Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Another Infected with who knows what and Google (as well as others) keep redirecting


  • This topic is locked This topic is locked
41 replies to this topic

#1 airdelivery

airdelivery

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:11:59 AM

Posted 10 May 2012 - 06:44 PM

I am redirected in Google, but also have been redirected in bleepingcomputer. Boopme helped me try and get rid of whatever it is I have. I started with MiniToolbox, did TDDSKiller, then aswMBR, tried an EST scan, didn't work, so tried Kaspersky Virus Removal (didn't work), followed by FSecure. That freed me up to use the ESTscan, and now I've been directed to post my DDS log here.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Liz's Computer at 19:28:38 on 2012-05-10
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3701.2473 [GMT -4:00]
.
AV: Webroot SecureAnywhere *Enabled/Updated* {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Webroot SecureAnywhere *Enabled/Updated* {27678718-4A47-3119-06F0-3719487B3EBC}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files\Webroot\WRSA.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe
C:\Program Files (x86)\Microsoft Lync\communicator.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\taskeng.exe
c:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\Webroot\WRSA.exe
C:\Windows\system32\taskhost.exe
C:\Windows\ehome\ehPrivJob.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local;192.168.*.*
BHO: Lync Browser Helper: {31d09ba0-12f5-4cce-be8a-2923e76605da} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [Google Update] "C:\Users\Liz's Computer\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Norton Online Backup] "C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe"
mRun: [DT HPO] "C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe" -HPO
mRun: [PDF Complete] "C:\Program Files (x86)\PDF Complete\pdfsty.exe"
mRun: [Communicator] "C:\Program Files (x86)\Microsoft Lync\communicator.exe" /fromrunkey
mRun: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [Conime] %windir%\system32\conime.exe
mRun: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce: [GrpConv] grpconv -o
StartupFolder: C:\Users\LIZ'SC~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe
StartupFolder: C:\Users\LIZ'SC~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\_UNINS~1.LNK - C:\Users\Liz's Computer\AppData\Local\Temp\_uninst_38785311.bat
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
uPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
uPolicies-explorer: HideSCAHealth = 1 (0x1)
uPolicies-system: NoDispAppearancePage = 0 (0x0)
uPolicies-system: NoDispSettingsPage = 0 (0x0)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoViewOnDrive = 0 (0x0)
mPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
mPolicies-explorer: NoWindowsUpdate = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: NoDispAppearancePage = 0 (0x0)
mPolicies-system: NoDispSettingsPage = 0 (0x0)
dPolicies-explorer: NoViewOnDrive = 0 (0x0)
dPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
dPolicies-explorer: NoWindowsUpdate = 0 (0x0)
dPolicies-system: NoDispAppearancePage = 0 (0x0)
dPolicies-system: NoDispSettingsPage = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: mswsock.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{90B844AD-AEE7-452C-8330-153D1DA9DBF5} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{90B844AD-AEE7-452C-8330-153D1DA9DBF5}\94E44554C4C494E45445F51405 : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll
BHO-X64: Lync add-on BHO - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Norton Online Backup] "C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe"
mRun-x64: [DT HPO] "C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe" -HPO
mRun-x64: [PDF Complete] "C:\Program Files (x86)\PDF Complete\pdfsty.exe"
mRun-x64: [Communicator] "C:\Program Files (x86)\Microsoft Lync\communicator.exe" /fromrunkey
mRun-x64: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [Conime] %windir%\system32\conime.exe
mRun-x64: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce-x64: [GrpConv] grpconv -o
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
Hosts: 93.115.241.27 www.google-analytics.com.
Hosts: 93.115.241.27 ad-emea.doubleclick.net.
Hosts: 93.115.241.27 www.statcounter.com.
Hosts: 108.163.215.51 www.google-analytics.com.
Hosts: 108.163.215.51 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R0 39579164;39579164;C:\Windows\system32\DRIVERS\39579164.sys --> C:\Windows\system32\DRIVERS\39579164.sys [?]
R0 amd_sata;amd_sata;C:\Windows\system32\drivers\amd_sata.sys --> C:\Windows\system32\drivers\amd_sata.sys [?]
R0 amd_xata;amd_xata;C:\Windows\system32\drivers\amd_xata.sys --> C:\Windows\system32\drivers\amd_xata.sys [?]
R0 WRkrn;WRkrn;C:\Windows\system32\drivers\WRkrn.sys --> C:\Windows\system32\drivers\WRkrn.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\drivers\usbfilter.sys --> C:\Windows\system32\drivers\usbfilter.sys [?]
RUnknown 2870456drv;2870456drv; [x]
S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\system32\DRIVERS\motfilt.sys --> C:\Windows\system32\DRIVERS\motfilt.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\system32\DRIVERS\motccgp.sys --> C:\Windows\system32\DRIVERS\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;C:\Windows\system32\DRIVERS\motccgpfl.sys --> C:\Windows\system32\DRIVERS\motccgpfl.sys [?]
S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\system32\DRIVERS\Motousbnet.sys --> C:\Windows\system32\DRIVERS\Motousbnet.sys [?]
S3 motusbdevice;Motorola USB Dev Driver;C:\Windows\system32\DRIVERS\motusbdevice.sys --> C:\Windows\system32\DRIVERS\motusbdevice.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
.
=============== File Associations ===============
.
inffile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*
txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2012-05-10 12:51:09 -------- d-----w- C:\Users\Liz's Computer\AppData\Roaming\f-secure
2012-05-10 12:50:54 -------- d-----w- C:\ProgramData\F-Secure
2012-05-10 04:22:54 460888 ----a-w- C:\Windows\System32\drivers\39579164.sys
2012-05-10 03:42:53 -------- d-----w- C:\ProgramData\Kaspersky Lab
2012-05-10 02:52:28 -------- d-----w- C:\Program Files (x86)\ESET
2012-05-08 18:42:18 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-07 16:14:42 -------- d-----w- C:\Users\Liz's Computer\AppData\Roaming\Malwarebytes
2012-05-07 16:14:28 -------- d-----w- C:\ProgramData\Malwarebytes
2012-05-07 16:14:26 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-05-07 16:14:26 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-06 03:25:08 0 --sha-w- C:\Windows\System32\dds_trash_log.cmd
2012-05-06 03:24:02 -------- d-----we C:\Windows\system64
2012-05-04 07:57:48 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7D7B801D-53A0-4078-B1CA-5F03803FA560}\mpengine.dll
2012-05-02 20:23:09 -------- d-----w- C:\Users\Liz's Computer\AppData\Local\Google
2012-05-02 20:22:51 -------- d-----w- C:\Users\Liz's Computer\AppData\Local\Deployment
2012-05-02 20:22:51 -------- d-----w- C:\Users\Liz's Computer\AppData\Local\Apps
2012-04-14 07:18:51 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-12 07:04:02 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-12 07:04:01 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-04-12 07:04:01 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-12 07:00:50 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-12 07:00:50 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-12 07:00:50 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-12 07:00:49 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-12 07:00:49 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-12 07:00:49 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-12 07:00:49 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
.
==================== Find3M ====================
.
2012-05-08 01:35:04 148112 ----a-w- C:\Windows\SysWow64\WRusr.dll
2012-05-08 01:35:04 112616 ----a-w- C:\Windows\System32\drivers\WRkrn.sys
2012-05-08 01:35:04 100720 ----a-w- C:\Windows\System32\WRusr.dll
2012-05-04 23:16:20 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-04 23:16:20 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-23 14:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
.
============= FINISH: 19:31:50.57 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:59 PM

Posted 11 May 2012 - 12:36 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

:multiple Anti Virus programs:

It looks like you are operating your computer with multiple Anti Virus programs running in memory at once:

