Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Easy A-Z Redirect


  • This topic is locked This topic is locked
39 replies to this topic

#1 rudi.brabbs

rudi.brabbs

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:45 PM

Posted 18 May 2012 - 07:01 PM

Hi, whenever i click a Google (or any other search engine) link I'm redirected to a fake search search site, usually Easy A-Z but sometimes others. Only happens when clicking the links, works fine copying the web address. Do you know how to fix it?

Thanks

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:45 PM

Posted 20 May 2012 - 01:01 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:45 PM

Posted 23 May 2012 - 06:09 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:45 PM

Posted 26 May 2012 - 12:21 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:45 PM

Posted 15 June 2012 - 01:44 PM

This topic has been re-opened at the request of the person who originally posted.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 rudi.brabbs

rudi.brabbs
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:45 PM

Posted 15 June 2012 - 02:02 PM

Results of screen317's Security Check version 0.99.41
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
McAfee Anti-Virus and Anti-Spyware
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
Java™ 6 Update 31
Java version out of date!
Google Chrome 19.0.1084.52
Google Chrome 19.0.1084.56
````````Process Check: objlist.exe by Laurent````````
McAfee Online Backup MOBKbackup.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 10%
````````````````````End of Log``````````````````````





Thanks alot, the computer is still working normally. The redirect is the only thing that's wrong with it.

