Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Warrantied HP Pavillion still blue-screening after restore


  • This topic is locked This topic is locked
33 replies to this topic

#1 Kelies

Kelies

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:00 AM

Posted 05 April 2012 - 07:54 AM

Hello. Kelies here. I have 6 mo old HP Pavillion dv7 notebook running Windows 7. Notebook began blue-screening (memory crash dump) after about 6 weeks. Mailed it back and HP restored it. Just recently they walked me through a restore by phone. It became immediately infected worse than before. AVG shows 28 IRP hooks, advising me not to address; Malwarebytes show 2 Trojan.Agent that cannot be removed and Spybot showed smitfraud infection. I'm thinking of asking for a new machine but willing to try Bleeping before starting that war to save what's left of my sanity. I'd really appreciate any help and advice given and will now try following these directions I've printed. Thanks in advance, Kelies
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Linda at 8:30:35 on 2012-04-05
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.4105 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\SysWOW64\ezSharedSvcHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Windows\system32\DllHost.exe
-netsvcs
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_228_ActiveX.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://us.mg5.mail.yahoo.com/neo/launch
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do-Not-Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: TrueSuite Website Log On: {8590886e-ec8c-43c1-a32c-e4c2b0b6395b} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [<NO NAME>]
mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {DA58ACA7-18A6-403A-93DA-6E4172D43709} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxp://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{E9681CA1-6DA8-4A93-9E1F-8A8BEDF49DE9} : DhcpNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Do-Not-Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do-Not-Track - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
BHO-X64: TSBHO Class - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [(Default)]
mRun-x64: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
mRun-x64: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun-x64: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
SEH-X64: EasyBits ShellExecute Hook: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\avgidseha.sys --> C:\Windows\system32\DRIVERS\avgidseha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-8-6 89600]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-2-14 5104992]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe [2011-4-8 514232]
R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-2-18 265544]
R2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-2-17 682040]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-2-28 92216]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-8-6 13336]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-8-6 2656280]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 hpCMSrv;HP Connection Manager 4.0 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-2-15 1071160]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]
S2 CLKMSVC10_38F51D56;CyberLink Product - 2011/08/06 19:33:30;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-1-25 241648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-1 253600]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-1-5 340240]
S3 rcmirror;rcmirror;C:\Windows\system32\DRIVERS\rcmirror.sys --> C:\Windows\system32\DRIVERS\rcmirror.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-04-04 22:31:42 20480 ----a-w- C:\Windows\svchost.exe
2012-04-04 01:00:31 -------- d-----w- C:\Users\Linda\AppData\Local\Adobe
2012-04-03 12:42:30 -------- d-----w- C:\Users\Linda\AppData\Local\Google
2012-04-03 12:41:18 -------- d-----w- C:\ProgramData\AVAST Software
2012-04-03 12:41:18 -------- d-----w- C:\Program Files\AVAST Software
2012-04-03 00:51:07 -------- d-----w- C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
2012-04-02 23:01:10 -------- d-----w- C:\Users\Linda\AppData\Local\Mozilla
2012-04-02 22:21:44 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-04-02 22:21:44 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-04-02 21:12:49 -------- d--h--w- C:\$AVG
2012-04-02 16:13:40 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2012-04-02 16:13:40 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2012-04-02 16:12:50 1397248 ----a-w- C:\Windows\SysWow64\win_utilman.exe
2012-04-02 16:12:24 -------- d-----w- C:\Users\Linda\AppData\Roaming\_MDLogs
2012-04-02 00:46:24 -------- d-----w- C:\ProgramData\Panda Security
2012-04-02 00:46:24 -------- d-----w- C:\Program Files (x86)\Panda Security
2012-04-02 00:46:14 -------- d-----w- C:\temp
2012-04-01 19:42:31 -------- d-----w- C:\Users\Linda\AppData\Local\Audible
2012-04-01 19:37:36 -------- d-----w- C:\Program Files (x86)\Audible
2012-04-01 16:37:35 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-01 16:37:35 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-01 14:47:52 -------- d-----w- C:\Windows\SysWow64\Wat
2012-04-01 14:47:52 -------- d-----w- C:\Windows\System32\Wat
2012-04-01 13:59:53 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2012-04-01 13:58:49 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-01 13:58:47 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-04-01 13:58:47 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-01 13:19:12 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2012-04-01 07:45:59 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2012-04-01 07:44:54 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-04-01 07:44:54 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-04-01 07:44:46 77312 ----a-w- C:\Windows\System32\packager.dll
2012-04-01 07:44:46 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-03-31 18:12:34 -------- d-----w- C:\Users\Linda\AppData\Roaming\Malwarebytes
2012-03-31 18:12:26 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-31 18:12:26 -------- d-----w- C:\ProgramData\Malwarebytes
2012-03-31 18:12:25 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-31 18:07:08 -------- d-----w- C:\Users\Linda\AppData\Roaming\AVG2012
2012-03-31 18:05:25 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2012-03-31 18:05:06 -------- d-----w- C:\Windows\System32\drivers\AVG
2012-03-31 18:05:06 -------- d-----w- C:\ProgramData\AVG2012
2012-03-31 18:03:25 -------- d-----w- C:\Program Files (x86)\AVG
2012-03-31 18:01:22 -------- d-----w- C:\Users\Linda\AppData\Roaming\Tific
2012-03-31 17:59:51 -------- d-----w- C:\Users\Linda\AppData\Local\Symantec
2012-03-31 17:59:12 -------- d--h--w- C:\ProgramData\Common Files
2012-03-31 17:58:54 -------- d-----w- C:\ProgramData\MFAData
2012-03-31 16:25:00 -------- d-----w- C:\ProgramData\VirtualizedApplications
2012-03-31 14:22:05 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2012-03-31 12:55:54 -------- d-----w- C:\Users\Linda\AppData\Local\Apple Computer
2012-03-31 12:55:34 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-03-31 12:55:34 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
2012-03-31 12:55:34 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2012-03-31 12:55:16 -------- d-----w- C:\Program Files\iPod
2012-03-31 12:55:15 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-03-31 12:55:15 -------- d-----w- C:\Program Files\iTunes
2012-03-31 12:55:15 -------- d-----w- C:\Program Files (x86)\iTunes
2012-03-31 12:54:35 -------- d-----w- C:\Users\Linda\AppData\Local\Apple
2012-03-31 12:53:59 -------- d-----w- C:\Program Files\Bonjour
2012-03-31 12:53:59 -------- d-----w- C:\Program Files (x86)\Bonjour
2012-03-31 12:43:44 -------- d-----w- C:\Users\Linda\AppData\Roaming\SoftGrid Client
2012-03-31 12:43:44 -------- d-----w- C:\Users\Linda\AppData\Local\SoftGrid Client
2012-03-31 12:42:10 -------- d-----w- C:\Users\Linda\AppData\Roaming\TP
2012-03-31 12:32:30 -------- d-----w- C:\System Recovery Files
2012-03-31 12:26:21 -------- d-----w- C:\Users\Linda\AppData\Local\CrashDumps
2012-03-31 12:18:39 -------- d-----w- C:\Users\Linda\AppData\Roaming\Intel Corporation
2012-03-31 12:18:28 -------- d-----w- C:\Users\Linda\AppData\Roaming\hpqLog
2012-03-31 12:18:24 -------- d-----w- C:\Users\Linda\AppData\Roaming\Synaptics
2012-03-31 12:17:20 -------- d-----w- C:\Users\Linda\AppData\Local\RemEngine
2012-03-31 12:15:04 -------- d-----w- C:\Users\Linda\AppData\Local\Hewlett-Packard
2012-03-31 12:14:45 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-31 12:14:45 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-31 12:14:45 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-31 12:14:43 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-31 12:14:43 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-31 12:14:43 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-31 12:14:43 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-31 12:14:37 -------- d-----w- C:\Users\Linda\AppData\Local\Hewlett-Packard_Company
2012-03-31 12:12:02 -------- d-----w- C:\Users\Linda\AppData\Local\VirtualStore
.
==================== Find3M ====================
.
2012-03-31 14:22:31 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-02-22 09:25:50 382032 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2012-02-22 09:25:32 289872 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-01-31 08:46:48 36944 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
.
============= FINISH: 8:31:11.23 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,405 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:00 AM

Posted 05 April 2012 - 09:16 AM

Greetings Kelies and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you!


===================================================


Ground Rules:

  • First, I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me about it.
  • When you post your reply, do not use the Posted Image button but use the Posted Image button instead.
  • In the upper right hand corner of the topic you will see the Posted Image button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:

===================================================


Please allow me some time to review the information you have provided. I will post back as soon as possible.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Kelies

Kelies
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:00 AM

Posted 05 April 2012 - 10:40 AM

Oh My! Many thanks. I'll await and welcome your help.

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,405 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:00 AM

Posted 05 April 2012 - 06:36 PM

Greetings Kelies,

I have reviewed your information but it is necessary for a malware expert to approve my instructions before I can post them.

