328 4036 NdisCap - ok

23:30:29.0359 4036 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

23:30:29.0406 4036 NdisTapi - ok

23:30:29.0437 4036 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

23:30:29.0468 4036 Ndisuio - ok

23:30:29.0499 4036 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

23:30:29.0562 4036 NdisWan - ok

23:30:29.0577 4036 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

23:30:29.0624 4036 NDProxy - ok

23:30:29.0655 4036 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

23:30:29.0702 4036 NetBIOS - ok

23:30:29.0733 4036 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

23:30:29.0796 4036 NetBT - ok

23:30:29.0827 4036 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

23:30:29.0842 4036 Netlogon - ok

23:30:29.0889 4036 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

23:30:29.0952 4036 Netman - ok

23:30:30.0045 4036 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

23:30:30.0108 4036 NetMsmqActivator - ok

23:30:30.0108 4036 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

23:30:30.0123 4036 NetPipeActivator - ok

23:30:30.0154 4036 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

23:30:30.0232 4036 netprofm - ok

23:30:30.0232 4036 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

23:30:30.0248 4036 NetTcpActivator - ok

23:30:30.0248 4036 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

23:30:30.0264 4036 NetTcpPortSharing - ok

23:30:30.0326 4036 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys

23:30:30.0357 4036 nfrd960 - ok

23:30:30.0388 4036 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

23:30:30.0451 4036 NlaSvc - ok

23:30:30.0576 4036 NOBU (5839a8027d6d324a7cd494051a96628c) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe

23:30:30.0622 4036 NOBU - ok

23:30:30.0654 4036 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

23:30:30.0700 4036 Npfs - ok

23:30:30.0732 4036 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

23:30:30.0778 4036 nsi - ok

23:30:30.0810 4036 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

23:30:30.0872 4036 nsiproxy - ok

23:30:30.0919 4036 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

23:30:30.0981 4036 Ntfs - ok

23:30:30.0997 4036 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

23:30:31.0044 4036 Null - ok

23:30:31.0075 4036 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

23:30:31.0106 4036 nvraid - ok

23:30:31.0137 4036 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

23:30:31.0184 4036 nvstor - ok

23:30:31.0215 4036 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

23:30:31.0246 4036 nv_agp - ok

23:30:31.0278 4036 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

23:30:31.0324 4036 ohci1394 - ok

23:30:31.0356 4036 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

23:30:31.0387 4036 ose - ok

23:30:31.0496 4036 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

23:30:31.0621 4036 osppsvc - ok

23:30:31.0683 4036 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

23:30:31.0761 4036 p2pimsvc - ok

23:30:31.0777 4036 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

23:30:31.0824 4036 p2psvc - ok

23:30:31.0870 4036 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys

23:30:31.0886 4036 Parport - ok

23:30:31.0933 4036 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

23:30:31.0964 4036 partmgr - ok

23:30:31.0995 4036 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

23:30:32.0011 4036 PcaSvc - ok

23:30:32.0058 4036 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

23:30:32.0073 4036 pci - ok

23:30:32.0089 4036 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

23:30:32.0120 4036 pciide - ok

23:30:32.0151 4036 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys

23:30:32.0182 4036 pcmcia - ok

23:30:32.0214 4036 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

23:30:32.0229 4036 pcw - ok

23:30:32.0276 4036 pdfcDispatcher - ok

23:30:32.0307 4036 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

23:30:32.0432 4036 PEAUTH - ok

23:30:32.0479 4036 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

23:30:32.0526 4036 PerfHost - ok

23:30:32.0650 4036 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

23:30:32.0760 4036 pla - ok

23:30:32.0806 4036 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

23:30:32.0869 4036 PlugPlay - ok

23:30:32.0900 4036 PnkBstrA - ok

23:30:32.0931 4036 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

23:30:32.0962 4036 PNRPAutoReg - ok

23:30:32.0994 4036 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

23:30:33.0009 4036 PNRPsvc - ok

23:30:33.0103 4036 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

23:30:33.0165 4036 PolicyAgent - ok

23:30:33.0196 4036 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

23:30:33.0259 4036 Power - ok

23:30:33.0306 4036 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

23:30:33.0352 4036 PptpMiniport - ok

23:30:33.0384 4036 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys

23:30:33.0415 4036 Processor - ok

23:30:33.0446 4036 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll

23:30:33.0524 4036 ProfSvc - ok

23:30:33.0555 4036 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

23:30:33.0571 4036 ProtectedStorage - ok

23:30:33.0586 4036 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

23:30:33.0649 4036 Psched - ok

23:30:33.0711 4036 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys

23:30:33.0774 4036 ql2300 - ok

23:30:33.0820 4036 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys

23:30:33.0852 4036 ql40xx - ok

23:30:33.0883 4036 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

23:30:33.0914 4036 QWAVE - ok

23:30:33.0945 4036 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

23:30:34.0039 4036 QWAVEdrv - ok

23:30:34.0086 4036 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

23:30:34.0148 4036 RasAcd - ok

23:30:34.0179 4036 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

23:30:34.0242 4036 RasAgileVpn - ok

23:30:34.0257 4036 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

23:30:34.0320 4036 RasAuto - ok

23:30:34.0351 4036 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

23:30:34.0413 4036 Rasl2tp - ok

23:30:34.0444 4036 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

23:30:34.0476 4036 RasMan - ok

23:30:34.0507 4036 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

23:30:34.0632 4036 RasPppoe - ok

23:30:34.0663 4036 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

23:30:34.0710 4036 RasSstp - ok

23:30:34.0741 4036 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

23:30:34.0788 4036 rdbss - ok

23:30:34.0834 4036 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys

23:30:34.0850 4036 rdpbus - ok

23:30:34.0866 4036 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

23:30:34.0912 4036 RDPCDD - ok

23:30:34.0944 4036 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

23:30:34.0990 4036 RDPENCDD - ok

23:30:35.0022 4036 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

23:30:35.0068 4036 RDPREFMP - ok

23:30:35.0115 4036 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys

23:30:35.0193 4036 RDPWD - ok

23:30:35.0224 4036 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

23:30:35.0271 4036 rdyboost - ok

23:30:35.0318 4036 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

23:30:35.0365 4036 RemoteAccess - ok

23:30:35.0412 4036 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

23:30:35.0458 4036 RemoteRegistry - ok

23:30:35.0552 4036 RoxioNow Service (085d18c71ab2611a3d61528132b6501e) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe

23:30:35.0583 4036 RoxioNow Service - ok

23:30:35.0614 4036 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

23:30:35.0677 4036 RpcEptMapper - ok

23:30:35.0708 4036 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

23:30:35.0755 4036 RpcLocator - ok

23:30:35.0786 4036 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

23:30:35.0833 4036 RpcSs - ok

23:30:35.0848 4036 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

23:30:35.0895 4036 rspndr - ok

23:30:35.0942 4036 RTL8167 (afc12dfa4c7b089673ad67402ca19edb) C:\Windows\system32\DRIVERS\Rt64win7.sys

23:30:35.0989 4036 RTL8167 - ok

23:30:36.0020 4036 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

23:30:36.0051 4036 SamSs - ok

23:30:36.0129 4036 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS

23:30:36.0192 4036 SASDIFSV - ok

23:30:36.0207 4036 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS

23:30:36.0223 4036 SASKUTIL - ok

23:30:36.0363 4036 SBAMSvc (2977a3760a2780b467e92ffa6c92d426) C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe

23:30:36.0441 4036 SBAMSvc - ok

23:30:36.0519 4036 sbapifs (6e342316e72f4b6fa39c99e06373a1a3) C:\Windows\system32\DRIVERS\sbapifs.sys

23:30:36.0535 4036 sbapifs - ok

23:30:36.0582 4036 SbFw (f91668e1406546c9b4e15663b2d5bd06) C:\Windows\system32\drivers\SbFw.sys

23:30:36.0628 4036 SbFw - ok

23:30:36.0660 4036 SBFWIMCL (513b3bfcd3c465b9820c2d05fa94e630) C:\Windows\system32\DRIVERS\sbfwim.sys