<insert av's>

Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

Please remove all but one of them.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 airdelivery

airdelivery
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:11:59 AM

Posted 11 May 2012 - 09:23 AM

security check log:

Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 30
Java version out of date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe
Symantec Norton Online Backup NOBuAgent.exe
``````````End of Log````````````

#4 airdelivery

airdelivery
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:11:59 AM

Posted 11 May 2012 - 12:28 PM

I've got the log from Combofix, but my web browsers won't work. IE comes up with "Illegal operation attempted on a registry key that has been marded for deletion." Any suggestions?

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:59 PM

Posted 11 May 2012 - 12:55 PM

please see note 2 above and restart the computer


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 airdelivery

airdelivery
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:11:59 AM

Posted 11 May 2012 - 01:34 PM

I screwed up and forgot to save the log for combobox, and (this is the best part) I deleted Combobox. Brilliant. I guess after I restarted and everything seems to be working better than before, I had a brain fart and did what I did. Like I said, everything is working well. I have am not having redirects anymore. And things are moving fast.

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:59 PM

Posted 11 May 2012 - 02:55 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\ComboFix.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 airdelivery

airdelivery
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:11:59 AM

Posted 11 May 2012 - 04:22 PM

got it:

ComboFix 12-05-11.02 - Liz's Computer 05/11/2012 10:58:13.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3701.2414 [GMT -4:00]
Running from: c:\users\Liz's Computer\Desktop\ComboFix.exe
AV: Webroot SecureAnywhere *Enabled/Updated* {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401}
SP: Webroot SecureAnywhere *Enabled/Updated* {27678718-4A47-3119-06F0-3719487B3EBC}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Liz's Computer\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FF7555EC-336F-4615-BB5C-387350459F94}.xps
c:\windows\TEMP\WRusr.dll-124667528-0.tmp
c:\windows\TEMP\WRusr.dll-124667715-1.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-04-11 to 2012-05-11 )))))))))))))))))))))))))))))))
.
.
2012-05-10 12:51 . 2012-05-10 12:51 -------- d-----w- c:\users\Liz's Computer\AppData\Roaming\f-secure
2012-05-10 12:50 . 2012-05-10 12:50 -------- d-----w- c:\programdata\F-Secure
2012-05-10 12:43 . 2012-05-10 12:43 -------- d-----w- c:\windows\Sun
2012-05-10 03:42 . 2012-05-10 03:42 -------- d-----w- c:\programdata\Kaspersky Lab
2012-05-10 02:52 . 2012-05-10 02:52 -------- d-----w- c:\program files (x86)\ESET
2012-05-08 18:42 . 2012-05-09 20:33 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-07 16:14 . 2012-05-07 16:14 -------- d-----w- c:\users\Liz's Computer\AppData\Roaming\Malwarebytes
2012-05-07 16:14 . 2012-05-07 16:14 -------- d-----w- c:\programdata\Malwarebytes
2012-05-07 16:14 . 2012-05-07 16:14 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-07 16:14 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-06 03:25 . 2012-05-09 20:36 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-05-06 03:24 . 2012-05-06 03:24 -------- d-----we c:\windows\system64
2012-05-04 07:57 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7D7B801D-53A0-4078-B1CA-5F03803FA560}\mpengine.dll
2012-05-02 20:23 . 2012-05-05 10:28 -------- d-----w- c:\users\Liz's Computer\AppData\Local\Google
2012-05-02 20:22 . 2012-05-02 20:23 -------- d-----w- c:\users\Liz's Computer\AppData\Local\Deployment
2012-05-02 20:22 . 2012-05-02 20:22 -------- d-----w- c:\users\Liz's Computer\AppData\Local\Apps
2012-04-14 07:18 . 2012-05-04 23:16 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-12 07:04 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-12 07:04 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-12 07:04 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-12 07:00 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 07:00 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 07:00 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 07:00 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 07:00 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 07:00 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 07:00 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-04 23:16 . 2012-03-30 15:30 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-04 23:16 . 2011-08-29 21:43 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-20 02:51 . 2012-03-20 02:51 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-03-20 02:51 . 2012-03-20 02:51 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-03-20 02:51 . 2012-03-20 02:51 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-03-20 02:51 . 2012-03-20 02:51 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-02-23 14:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 06:38 . 2012-03-13 21:04 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-13 21:04 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-13 21:04 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-13 21:04 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-13 336384]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"DT HPO"="c:\program files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe" [2011-05-26 121456]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-05-05 658424]
"Communicator"="c:\program files (x86)\Microsoft Lync\communicator.exe" [2012-03-24 12071200]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2010-09-02 2045440]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Liz's Computer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk - c:\program files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe [2008-11-7 517384]
_uninst_38785311.lnk - c:\users\Liz's Computer\AppData\Local\Temp\_uninst_38785311.bat [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2012-3-12 1207312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 257696]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.EXE [2009-11-18 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-03-08 2375168]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-12-19 394672]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-04-26 223088]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2011-05-05 1128952]
S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2011-03-09 109168]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - 39579164
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 23:16]
.
2012-05-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3757692343-1966096851-1492224659-1001Core.job
- c:\users\Liz's Computer\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-02 20:23]
.
2012-05-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3757692343-1966096851-1492224659-1001UA.job
- c:\users\Liz's Computer\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-02 20:23]
.
2012-05-07 c:\windows\Tasks\HPCeeScheduleForLiz's Computer.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2012-05-07 c:\windows\Tasks\HPCeeScheduleForLIZSCOMPUTER-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Bluetooth Connection Assistant"="LBTWIZ.EXE -silent" [X]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-06-08 7220328]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2010-09-02 2045440]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
hwpsgt
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;192.168.*.*
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
.
.
------- File Associations -------
.
inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*
txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-Conime - c:\windows\system32\conime.exe
SafeBoot-10822684.sys
SafeBoot-23559178.sys
SafeBoot-24373621.sys
SafeBoot-38469278.sys
SafeBoot-79293758.sys
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:12,5b,f0,75,cc,c0,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe
c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
.
**************************************************************************
.
Completion time: 2012-05-11 12:47:56 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-11 16:47
.
Pre-Run: 926,745,227,264 bytes free
Post-Run: 928,087,093,248 bytes free
.
- - End Of File - - 60273203E1C4935BE6C86308331A5048

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:59 PM

Posted 11 May 2012 - 08:41 PM

Greetings

Glad to hear things are doing better but I still what to run a few more checks