I will post as soon as I am able.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Kelies

Kelies
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:00 AM

Posted 05 April 2012 - 06:58 PM

Thanks, I understand. I'll be ready to go.

#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,405 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:00 AM

Posted 05 April 2012 - 07:18 PM

Greetings Kelies,


Sounds like you have had a frustrating time and it is understandable why. You still have viruses on your computer. One of the infections is what is known as a Backdoor Trojan. For that reason I must provide you with the Backdoor Warning information below.

If you choose to clean your computer I have provided some steps for you to take. One of the steps is to uninstall Spybot which not only can complicate our efforts but it is no longer a recommended program. The next step will take a look at some critical areas within your system and address some potential modifications to system files.

OK, hold on tight 'cause here we go! :)


===================================================


BACKDOOR WARNING!

--------------------

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.


===================================================


Spybot S&D No Longer Recommended

--------------------

MVPS.org is no longer recommending Spybot S&D due to poor testing results. (scroll down on the web site and read under Freeware Antispyware Products)

Further, most people don't understand Spybot's TeaTimer or how to use it and that feature can cause more problems than it's worth. TeaTimer monitors changes to certain critical keys in Windows registry but does not indicate if the change is normal or a modification made by a malware infection. The user must have an understanding of the registry and how TeaTimer works in order to make informed decisions to allow or deny the detected changes. Additionally, TeaTimer may conflict with other security tools which do a much better job of protecting your computer and even prevent disinfection of malware by those tools.

I strongly recommend uninstalling Spybot Search & Destroy. The presence of this program can make cleaning your computer more difficult.

Please go to Start > Control Panel > Add/Remove Programs (or Programs and Features) and delete the program.

Reboot your computer prior to the next step.


===================================================


Run TDSSKiller by Kaspersky on Vista/7

--------------------

  • Please download Kaspersky's TDSSKiller and save it to your Desktop. <-Important!!!
  • If you desire you may print out and follow the instructions for performing a scan.
  • Right-click on TDSSKiller.exe and select Run As Administrator.
  • When the program opens, click the Start Scan button.


    Posted Image

  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • Any objects found, will show in the Scan results - Select action for found objects and offer three options.
  • If an infected file is detected, the default action will be Cure...do not change it.


    Posted Image

  • Click Continue > Reboot now to finish the cleaning process.<- Important!!


    Posted Image

  • If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection. Leave it as such for now.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer or to perform the scan in "safe mode".

-- For any files detected as 'Suspicious' (except those identified as Forged to be cured after reboot) get a second opinion by submitting to Jotti's or VirusTotal. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis. Please submit these results with your next reply





===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • Were you able to uninstall Spybot?
  • TDSSKiller Log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Kelies