23:30:36.0691 4036 SBFWIMCL - ok

23:30:36.0706 4036 SBFWIMCLMP (513b3bfcd3c465b9820c2d05fa94e630) C:\Windows\system32\DRIVERS\SBFWIM.sys

23:30:36.0722 4036 SBFWIMCLMP - ok

23:30:36.0738 4036 SbHips (f04cb6f08c33bd8383d3e022ac86bed8) C:\Windows\system32\drivers\sbhips.sys

23:30:36.0784 4036 SbHips - ok

23:30:36.0800 4036 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

23:30:36.0847 4036 sbp2port - ok

23:30:36.0862 4036 SBPIMSvc (7d7652fb094a4632b0314641de976855) C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe

23:30:36.0862 4036 SBPIMSvc - ok

23:30:36.0909 4036 SBRE (9aceb2a2362fc87a3825963e61ba9076) C:\Windows\system32\drivers\SBREdrv.sys

23:30:36.0925 4036 SBRE - ok

23:30:36.0956 4036 sbwtis (8c9fab91a8fa3f6404107237a9febb2c) C:\Windows\system32\DRIVERS\sbwtis.sys

23:30:36.0987 4036 sbwtis - ok

23:30:37.0018 4036 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

23:30:37.0081 4036 SCardSvr - ok

23:30:37.0096 4036 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

23:30:37.0159 4036 scfilter - ok

23:30:37.0190 4036 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

23:30:37.0252 4036 Schedule - ok

23:30:37.0299 4036 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

23:30:37.0330 4036 SCPolicySvc - ok

23:30:37.0346 4036 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

23:30:37.0408 4036 SDRSVC - ok

23:30:37.0502 4036 SeaPort (331e7bde228914574fc9ae6cd520dafa) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

23:30:37.0549 4036 SeaPort - ok

23:30:37.0564 4036 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

23:30:37.0627 4036 secdrv - ok

23:30:37.0658 4036 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

23:30:37.0705 4036 seclogon - ok

23:30:37.0736 4036 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll

23:30:37.0783 4036 SENS - ok

23:30:37.0798 4036 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

23:30:37.0861 4036 SensrSvc - ok

23:30:37.0892 4036 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys

23:30:37.0939 4036 Serenum - ok

23:30:37.0970 4036 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys

23:30:38.0001 4036 Serial - ok

23:30:38.0032 4036 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys

23:30:38.0079 4036 sermouse - ok

23:30:38.0126 4036 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

23:30:38.0204 4036 SessionEnv - ok

23:30:38.0235 4036 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

23:30:38.0282 4036 sffdisk - ok

23:30:38.0298 4036 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

23:30:38.0344 4036 sffp_mmc - ok

23:30:38.0376 4036 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

23:30:38.0422 4036 sffp_sd - ok

23:30:38.0454 4036 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys

23:30:38.0500 4036 sfloppy - ok

23:30:38.0547 4036 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys

23:30:38.0641 4036 Sftfs - ok

23:30:38.0734 4036 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

23:30:38.0750 4036 sftlist - ok

23:30:38.0812 4036 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys

23:30:38.0859 4036 Sftplay - ok

23:30:38.0890 4036 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys

23:30:38.0906 4036 Sftredir - ok

23:30:38.0937 4036 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys

23:30:38.0968 4036 Sftvol - ok

23:30:38.0984 4036 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

23:30:39.0000 4036 sftvsa - ok

23:30:39.0046 4036 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

23:30:39.0124 4036 SharedAccess - ok

23:30:39.0202 4036 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

23:30:39.0265 4036 ShellHWDetection - ok

23:30:39.0312 4036 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys

23:30:39.0343 4036 SiSRaid2 - ok

23:30:39.0390 4036 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys

23:30:39.0436 4036 SiSRaid4 - ok

23:30:39.0483 4036 SkypeUpdate (db0405d9aad62f0762e0876ac142b7e1) C:\Program Files (x86)\Skype\Updater\Updater.exe