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 airdelivery

airdelivery
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:11:59 AM

Posted 11 May 2012 - 10:23 PM

tdsskiller report (no threats or suspicious files detected):

23:19:11.0736 5548 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
23:19:12.0204 5548 ============================================================
23:19:12.0204 5548 Current date / time: 2012/05/11 23:19:12.0204
23:19:12.0204 5548 SystemInfo:
23:19:12.0204 5548
23:19:12.0204 5548 OS Version: 6.1.7601 ServicePack: 1.0
23:19:12.0204 5548 Product type: Workstation
23:19:12.0204 5548 ComputerName: LIZSCOMPUTER-HP
23:19:12.0204 5548 UserName: Liz's Computer
23:19:12.0204 5548 Windows directory: C:\Windows
23:19:12.0204 5548 System windows directory: C:\Windows
23:19:12.0204 5548 Running under WOW64
23:19:12.0204 5548 Processor architecture: Intel x64
23:19:12.0204 5548 Number of processors: 2
23:19:12.0204 5548 Page size: 0x1000
23:19:12.0204 5548 Boot type: Normal boot
23:19:12.0204 5548 ============================================================
23:19:12.0718 5548 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:19:12.0718 5548 Drive \Device\Harddisk1\DR1 - Size: 0xF1800000 (3.77 Gb), SectorSize: 0x200, Cylinders: 0x1EC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
23:19:12.0828 5548 ============================================================
23:19:12.0828 5548 \Device\Harddisk0\DR0:
23:19:12.0828 5548 MBR partitions:
23:19:12.0828 5548 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
23:19:12.0828 5548 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x72F45000
23:19:12.0828 5548 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x72F77800, BlocksNum 0x178E800
23:19:12.0828 5548 \Device\Harddisk1\DR1:
23:19:12.0828 5548 MBR partitions:
23:19:12.0828 5548 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x78BFC1
23:19:12.0828 5548 ============================================================
23:19:12.0859 5548 C: <-> \Device\Harddisk0\DR0\Partition1
23:19:12.0906 5548 D: <-> \Device\Harddisk0\DR0\Partition2
23:19:12.0906 5548 ============================================================
23:19:12.0906 5548 Initialize success
23:19:12.0906 5548 ============================================================
23:19:24.0574 5132 ============================================================
23:19:24.0574 5132 Scan started
23:19:24.0574 5132 Mode: Manual;
23:19:24.0574 5132 ============================================================
23:19:24.0964 5132 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
23:19:24.0964 5132 1394ohci - ok
23:19:24.0996 5132 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
23:19:24.0996 5132 ACPI - ok
23:19:25.0027 5132 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
23:19:25.0027 5132 AcpiPmi - ok
23:19:25.0152 5132 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:19:25.0152 5132 AdobeFlashPlayerUpdateSvc - ok
23:19:25.0183 5132 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
23:19:25.0198 5132 adp94xx - ok
23:19:25.0214 5132 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
23:19:25.0230 5132 adpahci - ok
23:19:25.0245 5132 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
23:19:25.0261 5132 adpu320 - ok
23:19:25.0323 5132 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
23:19:25.0323 5132 AeLookupSvc - ok
23:19:25.0370 5132 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE
23:19:25.0370 5132 AERTFilters - ok
23:19:25.0417 5132 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
23:19:25.0417 5132 AFD - ok
23:19:25.0448 5132 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
23:19:25.0448 5132 agp440 - ok
23:19:25.0464 5132 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
23:19:25.0464 5132 ALG - ok
23:19:25.0495 5132 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
23:19:25.0495 5132 aliide - ok
23:19:25.0542 5132 AMD External Events Utility (23bc2ea87ab7d48756e6198a4e5d3ac0) C:\Windows\system32\atiesrxx.exe
23:19:25.0542 5132 AMD External Events Utility - ok
23:19:25.0557 5132 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
23:19:25.0557 5132 amdide - ok
23:19:25.0573 5132 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
23:19:25.0588 5132 AmdK8 - ok
23:19:25.0994 5132 amdkmdag (4837aa524c1aeb34201ba425237fb45b) C:\Windows\system32\DRIVERS\atikmdag.sys
23:19:26.0181 5132 amdkmdag - ok
23:19:26.0275 5132 amdkmdap (d7cc3eb2ae5bb29858f254c9aa356601) C:\Windows\system32\DRIVERS\atikmpag.sys
23:19:26.0275 5132 amdkmdap - ok
23:19:26.0290 5132 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
23:19:26.0306 5132 AmdPPM - ok
23:19:26.0337 5132 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
23:19:26.0337 5132 amdsata - ok
23:19:26.0368 5132 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
23:19:26.0368 5132 amdsbs - ok
23:19:26.0400 5132 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
23:19:26.0400 5132 amdxata - ok
23:19:26.0415 5132 amd_sata (2fbb00a7616106b95104574c6cd640c2) C:\Windows\system32\drivers\amd_sata.sys
23:19:26.0415 5132 amd_sata - ok
23:19:26.0431 5132 amd_xata (87d0d7645cb0d53220649bd5fe15d93e) C:\Windows\system32\drivers\amd_xata.sys
23:19:26.0431 5132 amd_xata - ok
23:19:26.0462 5132 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
23:19:26.0462 5132 AppID - ok
23:19:26.0493 5132 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
23:19:26.0493 5132 AppIDSvc - ok
23:19:26.0509 5132 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
23:19:26.0509 5132 Appinfo - ok
23:19:26.0571 5132 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:19:26.0587 5132 Apple Mobile Device - ok
23:19:26.0618 5132 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
23:19:26.0618 5132 arc - ok
23:19:26.0634 5132 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
23:19:26.0649 5132 arcsas - ok
23:19:26.0712 5132 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
23:19:26.0712 5132 aspnet_state - ok
23:19:26.0743 5132 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
23:19:26.0743 5132 AsyncMac - ok
23:19:26.0758 5132 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
23:19:26.0758 5132 atapi - ok
23:19:26.0805 5132 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
23:19:26.0821 5132 AudioEndpointBuilder - ok
23:19:26.0836 5132 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
23:19:26.0852 5132 AudioSrv - ok
23:19:26.0883 5132 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
23:19:26.0883 5132 AxInstSV - ok
23:19:26.0914 5132 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
23:19:26.0930 5132 b06bdrv - ok
23:19:26.0961 5132 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
23:19:26.0961 5132 b57nd60a - ok
23:19:26.0992 5132 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
23:19:26.0992 5132 BDESVC - ok
23:19:27.0024 5132 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
23:19:27.0039 5132 Beep - ok
23:19:27.0102 5132 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
23:19:27.0117 5132 BFE - ok
23:19:27.0180 5132 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
23:19:27.0195 5132 BITS - ok
23:19:27.0242 5132 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
23:19:27.0242 5132 blbdrive - ok
23:19:27.0304 5132 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
23:19:27.0320 5132 Bonjour Service - ok
23:19:27.0336 5132 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
23:19:27.0336 5132 bowser - ok
23:19:27.0351 5132 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
23:19:27.0351 5132 BrFiltLo - ok
23:19:27.0367 5132 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
23:19:27.0367 5132 BrFiltUp - ok
23:19:27.0398 5132 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
23:19:27.0398 5132 BridgeMP - ok
23:19:27.0476 5132 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
23:19:27.0476 5132 Browser - ok
23:19:27.0507 5132 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
23:19:27.0523 5132 Brserid - ok
23:19:27.0538 5132 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
23:19:27.0538 5132 BrSerWdm - ok
23:19:27.0554 5132 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:19:27.0554 5132 BrUsbMdm - ok
23:19:27.0570 5132 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
23:19:27.0570 5132 BrUsbSer - ok
23:19:27.0616 5132 BTCFilterService (ff7c57973eead140062238c5a0b7d455) C:\Windows\system32\DRIVERS\motfilt.sys
23:19:27.0632 5132 BTCFilterService - ok
23:19:27.0663 5132 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
23:19:27.0663 5132 BTHMODEM - ok
23:19:27.0694 5132 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
23:19:27.0694 5132 bthserv - ok
23:19:27.0694 5132 catchme - ok
23:19:27.0726 5132 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
23:19:27.0726 5132 cdfs - ok
23:19:27.0757 5132 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