Kelies
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:00 AM

Posted 05 April 2012 - 08:00 PM

Hi. Thank you. Ran as instructed and here are results--one high risk threat found and i selected 'cure. I used Google and was not redirected, but will try again while waiting for your response.20:49:59.0560 1460 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02
20:49:59.0950 1460 ============================================================
20:49:59.0950 1460 Current date / time: 2012/04/05 20:49:59.0950
20:49:59.0950 1460 SystemInfo:
20:49:59.0950 1460
20:49:59.0950 1460 OS Version: 6.1.7601 ServicePack: 1.0
20:49:59.0950 1460 Product type: Workstation
20:49:59.0950 1460 ComputerName: LINDA-HP
20:49:59.0950 1460 UserName: Linda
20:49:59.0950 1460 Windows directory: C:\Windows
20:49:59.0950 1460 System windows directory: C:\Windows
20:49:59.0950 1460 Running under WOW64
20:49:59.0950 1460 Processor architecture: Intel x64
20:49:59.0950 1460 Number of processors: 8
20:49:59.0950 1460 Page size: 0x1000
20:49:59.0950 1460 Boot type: Normal boot
20:49:59.0950 1460 ============================================================
20:50:01.0666 1460 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:50:01.0682 1460 \Device\Harddisk0\DR0:
20:50:01.0682 1460 MBR used
20:50:01.0682 1460 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000
20:50:01.0682 1460 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x55871000
20:50:01.0682 1460 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x558D5800, BlocksNum 0x1C3C000
20:50:01.0682 1460 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xE, StartLBA 0x57511800, BlocksNum 0x346F0
20:50:01.0775 1460 Initialize success
20:50:01.0775 1460 ============================================================
20:50:09.0963 4984 ============================================================
20:50:09.0963 4984 Scan started
20:50:09.0963 4984 Mode: Manual;
20:50:09.0963 4984 ============================================================
20:50:11.0788 4984 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
20:50:11.0788 4984 1394ohci - ok
20:50:12.0038 4984 Accelerometer (7a330a42870eb1fa81f88be514d2d566) C:\Windows\system32\DRIVERS\Accelerometer.sys
20:50:12.0038 4984 Accelerometer - ok
20:50:12.0163 4984 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
20:50:12.0178 4984 ACPI - ok
20:50:12.0303 4984 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
20:50:12.0303 4984 AcpiPmi - ok
20:50:12.0475 4984 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:50:12.0490 4984 AdobeFlashPlayerUpdateSvc - ok
20:50:12.0662 4984 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
20:50:12.0677 4984 adp94xx - ok
20:50:12.0802 4984 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
20:50:12.0818 4984 adpahci - ok
20:50:12.0943 4984 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
20:50:12.0943 4984 adpu320 - ok
20:50:13.0099 4984 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
20:50:13.0099 4984 AeLookupSvc - ok
20:50:13.0177 4984 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
20:50:13.0177 4984 AESTFilters - ok
20:50:13.0317 4984 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
20:50:13.0317 4984 AFD - ok
20:50:13.0442 4984 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
20:50:13.0442 4984 agp440 - ok
20:50:13.0582 4984 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
20:50:13.0582 4984 ALG - ok
20:50:13.0707 4984 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
20:50:13.0707 4984 aliide - ok
20:50:13.0816 4984 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
20:50:13.0832 4984 amdide - ok
20:50:13.0957 4984 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
20:50:13.0957 4984 AmdK8 - ok
20:50:14.0113 4984 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
20:50:14.0113 4984 AmdPPM - ok
20:50:14.0222 4984 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
20:50:14.0222 4984 amdsata - ok
20:50:14.0331 4984 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
20:50:14.0347 4984 amdsbs - ok
20:50:14.0456 4984 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
20:50:14.0456 4984 amdxata - ok
20:50:14.0581 4984 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
20:50:14.0581 4984 AppID - ok
20:50:14.0690 4984 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
20:50:14.0690 4984 AppIDSvc - ok
20:50:14.0830 4984 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
20:50:14.0830 4984 Appinfo - ok
20:50:14.0893 4984 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:50:14.0893 4984 Apple Mobile Device - ok
20:50:15.0033 4984 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
20:50:15.0049 4984 arc - ok
20:50:15.0189 4984 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
20:50:15.0205 4984 arcsas - ok
20:50:15.0314 4984 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:50:15.0314 4984 AsyncMac - ok
20:50:15.0439 4984 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
20:50:15.0439 4984 atapi - ok
20:50:15.0579 4984 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:50:15.0595 4984 AudioEndpointBuilder - ok
20:50:15.0595 4984 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:50:15.0610 4984 AudioSrv - ok
20:50:15.0797 4984 AVGIDSAgent (f5689fba4360be50839999882e0a9d99) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
20:50:15.0813 4984 AVGIDSAgent - ok
20:50:15.0938 4984 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys
20:50:15.0938 4984 AVGIDSDriver - ok
20:50:16.0125 4984 AVGIDSEH (9650578c511527e218328df6d311b4fa) C:\Windows\system32\DRIVERS\avgidseha.sys
20:50:16.0125 4984 AVGIDSEH - ok
20:50:16.0281 4984 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys
20:50:16.0281 4984 AVGIDSFilter - ok
20:50:16.0499 4984 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
20:50:16.0515 4984 Avgldx64 - ok
20:50:16.0640 4984 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
20:50:16.0640 4984 Avgmfx64 - ok
20:50:16.0796 4984 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
20:50:16.0796 4984 Avgrkx64 - ok
20:50:16.0983 4984 Avgtdia (e601444168adfb78afa22a1e270d9253) C:\Windows\system32\DRIVERS\avgtdia.sys
20:50:16.0983 4984 Avgtdia - ok
20:50:17.0077 4984 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
20:50:17.0092 4984 avgwd - ok
20:50:17.0201 4984 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
20:50:17.0201 4984 AxInstSV - ok
20:50:17.0342 4984 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
20:50:17.0357 4984 b06bdrv - ok
20:50:17.0482 4984 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:50:17.0498 4984 b57nd60a - ok
20:50:17.0663 4984 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
20:50:17.0693 4984 BCM43XX - ok
20:50:17.0823 4984 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
20:50:17.0823 4984 BDESVC - ok
20:50:17.0933 4984 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:50:17.0943 4984 Beep - ok
20:50:18.0103 4984 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
20:50:18.0123 4984 BFE - ok
20:50:18.0243 4984 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
20:50:18.0263 4984 BITS - ok
20:50:18.0373 4984 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
20:50:18.0373 4984 blbdrive - ok
20:50:18.0453 4984 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
20:50:18.0463 4984 Bonjour Service - ok
20:50:18.0583 4984 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
20:50:18.0583 4984 bowser - ok
20:50:18.0713 4984 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
20:50:18.0713 4984 BrFiltLo - ok
20:50:18.0823 4984 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
20:50:18.0823 4984 BrFiltUp - ok
20:50:18.0943 4984 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
20:50:18.0953 4984 Browser - ok
20:50:19.0113 4984 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:50:19.0123 4984 Brserid - ok
20:50:19.0243 4984 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:50:19.0243 4984 BrSerWdm - ok
20:50:19.0363 4984 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:50:19.0363 4984 BrUsbMdm - ok
20:50:19.0493 4984 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:50:19.0503 4984 BrUsbSer - ok
20:50:19.0623 4984 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
20:50:19.0623 4984 BTHMODEM - ok
20:50:19.0735 4984 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
20:50:19.0751 4984 bthserv - ok
20:50:19.0860 4984 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:50:19.0860 4984 cdfs - ok
20:50:19.0985 4984 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
20:50:19.0985 4984 cdrom - ok
20:50:20.0141 4984 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:50:20.0141 4984 CertPropSvc - ok
20:50:20.0250 4984 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
20:50:20.0265 4984 circlass - ok
20:50:20.0390 4984 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:50:20.0406 4984 CLFS - ok
20:50:20.0499 4984 CLKMSVC10_38F51D56 (524dc3807cb1746225f9d26add19c319) C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
20:50:20.0499 4984 CLKMSVC10_38F51D56 - ok
20:50:20.0609 4984 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:50:20.0609 4984 clr_optimization_v2.0.50727_32 - ok
20:50:20.0733 4984 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:50:20.0733 4984 clr_optimization_v2.0.50727_64 - ok
20:50:20.0858 4984 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:50:20.0858 4984 clr_optimization_v4.0.30319_32 - ok
20:50:20.0999 4984 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:50:20.0999 4984 clr_optimization_v4.0.30319_64 - ok
20:50:21.0217 4984 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys
20:50:21.0217 4984 clwvd - ok
20:50:21.0326 4984 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
20:50:21.0326 4984 CmBatt - ok
20:50:21.0435 4984 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
20:50:21.0435 4984 cmdide - ok
20:50:21.0560 4984 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
20:50:21.0576 4984 CNG - ok
20:50:21.0701 4984 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
20:50:21.0701 4984 Compbatt - ok
20:50:21.0825 4984 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
20:50:21.0825 4984 CompositeBus - ok
20:50:21.0919 4984 COMSysApp - ok
20:50:22.0059 4984 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
20:50:22.0059 4984 crcdisk - ok
20:50:22.0215 4984 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
20:50:22.0215 4984 CryptSvc - ok
20:50:22.0340 4984 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:50:22.0356 4984 DcomLaunch - ok
20:50:22.0481 4984 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
20:50:22.0496 4984 defragsvc - ok
20:50:22.0590 4984 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
20:50:22.0590 4984 DfsC - ok
20:50:22.0715 4984 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
20:50:22.0715 4984 Dhcp - ok
20:50:22.0855 4984 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:50:22.0855 4984 discache - ok
20:50:22.0980 4984 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
20:50:22.0980 4984 Disk - ok
20:50:23.0105 4984 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
20:50:23.0105 4984 Dnscache - ok
20:50:23.0245 4984 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
20:50:23.0261 4984 dot3svc - ok
20:50:23.0354 4984 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
20:50:23.0354 4984 DPS - ok
20:50:23.0479 4984 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:50:23.0479 4984 drmkaud - ok
20:50:23.0619 4984 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
20:50:23.0635 4984 DXGKrnl - ok
20:50:23.0744 4984 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
20:50:23.0744 4984 EapHost - ok
20:50:23.0931 4984 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
20:50:24.0025 4984 ebdrv - ok
20:50:24.0119 4984 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
20:50:24.0134 4984 EFS - ok
20:50:24.0275 4984 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
20:50:24.0290 4984 ehRecvr - ok
20:50:24.0399 4984 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
20:50:24.0399 4984 ehSched - ok
20:50:24.0524 4984 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
20:50:24.0540 4984 elxstor - ok
20:50:24.0665 4984 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
20:50:24.0665 4984 ErrDev - ok
20:50:24.0805 4984 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
20:50:24.0805 4984 EventSystem - ok
20:50:24.0930 4984 EvtEng (7ee9f35bc1dd0ce1a4976032f9ac5162) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
20:50:24.0961 4984 EvtEng - ok
20:50:25.0086 4984 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:50:25.0086 4984 exfat - ok