23:30:39.0499 4036 SkypeUpdate - ok

23:30:39.0608 4036 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

23:30:39.0686 4036 Smb - ok

23:30:39.0780 4036 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

23:30:39.0826 4036 SNMPTRAP - ok

23:30:39.0858 4036 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

23:30:39.0889 4036 spldr - ok

23:30:39.0951 4036 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

23:30:39.0998 4036 Spooler - ok

23:30:40.0092 4036 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

23:30:40.0170 4036 sppsvc - ok

23:30:40.0201 4036 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

23:30:40.0248 4036 sppuinotify - ok

23:30:40.0326 4036 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

23:30:40.0404 4036 srv - ok

23:30:40.0435 4036 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

23:30:40.0497 4036 srv2 - ok

23:30:40.0528 4036 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

23:30:40.0575 4036 srvnet - ok

23:30:40.0622 4036 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

23:30:40.0684 4036 SSDPSRV - ok

23:30:40.0700 4036 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

23:30:40.0747 4036 SstpSvc - ok

23:30:40.0778 4036 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys

23:30:40.0809 4036 stexstor - ok

23:30:40.0856 4036 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

23:30:40.0872 4036 stisvc - ok

23:30:40.0903 4036 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

23:30:40.0950 4036 swenum - ok

23:30:40.0996 4036 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

23:30:41.0059 4036 swprv - ok

23:30:41.0168 4036 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

23:30:41.0277 4036 SysMain - ok

23:30:41.0308 4036 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

23:30:41.0324 4036 TabletInputService - ok

23:30:41.0355 4036 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

23:30:41.0402 4036 TapiSrv - ok

23:30:41.0433 4036 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

23:30:41.0480 4036 TBS - ok

23:30:41.0527 4036 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

23:30:41.0589 4036 Tcpip - ok

23:30:41.0652 4036 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

23:30:41.0683 4036 TCPIP6 - ok

23:30:41.0714 4036 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

23:30:41.0776 4036 tcpipreg - ok

23:30:41.0823 4036 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

23:30:41.0854 4036 TDPIPE - ok

23:30:41.0870 4036 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

23:30:41.0964 4036 TDTCP - ok

23:30:42.0120 4036 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

23:30:42.0244 4036 tdx - ok

23:30:42.0322 4036 TeamViewer6 (1c46c27e9f1938b9589859c70450d275) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe

23:30:42.0432 4036 TeamViewer6 - ok

23:30:42.0525 4036 TeamViewer7 (3e85bdd019e3db66d9471dad7fd6a887) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

23:30:42.0572 4036 TeamViewer7 - ok

23:30:42.0634 4036 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

23:30:42.0666 4036 TermDD - ok

23:30:42.0697 4036 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

23:30:42.0775 4036 TermService - ok

23:30:42.0790 4036 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

23:30:42.0837 4036 Themes - ok

23:30:42.0884 4036 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

23:30:42.0915 4036 THREADORDER - ok

23:30:42.0946 4036 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

23:30:42.0978 4036 TrkWks - ok

23:30:43.0024 4036 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

23:30:43.0071 4036 TrustedInstaller - ok

23:30:43.0102 4036 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

23:30:43.0165 4036 tssecsrv - ok

23:30:43.0196 4036 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

23:30:43.0227 4036 TsUsbFlt - ok

23:30:43.0258 4036 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys

23:30:43.0290 4036 TsUsbGD - ok

23:30:43.0352 4036 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

23:30:43.0414 4036 tunnel - ok

23:30:43.0461 4036 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys

23:30:43.0492 4036 uagp35 - ok

23:30:43.0524 4036 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

23:30:43.0586 4036 udfs - ok

23:30:43.0633 4036 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

23:30:43.0664 4036 UI0Detect - ok

23:30:43.0711 4036 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

23:30:43.0726 4036 uliagpkx - ok

23:30:43.0758 4036 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

23:30:43.0789 4036 umbus - ok

23:30:43.0820 4036 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys

23:30:43.0882 4036 UmPass - ok

23:30:43.0929 4036 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

23:30:44.0007 4036 upnphost - ok

23:30:44.0054 4036 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys

23:30:44.0257 4036 USBAAPL64 - ok

23:30:44.0304 4036 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

23:30:44.0350 4036 usbccgp - ok

23:30:44.0366 4036 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

23:30:44.0413 4036 usbcir - ok

23:30:44.0428 4036 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

23:30:44.0475 4036 usbehci - ok

23:30:44.0506 4036 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\drivers\usbfilter.sys