23:19:27.0757 5132 cdrom - ok
23:19:27.0788 5132 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
23:19:27.0788 5132 CertPropSvc - ok
23:19:27.0804 5132 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
23:19:27.0804 5132 circlass - ok
23:19:27.0835 5132 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
23:19:27.0835 5132 CLFS - ok
23:19:27.0913 5132 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:19:27.0913 5132 clr_optimization_v2.0.50727_32 - ok
23:19:27.0991 5132 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:19:28.0006 5132 clr_optimization_v2.0.50727_64 - ok
23:19:28.0069 5132 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:19:28.0069 5132 clr_optimization_v4.0.30319_32 - ok
23:19:28.0100 5132 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:19:28.0100 5132 clr_optimization_v4.0.30319_64 - ok
23:19:28.0147 5132 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys
23:19:28.0147 5132 clwvd - ok
23:19:28.0162 5132 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
23:19:28.0162 5132 CmBatt - ok
23:19:28.0194 5132 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
23:19:28.0194 5132 cmdide - ok
23:19:28.0256 5132 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
23:19:28.0256 5132 CNG - ok
23:19:28.0287 5132 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
23:19:28.0287 5132 Compbatt - ok
23:19:28.0318 5132 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
23:19:28.0318 5132 CompositeBus - ok
23:19:28.0334 5132 COMSysApp - ok
23:19:28.0365 5132 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
23:19:28.0365 5132 crcdisk - ok
23:19:28.0443 5132 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
23:19:28.0443 5132 CryptSvc - ok
23:19:28.0521 5132 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
23:19:28.0537 5132 DcomLaunch - ok
23:19:28.0568 5132 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
23:19:28.0568 5132 defragsvc - ok
23:19:28.0599 5132 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
23:19:28.0599 5132 DfsC - ok
23:19:28.0630 5132 DFUBTUSB (b49e99c0860e73cd3d54ecba1f236dfd) C:\Windows\system32\Drivers\frmupgr.sys
23:19:28.0646 5132 DFUBTUSB - ok
23:19:28.0693 5132 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
23:19:28.0693 5132 Dhcp - ok
23:19:28.0724 5132 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
23:19:28.0724 5132 discache - ok
23:19:28.0755 5132 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
23:19:28.0755 5132 Disk - ok
23:19:28.0802 5132 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
23:19:28.0802 5132 Dnscache - ok
23:19:28.0833 5132 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
23:19:28.0833 5132 dot3svc - ok
23:19:28.0864 5132 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
23:19:28.0864 5132 DPS - ok
23:19:28.0896 5132 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
23:19:28.0896 5132 drmkaud - ok
23:19:28.0989 5132 DTSRVC (104e07194c5761dc3991fd03112238a2) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe
23:19:28.0989 5132 DTSRVC - ok
23:19:29.0130 5132 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
23:19:29.0161 5132 DXGKrnl - ok
23:19:29.0176 5132 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
23:19:29.0176 5132 EapHost - ok
23:19:29.0364 5132 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
23:19:29.0426 5132 ebdrv - ok
23:19:29.0504 5132 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
23:19:29.0520 5132 EFS - ok
23:19:29.0582 5132 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
23:19:29.0598 5132 ehRecvr - ok
23:19:29.0644 5132 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
23:19:29.0644 5132 ehSched - ok
23:19:29.0691 5132 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
23:19:29.0707 5132 elxstor - ok
23:19:29.0722 5132 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
23:19:29.0722 5132 ErrDev - ok
23:19:29.0769 5132 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
23:19:29.0769 5132 EventSystem - ok
23:19:29.0800 5132 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
23:19:29.0800 5132 exfat - ok
23:19:29.0832 5132 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
23:19:29.0847 5132 fastfat - ok
23:19:29.0863 5132 FastUserSwitchingCompatibility - ok
23:19:29.0910 5132 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
23:19:29.0910 5132 Fax - ok
23:19:29.0941 5132 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
23:19:29.0941 5132 fdc - ok
23:19:29.0956 5132 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
23:19:29.0956 5132 fdPHost - ok
23:19:29.0972 5132 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
23:19:29.0972 5132 FDResPub - ok
23:19:29.0988 5132 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
23:19:29.0988 5132 FileInfo - ok
23:19:30.0003 5132 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
23:19:30.0003 5132 Filetrace - ok
23:19:30.0019 5132 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
23:19:30.0019 5132 flpydisk - ok
23:19:30.0050 5132 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
23:19:30.0050 5132 FltMgr - ok
23:19:30.0128 5132 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
23:19:30.0159 5132 FontCache - ok
23:19:30.0222 5132 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:19:30.0237 5132 FontCache3.0.0.0 - ok
23:19:30.0268 5132 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
23:19:30.0268 5132 FsDepends - ok
23:19:30.0300 5132 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
23:19:30.0300 5132 Fs_Rec - ok
23:19:30.0331 5132 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
23:19:30.0331 5132 fvevol - ok
23:19:30.0362 5132 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
23:19:30.0362 5132 gagp30kx - ok
23:19:30.0424 5132 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
23:19:30.0424 5132 GamesAppService - ok
23:19:30.0456 5132 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:19:30.0456 5132 GEARAspiWDM - ok
23:19:30.0518 5132 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
23:19:30.0518 5132 gpsvc - ok
23:19:30.0549 5132 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
23:19:30.0549 5132 hcw85cir - ok
23:19:30.0596 5132 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
23:19:30.0596 5132 HdAudAddService - ok
23:19:30.0627 5132 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
23:19:30.0627 5132 HDAudBus - ok
23:19:30.0643 5132 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
23:19:30.0643 5132 HidBatt - ok
23:19:30.0674 5132 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
23:19:30.0674 5132 HidBth - ok
23:19:30.0690 5132 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
23:19:30.0690 5132 HidIr - ok
23:19:30.0705 5132 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
23:19:30.0705 5132 hidserv - ok
23:19:30.0721 5132 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
23:19:30.0721 5132 HidUsb - ok
23:19:30.0736 5132 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
23:19:30.0752 5132 hkmsvc - ok
23:19:30.0768 5132 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
23:19:30.0768 5132 HomeGroupListener - ok
23:19:30.0799 5132 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
23:19:30.0799 5132 HomeGroupProvider - ok
23:19:30.0861 5132 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
23:19:30.0877 5132 HP Support Assistant Service - ok
23:19:30.0939 5132 HPAuto (7b8c1b09c11e8db7c4480abd7d17e821) C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
23:19:30.0955 5132 HPAuto - ok
23:19:30.0986 5132 HPClientSvc (6a181452d4e240b8ecc7614b9a19bde9) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
23:19:31.0002 5132 HPClientSvc - ok
23:19:31.0033 5132 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
23:19:31.0033 5132 HPDrvMntSvc.exe - ok
23:19:31.0095 5132 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
23:19:31.0111 5132 hpqwmiex - ok
23:19:31.0220 5132 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
23:19:31.0220 5132 HpSAMD - ok
23:19:31.0282 5132 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
23:19:31.0298 5132 HTTP - ok
23:19:31.0329 5132 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
23:19:31.0329 5132 hwpolicy - ok
23:19:31.0392 5132 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
23:19:31.0392 5132 i8042prt - ok
23:19:31.0454 5132 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
23:19:31.0470 5132 iaStorV - ok
23:19:31.0657 5132 IconMan_R (3a0ff117b4adc5abe4d968e26a337158) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
23:19:31.0672 5132 IconMan_R - ok
23:19:31.0766 5132 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:19:31.0766 5132 idsvc - ok
23:19:32.0172 5132 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
23:19:32.0296 5132 igfx - ok
23:19:32.0374 5132 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