20:50:25.0211 4984 ezSharedSvc - ok
20:50:25.0320 4984 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:50:25.0320 4984 fastfat - ok
20:50:25.0445 4984 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
20:50:25.0460 4984 Fax - ok
20:50:25.0601 4984 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
20:50:25.0601 4984 fdc - ok
20:50:25.0710 4984 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
20:50:25.0710 4984 fdPHost - ok
20:50:25.0835 4984 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
20:50:25.0835 4984 FDResPub - ok
20:50:25.0944 4984 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:50:25.0944 4984 FileInfo - ok
20:50:26.0053 4984 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:50:26.0069 4984 Filetrace - ok
20:50:26.0209 4984 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
20:50:26.0209 4984 flpydisk - ok
20:50:26.0334 4984 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
20:50:26.0334 4984 FltMgr - ok
20:50:26.0490 4984 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
20:50:26.0505 4984 FontCache - ok
20:50:26.0615 4984 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:50:26.0615 4984 FontCache3.0.0.0 - ok
20:50:26.0708 4984 FPLService (2074a85a6b8f84a5a9c60b915b465faf) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
20:50:26.0708 4984 FPLService - ok
20:50:26.0817 4984 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:50:26.0817 4984 FsDepends - ok
20:50:26.0927 4984 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
20:50:26.0927 4984 Fs_Rec - ok
20:50:27.0051 4984 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:50:27.0067 4984 fvevol - ok
20:50:27.0223 4984 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
20:50:27.0223 4984 gagp30kx - ok
20:50:27.0301 4984 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
20:50:27.0301 4984 GamesAppService - ok
20:50:27.0426 4984 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:50:27.0426 4984 GEARAspiWDM - ok
20:50:27.0582 4984 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
20:50:27.0597 4984 gpsvc - ok
20:50:27.0707 4984 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:50:27.0707 4984 hcw85cir - ok
20:50:27.0847 4984 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
20:50:27.0863 4984 HdAudAddService - ok
20:50:27.0987 4984 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:50:27.0987 4984 HDAudBus - ok
20:50:28.0097 4984 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
20:50:28.0097 4984 HidBatt - ok
20:50:28.0206 4984 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
20:50:28.0206 4984 HidBth - ok
20:50:28.0346 4984 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
20:50:28.0346 4984 HidIr - ok
20:50:28.0440 4984 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
20:50:28.0440 4984 hidserv - ok
20:50:28.0580 4984 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
20:50:28.0580 4984 HidUsb - ok
20:50:28.0689 4984 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
20:50:28.0689 4984 hkmsvc - ok
20:50:28.0799 4984 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
20:50:28.0814 4984 HomeGroupListener - ok
20:50:28.0923 4984 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
20:50:28.0923 4984 HomeGroupProvider - ok
20:50:29.0017 4984 HP Health Check Service (45a12cacb97b4f15858fcfd59355a1e9) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
20:50:29.0017 4984 HP Health Check Service - ok
20:50:29.0142 4984 HPAuto (7b8c1b09c11e8db7c4480abd7d17e821) C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
20:50:29.0157 4984 HPAuto - ok
20:50:29.0235 4984 HPClientSvc (6a181452d4e240b8ecc7614b9a19bde9) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
20:50:29.0235 4984 HPClientSvc - ok
20:50:29.0345 4984 hpCMSrv (e040f0064d39f73bb4995d494f3dcbb8) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
20:50:29.0360 4984 hpCMSrv - ok
20:50:29.0438 4984 HPDrvMntSvc.exe (18062df0dceb4ed88e03a8b161935722) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
20:50:29.0438 4984 HPDrvMntSvc.exe - ok
20:50:29.0563 4984 hpdskflt (a4be23c451adeb252cd17a0532cae220) C:\Windows\system32\DRIVERS\hpdskflt.sys
20:50:29.0563 4984 hpdskflt - ok
20:50:29.0672 4984 hpqwmiex (7b1637e5e0476ce22e8d76ac1203205e) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
20:50:29.0688 4984 hpqwmiex - ok
20:50:29.0797 4984 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
20:50:29.0797 4984 HpSAMD - ok
20:50:29.0922 4984 hpsrv (a88a45e82bc54bffb49c63973010226a) C:\Windows\system32\Hpservice.exe
20:50:29.0922 4984 hpsrv - ok
20:50:30.0000 4984 HPWMISVC (f630dd7564ebb7248a13b1cc774d9ea6) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
20:50:30.0000 4984 HPWMISVC - ok
20:50:30.0140 4984 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
20:50:30.0140 4984 HTTP - ok
20:50:30.0296 4984 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
20:50:30.0296 4984 hwpolicy - ok
20:50:30.0452 4984 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
20:50:30.0452 4984 i8042prt - ok
20:50:30.0593 4984 iaStor (d469b77687e12fe43e344806740b624d) C:\Windows\system32\DRIVERS\iaStor.sys
20:50:30.0593 4984 iaStor - ok
20:50:30.0686 4984 IAStorDataMgrSvc (983fc69644ddf0486c8dfea262948d1a) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
20:50:30.0686 4984 IAStorDataMgrSvc - ok
20:50:30.0827 4984 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
20:50:30.0842 4984 iaStorV - ok
20:50:30.0967 4984 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:50:30.0967 4984 idsvc - ok
20:50:31.0544 4984 igfx (efe5a0af39a8e179624117c521f1e012) C:\Windows\system32\DRIVERS\igdkmd64.sys
20:50:31.0809 4984 igfx - ok
20:50:31.0934 4984 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
20:50:31.0934 4984 iirsp - ok
20:50:32.0075 4984 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
20:50:32.0090 4984 IKEEXT - ok
20:50:32.0215 4984 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
20:50:32.0231 4984 IntcDAud - ok
20:50:32.0371 4984 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
20:50:32.0371 4984 intelide - ok
20:50:32.0496 4984 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:50:32.0496 4984 intelppm - ok
20:50:32.0636 4984 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
20:50:32.0636 4984 IPBusEnum - ok
20:50:32.0761 4984 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:50:32.0761 4984 IpFilterDriver - ok
20:50:32.0901 4984 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
20:50:32.0917 4984 iphlpsvc - ok
20:50:33.0011 4984 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
20:50:33.0026 4984 IPMIDRV - ok
20:50:33.0151 4984 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:50:33.0151 4984 IPNAT - ok
20:50:33.0229 4984 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
20:50:33.0245 4984 iPod Service - ok
20:50:33.0401 4984 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:50:33.0416 4984 IRENUM - ok
20:50:33.0525 4984 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
20:50:33.0541 4984 isapnp - ok
20:50:33.0666 4984 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
20:50:33.0666 4984 iScsiPrt - ok
20:50:33.0791 4984 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
20:50:33.0791 4984 kbdclass - ok
20:50:33.0900 4984 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
20:50:33.0900 4984 kbdhid - ok
20:50:34.0025 4984 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:50:34.0025 4984 KeyIso - ok
20:50:34.0134 4984 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
20:50:34.0134 4984 KSecDD - ok
20:50:34.0259 4984 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
20:50:34.0259 4984 KSecPkg - ok
20:50:34.0383 4984 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:50:34.0383 4984 ksthunk - ok
20:50:34.0508 4984 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
20:50:34.0524 4984 KtmRm - ok
20:50:34.0649 4984 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
20:50:34.0664 4984 LanmanServer - ok
20:50:34.0789 4984 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
20:50:34.0789 4984 LanmanWorkstation - ok
20:50:34.0929 4984 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:50:34.0929 4984 lltdio - ok
20:50:35.0039 4984 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
20:50:35.0054 4984 lltdsvc - ok
20:50:35.0163 4984 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
20:50:35.0163 4984 lmhosts - ok
20:50:35.0257 4984 LMS (d7e0bed3ea21d7bddd410ade51708d90) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
20:50:35.0273 4984 LMS - ok
20:50:35.0444 4984 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
20:50:35.0444 4984 LSI_FC - ok
20:50:35.0569 4984 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
20:50:35.0569 4984 LSI_SAS - ok
20:50:35.0694 4984 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
20:50:35.0694 4984 LSI_SAS2 - ok
20:50:35.0803 4984 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
20:50:35.0803 4984 LSI_SCSI - ok
20:50:35.0928 4984 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:50:35.0928 4984 luafv - ok
20:50:36.0037 4984 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
20:50:36.0037 4984 Mcx2Svc - ok
20:50:36.0255 4984 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
20:50:36.0255 4984 megasas - ok
20:50:36.0411 4984 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
20:50:36.0443 4984 MegaSR - ok
20:50:36.0599 4984 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
20:50:36.0599 4984 MEIx64 - ok
20:50:36.0708 4984 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:50:36.0708 4984 MMCSS - ok
20:50:36.0833 4984 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:50:36.0833 4984 Modem - ok
20:50:36.0957 4984 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:50:36.0957 4984 monitor - ok
20:50:37.0129 4984 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
20:50:37.0129 4984 mouclass - ok
20:50:37.0254 4984 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\drivers\mouhid.sys
20:50:37.0269 4984 mouhid - ok
20:50:37.0394 4984 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
20:50:37.0394 4984 mountmgr - ok
20:50:37.0535 4984 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
20:50:37.0535 4984 mpio - ok
20:50:37.0644 4984 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:50:37.0659 4984 mpsdrv - ok
20:50:37.0769 4984 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
20:50:37.0784 4984 MpsSvc - ok
20:50:37.0893 4984 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
20:50:37.0893 4984 MRxDAV - ok
20:50:38.0018 4984 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:50:38.0018 4984 mrxsmb - ok
20:50:38.0143 4984 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:50:38.0143 4984 mrxsmb10 - ok
20:50:38.0268 4984 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:50:38.0268 4984 mrxsmb20 - ok
20:50:38.0377 4984 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
20:50:38.0377 4984 msahci - ok
20:50:38.0517 4984 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
20:50:38.0517 4984 msdsm - ok
20:50:38.0642 4984 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
20:50:38.0642 4984 MSDTC - ok
20:50:38.0767 4984 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:50:38.0767 4984 Msfs - ok
20:50:38.0876 4984 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:50:38.0892 4984 mshidkmdf - ok
20:50:38.0985 4984 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
20:50:39.0001 4984 msisadrv - ok
20:50:39.0110 4984 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
20:50:39.0126 4984 MSiSCSI - ok
20:50:39.0204 4984 msiserver - ok
20:50:39.0313 4984 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:50:39.0313 4984 MSKSSRV - ok
20:50:39.0438 4984 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:50:39.0438 4984 MSPCLOCK - ok
20:50:39.0578 4984 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:50:39.0578 4984 MSPQM - ok
20:50:39.0703 4984 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
20:50:39.0703 4984 MsRPC - ok
20:50:39.0828 4984 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
20:50:39.0828 4984 mssmbios - ok
20:50:39.0953 4984 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:50:39.0953 4984 MSTEE - ok
20:50:40.0062 4984 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
20:50:40.0077 4984 MTConfig - ok
20:50:40.0187 4984 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:50:40.0187 4984 Mup - ok
20:50:40.0280 4984 MyWiFiDHCPDNS (0cf5580f27918ffd2e165ecafa734103) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
20:50:40.0296 4984 MyWiFiDHCPDNS - ok
20:50:40.0405 4984 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
20:50:40.0421 4984 napagent - ok