23:30:44.0553 4036 usbfilter - ok

23:30:44.0616 4036 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

23:30:44.0678 4036 usbhub - ok

23:30:44.0694 4036 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys

23:30:44.0740 4036 usbohci - ok

23:30:44.0772 4036 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys

23:30:44.0818 4036 usbprint - ok

23:30:44.0834 4036 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

23:30:44.0865 4036 USBSTOR - ok

23:30:44.0896 4036 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

23:30:44.0928 4036 usbuhci - ok

23:30:44.0943 4036 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

23:30:44.0990 4036 UxSms - ok

23:30:45.0021 4036 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

23:30:45.0037 4036 VaultSvc - ok

23:30:45.0068 4036 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

23:30:45.0099 4036 vdrvroot - ok

23:30:45.0130 4036 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

23:30:45.0208 4036 vds - ok

23:30:45.0240 4036 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

23:30:45.0286 4036 vga - ok

23:30:45.0302 4036 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

23:30:45.0364 4036 VgaSave - ok

23:30:45.0396 4036 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

23:30:45.0427 4036 vhdmp - ok

23:30:45.0458 4036 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

23:30:45.0489 4036 viaide - ok

23:30:45.0505 4036 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

23:30:45.0536 4036 volmgr - ok

23:30:45.0552 4036 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

23:30:45.0583 4036 volmgrx - ok

23:30:45.0614 4036 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

23:30:45.0630 4036 volsnap - ok

23:30:45.0676 4036 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys

23:30:45.0708 4036 vsmraid - ok

23:30:45.0770 4036 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

23:30:45.0848 4036 VSS - ok

23:30:45.0879 4036 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

23:30:45.0957 4036 vwifibus - ok

23:30:46.0004 4036 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

23:30:46.0051 4036 W32Time - ok

23:30:46.0082 4036 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys

23:30:46.0113 4036 WacomPen - ok

23:30:46.0160 4036 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

23:30:46.0207 4036 WANARP - ok

23:30:46.0222 4036 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

23:30:46.0238 4036 Wanarpv6 - ok

23:30:46.0332 4036 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

23:30:46.0394 4036 WatAdminSvc - ok

23:30:46.0441 4036 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

23:30:46.0550 4036 wbengine - ok

23:30:46.0597 4036 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

23:30:46.0628 4036 WbioSrvc - ok

23:30:46.0659 4036 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

23:30:46.0737 4036 wcncsvc - ok

23:30:46.0784 4036 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

23:30:46.0846 4036 WcsPlugInService - ok

23:30:46.0893 4036 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys

23:30:46.0924 4036 Wd - ok

23:30:46.0956 4036 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

23:30:47.0002 4036 Wdf01000 - ok

23:30:47.0034 4036 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

23:30:47.0112 4036 WdiServiceHost - ok

23:30:47.0127 4036 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

23:30:47.0143 4036 WdiSystemHost - ok

23:30:47.0205 4036 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

23:30:47.0252 4036 WebClient - ok

23:30:47.0283 4036 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

23:30:47.0330 4036 Wecsvc - ok

23:30:47.0361 4036 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

23:30:47.0392 4036 wercplsupport - ok

23:30:47.0424 4036 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

23:30:47.0470 4036 WerSvc - ok

23:30:47.0502 4036 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

23:30:47.0564 4036 WfpLwf - ok

23:30:47.0580 4036 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

23:30:47.0611 4036 WIMMount - ok

23:30:47.0642 4036 WinDefend - ok

23:30:47.0642 4036 WinHttpAutoProxySvc - ok

23:30:47.0689 4036 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

23:30:47.0751 4036 Winmgmt - ok

23:30:47.0814 4036 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

23:30:47.0907 4036 WinRM - ok