23:19:32.0374 5132 iirsp - ok
23:19:32.0437 5132 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
23:19:32.0452 5132 IKEEXT - ok
23:19:32.0640 5132 IntcAzAudAddService (392d5c87f282e8e36df5154418a7bb20) C:\Windows\system32\drivers\RTKVHD64.sys
23:19:32.0702 5132 IntcAzAudAddService - ok
23:19:32.0749 5132 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
23:19:32.0749 5132 intelide - ok
23:19:32.0780 5132 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
23:19:32.0780 5132 intelppm - ok
23:19:32.0796 5132 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
23:19:32.0811 5132 IPBusEnum - ok
23:19:32.0827 5132 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:19:32.0827 5132 IpFilterDriver - ok
23:19:32.0889 5132 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
23:19:32.0889 5132 iphlpsvc - ok
23:19:32.0905 5132 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
23:19:32.0905 5132 IPMIDRV - ok
23:19:32.0936 5132 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
23:19:32.0936 5132 IPNAT - ok
23:19:33.0014 5132 iPod Service (ee4c2a137c7088911a8919effc9812e7) C:\Program Files\iPod\bin\iPodService.exe
23:19:33.0014 5132 iPod Service - ok
23:19:33.0045 5132 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
23:19:33.0045 5132 IRENUM - ok
23:19:33.0061 5132 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
23:19:33.0061 5132 isapnp - ok
23:19:33.0092 5132 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
23:19:33.0108 5132 iScsiPrt - ok
23:19:33.0123 5132 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
23:19:33.0123 5132 kbdclass - ok
23:19:33.0139 5132 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
23:19:33.0139 5132 kbdhid - ok
23:19:33.0154 5132 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:19:33.0154 5132 KeyIso - ok
23:19:33.0232 5132 Kodak AiO Network Discovery Service (27277a11db52fefae5b01dc8fb570b28) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
23:19:33.0248 5132 Kodak AiO Network Discovery Service - ok
23:19:33.0264 5132 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
23:19:33.0264 5132 KSecDD - ok
23:19:33.0279 5132 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
23:19:33.0279 5132 KSecPkg - ok
23:19:33.0295 5132 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
23:19:33.0295 5132 ksthunk - ok
23:19:33.0342 5132 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
23:19:33.0357 5132 KtmRm - ok
23:19:33.0388 5132 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
23:19:33.0388 5132 LanmanServer - ok
23:19:33.0404 5132 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
23:19:33.0420 5132 LanmanWorkstation - ok
23:19:33.0482 5132 LBTServ (88e52495b47c67126b510af53fdb0bc7) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
23:19:33.0482 5132 LBTServ - ok
23:19:33.0513 5132 LHidFilt (b6552d382ff070b4ed34cbd6737277c0) C:\Windows\system32\DRIVERS\LHidFilt.Sys
23:19:33.0529 5132 LHidFilt - ok
23:19:33.0544 5132 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
23:19:33.0560 5132 lltdio - ok
23:19:33.0591 5132 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
23:19:33.0607 5132 lltdsvc - ok
23:19:33.0622 5132 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
23:19:33.0622 5132 lmhosts - ok
23:19:33.0638 5132 LMouFilt (73c1f563ab73d459dffe682d66476558) C:\Windows\system32\DRIVERS\LMouFilt.Sys
23:19:33.0638 5132 LMouFilt - ok
23:19:33.0669 5132 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
23:19:33.0669 5132 LSI_FC - ok
23:19:33.0700 5132 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
23:19:33.0700 5132 LSI_SAS - ok
23:19:33.0716 5132 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
23:19:33.0716 5132 LSI_SAS2 - ok
23:19:33.0747 5132 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
23:19:33.0747 5132 LSI_SCSI - ok
23:19:33.0778 5132 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
23:19:33.0778 5132 luafv - ok
23:19:33.0810 5132 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
23:19:33.0810 5132 MBAMProtector - ok
23:19:33.0888 5132 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
23:19:33.0903 5132 MBAMService - ok
23:19:33.0919 5132 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
23:19:33.0934 5132 Mcx2Svc - ok
23:19:33.0950 5132 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
23:19:33.0950 5132 megasas - ok
23:19:33.0981 5132 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
23:19:33.0981 5132 MegaSR - ok
23:19:34.0044 5132 Microsoft SharePoint Workspace Audit Service - ok
23:19:34.0075 5132 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
23:19:34.0075 5132 MMCSS - ok
23:19:34.0090 5132 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
23:19:34.0106 5132 Modem - ok
23:19:34.0106 5132 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
23:19:34.0106 5132 monitor - ok
23:19:34.0168 5132 motccgp (c94a2ea3fdfa5d650884926b710b7db1) C:\Windows\system32\DRIVERS\motccgp.sys
23:19:34.0168 5132 motccgp - ok
23:19:34.0184 5132 motccgpfl (d51e009baeda07ebc107d49d224c2414) C:\Windows\system32\DRIVERS\motccgpfl.sys
23:19:34.0184 5132 motccgpfl - ok
23:19:34.0231 5132 motmodem (060f0ef84f430802df3788f3dcfd009c) C:\Windows\system32\DRIVERS\motmodem.sys
23:19:34.0231 5132 motmodem - ok
23:19:34.0278 5132 MotoHelper (3bbc6c2402242401f791548aaebf3d39) C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
23:19:34.0278 5132 MotoHelper - ok
23:19:34.0293 5132 MotoSwitchService (ebd05f60cafc5bba2602b8d7101082d3) C:\Windows\system32\DRIVERS\motswch.sys
23:19:34.0293 5132 MotoSwitchService - ok
23:19:34.0324 5132 Motousbnet (87701078c3f720ac7a028e937994cc49) C:\Windows\system32\DRIVERS\Motousbnet.sys
23:19:34.0324 5132 Motousbnet - ok
23:19:34.0340 5132 motusbdevice (307727f9829fb46ff4be0e4d1dac5002) C:\Windows\system32\DRIVERS\motusbdevice.sys
23:19:34.0340 5132 motusbdevice - ok
23:19:34.0356 5132 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
23:19:34.0371 5132 mouclass - ok
23:19:34.0387 5132 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
23:19:34.0387 5132 mouhid - ok
23:19:34.0402 5132 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
23:19:34.0402 5132 mountmgr - ok
23:19:34.0418 5132 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
23:19:34.0434 5132 mpio - ok
23:19:34.0449 5132 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
23:19:34.0449 5132 mpsdrv - ok
23:19:34.0512 5132 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
23:19:34.0527 5132 MpsSvc - ok
23:19:34.0558 5132 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
23:19:34.0558 5132 MRxDAV - ok
23:19:34.0605 5132 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:19:34.0605 5132 mrxsmb - ok
23:19:34.0636 5132 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:19:34.0636 5132 mrxsmb10 - ok
23:19:34.0652 5132 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:19:34.0668 5132 mrxsmb20 - ok
23:19:34.0699 5132 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
23:19:34.0699 5132 msahci - ok
23:19:34.0714 5132 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
23:19:34.0714 5132 msdsm - ok
23:19:34.0746 5132 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
23:19:34.0746 5132 MSDTC - ok
23:19:34.0777 5132 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
23:19:34.0777 5132 Msfs - ok
23:19:34.0792 5132 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
23:19:34.0792 5132 mshidkmdf - ok
23:19:34.0808 5132 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
23:19:34.0808 5132 msisadrv - ok
23:19:34.0855 5132 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
23:19:34.0855 5132 MSiSCSI - ok
23:19:34.0855 5132 msiserver - ok
23:19:34.0886 5132 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
23:19:34.0886 5132 MSKSSRV - ok
23:19:34.0902 5132 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
23:19:34.0917 5132 MSPCLOCK - ok
23:19:34.0917 5132 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
23:19:34.0933 5132 MSPQM - ok
23:19:34.0964 5132 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
23:19:34.0980 5132 MsRPC - ok
23:19:34.0995 5132 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
23:19:34.0995 5132 mssmbios - ok
23:19:35.0011 5132 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
23:19:35.0011 5132 MSTEE - ok
23:19:35.0026 5132 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
23:19:35.0026 5132 MTConfig - ok
23:19:35.0058 5132 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
23:19:35.0058 5132 Mup - ok
23:19:35.0089 5132 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
23:19:35.0089 5132 napagent - ok
23:19:35.0151 5132 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
23:19:35.0151 5132 NativeWifiP - ok
23:19:35.0214 5132 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
23:19:35.0229 5132 NDIS - ok
23:19:35.0245 5132 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