20:50:40.0577 4984 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:50:40.0577 4984 NativeWifiP - ok
20:50:40.0717 4984 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
20:50:40.0733 4984 NDIS - ok
20:50:40.0857 4984 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:50:40.0857 4984 NdisCap - ok
20:50:40.0982 4984 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:50:40.0982 4984 NdisTapi - ok
20:50:41.0107 4984 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
20:50:41.0107 4984 Ndisuio - ok
20:50:41.0232 4984 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
20:50:41.0232 4984 NdisWan - ok
20:50:41.0357 4984 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
20:50:41.0357 4984 NDProxy - ok
20:50:41.0481 4984 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:50:41.0481 4984 NetBIOS - ok
20:50:41.0622 4984 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
20:50:41.0622 4984 NetBT - ok
20:50:41.0747 4984 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:50:41.0747 4984 Netlogon - ok
20:50:41.0887 4984 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
20:50:41.0903 4984 Netman - ok
20:50:42.0012 4984 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
20:50:42.0027 4984 netprofm - ok
20:50:42.0121 4984 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:50:42.0137 4984 NetTcpPortSharing - ok
20:50:42.0433 4984 NETwNs64 (b9c587bdaa61a689883439d5ae6fe7f3) C:\Windows\system32\DRIVERS\NETwNs64.sys
20:50:42.0605 4984 NETwNs64 - ok
20:50:42.0714 4984 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
20:50:42.0714 4984 nfrd960 - ok
20:50:42.0839 4984 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
20:50:42.0854 4984 NlaSvc - ok
20:50:42.0948 4984 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:50:42.0948 4984 Npfs - ok
20:50:43.0057 4984 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
20:50:43.0073 4984 nsi - ok
20:50:43.0197 4984 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:50:43.0197 4984 nsiproxy - ok
20:50:43.0338 4984 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
20:50:43.0353 4984 Ntfs - ok
20:50:43.0463 4984 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:50:43.0463 4984 Null - ok
20:50:43.0572 4984 nusb3hub (158ad24745bd85ba9be3c51c38f48c32) C:\Windows\system32\DRIVERS\nusb3hub.sys
20:50:43.0572 4984 nusb3hub - ok
20:50:43.0697 4984 nusb3xhc (d40a13b2c0891e218f9523b376955db6) C:\Windows\system32\DRIVERS\nusb3xhc.sys
20:50:43.0712 4984 nusb3xhc - ok
20:50:43.0837 4984 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
20:50:43.0853 4984 NVENETFD - ok
20:50:43.0962 4984 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
20:50:43.0962 4984 nvraid - ok
20:50:44.0087 4984 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
20:50:44.0087 4984 nvstor - ok
20:50:44.0211 4984 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
20:50:44.0211 4984 nv_agp - ok
20:50:44.0336 4984 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
20:50:44.0336 4984 ohci1394 - ok
20:50:44.0461 4984 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:50:44.0461 4984 p2pimsvc - ok
20:50:44.0601 4984 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
20:50:44.0617 4984 p2psvc - ok
20:50:44.0726 4984 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
20:50:44.0726 4984 Parport - ok
20:50:44.0835 4984 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
20:50:44.0851 4984 partmgr - ok
20:50:44.0945 4984 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
20:50:44.0960 4984 PcaSvc - ok
20:50:45.0085 4984 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
20:50:45.0101 4984 pci - ok
20:50:45.0210 4984 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
20:50:45.0210 4984 pciide - ok
20:50:45.0319 4984 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
20:50:45.0319 4984 pcmcia - ok
20:50:45.0428 4984 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:50:45.0428 4984 pcw - ok
20:50:45.0553 4984 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:50:45.0569 4984 PEAUTH - ok
20:50:45.0709 4984 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
20:50:45.0725 4984 PerfHost - ok
20:50:45.0881 4984 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
20:50:45.0896 4984 pla - ok
20:50:46.0021 4984 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
20:50:46.0021 4984 PlugPlay - ok
20:50:46.0130 4984 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
20:50:46.0146 4984 PNRPAutoReg - ok
20:50:46.0255 4984 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:50:46.0271 4984 PNRPsvc - ok
20:50:46.0380 4984 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
20:50:46.0395 4984 PolicyAgent - ok
20:50:46.0520 4984 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
20:50:46.0520 4984 Power - ok
20:50:46.0629 4984 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
20:50:46.0629 4984 PptpMiniport - ok
20:50:46.0770 4984 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
20:50:46.0770 4984 Processor - ok
20:50:46.0895 4984 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
20:50:46.0895 4984 ProfSvc - ok
20:50:47.0004 4984 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:50:47.0004 4984 ProtectedStorage - ok
20:50:47.0144 4984 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
20:50:47.0144 4984 Psched - ok
20:50:47.0300 4984 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
20:50:47.0316 4984 ql2300 - ok
20:50:47.0441 4984 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
20:50:47.0441 4984 ql40xx - ok
20:50:47.0675 4984 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
20:50:47.0675 4984 QWAVE - ok
20:50:47.0846 4984 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:50:47.0846 4984 QWAVEdrv - ok
20:50:47.0971 4984 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:50:47.0971 4984 RasAcd - ok
20:50:48.0080 4984 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:50:48.0080 4984 RasAgileVpn - ok
20:50:48.0189 4984 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
20:50:48.0189 4984 RasAuto - ok
20:50:48.0299 4984 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:50:48.0314 4984 Rasl2tp - ok
20:50:48.0439 4984 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
20:50:48.0439 4984 RasMan - ok
20:50:48.0548 4984 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:50:48.0548 4984 RasPppoe - ok
20:50:48.0657 4984 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:50:48.0673 4984 RasSstp - ok
20:50:48.0845 4984 rcmirror (96597c96d5acf4a3ef0b24d396853879) C:\Windows\system32\DRIVERS\rcmirror.sys
20:50:48.0845 4984 rcmirror - ok
20:50:48.0954 4984 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
20:50:48.0969 4984 rdbss - ok
20:50:49.0063 4984 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
20:50:49.0063 4984 rdpbus - ok
20:50:49.0203 4984 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:50:49.0203 4984 RDPCDD - ok
20:50:49.0344 4984 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:50:49.0344 4984 RDPENCDD - ok
20:50:49.0469 4984 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:50:49.0469 4984 RDPREFMP - ok
20:50:49.0593 4984 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
20:50:49.0593 4984 RDPWD - ok
20:50:49.0718 4984 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
20:50:49.0734 4984 rdyboost - ok
20:50:49.0827 4984 RegSrvc (aa9fd849c028ccb441a78061b57db734) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
20:50:49.0843 4984 RegSrvc - ok
20:50:49.0968 4984 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
20:50:49.0968 4984 RemoteAccess - ok
20:50:50.0093 4984 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
20:50:50.0093 4984 RemoteRegistry - ok
20:50:50.0171 4984 RoxioNow Service (085d18c71ab2611a3d61528132b6501e) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
20:50:50.0171 4984 RoxioNow Service - ok
20:50:50.0280 4984 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
20:50:50.0280 4984 RpcEptMapper - ok
20:50:50.0389 4984 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
20:50:50.0405 4984 RpcLocator - ok
20:50:50.0514 4984 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:50:50.0529 4984 RpcSs - ok
20:50:50.0654 4984 RSPCIESTOR (d5c3e1629a3f7f0857d27949252b94ce) C:\Windows\system32\DRIVERS\RtsPStor.sys
20:50:50.0654 4984 RSPCIESTOR - ok
20:50:50.0795 4984 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:50:50.0795 4984 rspndr - ok
20:50:50.0951 4984 RTL8167 (ed5873f7dfb2f96d37f13322211b6bdc) C:\Windows\system32\DRIVERS\Rt64win7.sys
20:50:50.0966 4984 RTL8167 - ok
20:50:51.0075 4984 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:50:51.0075 4984 SamSs - ok
20:50:51.0216 4984 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
20:50:51.0216 4984 sbp2port - ok
20:50:51.0356 4984 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
20:50:51.0356 4984 SCardSvr - ok
20:50:51.0465 4984 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
20:50:51.0465 4984 scfilter - ok
20:50:51.0590 4984 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
20:50:51.0606 4984 Schedule - ok
20:50:51.0715 4984 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:50:51.0715 4984 SCPolicySvc - ok
20:50:51.0871 4984 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
20:50:51.0887 4984 sdbus - ok
20:50:51.0996 4984 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
20:50:51.0996 4984 SDRSVC - ok
20:50:52.0121 4984 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:50:52.0121 4984 secdrv - ok
20:50:52.0214 4984 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
20:50:52.0214 4984 seclogon - ok
20:50:52.0339 4984 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
20:50:52.0339 4984 SENS - ok
20:50:52.0464 4984 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
20:50:52.0464 4984 SensrSvc - ok
20:50:52.0604 4984 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
20:50:52.0604 4984 Serenum - ok
20:50:52.0651 4984 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
20:50:52.0667 4984 Serial - ok
20:50:52.0760 4984 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
20:50:52.0760 4984 sermouse - ok
20:50:52.0932 4984 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
20:50:52.0947 4984 SessionEnv - ok
20:50:53.0057 4984 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
20:50:53.0057 4984 sffdisk - ok
20:50:53.0244 4984 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
20:50:53.0244 4984 sffp_mmc - ok
20:50:53.0369 4984 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
20:50:53.0369 4984 sffp_sd - ok
20:50:53.0493 4984 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
20:50:53.0493 4984 sfloppy - ok
20:50:53.0618 4984 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
20:50:53.0618 4984 SharedAccess - ok
20:50:53.0743 4984 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
20:50:53.0759 4984 ShellHWDetection - ok
20:50:53.0899 4984 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
20:50:53.0915 4984 SiSRaid2 - ok
20:50:54.0024 4984 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
20:50:54.0024 4984 SiSRaid4 - ok
20:50:54.0149 4984 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:50:54.0149 4984 Smb - ok
20:50:54.0273 4984 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
20:50:54.0273 4984 SNMPTRAP - ok
20:50:54.0383 4984 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:50:54.0383 4984 spldr - ok
20:50:54.0507 4984 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
20:50:54.0523 4984 Spooler - ok
20:50:54.0695 4984 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
20:50:54.0788 4984 sppsvc - ok
20:50:54.0913 4984 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
20:50:54.0929 4984 sppuinotify - ok
20:50:55.0053 4984 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
20:50:55.0069 4984 srv - ok
20:50:55.0178 4984 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
20:50:55.0194 4984 srv2 - ok
20:50:55.0319 4984 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
20:50:55.0334 4984 SrvHsfHDA - ok
20:50:55.0475 4984 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
20:50:55.0506 4984 SrvHsfV92 - ok
20:50:55.0631 4984 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
20:50:55.0646 4984 SrvHsfWinac - ok
20:50:55.0771 4984 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
20:50:55.0771 4984 srvnet - ok
20:50:55.0896 4984 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
20:50:55.0911 4984 SSDPSRV - ok
20:50:56.0036 4984 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
20:50:56.0052 4984 SstpSvc - ok
20:50:56.0130 4984 STacSV (86678c2f5081fea3517d78e92230b5ff) C:\Program Files\IDT\WDM\STacSV64.exe
20:50:56.0130 4984 STacSV - ok