#7 rudi.brabbs

rudi.brabbs
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:45 PM

Posted 15 June 2012 - 02:08 PM

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Rudi at 20:05:02 on 2012-06-15
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.5942.4529 [GMT 1:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\dleacoms.exe
C:\Windows\SysWOW64\ezSharedSvcHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\McAfee\MAT\McPvTray.exe
C:\Users\Rudi\AppData\Roaming\Spotify\spotify.exe
C:\Program Files (x86)\GameShadow\GameShadow.exe
C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Users\Rudi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rudi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rudi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rudi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rudi\AppData\Local\Google\Chrome\Application\chrome.exe
c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
C:\Users\Rudi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rudi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\McAfee\Core\mchost.exe
C:\Users\Rudi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rudi\Downloads\SecurityCheck (1).exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - C:\Program Files (x86)\IObit Toolbar\IE\5.8\iobitToolbarIE.dll
BHO: TBLayoutBHO Class: {008f6853-9cb4-41c5-a950-39d55e5e06ba} - C:\Program Files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll
BHO: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - C:\Program Files (x86)\IObit Toolbar\IE\5.8\iobitToolbarIE.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120514201239.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: AlxHelper Class: {f443a627-5009-4323-9c1d-7fd598d0d712} - C:\Program Files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: Amazon Browser Bar: {ea582743-9076-4178-9aa6-7393fdf4d5ce} - C:\Program Files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll
TB: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - C:\Program Files (x86)\IObit Toolbar\IE\5.8\iobitToolbarIE.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [Spotify] "C:\Users\Rudi\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
uRun: [GameShadow] C:\Program Files (x86)\GameShadow\GameShadow.exe /q
uRun: [Facebook Update] "C:\Users\Rudi\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Google Update] "C:\Users\Rudi\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
mRun: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [<NO NAME>]
mRun: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
StartupFolder: C:\Users\Rudi\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
StartupFolder: C:\Users\Rudi\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\REGIST~1.LNK - C:\Program Files (x86)\Ubisoft\Silent Hunter 4 Wolves of the Pacific\RegistrationReminder\RegistrationReminder.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUDIBL~1.LNK - C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: HideFastUserSwitching = 0 (0x0)
IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F7CFB6D3-32C8-433B-A276-6A6E36C97EDB} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F7CFB6D3-32C8-433B-A276-6A6E36C97EDB}\E4544574541425 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{F7CFB6D3-32C8-433B-A276-6A6E36C97EDB}\E4564776561627 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{F7CFB6D3-32C8-433B-A276-6A6E36C97EDB}\E45677C616E64637 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F7CFB6D3-32C8-433B-A276-6A6E36C97EDB}\F42716E67656337316536326 : DhcpNameServer = 192.168.0.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
BHO-X64: TBLayoutBHO Class: {008f6853-9cb4-41c5-a950-39d55e5e06ba} - C:\Program Files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll
BHO-X64: TBLayoutBHO - No File
BHO-X64: IObit Toolbar: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\5.8\iobitToolbarIE.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120514201239.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: AlxHelper Class: {F443A627-5009-4323-9C1D-7FD598D0D712} - C:\Program Files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll
BHO-X64: AlxHelper - No File
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: Amazon Browser Bar: {EA582743-9076-4178-9AA6-7393FDF4D5CE} - C:\Program Files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll
TB-X64: IObit Toolbar: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\5.8\iobitToolbarIE.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [IMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
mRun-x64: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [(Default)]
mRun-x64: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
SEH-X64: EasyBits ShellExecute Hook: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 McPvDrv;McPvDrv Driver;C:\Windows\system32\drivers\McPvDrv.sys --> C:\Windows\system32\drivers\McPvDrv.sys [?]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 MOBKFilter;MOBKFilter;C:\Windows\system32\DRIVERS\MOBK.sys --> C:\Windows\system32\DRIVERS\MOBK.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2012-5-25 785344]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 dlea_device;dlea_device;C:\Windows\system32\dleacoms.exe -service --> C:\Windows\system32\dleacoms.exe -service [?]
R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe [2011-7-16 514232]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-2-17 682040]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-3-14 197504]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-3-1 13592]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-3-1 2372096]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-3-13 249936]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-3-13 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-3-13 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-3-13 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2012-3-13 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2012-3-13 210584]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 MOBKbackup;McAfee Online Backup;C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-4-13 231224]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-3-1 2320920]
R2 Updater Service for AMZN;Updater Service for AMZN;C:\Program Files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe [2012-2-1 203776]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-2 183560]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2012-06-13 15:35:58 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-06-13 15:35:58 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-06-13 15:35:58 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-06-13 15:35:36 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-06-13 15:35:27 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-06-13 15:35:27 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-06-13 15:35:26 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-06-13 15:35:01 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-06-13 15:35:00 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-06-13 15:34:59 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-06-13 15:34:59 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-06-13 15:34:59 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-06-13 15:34:58 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-06-13 15:34:15 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-06-13 15:34:10 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-06-13 15:34:08 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-06-13 15:34:07 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-06-12 20:39:31 -------- d-----w- C:\Users\Rudi\AppData\Local\{6756A023-D354-431F-8B40-E0083A3E2C45}
2012-06-11 19:24:49 -------- d-----w- C:\Users\Rudi\AppData\Local\{2B1DD4D4-D7C3-469A-B84F-DA71CEC4C553}
2012-05-26 08:15:21 -------- d-----w- C:\Program Files (x86)\Application Updater
2012-05-26 08:15:20 -------- d-----w- C:\Program Files (x86)\IObit Toolbar
2012-05-26 08:15:20 -------- d-----w- C:\Program Files (x86)\Common Files\Spigot
2012-05-18 22:47:26 -------- d-----w- C:\Program Files (x86)\Amazon
2012-05-18 22:47:14 -------- d-----w- C:\Program Files (x86)\Amazon Browser Bar
2012-05-18 22:47:04 57976 ----a-r- C:\Windows\System32\drivers\SBREDrv.sys
2012-05-18 22:29:03 208896 ----a-w- C:\Windows\MBR.exe
2012-05-18 22:29:00 98816 ----a-w- C:\Windows\sed.exe
.
==================== Find3M ====================
.
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-04-10 21:18:24 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-03-20 12:11:30 162192 ----a-w- C:\Windows\System32\mfevtps.exe
.
============= FINISH: 20:05:30.25 ===============