23:19:35.0245 5132 NdisCap - ok
23:19:35.0260 5132 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
23:19:35.0260 5132 NdisTapi - ok
23:19:35.0276 5132 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
23:19:35.0276 5132 Ndisuio - ok
23:19:35.0292 5132 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
23:19:35.0307 5132 NdisWan - ok
23:19:35.0323 5132 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
23:19:35.0323 5132 NDProxy - ok
23:19:35.0338 5132 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
23:19:35.0338 5132 NetBIOS - ok
23:19:35.0354 5132 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
23:19:35.0370 5132 NetBT - ok
23:19:35.0385 5132 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:19:35.0385 5132 Netlogon - ok
23:19:35.0448 5132 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
23:19:35.0448 5132 Netman - ok
23:19:35.0510 5132 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:19:35.0510 5132 NetMsmqActivator - ok
23:19:35.0526 5132 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:19:35.0526 5132 NetPipeActivator - ok
23:19:35.0572 5132 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
23:19:35.0572 5132 netprofm - ok
23:19:35.0682 5132 netr28x (8b5d2d7cb0ef5b1967860b8ab742a46c) C:\Windows\system32\DRIVERS\netr28x.sys
23:19:35.0728 5132 netr28x - ok
23:19:35.0775 5132 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:19:35.0775 5132 NetTcpActivator - ok
23:19:35.0775 5132 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:19:35.0775 5132 NetTcpPortSharing - ok
23:19:35.0853 5132 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
23:19:35.0853 5132 nfrd960 - ok
23:19:35.0900 5132 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
23:19:35.0900 5132 NlaSvc - ok
23:19:36.0072 5132 NOBU (5839a8027d6d324a7cd494051a96628c) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
23:19:36.0087 5132 NOBU - ok
23:19:36.0181 5132 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
23:19:36.0181 5132 Npfs - ok
23:19:36.0196 5132 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
23:19:36.0212 5132 nsi - ok
23:19:36.0228 5132 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
23:19:36.0228 5132 nsiproxy - ok
23:19:36.0352 5132 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
23:19:36.0384 5132 Ntfs - ok
23:19:36.0446 5132 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
23:19:36.0446 5132 Null - ok
23:19:36.0477 5132 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
23:19:36.0477 5132 nvraid - ok
23:19:36.0508 5132 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
23:19:36.0508 5132 nvstor - ok
23:19:36.0524 5132 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
23:19:36.0524 5132 nv_agp - ok
23:19:36.0555 5132 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
23:19:36.0555 5132 ohci1394 - ok
23:19:36.0602 5132 ose64 (4965b005492cba7719e82b71e3245495) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:19:36.0618 5132 ose64 - ok
23:19:36.0898 5132 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
23:19:36.0945 5132 osppsvc - ok
23:19:37.0008 5132 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
23:19:37.0008 5132 p2pimsvc - ok
23:19:37.0054 5132 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
23:19:37.0054 5132 p2psvc - ok
23:19:37.0101 5132 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
23:19:37.0101 5132 Parport - ok
23:19:37.0132 5132 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
23:19:37.0132 5132 partmgr - ok
23:19:37.0164 5132 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
23:19:37.0164 5132 PcaSvc - ok
23:19:37.0195 5132 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
23:19:37.0195 5132 pci - ok
23:19:37.0226 5132 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
23:19:37.0226 5132 pciide - ok
23:19:37.0242 5132 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
23:19:37.0257 5132 pcmcia - ok
23:19:37.0273 5132 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
23:19:37.0273 5132 pcw - ok
23:19:37.0304 5132 pdfcDispatcher - ok
23:19:37.0335 5132 PdiService (c7801def1c78747996a52c1f4c473e6f) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
23:19:37.0335 5132 PdiService - ok
23:19:37.0382 5132 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
23:19:37.0382 5132 PEAUTH - ok
23:19:37.0460 5132 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
23:19:37.0460 5132 PerfHost - ok
23:19:37.0600 5132 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
23:19:37.0632 5132 pla - ok
23:19:37.0678 5132 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
23:19:37.0678 5132 PlugPlay - ok
23:19:37.0694 5132 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
23:19:37.0694 5132 PNRPAutoReg - ok
23:19:37.0725 5132 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
23:19:37.0741 5132 PNRPsvc - ok
23:19:37.0788 5132 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
23:19:37.0788 5132 Point64 - ok
23:19:37.0834 5132 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
23:19:37.0834 5132 PolicyAgent - ok
23:19:37.0881 5132 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
23:19:37.0881 5132 Power - ok
23:19:37.0928 5132 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
23:19:37.0928 5132 PptpMiniport - ok
23:19:37.0959 5132 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
23:19:37.0959 5132 Processor - ok
23:19:37.0990 5132 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
23:19:37.0990 5132 ProfSvc - ok
23:19:38.0006 5132 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:19:38.0006 5132 ProtectedStorage - ok
23:19:38.0022 5132 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
23:19:38.0037 5132 Psched - ok
23:19:38.0131 5132 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
23:19:38.0162 5132 ql2300 - ok
23:19:38.0256 5132 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
23:19:38.0256 5132 ql40xx - ok
23:19:38.0287 5132 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
23:19:38.0302 5132 QWAVE - ok
23:19:38.0318 5132 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
23:19:38.0334 5132 QWAVEdrv - ok
23:19:38.0349 5132 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
23:19:38.0349 5132 RasAcd - ok
23:19:38.0380 5132 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:19:38.0380 5132 RasAgileVpn - ok
23:19:38.0396 5132 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
23:19:38.0396 5132 RasAuto - ok
23:19:38.0412 5132 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:19:38.0427 5132 Rasl2tp - ok
23:19:38.0443 5132 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
23:19:38.0458 5132 RasMan - ok
23:19:38.0490 5132 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
23:19:38.0490 5132 RasPppoe - ok
23:19:38.0521 5132 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
23:19:38.0521 5132 RasSstp - ok
23:19:38.0552 5132 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
23:19:38.0552 5132 rdbss - ok
23:19:38.0568 5132 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
23:19:38.0568 5132 rdpbus - ok
23:19:38.0583 5132 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:19:38.0583 5132 RDPCDD - ok
23:19:38.0614 5132 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
23:19:38.0614 5132 RDPENCDD - ok
23:19:38.0646 5132 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
23:19:38.0646 5132 RDPREFMP - ok
23:19:38.0677 5132 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
23:19:38.0692 5132 RDPWD - ok
23:19:38.0708 5132 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
23:19:38.0708 5132 rdyboost - ok
23:19:38.0739 5132 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
23:19:38.0755 5132 RemoteAccess - ok
23:19:38.0770 5132 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
23:19:38.0770 5132 RemoteRegistry - ok
23:19:38.0833 5132 RoxioNow Service (085d18c71ab2611a3d61528132b6501e) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
23:19:38.0848 5132 RoxioNow Service - ok
23:19:38.0864 5132 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
23:19:38.0864 5132 RpcEptMapper - ok
23:19:38.0880 5132 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
23:19:38.0880 5132 RpcLocator - ok
23:19:38.0911 5132 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
23:19:38.0926 5132 RpcSs - ok
23:19:38.0973 5132 RSPCIESTOR (f8fea7764348c59262b340916cbfeb40) C:\Windows\system32\DRIVERS\RtsPStor.sys
23:19:38.0973 5132 RSPCIESTOR - ok
23:19:38.0989 5132 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
23:19:39.0004 5132 rspndr - ok
23:19:39.0067 5132 RTL8167 (f4c374b1c46de294b573bb43723ac3f6) C:\Windows\system32\DRIVERS\Rt64win7.sys
23:19:39.0067 5132 RTL8167 - ok
23:19:39.0082 5132 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:19:39.0098 5132 SamSs - ok
23:19:39.0114 5132 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