20:50:56.0239 4984 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
20:50:56.0255 4984 stexstor - ok
20:50:56.0395 4984 STHDA (74387b34b43f94e380608888c56a5ccd) C:\Windows\system32\DRIVERS\stwrt64.sys
20:50:56.0411 4984 STHDA - ok
20:50:56.0551 4984 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
20:50:56.0567 4984 stisvc - ok
20:50:56.0676 4984 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
20:50:56.0676 4984 swenum - ok
20:50:56.0785 4984 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
20:50:56.0801 4984 swprv - ok
20:50:57.0019 4984 SynTP (33e6a285daa5134d8ea2247914c86c09) C:\Windows\system32\DRIVERS\SynTP.sys
20:50:57.0035 4984 SynTP - ok
20:50:57.0206 4984 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
20:50:57.0222 4984 SysMain - ok
20:50:57.0331 4984 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
20:50:57.0331 4984 TabletInputService - ok
20:50:57.0440 4984 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
20:50:57.0456 4984 TapiSrv - ok
20:50:57.0581 4984 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
20:50:57.0581 4984 TBS - ok
20:50:57.0737 4984 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
20:50:57.0752 4984 Tcpip - ok
20:50:57.0939 4984 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
20:50:57.0955 4984 TCPIP6 - ok
20:50:58.0080 4984 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
20:50:58.0080 4984 tcpipreg - ok
20:50:58.0189 4984 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:50:58.0205 4984 TDPIPE - ok
20:50:58.0298 4984 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
20:50:58.0298 4984 TDTCP - ok
20:50:58.0423 4984 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
20:50:58.0423 4984 tdx - ok
20:50:58.0548 4984 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
20:50:58.0548 4984 TermDD - ok
20:50:58.0673 4984 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
20:50:58.0688 4984 TermService - ok
20:50:58.0797 4984 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
20:50:58.0797 4984 Themes - ok
20:50:58.0907 4984 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:50:58.0907 4984 THREADORDER - ok
20:50:59.0047 4984 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
20:50:59.0047 4984 TrkWks - ok
20:50:59.0156 4984 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
20:50:59.0156 4984 TrustedInstaller - ok
20:50:59.0281 4984 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:50:59.0281 4984 tssecsrv - ok
20:50:59.0406 4984 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
20:50:59.0421 4984 TsUsbFlt - ok
20:50:59.0531 4984 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
20:50:59.0546 4984 TsUsbGD - ok
20:50:59.0687 4984 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
20:50:59.0687 4984 tunnel - ok
20:50:59.0796 4984 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
20:50:59.0796 4984 uagp35 - ok
20:50:59.0921 4984 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
20:50:59.0921 4984 udfs - ok
20:51:00.0077 4984 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
20:51:00.0077 4984 UI0Detect - ok
20:51:00.0201 4984 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
20:51:00.0217 4984 uliagpkx - ok
20:51:00.0326 4984 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
20:51:00.0326 4984 umbus - ok
20:51:00.0451 4984 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
20:51:00.0451 4984 UmPass - ok
20:51:00.0607 4984 UNS (a678e5ddd974903dd71f503bdcaca218) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
20:51:00.0623 4984 UNS - ok
20:51:00.0732 4984 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
20:51:00.0747 4984 upnphost - ok
20:51:00.0872 4984 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
20:51:00.0872 4984 usbccgp - ok
20:51:00.0997 4984 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
20:51:00.0997 4984 usbcir - ok
20:51:01.0169 4984 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
20:51:01.0169 4984 usbehci - ok
20:51:01.0309 4984 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
20:51:01.0325 4984 usbhub - ok
20:51:01.0449 4984 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
20:51:01.0449 4984 usbohci - ok
20:51:01.0574 4984 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
20:51:01.0574 4984 usbprint - ok
20:51:01.0683 4984 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
20:51:01.0699 4984 USBSTOR - ok
20:51:01.0808 4984 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
20:51:01.0808 4984 usbuhci - ok
20:51:01.0933 4984 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
20:51:01.0933 4984 usbvideo - ok
20:51:02.0058 4984 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
20:51:02.0058 4984 UxSms - ok
20:51:02.0183 4984 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:51:02.0183 4984 VaultSvc - ok
20:51:02.0292 4984 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
20:51:02.0307 4984 vdrvroot - ok
20:51:02.0432 4984 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
20:51:02.0448 4984 vds - ok
20:51:02.0573 4984 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:51:02.0573 4984 vga - ok
20:51:02.0775 4984 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:51:02.0775 4984 VgaSave - ok
20:51:02.0885 4984 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
20:51:02.0900 4984 vhdmp - ok
20:51:03.0009 4984 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
20:51:03.0009 4984 viaide - ok
20:51:03.0228 4984 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
20:51:03.0243 4984 volmgr - ok
20:51:03.0368 4984 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
20:51:03.0368 4984 volmgrx - ok
20:51:03.0493 4984 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
20:51:03.0493 4984 volsnap - ok
20:51:03.0618 4984 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
20:51:03.0633 4984 vsmraid - ok
20:51:03.0774 4984 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
20:51:03.0805 4984 VSS - ok
20:51:03.0914 4984 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
20:51:03.0914 4984 vwifibus - ok
20:51:04.0055 4984 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
20:51:04.0055 4984 vwififlt - ok
20:51:04.0226 4984 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
20:51:04.0226 4984 vwifimp - ok
20:51:04.0367 4984 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
20:51:04.0382 4984 W32Time - ok
20:51:04.0491 4984 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
20:51:04.0491 4984 WacomPen - ok
20:51:04.0616 4984 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:51:04.0616 4984 WANARP - ok
20:51:04.0632 4984 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:51:04.0632 4984 Wanarpv6 - ok
20:51:04.0803 4984 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
20:51:04.0835 4984 WatAdminSvc - ok
20:51:04.0991 4984 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
20:51:05.0006 4984 wbengine - ok
20:51:05.0178 4984 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
20:51:05.0178 4984 WbioSrvc - ok
20:51:05.0303 4984 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
20:51:05.0318 4984 wcncsvc - ok
20:51:05.0427 4984 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
20:51:05.0443 4984 WcsPlugInService - ok
20:51:05.0552 4984 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
20:51:05.0552 4984 Wd - ok
20:51:05.0693 4984 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:51:05.0708 4984 Wdf01000 - ok
20:51:05.0833 4984 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:51:05.0833 4984 WdiServiceHost - ok
20:51:05.0833 4984 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:51:05.0849 4984 WdiSystemHost - ok
20:51:05.0958 4984 wdkmd (5e1640435dd54d00451156ca5340b109) C:\Windows\system32\DRIVERS\WDKMD.sys
20:51:05.0973 4984 wdkmd - ok
20:51:06.0083 4984 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
20:51:06.0098 4984 WebClient - ok
20:51:06.0239 4984 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
20:51:06.0239 4984 Wecsvc - ok
20:51:06.0348 4984 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
20:51:06.0363 4984 wercplsupport - ok
20:51:06.0473 4984 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
20:51:06.0488 4984 WerSvc - ok
20:51:06.0613 4984 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:51:06.0613 4984 WfpLwf - ok
20:51:06.0738 4984 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:51:06.0753 4984 WIMMount - ok
20:51:06.0800 4984 WinDefend - ok
20:51:06.0800 4984 WinHttpAutoProxySvc - ok
20:51:06.0941 4984 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
20:51:06.0941 4984 Winmgmt - ok
20:51:07.0128 4984 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
20:51:07.0175 4984 WinRM - ok
20:51:07.0315 4984 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
20:51:07.0315 4984 WinUsb - ok
20:51:07.0440 4984 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
20:51:07.0455 4984 Wlansvc - ok
20:51:07.0533 4984 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
20:51:07.0533 4984 wlcrasvc - ok
20:51:07.0674 4984 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:51:07.0674 4984 wlidsvc - ok
20:51:07.0877 4984 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
20:51:07.0877 4984 WmiAcpi - ok
20:51:08.0017 4984 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
20:51:08.0017 4984 wmiApSrv - ok
20:51:08.0079 4984 WMPNetworkSvc - ok
20:51:08.0220 4984 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
20:51:08.0235 4984 WPCSvc - ok
20:51:08.0360 4984 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
20:51:08.0360 4984 WPDBusEnum - ok
20:51:08.0485 4984 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:51:08.0485 4984 ws2ifsl - ok
20:51:08.0594 4984 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
20:51:08.0610 4984 wscsvc - ok
20:51:08.0703 4984 WSearch - ok
20:51:08.0797 4984 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
20:51:08.0828 4984 wuauserv - ok
20:51:09.0031 4984 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
20:51:09.0047 4984 WudfPf - ok
20:51:09.0171 4984 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:51:09.0171 4984 WUDFRd - ok
20:51:09.0312 4984 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
20:51:09.0327 4984 wudfsvc - ok
20:51:09.0468 4984 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
20:51:09.0483 4984 WwanSvc - ok
20:51:09.0515 4984 MBR (0x1B8) (0f84f2562620c40d8a3e1908c8075675) \Device\Harddisk0\DR0
20:51:09.0561 4984 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
20:51:09.0561 4984 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
20:51:09.0561 4984 Boot (0x1200) (39ac117716ec6d6ac59dcf3f17ce8550) \Device\Harddisk0\DR0\Partition0
20:51:09.0561 4984 \Device\Harddisk0\DR0\Partition0 - ok
20:51:09.0593 4984 Boot (0x1200) (ac1ca478cb0b24f4a8f3993a6f174921) \Device\Harddisk0\DR0\Partition1
20:51:09.0593 4984 \Device\Harddisk0\DR0\Partition1 - ok
20:51:09.0624 4984 Boot (0x1200) (6ec2325f0d915aef99bf05625900360a) \Device\Harddisk0\DR0\Partition2
20:51:09.0624 4984 \Device\Harddisk0\DR0\Partition2 - ok
20:51:09.0639 4984 Boot (0x1200) (a9b7577913124ac3aa2ec548b29daae4) \Device\Harddisk0\DR0\Partition3
20:51:09.0639 4984 \Device\Harddisk0\DR0\Partition3 - ok
20:51:09.0639 4984 ============================================================
20:51:09.0639 4984 Scan finished
20:51:09.0639 4984 ============================================================
20:51:09.0655 7144 Detected object count: 1
20:51:09.0655 7144 Actual detected object count: 1
20:52:13.0336 7144 \Device\Harddisk0\DR0\# - copied to quarantine
20:52:13.0336 7144 \Device\Harddisk0\DR0 - copied to quarantine
20:52:13.0382 7144 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
20:52:13.0382 7144 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
20:52:13.0382 7144 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
20:52:13.0398 7144 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
20:52:13.0414 7144 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
20:52:13.0429 7144 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
20:52:13.0429 7144 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
20:52:13.0429 7144 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
20:52:13.0429 7144 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
20:52:13.0429 7144 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
20:52:13.0445 7144 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
20:52:13.0445 7144 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
20:52:13.0476 7144 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
20:52:13.0538 7144 \Device\Harddisk0\DR0 - ok
20:52:14.0428 7144 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
20:52:20.0233 1464 Deinitialize success