#8 rudi.brabbs

rudi.brabbs
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:45 PM

Posted 15 June 2012 - 02:10 PM

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 27/12/2011 19:56:56
System Uptime: 15/06/2012 17:51:19 (3 hours ago)
.
Motherboard: Hewlett-Packard | | 1668
Processor: Intel® Core™ i3 CPU M 370 @ 2.40GHz | CPU | 1727/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 577 GiB total, 493.76 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 1.678 GiB free.
E: is FIXED (FAT32) - 4 GiB total, 1.078 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP81: 20/05/2012 19:00:04 - Windows Backup
RP82: 27/05/2012 19:00:10 - Windows Backup
RP83: 11/06/2012 16:10:16 - Windows Backup
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe AIR
Adobe Community Help
Adobe Download Assistant
Adobe Dreamweaver CS5.5
Adobe Flash Player 11 ActiveX
Adobe Reader X MUI
Adobe Shockwave Player 11.6
Adobe Widget Browser
Agatha Christie - Peril at End House
Apple Application Support
Apple Software Update
Atheros Driver Installation Program
Audible Download Manager
Bejeweled 3
Bing Bar
Blackhawk Striker 2
Blasterball 3
Bounce Symphony
Cake Mania
Chronicles of Albian
Chuzzle Deluxe
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Cradle of Rome 2
CyberLink YouCam
D3DX10
Empire: Total War
ESU for Microsoft Windows 7 SP1
Evernote v. 4.2.3
Facebook Video Calling 1.2.0.159
Farm Frenzy
FATE
Final Drive: Nitro
GameShadow Pulse V4.0
Google Chrome
Governor of Poker 2 Premium Edition
Hewlett-Packard ACLM.NET v1.1.2.0
HP Customer Experience Enhancements
HP Documentation
HP Games
HP On Screen Display
HP Power Manager
HP Quick Launch
HP QuickWeb
HP Setup
HP Setup Manager
HP Software Framework
HP Support Assistant
IDT Audio
Intel® Control Center
Intel® Management Engine Components
Intel® Processor Graphics
Intel® Rapid Storage Technology
IObit Toolbar v5.8
Java Auto Updater
Java™ 6 Update 31
Jewel Quest: The Sleepless Star - Collector's Edition
Junk Mail filter update
Magic Desktop
Mah Jong Medley
MahJong Suite 2008 v5.0
Malwarebytes Anti-Malware version 1.61.0.1400
McAfee Online Backup
McAfee Total Protection
Mesh Runtime
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
MSVCRT
MSVCRT_amd64
Mystery of Mortlake Mansion
Namco All-Stars: PAC-MAN
Penguins!
Plants vs. Zombies - Game of the Year
Poker Superstars III
Polar Bowler
Polar Golfer
Realtek Ethernet Controller Driver
Realtek PCIE Card Reader
Recovery Manager
Safari
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Silent Hunter 4 Wolves of the Pacific
Slingo Supreme
Spotify
Steam
swMSM
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update Installer for WildTangent Games App
Vacation Quest - The Hawaiian Islands
Virtual Villagers 5 - New Believers
WildTangent Games App (HP Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
11/06/2012 22:40:50, Error: Service Control Manager [7034] - The McAfee Scanner service terminated unexpectedly. It has done this 1 time(s).
11/06/2012 17:40:22, Error: Service Control Manager [7030] - The HPWMISVC service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
.
==== End Of File ===========================

Thanks Again :D

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:45 PM

Posted 15 June 2012 - 09:41 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 rudi.brabbs