23:19:39.0114 5132 sbp2port - ok
23:19:39.0145 5132 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
23:19:39.0145 5132 SCardSvr - ok
23:19:39.0160 5132 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
23:19:39.0160 5132 scfilter - ok
23:19:39.0223 5132 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
23:19:39.0254 5132 Schedule - ok
23:19:39.0301 5132 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
23:19:39.0301 5132 SCPolicySvc - ok
23:19:39.0332 5132 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
23:19:39.0332 5132 SDRSVC - ok
23:19:39.0363 5132 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
23:19:39.0363 5132 secdrv - ok
23:19:39.0379 5132 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
23:19:39.0379 5132 seclogon - ok
23:19:39.0394 5132 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
23:19:39.0410 5132 SENS - ok
23:19:39.0426 5132 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
23:19:39.0426 5132 SensrSvc - ok
23:19:39.0472 5132 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
23:19:39.0472 5132 Serenum - ok
23:19:39.0488 5132 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
23:19:39.0488 5132 Serial - ok
23:19:39.0535 5132 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
23:19:39.0535 5132 sermouse - ok
23:19:39.0582 5132 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
23:19:39.0582 5132 SessionEnv - ok
23:19:39.0613 5132 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
23:19:39.0613 5132 sffdisk - ok
23:19:39.0628 5132 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
23:19:39.0628 5132 sffp_mmc - ok
23:19:39.0644 5132 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
23:19:39.0644 5132 sffp_sd - ok
23:19:39.0660 5132 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
23:19:39.0660 5132 sfloppy - ok
23:19:39.0706 5132 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
23:19:39.0706 5132 SharedAccess - ok
23:19:39.0738 5132 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
23:19:39.0753 5132 ShellHWDetection - ok
23:19:39.0769 5132 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
23:19:39.0769 5132 SiSRaid2 - ok
23:19:39.0784 5132 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
23:19:39.0784 5132 SiSRaid4 - ok
23:19:39.0816 5132 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
23:19:39.0816 5132 Smb - ok
23:19:39.0847 5132 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
23:19:39.0847 5132 SNMPTRAP - ok
23:19:39.0862 5132 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
23:19:39.0862 5132 spldr - ok
23:19:39.0909 5132 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
23:19:39.0925 5132 Spooler - ok
23:19:40.0096 5132 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
23:19:40.0190 5132 sppsvc - ok
23:19:40.0284 5132 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
23:19:40.0299 5132 sppuinotify - ok
23:19:40.0346 5132 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
23:19:40.0362 5132 srv - ok
23:19:40.0393 5132 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
23:19:40.0393 5132 srv2 - ok
23:19:40.0424 5132 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
23:19:40.0424 5132 srvnet - ok
23:19:40.0440 5132 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
23:19:40.0455 5132 SSDPSRV - ok
23:19:40.0471 5132 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
23:19:40.0471 5132 SstpSvc - ok
23:19:40.0486 5132 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
23:19:40.0486 5132 stexstor - ok
23:19:40.0564 5132 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
23:19:40.0580 5132 stisvc - ok
23:19:40.0596 5132 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
23:19:40.0596 5132 swenum - ok
23:19:40.0627 5132 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
23:19:40.0642 5132 swprv - ok
23:19:40.0736 5132 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
23:19:40.0783 5132 SysMain - ok
23:19:40.0845 5132 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
23:19:40.0845 5132 TabletInputService - ok
23:19:40.0876 5132 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
23:19:40.0876 5132 TapiSrv - ok
23:19:40.0923 5132 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
23:19:40.0939 5132 TBS - ok
23:19:41.0048 5132 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
23:19:41.0095 5132 Tcpip - ok
23:19:41.0266 5132 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
23:19:41.0298 5132 TCPIP6 - ok
23:19:41.0360 5132 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
23:19:41.0360 5132 tcpipreg - ok
23:19:41.0391 5132 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
23:19:41.0391 5132 TDPIPE - ok
23:19:41.0422 5132 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
23:19:41.0422 5132 TDTCP - ok
23:19:41.0438 5132 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
23:19:41.0438 5132 tdx - ok
23:19:41.0485 5132 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
23:19:41.0485 5132 TermDD - ok
23:19:41.0563 5132 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
23:19:41.0563 5132 TermService - ok
23:19:41.0594 5132 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
23:19:41.0594 5132 Themes - ok
23:19:41.0625 5132 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
23:19:41.0625 5132 THREADORDER - ok
23:19:41.0656 5132 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
23:19:41.0656 5132 TrkWks - ok
23:19:41.0703 5132 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
23:19:41.0703 5132 TrustedInstaller - ok
23:19:41.0734 5132 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:19:41.0734 5132 tssecsrv - ok
23:19:41.0734 5132 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
23:19:41.0750 5132 TsUsbFlt - ok
23:19:41.0766 5132 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
23:19:41.0766 5132 TsUsbGD - ok
23:19:41.0781 5132 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
23:19:41.0797 5132 tunnel - ok
23:19:41.0812 5132 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
23:19:41.0812 5132 uagp35 - ok
23:19:41.0844 5132 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
23:19:41.0859 5132 udfs - ok
23:19:41.0890 5132 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
23:19:41.0890 5132 UI0Detect - ok
23:19:41.0906 5132 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
23:19:41.0906 5132 uliagpkx - ok
23:19:41.0937 5132 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
23:19:41.0937 5132 umbus - ok
23:19:41.0953 5132 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
23:19:41.0953 5132 UmPass - ok
23:19:41.0984 5132 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
23:19:41.0984 5132 upnphost - ok
23:19:42.0031 5132 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
23:19:42.0031 5132 USBAAPL64 - ok
23:19:42.0078 5132 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
23:19:42.0078 5132 usbaudio - ok
23:19:42.0109 5132 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
23:19:42.0109 5132 usbccgp - ok
23:19:42.0140 5132 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
23:19:42.0140 5132 usbcir - ok
23:19:42.0171 5132 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
23:19:42.0171 5132 usbehci - ok
23:19:42.0187 5132 usbfilter (573d192e268f0c5b486b7e96f661e538) C:\Windows\system32\drivers\usbfilter.sys
23:19:42.0187 5132 usbfilter - ok
23:19:42.0234 5132 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
23:19:42.0234 5132 usbhub - ok
23:19:42.0249 5132 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
23:19:42.0249 5132 usbohci - ok
23:19:42.0280 5132 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
23:19:42.0280 5132 usbprint - ok
23:19:42.0296 5132 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
23:19:42.0296 5132 usbscan - ok
23:19:42.0312 5132 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:19:42.0327 5132 USBSTOR - ok
23:19:42.0358 5132 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
23:19:42.0374 5132 usbuhci - ok
23:19:42.0405 5132 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
23:19:42.0405 5132 usbvideo - ok
23:19:42.0436 5132 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
23:19:42.0436 5132 UxSms - ok
23:19:42.0468 5132 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:19:42.0468 5132 VaultSvc - ok
23:19:42.0468 5132 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
23:19:42.0468 5132 vdrvroot - ok
23:19:42.0514 5132 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
23:19:42.0514 5132 vds - ok
23:19:42.0546 5132 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
23:19:42.0546 5132 vga - ok
23:19:42.0561 5132 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
23:19:42.0561 5132 VgaSave - ok
23:19:42.0592 5132 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
23:19:42.0608 5132 vhdmp - ok
23:19:42.0624 5132 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