#8 Kelies

Kelies
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:00 AM

Posted 05 April 2012 - 08:15 PM

Follow up, Oh! I continued to use search engines and was not redirected. I did read all the information provided on Bleeping pertaining to this kind of infection and it appears the only way to be 100% rid of it is to use my original recovery discs and rebuild (if that is the term) my system. Did I understand that correctly? Is this one of those cases the experts would recommend this total restore, and if so, are there things I should know before I proceed with that? The HP technician took control, we did the HP recovery process, then connected my backup external drive and he moved program back in. That is when things got worse. After he tried to sell me Nortons and wait a week to receive it in the mail (telling me that only Nortons is specifically recommended for HP notebooks), I declined and updated the trial version of Nortons. Then the trouble started. I uninstalled and reinstalled AVG which has always worked wells for years. In short I'm asking for your continued advice. Thanks so much.

#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,405 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:00 AM

Posted 06 April 2012 - 09:27 AM

Greetings Kelies,

The decision whether to reformat or not is a decision you will have to make. In answer to your question, the only way to be 100% sure is to reformat and reinstall the operating system. The majority of people are satisfied with cleaning their machine as long as they have not detected any unautorized activity on financial or other accounts. Basically you should do whatever will let you sleep at night. It is different for different people. Even so, it is necessary to clean your computer before backing up the data. I don't know what was backed up prior to your last reinstall but is seems reasonable based on what you have described that the infection may have been transferred to your external drive and then put right back on your computer again.

If you decide to continue cleaning your machine please perform the below steps for me. Even if you eventually want to reformat I would be happy to continue assisting you.

I greatly appreciate your attentiveness and quick replies. :thumbsup:


===================================================


Run Combofix in Vista/7

--------------------

Combofix is a very powerful tool and special attention must be taken to allow it to work properly. Please pay careful attention to the following instructions.

  • Please download ComboFix from one of these locations:

    BleepingComputer

    ForoSpyware

  • Save Combofix.exe to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts. It is important you do not mouseclick while the program is running or it may stall.

    Note #1: Often times it may appear as if ComboFix has stopped working. To verify it is still running please do one of the following below. If ComboFix has stopped running please stop and advise me.

    • Check your computer clock. If it is still running then so is ComboFix
    • Open Task Manager and select the Applications Tab. If the status of AutoScan is Running, then ComboFix is running
    • Open Task Manager and select the Processes Tab. Under Image Name look for files ending in .3xe. If there are fluctuating numbers under CPU and Mem Usage then ComboFix is running
    Note #2: If you receive the following error "Illegal operation attempted on a registery key that has been marked for deletion" please just restart your computer to resolve this issue
  • When finished, it will produce a log. Please include the C:\Combofix.txt log in your next reply.

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • ComboFix.txt
  • Were you able to uninstall Spybot?

Edited by Oh My, 06 April 2012 - 09:27 AM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Kelies