rudi.brabbs
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:45 PM

Posted 16 June 2012 - 09:49 AM

ComboFix 12-06-15.06 - Rudi 16/06/2012 15:21:24.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.5942.4536 [GMT 1:00]
Running from: c:\users\Rudi\Downloads\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll
c:\users\Public\AlexaNSISPlugin.8688.dll
c:\users\Rudi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration .LNK
.
.
((((((((((((((((((((((((( Files Created from 2012-05-16 to 2012-06-16 )))))))))))))))))))))))))))))))
.
.
2012-06-16 14:27 . 2012-06-16 14:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-13 15:35 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 15:35 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 15:35 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 15:35 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-13 15:35 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-13 15:35 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-13 15:35 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-13 15:35 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 15:35 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-13 15:34 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 15:34 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 15:34 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-13 15:34 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-13 15:34 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 15:34 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 15:34 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-13 15:34 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-05-26 08:15 . 2012-05-26 08:15 -------- d-----w- c:\program files (x86)\Application Updater
2012-05-26 08:15 . 2012-05-26 08:15 -------- d-----w- c:\program files (x86)\IObit Toolbar
2012-05-26 08:15 . 2012-05-26 08:15 -------- d-----w- c:\program files (x86)\Common Files\Spigot
2012-05-18 22:47 . 2012-05-18 22:47 -------- d-----w- c:\program files (x86)\Amazon
2012-05-18 22:47 . 2012-06-16 14:27 -------- d-----w- c:\program files (x86)\Amazon Browser Bar
2012-05-18 22:47 . 2012-01-12 08:28 57976 ----a-r- c:\windows\system32\drivers\SBREDrv.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-10 21:18 . 2012-04-10 21:18 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-30 11:35 . 2012-05-09 17:51 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-20 12:11 . 2011-12-27 20:08 162192 ----a-w- c:\windows\system32\mfevtps.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify"="c:\users\Rudi\AppData\Roaming\Spotify\Spotify.exe" [2012-05-06 9478320]
"GameShadow"="c:\program files (x86)\GameShadow\GameShadow.exe" [2011-10-18 440152]
"Facebook Update"="c:\users\Rudi\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-02-26 137536]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-05-06 1242448]
"Spotify Web Helper"="c:\users\Rudi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-05-06 932528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-04-30 284440]
"IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2010-07-23 111640]
"HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-06-28 168504]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-05-17 61112]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-21 1675160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [2012-05-25 992648]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944]
.
c:\users\Rudi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2011-4-19 969216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Audible Download Manager.lnk - c:\program files (x86)\Audible\Bin\AudibleDownloadHelper.exe [2011-3-14 2125472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2012-05-25 785344]
S2 dlea_device;dlea_device;c:\windows\system32\dleacoms.exe [x]
S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-03-14 197504]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-03-05 35200]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-30 13592]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-02-18 2372096]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 MOBKbackup;McAfee Online Backup;c:\program files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-04-13 231224]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-07-23 2320920]
S2 Updater Service for AMZN;Updater Service for AMZN;c:\program files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe [2012-02-01 203776]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2207784362-707365746-3380193771-1001Core.job
- c:\users\Rudi\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-26 01:11]
.
2012-06-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2207784362-707365746-3380193771-1001UA.job
- c:\users\Rudi\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-26 01:11]
.
2012-06-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2207784362-707365746-3380193771-1001Core.job
- c:\users\Rudi\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-03 22:25]
.
2012-06-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2207784362-707365746-3380193771-1001UA.job
- c:\users\Rudi\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-03 22:25]
.
2012-06-12 c:\windows\Tasks\HPCeeScheduleForRUDI-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2012-06-13 c:\windows\Tasks\HPCeeScheduleForRudi.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2012-06-16 c:\windows\Tasks\Melsbqcv.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-13 20:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-13 20:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-13 20:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-05-10 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-05-10 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-05-10 416024]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-12-29 1424896]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"McPvTray_exe"="c:\program files\McAfee\MAT\McPvTray.exe" [2011-04-08 436384]
"SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-12-19 44880]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{008f6853-9cb4-41c5-a950-39d55e5e06ba} - c:\program files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll
BHO-{F443A627-5009-4323-9C1D-7FD598D0D712} - c:\program files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll
Toolbar-{EA582743-9076-4178-9AA6-7393FDF4D5CE} - c:\program files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-Malwarebytes' Anti-Malware_is1 - c:\program files (x86)\Malwarebytes' Anti-Malware\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2207784362-707365746-3380193771-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.download\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariDownload"
.
[HKEY_USERS\S-1-5-21-2207784362-707365746-3380193771-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (S-1-5-21-2207784362-707365746-3380193771-1001)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-2207784362-707365746-3380193771-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (S-1-5-21-2207784362-707365746-3380193771-1001)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-2207784362-707365746-3380193771-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.safariextz\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariExtension"
.
[HKEY_USERS\S-1-5-21-2207784362-707365746-3380193771-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (S-1-5-21-2207784362-707365746-3380193771-1001)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-2207784362-707365746-3380193771-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-2207784362-707365746-3380193771-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webarchive\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-2207784362-707365746-3380193771-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (S-1-5-21-2207784362-707365746-3380193771-1001)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-2207784362-707365746-3380193771-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (S-1-5-21-2207784362-707365746-3380193771-1001)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-2207784362-707365746-3380193771-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
.
**************************************************************************
.
Completion time: 2012-06-16 15:34:14 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-16 14:34
.
Pre-Run: 530,313,490,432 bytes free
Post-Run: 530,228,527,104 bytes free
.
- - End Of File - - FCBD0C47DA70EA8A61BE5EDE18E722EA

#11 rudi.brabbs

rudi.brabbs
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:45 PM

Posted 16 June 2012 - 09:50 AM

No problems so far, the computers working like it was before.