23:30:47.0985 4036 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

23:30:48.0016 4036 WinUsb - ok

23:30:48.0048 4036 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

23:30:48.0126 4036 Wlansvc - ok

23:30:48.0157 4036 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

23:30:48.0188 4036 WmiAcpi - ok

23:30:48.0250 4036 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

23:30:48.0282 4036 wmiApSrv - ok

23:30:48.0297 4036 WMPNetworkSvc - ok

23:30:48.0313 4036 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

23:30:48.0391 4036 WPCSvc - ok

23:30:48.0422 4036 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

23:30:48.0453 4036 WPDBusEnum - ok

23:30:48.0484 4036 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

23:30:48.0531 4036 ws2ifsl - ok

23:30:48.0562 4036 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll

23:30:48.0578 4036 wscsvc - ok

23:30:48.0594 4036 WSearch - ok

23:30:48.0672 4036 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll

23:30:48.0750 4036 wuauserv - ok

23:30:48.0781 4036 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

23:30:48.0843 4036 WudfPf - ok

23:30:48.0906 4036 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

23:30:48.0952 4036 WUDFRd - ok

23:30:48.0984 4036 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

23:30:49.0046 4036 wudfsvc - ok

23:30:49.0077 4036 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

23:30:49.0124 4036 WwanSvc - ok

23:30:49.0155 4036 MBR (0x1B8) (889e8dd494a5f999e8e3ee601aacaa72) \Device\Harddisk0\DR0

23:30:49.0436 4036 \Device\Harddisk0\DR0 - ok

23:30:49.0452 4036 Boot (0x1200) (1fcbdead090664a573c69c2f50c7f57c) \Device\Harddisk0\DR0\Partition0

23:30:49.0452 4036 \Device\Harddisk0\DR0\Partition0 - ok

23:30:49.0483 4036 Boot (0x1200) (8651c3d003d4a8bd696b0c66cd698c49) \Device\Harddisk0\DR0\Partition1

23:30:49.0483 4036 \Device\Harddisk0\DR0\Partition1 - ok

23:30:49.0514 4036 Boot (0x1200) (d2cd8f9c45d662548969d3544c681f16) \Device\Harddisk0\DR0\Partition2

23:30:49.0514 4036 \Device\Harddisk0\DR0\Partition2 - ok

23:30:49.0530 4036 ============================================================

23:30:49.0530 4036 Scan finished

23:30:49.0530 4036 ============================================================

23:30:49.0545 5068 Detected object count: 0

23:30:49.0545 5068 Actual detected object count: 0

23:31:06.0082 3368 Deinitialize success

Share this post


Link to post
Share on other sites

Thank you for the additional information!

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

  • Download the latest version of Java Runtime Environment (JRE) Version 7u3.
  • Look for "JDK 7u3 (JDK or JRE).
  • Click the "Download JRE" button at the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
    • Select "Windows x86 Offline" and click on jre-7-windows-i586.exe

    [*]Save it to your desktop

    [*]Close any programs you may have running - especially your web browser.

    [*]Uninstall all older versions of Java (any item with Java Runtime Environment, JRE or J2SE in the name).

    [*]Reboot your computer once all Java components are removed.

    [*]Install the newest version by double clicking (run as Administrator for Windows Vista/Seven) the downloaded file.

Clear the Java cache:

  1. Go to Start -> Control Panel.
  2. In the Control Panel, double-click the Java icon.
    • The Java Control Panel appears.

[*] Click Settings... under "Temporary Internet Files".

  • The Temporary Files Settings dialog box appears.

[*] Click Delete Files...

  • The Delete Temporary Files dialog box appears.

[*] Click OK on the Delete Temporary Files window.

NOTE: This deletes all the Downloaded Applications and Applets from the cache!

[*] Click OK on the Temporary Files Settings window.

[*] Close the Java Control Panel.

You can also view these instructions along with screenshots here.

After doing this reboot your computer and let me know if you still get the IP block.

Share this post


Link to post
Share on other sites

I'm glad to hear that! :)

Please launch MBAM, update it and run a full scan. Post me the resulting log.

ESET ONLINE SCANNER

----------------------------

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on this link to open ESET OnlineScan in a new window.
  2. Click the esetonlinebtn.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetsmartinstaller_enu.png
      icon on your desktop.