Kelies
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:00 AM

Posted 06 April 2012 - 11:01 AM

Thanks for staying with me and your prompt assistance. Means a lot to me. Thanks too for the info on the external hard drive. I wondered if I just re-infected when I restored from that. Guess I should destroy it and buy another. No problems running combofix and here are logs. I keep getting popup msgs 'leaving secure internet connection' then 'secure connection'. AVG enabled. Are these 'connection' messages relevant?
ComboFix 12-04-06.03 - Linda 04/06/2012 11:38:08.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.3577 [GMT -4:00]
Running from: c:\users\Linda\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\users\Linda\AppData\Local\Temp\{09D57717-C447-4CBA-B87E-3C661A5B83F8}\fpb.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-03-06 to 2012-04-06 )))))))))))))))))))))))))))))))
.
.
2012-04-06 15:41 . 2012-04-06 15:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-06 00:52 . 2012-04-06 00:52 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-03 12:42 . 2012-04-03 22:47 -------- d-----w- c:\program files (x86)\Google
2012-04-03 12:41 . 2012-04-04 01:53 -------- d-----w- c:\program files\AVAST Software
2012-04-03 12:41 . 2012-04-03 21:58 -------- d-----w- c:\programdata\AVAST Software
2012-04-03 00:51 . 2012-04-04 00:00 -------- d-----w- c:\programdata\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
2012-04-02 23:45 . 2012-04-03 23:59 -------- d-----w- c:\users\lindalaptop
2012-04-02 22:21 . 2012-04-04 00:00 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-04-02 22:21 . 2012-04-04 00:00 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-04-02 21:12 . 2012-04-02 21:12 -------- d-----w- C:\$AVG
2012-04-02 16:13 . 2011-03-11 06:41 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys
2012-04-02 16:13 . 2011-03-11 06:41 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys
2012-04-02 16:12 . 2009-07-14 01:14 1397248 ----a-w- c:\windows\SysWow64\win_utilman.exe
2012-04-02 00:46 . 2012-04-02 00:46 -------- d-----w- c:\programdata\Panda Security
2012-04-02 00:46 . 2012-04-02 00:46 -------- d-----w- c:\program files (x86)\Panda Security
2012-04-02 00:46 . 2012-04-02 00:46 -------- d-----w- C:\temp
2012-04-01 19:37 . 2012-04-02 17:23 -------- d-----w- c:\program files (x86)\Audible
2012-04-01 18:10 . 2012-04-01 18:10 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-04-01 16:37 . 2012-04-01 16:37 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-01 16:37 . 2012-04-01 16:37 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-01 16:37 . 2012-04-03 23:58 -------- d-----w- c:\windows\system32\Macromed
2012-04-01 14:47 . 2012-04-01 14:47 -------- d-----w- c:\windows\SysWow64\Wat
2012-04-01 14:47 . 2012-04-01 14:47 -------- d-----w- c:\windows\system32\Wat
2012-04-01 13:59 . 2012-04-01 13:59 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-04-01 13:58 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-01 13:58 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-01 13:58 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-01 13:19 . 2011-02-23 04:55 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
2012-04-01 07:45 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-04-01 07:44 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2012-04-01 07:44 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-04-01 07:44 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-04-01 07:44 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-03-31 18:12 . 2012-03-31 18:12 -------- d-----w- c:\programdata\Malwarebytes
2012-03-31 18:12 . 2011-12-10 19:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-31 18:12 . 2012-03-31 18:12 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-31 18:05 . 2012-04-04 00:03 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-03-31 18:05 . 2012-04-06 12:45 -------- d-----w- c:\windows\system32\drivers\AVG
2012-03-31 18:05 . 2012-04-04 00:01 -------- d-----w- c:\programdata\AVG2012
2012-03-31 18:03 . 2012-03-31 18:03 -------- d-----w- c:\program files (x86)\AVG
2012-03-31 17:59 . 2012-03-31 17:59 -------- d--h--w- c:\programdata\Common Files
2012-03-31 17:58 . 2012-04-06 12:45 -------- d-----w- c:\programdata\MFAData
2012-03-31 16:25 . 2012-03-31 16:25 -------- d-----w- c:\programdata\VirtualizedApplications
2012-03-31 14:23 . 2012-03-31 14:23 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-03-31 14:22 . 2012-03-31 14:22 -------- d-----w- c:\program files (x86)\Java
2012-03-31 14:22 . 2012-03-31 22:36 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2012-03-31 12:55 . 2012-03-31 12:55 -------- dc----w- c:\windows\system32\DRVSTORE
2012-03-31 12:53 . 2012-03-31 12:54 -------- d-----w- c:\programdata\Apple
2012-03-31 12:32 . 2012-03-31 12:32 -------- d-----w- C:\System Recovery Files
2012-03-31 12:14 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-31 12:14 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-31 12:14 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-31 12:14 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-31 12:14 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-31 12:14 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-31 12:14 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-31 12:11 . 2012-04-05 12:24 -------- d-----w- c:\users\Linda
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-31 14:22 . 2011-04-08 20:56 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-31 12:13 . 2010-06-24 18:33 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-02-22 09:25 . 2012-02-22 09:25 382032 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2012-02-22 09:25 . 2012-02-22 09:25 289872 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2012-01-31 08:46 . 2012-01-31 08:46 36944 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-13 283160]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-02-15 94264]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2011-01-25 75048]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-03-16 61112]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-01-27 318520]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-02-16 2575712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 CLKMSVC10_38F51D56;CyberLink Product - 2011/08/06 19:33;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-01-25 241648]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 253600]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-02-15 1071160]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-01-05 340240]
R3 rcmirror;rcmirror;c:\windows\system32\DRIVERS\rcmirror.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\avgidseha.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-02-14 5104992]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-02-18 265544]
S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-02-28 92216]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-13 13336]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-22 2656280]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - CLKMDRV10_38F51D56
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 16:37]
.
2012-04-04 c:\windows\Tasks\HPCeeScheduleForLinda.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 418328]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-03-11 1128448]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-01-05 1933584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://us.mg5.mail.yahoo.com/neo/launch
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-{E92D47A1-D27D-430A-8368-0BAFD956507D} - c:\program files (x86)\InstallShield Installation Information\{E92D47A1-D27D-430A-8368-0BAFD956507D}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-04-06 11:46:40 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-06 15:46
.
Pre-Run: 673,600,585,728 bytes free
Post-Run: 673,351,503,872 bytes free
.
- - End Of File - - 7691EAD109F2D56E55B6022FC50B29B5

#11 Kelies

Kelies
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:00 AM

Posted 06 April 2012 - 11:55 AM

I apologize for not responding to the Spybot issue--I had already uninstalled it before contacting you. I hope this covers all the things you've asked about. Thanks.

#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,405 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:00 AM

Posted 06 April 2012 - 02:05 PM

Greetings Kelies,

Things are actually looking pretty good.

We can address the "secure connection". That is not a sign of malware but rather a setting in Internet Exporer that is designed to provide a caution. If you are mindful of the internet sites you are accessing that warning is not necessary and we can change the setting. The instructions are below if you would like to do that.

I am going to have you run a couple of scans to check for remnants of malware.

You are doing great and things are going very well so far.


===================================================


Modifying Internet Explorer Secure Connection Warning Setting

--------------------

  • Open Internet Explorer
  • Click Tools
  • Click Internet Options
  • Click Advanced
  • Scroll down to the Security Section
  • Uncheck Warn if changing between secure and not secure mode
  • Close the Internet Options window.

===================================================


Rerun Malwarebytes

--------------------

Temporarily disable your antivirus program.

  • Please locate your Malwarebytes icon Posted Image and launch the program
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.


===================================================


ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.

    Posted Image

  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:

    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • Any "Secure Connection" type warnings?
  • How is your computer running?
  • MBAM log
  • ESET log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Kelies

Kelies
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:00 AM

Posted 06 April 2012 - 03:35 PM

Hello Oh. Here are the 2 logs, MB and ESET (which took nearly an hour and showed threats). This seems very bad, but each step seems to be doing its job. Thanks, and let me know where to go from here.


Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.06.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Linda :: LINDA-HP [administrator]

4/6/2012 3:21:03 PM
mbam-log-2012-04-06 (15-21-03).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 215342
Time elapsed: 1 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric10.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric11.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric3.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric4.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric5.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric6.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric7.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric8.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric9.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\System Recovery Files\2012-03-31 083230\C\Users\HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0L8N7C9V\gift-rewardcentral_com[1].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\System Recovery Files\2012-03-31 083230\C\Users\HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1JKW9P5V\gift-rewardcentral_com[1].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\TDSSKiller_Quarantine\05.04.2012_20.49.59\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AD trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\05.04.2012_20.49.59\mbr0000\tdlfs0000\tsk0002.dta Win32/Olmarik.AYH trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\05.04.2012_20.49.59\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AG trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\05.04.2012_20.49.59\mbr0000\tdlfs0000\tsk0004.dta a variant of Win32/Rootkit.Kryptik.KS trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\05.04.2012_20.49.59\mbr0000\tdlfs0000\tsk0005.dta Win64/Olmarik.AF trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\05.04.2012_20.49.59\mbr0000\tdlfs0000\tsk0009.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\05.04.2012_20.49.59\mbr0000\tdlfs0000\tsk0010.dta Win64/Olmarik.X trojan cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\index[1].htm JS/Iframe.CV trojan cleaned by deleting - quarantined

#14 Kelies

Kelies
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:00 AM

Posted 06 April 2012 - 03:51 PM

Additional Note to Oh My! Oh, I've been browsing, using search engines, checking emails. All is okay. But the only visible problem I noticed throughout this was the 'redirecting' and then several blue screen shutdowns. So far today, neither of those things. And thanks, I did change those settings and no warnings since then--I read more about it.

#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,405 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:00 AM

Posted 06 April 2012 - 09:34 PM

Greetings Kelies,


Looks can be deceiving! Your logs actually look great. The vast majority of what you see is stuff that was already removed from your computer and quarantined (S&D recovery and TDSSKiller Quarantine). The other 3 are of no real consequence.

We need to address a couple of non-malware related issues.


===================================================


Update Java

-------------------

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

Please follow these steps to remove older version Java components and update:

  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit).
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.

  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7-windows-i586.exe to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.

To disable the JQS service if you don't want to use it:

  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.

===================================================


Wild Tangent Warning

--------------------

Online Gaming Warning! Online gaming sites are a security risk which can make your computer susceptible to a large number of malware infections, remote attacks, exposure of personal information, and identity theft. They can lead to other sites containing malware which you can inadvertently download without knowledge. Users visiting such sites may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. Gaming sites can put you at risk to fraud, phishing and theft of personal data. Even if the gaming site is a clean site, there is always the potential of some type of malware making its way there and then onto your system. In some instances an infection may have caused so much damage to your system that it cannot be successfully cleaned or repaired. In those cases, recovery is not possible and the only option is to reformat/reinstall the OS. More specifically, I noticed you had WildTangent on your computer. WildTangent Program Warning Wild Tangent is a video game software company specializing in online games. It has even made a partnership with AOL to include itself as part of the AOL Instant Messenger for their AIM games section. The WildTangent Web Driver is their technology that allows you to play 3D games over the Internet. Although its not technically considered spyware it does have built in components to update itself and gather information about the computer system including:
  • Operating System Version
  • CPU Type and Speed
  • Memory Amount
  • Video Card type and Driver Version
  • Sound Card type and Driver Version
  • DirectX Version
  • Location that the Web Driver was installed from
For that reason I would suggest you uninstalled it via add/remove. Reboot after the uninstallation.<- Important.


===================================================


Things I would like to see in your next reply. :thumbsup2:

  • Were you able to update Java successfully
  • How is your computer running. Are you noticing anything abnormal?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users