Thanks :lol:

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:45 PM

Posted 16 June 2012 - 12:50 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 rudi.brabbs

rudi.brabbs
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:45 PM

Posted 16 June 2012 - 04:13 PM

22:08:40.0652 3676 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
22:08:40.0932 3676 ============================================================
22:08:40.0932 3676 Current date / time: 2012/06/16 22:08:40.0932
22:08:40.0932 3676 SystemInfo:
22:08:40.0932 3676
22:08:40.0932 3676 OS Version: 6.1.7601 ServicePack: 1.0
22:08:40.0932 3676 Product type: Workstation
22:08:40.0932 3676 ComputerName: RUDI-HP
22:08:40.0932 3676 UserName: Rudi
22:08:40.0932 3676 Windows directory: C:\Windows
22:08:40.0932 3676 System windows directory: C:\Windows
22:08:40.0932 3676 Running under WOW64
22:08:40.0932 3676 Processor architecture: Intel x64
22:08:40.0932 3676 Number of processors: 4
22:08:40.0932 3676 Page size: 0x1000
22:08:40.0932 3676 Boot type: Normal boot
22:08:40.0932 3676 ============================================================
22:08:42.0733 3676 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:08:42.0743 3676 ============================================================
22:08:42.0743 3676 \Device\Harddisk0\DR0:
22:08:42.0743 3676 MBR partitions:
22:08:42.0743 3676 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
22:08:42.0743 3676 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x481B2800
22:08:42.0743 3676 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x48216800, BlocksNum 0x1E51800
22:08:42.0743 3676 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x4A068000, BlocksNum 0x7EFAB0
22:08:42.0743 3676 ============================================================
22:08:42.0783 3676 C: <-> \Device\Harddisk0\DR0\Partition1
22:08:42.0823 3676 D: <-> \Device\Harddisk0\DR0\Partition2
22:08:42.0833 3676 E: <-> \Device\Harddisk0\DR0\Partition3
22:08:42.0833 3676 ============================================================
22:08:42.0833 3676 Initialize success
22:08:42.0833 3676 ============================================================
22:08:52.0284 5720 ============================================================
22:08:52.0284 5720 Scan started
22:08:52.0284 5720 Mode: Manual;
22:08:52.0284 5720 ============================================================
22:08:53.0747 5720 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
22:08:53.0761 5720 1394ohci - ok
22:08:53.0841 5720 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
22:08:53.0848 5720 ACPI - ok
22:08:53.0876 5720 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
22:08:53.0878 5720 AcpiPmi - ok
22:08:53.0942 5720 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
22:08:53.0971 5720 adp94xx - ok
22:08:54.0030 5720 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
22:08:54.0077 5720 adpahci - ok
22:08:54.0147 5720 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
22:08:54.0199 5720 adpu320 - ok
22:08:54.0239 5720 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
22:08:54.0242 5720 AeLookupSvc - ok
22:08:54.0319 5720 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
22:08:54.0325 5720 AFD - ok
22:08:54.0358 5720 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
22:08:54.0360 5720 agp440 - ok
22:08:54.0418 5720 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
22:08:54.0421 5720 ALG - ok
22:08:54.0450 5720 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
22:08:54.0452 5720 aliide - ok
22:08:54.0473 5720 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
22:08:54.0578 5720 amdide - ok
22:08:54.0650 5720 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
22:08:54.0653 5720 AmdK8 - ok
22:08:54.0693 5720 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
22:08:54.0696 5720 AmdPPM - ok
22:08:54.0754 5720 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
22:08:54.0756 5720 amdsata - ok
22:08:54.0825 5720 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
22:08:54.0840 5720 amdsbs - ok
22:08:54.0903 5720 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
22:08:54.0903 5720 amdxata - ok
22:08:54.0949 5720 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
22:08:54.0965 5720 AppID - ok
22:08:55.0022 5720 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
22:08:55.0022 5720 AppIDSvc - ok
22:08:55.0042 5720 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
22:08:55.0042 5720 Appinfo - ok
22:08:55.0132 5720 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:08:55.0142 5720 Apple Mobile Device - ok
22:08:55.0292 5720 Application Updater (ba916091087e6be21d3c30eec71ed338) C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
22:08:55.0302 5720 Application Updater - ok
22:08:55.0362 5720 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
22:08:55.0372 5720 arc - ok