    3. Check "YES, I accept the Terms of Use."
    4. Click the Start button.
    5. Accept any security warnings from your browser.
    6. Under scan settings, check "Scan Archives" and "Remove found threats"
    7. Click Advanced settings and select the following:
      • Scan potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology

[*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

[*]When the scan completes, click List Threats

[*]Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

[*]Click the Back button.

[*]Click the Finish button.

Share this post


Link to post
Share on other sites

Here's the malwarebytes scan:

Malwarebytes Anti-Malware (PRO) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.04.17.06

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Emma :: EMMA-HP [administrator]

Protection: Enabled

17/4/2012 5:46:50 PM

mbam-log-2012-04-17 (17-46-50).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra |

Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 322592

Time elapsed: 1 hour(s), 15 minute(s),

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Share this post


Link to post
Share on other sites

Here's the eset scan:

C:\TDSSKiller_Quarantine\04.04.2012_09.05.43\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\04.04.2012_09.05.43\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AD trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\04.04.2012_09.05.43\mbr0000\tdlfs0000\tsk0002.dta Win32/Olmarik.AYH trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\04.04.2012_09.05.43\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AG trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\04.04.2012_09.05.43\mbr0000\tdlfs0000\tsk0005.dta Win64/Olmarik.AF trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\04.04.2012_09.05.43\mbr0000\tdlfs0000\tsk0009.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\04.04.2012_09.05.43\mbr0000\tdlfs0000\tsk0010.dta Win64/Olmarik.X trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\04.04.2012_09.07.41\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\04.04.2012_09.07.41\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AD trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\04.04.2012_09.07.41\mbr0000\tdlfs0000\tsk0002.dta Win32/Olmarik.AYH trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\04.04.2012_09.07.41\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AG trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\04.04.2012_09.07.41\mbr0000\tdlfs0000\tsk0005.dta Win64/Olmarik.AF trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\04.04.2012_09.07.41\mbr0000\tdlfs0000\tsk0009.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\04.04.2012_09.07.41\mbr0000\tdlfs0000\tsk0010.dta Win64/Olmarik.X trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\04.04.2012_09.07.41\tdlfs0000\tsk0000.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\04.04.2012_09.07.41\tdlfs0000\tsk0001.dta Win64/Olmarik.AD trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\04.04.2012_09.07.41\tdlfs0000\tsk0002.dta Win32/Olmarik.AYH trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\04.04.2012_09.07.41\tdlfs0000\tsk0003.dta Win64/Olmarik.AG trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\04.04.2012_09.07.41\tdlfs0000\tsk0005.dta Win64/Olmarik.AF trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\04.04.2012_09.07.41\tdlfs0000\tsk0009.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\04.04.2012_09.07.41\tdlfs0000\tsk0010.dta Win64/Olmarik.X trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\13.04.2012_17.33.14\tdlfs0000\tsk0000.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\13.04.2012_17.33.14\tdlfs0000\tsk0001.dta Win64/Olmarik.AD trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\13.04.2012_17.33.14\tdlfs0000\tsk0002.dta Win32/Olmarik.AYH trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\13.04.2012_17.33.14\tdlfs0000\tsk0003.dta Win64/Olmarik.AG trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\13.04.2012_17.33.14\tdlfs0000\tsk0005.dta Win64/Olmarik.AF trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\13.04.2012_17.33.14\tdlfs0000\tsk0009.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\13.04.2012_17.33.14\tdlfs0000\tsk0010.dta Win64/Olmarik.X trojan cleaned by deleting - quarantined

C:\Users\Emma\APB_Reloaded_Installer.exe Win32/OpenCandy application deleted - quarantined

Share this post


Link to post
Share on other sites

Everything looks good there, only quarantined objects found! :)

ALL CLEAN

--------------

Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :)

Please do the following to remove the remaining programs from your PC:

  • Delete the tools used during the disinfection:
    • Click start > run and type combofix /uninstall, press enter. This will remove Combofix from your computer.

Please read these advices, in order to prevent reinfecting your PC:

  1. Install and update the following programs regularly:
    • an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.

[*]Keep Windows (and your other Microsoft software) up to date!

I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

[*]Keep your other software up to date as well

Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.

[*]Stay up to date!

The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.

Some more links you might find of interest:

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

Share this post


Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.