23:19:42.0624 5132 viaide - ok
23:19:42.0655 5132 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
23:19:42.0655 5132 volmgr - ok
23:19:42.0686 5132 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
23:19:42.0686 5132 volmgrx - ok
23:19:42.0717 5132 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\Windows\system32\drivers\volsnap.sys
23:19:42.0717 5132 volsnap - ok
23:19:42.0764 5132 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
23:19:42.0764 5132 vsmraid - ok
23:19:42.0858 5132 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
23:19:42.0889 5132 VSS - ok
23:19:42.0982 5132 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
23:19:42.0982 5132 vwifibus - ok
23:19:43.0045 5132 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
23:19:43.0045 5132 vwififlt - ok
23:19:43.0076 5132 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
23:19:43.0076 5132 W32Time - ok
23:19:43.0107 5132 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
23:19:43.0107 5132 WacomPen - ok
23:19:43.0138 5132 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:19:43.0138 5132 WANARP - ok
23:19:43.0138 5132 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:19:43.0138 5132 Wanarpv6 - ok
23:19:43.0263 5132 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
23:19:43.0294 5132 WatAdminSvc - ok
23:19:43.0404 5132 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
23:19:43.0450 5132 wbengine - ok
23:19:43.0528 5132 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
23:19:43.0528 5132 WbioSrvc - ok
23:19:43.0560 5132 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
23:19:43.0575 5132 wcncsvc - ok
23:19:43.0591 5132 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
23:19:43.0591 5132 WcsPlugInService - ok
23:19:43.0622 5132 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
23:19:43.0622 5132 Wd - ok
23:19:43.0669 5132 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
23:19:43.0684 5132 Wdf01000 - ok
23:19:43.0700 5132 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:19:43.0700 5132 WdiServiceHost - ok
23:19:43.0716 5132 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:19:43.0716 5132 WdiSystemHost - ok
23:19:43.0731 5132 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
23:19:43.0747 5132 WebClient - ok
23:19:43.0778 5132 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
23:19:43.0778 5132 Wecsvc - ok
23:19:43.0794 5132 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
23:19:43.0809 5132 wercplsupport - ok
23:19:43.0825 5132 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
23:19:43.0825 5132 WerSvc - ok
23:19:43.0856 5132 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
23:19:43.0856 5132 WfpLwf - ok
23:19:43.0872 5132 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
23:19:43.0872 5132 WIMMount - ok
23:19:43.0918 5132 WinDefend - ok
23:19:43.0934 5132 WinHttpAutoProxySvc - ok
23:19:43.0981 5132 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
23:19:43.0996 5132 Winmgmt - ok
23:19:44.0106 5132 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
23:19:44.0152 5132 WinRM - ok
23:19:44.0277 5132 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
23:19:44.0277 5132 WinUsb - ok
23:19:44.0340 5132 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
23:19:44.0355 5132 Wlansvc - ok
23:19:44.0402 5132 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
23:19:44.0402 5132 wlcrasvc - ok
23:19:44.0542 5132 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:19:44.0574 5132 wlidsvc - ok
23:19:44.0652 5132 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
23:19:44.0667 5132 WmiAcpi - ok
23:19:44.0698 5132 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
23:19:44.0698 5132 wmiApSrv - ok
23:19:44.0714 5132 WMPNetworkSvc - ok
23:19:44.0745 5132 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
23:19:44.0745 5132 WPCSvc - ok
23:19:44.0776 5132 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
23:19:44.0776 5132 WPDBusEnum - ok
23:19:44.0792 5132 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
23:19:44.0808 5132 ws2ifsl - ok
23:19:44.0839 5132 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
23:19:44.0839 5132 wscsvc - ok
23:19:44.0854 5132 WSearch - ok
23:19:44.0979 5132 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
23:19:45.0042 5132 wuauserv - ok
23:19:45.0120 5132 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
23:19:45.0120 5132 WudfPf - ok
23:19:45.0135 5132 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:19:45.0151 5132 WUDFRd - ok
23:19:45.0166 5132 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
23:19:45.0166 5132 wudfsvc - ok
23:19:45.0182 5132 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
23:19:45.0198 5132 WwanSvc - ok
23:19:45.0260 5132 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
23:19:45.0322 5132 \Device\Harddisk0\DR0 - ok
23:19:45.0338 5132 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
23:19:52.0966 5132 \Device\Harddisk1\DR1 - ok
23:19:52.0966 5132 Boot (0x1200) (5c10f28c4717727767f2f742f678cd7d) \Device\Harddisk0\DR0\Partition0
23:19:52.0982 5132 \Device\Harddisk0\DR0\Partition0 - ok
23:19:52.0998 5132 Boot (0x1200) (e178a9c6f2310a647cfadbc303d896fa) \Device\Harddisk0\DR0\Partition1
23:19:53.0013 5132 \Device\Harddisk0\DR0\Partition1 - ok
23:19:53.0029 5132 Boot (0x1200) (ab24b5a819537b1337404e4fdd128ca1) \Device\Harddisk0\DR0\Partition2
23:19:53.0044 5132 \Device\Harddisk0\DR0\Partition2 - ok
23:19:53.0044 5132 Boot (0x1200) (dbd9758b17a2c8563984c8febcf7603d) \Device\Harddisk1\DR1\Partition0
23:19:53.0044 5132 \Device\Harddisk1\DR1\Partition0 - ok
23:19:53.0044 5132 ============================================================
23:19:53.0044 5132 Scan finished
23:19:53.0044 5132 ============================================================
23:19:53.0076 0404 Detected object count: 0
23:19:53.0076 0404 Actual detected object count: 0

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:59 PM

Posted 11 May 2012 - 10:39 PM

OK let me have the aswMBR report when complete


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 airdelivery

airdelivery
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:11:59 AM

Posted 12 May 2012 - 09:03 PM

aswMBR report:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-11 23:23:56
-----------------------------
23:23:56.143 OS Version: Windows x64 6.1.7601 Service Pack 1
23:23:56.143 Number of processors: 2 586 0x200
23:23:56.159 ComputerName: LIZSCOMPUTER-HP UserName: Liz's Computer
23:23:57.984 Initialize success
23:34:38.398 AVAST engine defs: 12051101
11:18:33.221 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000058
11:18:33.225 Disk 0 Vendor: ST310005 HP63 Size: 953869MB BusType: 11
11:18:33.243 Disk 0 MBR read successfully
11:18:33.249 Disk 0 MBR scan
11:18:33.355 Disk 0 Windows 7 default MBR code
11:18:33.399 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
11:18:33.436 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 941706 MB offset 206848
11:18:33.477 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12061 MB offset 1928820736
11:18:33.534 Disk 0 scanning C:\Windows\system32\drivers
11:18:58.469 Service scanning
11:19:40.655 Modules scanning
11:19:40.670 Disk 0 trace - called modules:
11:19:40.696 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
11:19:40.707 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004bc2060]
11:19:40.738 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa8004a7e040]
11:19:40.751 5 amd_xata.sys[fffff88000fe98f7] -> nt!IofCallDriver -> \Device\00000058[0xfffffa8004a7a6b0]
11:19:48.543 AVAST engine scan C:\Windows
11:19:55.961 AVAST engine scan C:\Windows\system32
11:25:15.885 AVAST engine scan C:\Windows\system32\drivers
11:25:35.916 AVAST engine scan C:\Users\Liz's Computer
11:32:32.079 AVAST engine scan C:\ProgramData
11:33:41.483 Scan finished successfully
22:02:11.834 Disk 0 MBR has been saved successfully to "C:\Users\Liz's Computer\Desktop\MBR.dat"
22:02:11.850 The log file has been saved successfully to "C:\Users\Liz's Computer\Desktop\aswMBR.txt"

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:59 PM

Posted 12 May 2012 - 09:24 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

File::
c:\windows\system32\dds_trash_log.cmd

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 airdelivery

airdelivery
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:11:59 AM

Posted 13 May 2012 - 09:10 AM

here's the combolog (see attachment)Attached File  comolog.txt   221.7KB   1 downloads

#15 airdelivery

airdelivery
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:11:59 AM

Posted 13 May 2012 - 10:09 AM

And the computer is running very well. Although I do get a consistent block from Malwarebytes that is an outgoing block. Is this something to worry about?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users