22:08:55.0422 5720 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
22:08:55.0422 5720 arcsas - ok
22:08:55.0452 5720 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
22:08:55.0452 5720 AsyncMac - ok
22:08:55.0482 5720 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
22:08:55.0482 5720 atapi - ok
22:08:55.0712 5720 athr (25463e0604f0608d926474e667bd7b76) C:\Windows\system32\DRIVERS\athrx.sys
22:08:55.0762 5720 athr - ok
22:08:55.0922 5720 atksgt (fc0e8778c000291caf60eb88c011e931) C:\Windows\system32\DRIVERS\atksgt.sys
22:08:55.0932 5720 atksgt - ok
22:08:56.0012 5720 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
22:08:56.0032 5720 AudioEndpointBuilder - ok
22:08:56.0042 5720 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
22:08:56.0042 5720 AudioSrv - ok
22:08:56.0082 5720 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
22:08:56.0082 5720 AxInstSV - ok
22:08:56.0152 5720 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
22:08:56.0182 5720 b06bdrv - ok
22:08:56.0252 5720 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
22:08:56.0272 5720 b57nd60a - ok
22:08:56.0372 5720 BBSvc (93ee7d9c35ae7e9ffda148d7805f1421) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
22:08:56.0372 5720 BBSvc - ok
22:08:56.0552 5720 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
22:08:56.0622 5720 BCM43XX - ok
22:08:56.0672 5720 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
22:08:56.0672 5720 BDESVC - ok
22:08:56.0752 5720 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
22:08:56.0752 5720 Beep - ok
22:08:56.0852 5720 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
22:08:56.0862 5720 BFE - ok
22:08:56.0942 5720 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
22:08:56.0952 5720 BITS - ok
22:08:57.0002 5720 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
22:08:57.0002 5720 blbdrive - ok
22:08:57.0097 5720 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
22:08:57.0097 5720 Bonjour Service - ok
22:08:57.0144 5720 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
22:08:57.0144 5720 bowser - ok
22:08:57.0175 5720 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
22:08:57.0175 5720 BrFiltLo - ok
22:08:57.0207 5720 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
22:08:57.0207 5720 BrFiltUp - ok
22:08:57.0222 5720 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
22:08:57.0238 5720 BridgeMP - ok
22:08:57.0279 5720 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
22:08:57.0279 5720 Browser - ok
22:08:57.0319 5720 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
22:08:57.0339 5720 Brserid - ok
22:08:57.0359 5720 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
22:08:57.0359 5720 BrSerWdm - ok
22:08:57.0379 5720 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:08:57.0389 5720 BrUsbMdm - ok
22:08:57.0399 5720 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
22:08:57.0399 5720 BrUsbSer - ok
22:08:57.0429 5720 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
22:08:57.0429 5720 BTHMODEM - ok
22:08:57.0489 5720 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
22:08:57.0489 5720 bthserv - ok
22:08:57.0519 5720 catchme - ok
22:08:57.0559 5720 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
22:08:57.0559 5720 cdfs - ok
22:08:57.0612 5720 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
22:08:57.0614 5720 cdrom - ok
22:08:57.0651 5720 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
22:08:57.0653 5720 CertPropSvc - ok
22:08:57.0699 5720 cfwids (274ce03459896006f7a5069266e0469e) C:\Windows\system32\drivers\cfwids.sys
22:08:57.0700 5720 cfwids - ok
22:08:57.0754 5720 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
22:08:57.0756 5720 circlass - ok
22:08:57.0819 5720 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
22:08:57.0824 5720 CLFS - ok
22:08:57.0903 5720 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:08:57.0905 5720 clr_optimization_v2.0.50727_32 - ok
22:08:57.0966 5720 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:08:57.0969 5720 clr_optimization_v2.0.50727_64 - ok
22:08:58.0072 5720 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:08:58.0074 5720 clr_optimization_v4.0.30319_32 - ok
22:08:58.0127 5720 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:08:58.0128 5720 clr_optimization_v4.0.30319_64 - ok
22:08:58.0180 5720 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys
22:08:58.0181 5720 clwvd - ok
22:08:58.0216 5720 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
22:08:58.0218 5720 CmBatt - ok
22:08:58.0248 5720 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
22:08:58.0250 5720 cmdide - ok
22:08:58.0338 5720 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
22:08:58.0343 5720 CNG - ok
22:08:58.0394 5720 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
22:08:58.0395 5720 Compbatt - ok
22:08:58.0426 5720 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
22:08:58.0428 5720 CompositeBus - ok
22:08:58.0441 5720 COMSysApp - ok
22:08:58.0478 5720 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
22:08:58.0533 5720 crcdisk - ok
22:08:58.0614 5720 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
22:08:58.0616 5720 CryptSvc - ok
22:08:58.0689 5720 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
22:08:58.0695 5720 DcomLaunch - ok
22:08:58.0760 5720 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
22:08:58.0771 5720 defragsvc - ok
22:08:58.0802 5720 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
22:08:58.0804 5720 DfsC - ok
22:08:58.0851 5720 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
22:08:58.0853 5720 Dhcp - ok
22:08:58.0891 5720 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
22:08:58.0892 5720 discache - ok
22:08:58.0938 5720 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
22:08:58.0940 5720 Disk - ok
22:08:58.0959 5720 dlea_device - ok
22:08:58.0993 5720 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
22:08:58.0996 5720 Dnscache - ok
22:08:59.0034 5720 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
22:08:59.0044 5720 dot3svc - ok
22:08:59.0084 5720 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
22:08:59.0084 5720 DPS - ok
22:08:59.0104 5720 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
22:08:59.0104 5720 drmkaud - ok
22:08:59.0204 5720 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
22:08:59.0214 5720 DXGKrnl - ok
22:08:59.0244 5720 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
22:08:59.0254 5720 EapHost - ok
22:08:59.0514 5720 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
22:08:59.0614 5720 ebdrv - ok
22:08:59.0754 5720 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
22:08:59.0754 5720 EFS - ok
22:08:59.0864 5720 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
22:08:59.0874 5720 ehRecvr - ok
22:08:59.0904 5720 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
22:08:59.0924 5720 ehSched - ok
22:09:00.0014 5720 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
22:09:00.0024 5720 elxstor - ok
22:09:00.0054 5720 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
22:09:00.0054 5720 ErrDev - ok
22:09:00.0144 5720 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
22:09:00.0154 5720 EventSystem - ok
22:09:00.0214 5720 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
22:09:00.0224 5720 exfat - ok
22:09:00.0234 5720 ezSharedSvc - ok
22:09:00.0264 5720 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
22:09:00.0274 5720 fastfat - ok
22:09:00.0354 5720 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
22:09:00.0374 5720 Fax - ok
22:09:00.0424 5720 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
22:09:00.0424 5720 fdc - ok
22:09:00.0494 5720 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
22:09:00.0514 5720 fdPHost - ok
22:09:00.0554 5720 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
22:09:00.0554 5720 FDResPub - ok
22:09:00.0614 5720 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
22:09:00.0614 5720 FileInfo - ok
22:09:00.0654 5720 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
22:09:00.0654 5720 Filetrace - ok
22:09:00.0684 5720 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
22:09:00.0684 5720 flpydisk - ok
22:09:00.0754 5720 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
22:09:00.0754 5720 FltMgr - ok
22:09:00.0904 5720 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
22:09:00.0924 5720 FontCache - ok
22:09:01.0034 5720 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:09:01.0034 5720 FontCache3.0.0.0 - ok
22:09:01.0084 5720 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
22:09:01.0084 5720 FsDepends - ok
22:09:01.0124 5720 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
22:09:01.0124 5720 Fs_Rec - ok
22:09:01.0174 5720 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
22:09:01.0174 5720 fvevol - ok
22:09:01.0224 5720 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
22:09:01.0234 5720 gagp30kx - ok
22:09:01.0364 5720 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
22:09:01.0394 5720 GamesAppService - ok
22:09:01.0454 5720 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:09:01.0454 5720 GEARAspiWDM - ok
22:09:01.0554 5720 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
22:09:01.0574 5720 gpsvc - ok
22:09:01.0614 5720 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
22:09:01.0624 5720 hcw85cir - ok
22:09:01.0694 5720 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
22:09:01.0714 5720 HdAudAddService - ok
22:09:01.0774 5720 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:09:01.0774 5720 HDAudBus - ok
22:09:01.0814 5720 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
22:09:01.0814 5720 HECIx64 - ok
22:09:01.0834 5720 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
22:09:01.0834 5720 HidBatt - ok
22:09:01.0864 5720 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
22:09:01.0864 5720 HidBth - ok
22:09:01.0884 5720 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
22:09:01.0884 5720 HidIr - ok
22:09:01.0924 5720 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
22:09:01.0924 5720 hidserv - ok
22:09:01.0974 5720 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
22:09:01.0974 5720 HidUsb - ok
22:09:02.0034 5720 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
22:09:02.0034 5720 hkmsvc - ok
22:09:02.0084 5720 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
22:09:02.0094 5720 HomeGroupListener - ok
22:09:02.0134 5720 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
22:09:02.0134 5720 HomeGroupProvider - ok
22:09:02.0254 5720 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
22:09:02.0254 5720 HP Support Assistant Service - ok
22:09:02.0354 5720 HPAuto (7b8c1b09c11e8db7c4480abd7d17e821) C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
22:09:02.0354 5720 HPAuto - ok
22:09:02.0414 5720 HPClientSvc (6a181452d4e240b8ecc7614b9a19bde9) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
22:09:02.0424 5720 HPClientSvc - ok
22:09:02.0494 5720 HPDrvMntSvc.exe (02ce63d8dd5e6dd5ceff336191c0859e) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
22:09:02.0514 5720 HPDrvMntSvc.exe - ok
22:09:02.0634 5720 hpqwmiex (e7c7829ba0395e48f8c8fe16b8832344) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
22:09:02.0634 5720 hpqwmiex - ok
22:09:02.0794 5720 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
22:09:02.0804 5720 HpSAMD - ok
22:09:02.0904 5720 HPWMISVC (2bec76bdcd1bc080210325e7b5094834) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
22:09:02.0904 5720 HPWMISVC - ok
22:09:02.0984 5720 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
22:09:02.0994 5720 HTTP - ok
22:09:03.0024 5720 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
22:09:03.0024 5720 hwpolicy - ok
22:09:03.0064 5720 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
22:09:03.0064 5720 i8042prt - ok
22:09:03.0124 5720 iaStor (26cf4275034214ecedd8ec17b0a18a99) C:\Windows\system32\DRIVERS\iaStor.sys
22:09:03.0124 5720 iaStor - ok
22:09:03.0244 5720 IAStorDataMgrSvc (e79a8e33bd136d14bae1fa20eb2ef124) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
22:09:03.0244 5720 IAStorDataMgrSvc - ok
22:09:03.0314 5720 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
22:09:03.0344 5720 iaStorV - ok
22:09:03.0543 5720 IconMan_R (d22d82d74fd1b6c77e7556dbdc3ea9d2) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
22:09:03.0609 5720 IconMan_R - ok
22:09:03.0766 5720 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:09:03.0782 5720 idsvc - ok
22:09:04.0636 5720 igfx (6383899c5f964d71b0f96b81fbe59bb8) C:\Windows\system32\DRIVERS\igdkmd64.sys
22:09:04.0861 5720 igfx - ok
22:09:04.0983 5720 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
22:09:04.0985 5720 iirsp - ok
22:09:05.0084 5720 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
22:09:05.0097 5720 IKEEXT - ok
22:09:05.0143 5720 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
22:09:05.0146 5720 Impcd - ok
22:09:05.0189 5720 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
22:09:05.0203 5720 IntcDAud - ok
22:09:05.0233 5720 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
22:09:05.0234 5720 intelide - ok
22:09:05.0284 5720 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
22:09:05.0285 5720 intelppm - ok
22:09:05.0328 5720 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
22:09:05.0331 5720 IPBusEnum - ok
22:09:05.0386 5720 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:09:05.0388 5720 IpFilterDriver - ok
22:09:05.0441 5720 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
22:09:05.0445 5720 iphlpsvc - ok
22:09:05.0478 5720 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
22:09:05.0544 5720 IPMIDRV - ok
22:09:05.0560 5720 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
22:09:05.0563 5720 IPNAT - ok
22:09:05.0716 5720 iPod Service (ee4c2a137c7088911a8919effc9812e7) C:\Program Files\iPod\bin\iPodService.exe
22:09:05.0723 5720 iPod Service - ok
22:09:05.0747 5720 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
22:09:05.0749 5720 IRENUM - ok
22:09:05.0771 5720 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
22:09:05.0773 5720 isapnp - ok
22:09:05.0833 5720 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
22:09:05.0846 5720 iScsiPrt - ok
22:09:05.0894 5720 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
22:09:05.0896 5720 kbdclass - ok
22:09:05.0946 5720 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
22:09:05.0948 5720 kbdhid - ok
22:09:05.0987 5720 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:09:05.0989 5720 KeyIso - ok
22:09:06.0012 5720 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
22:09:06.0014 5720 KSecDD - ok
22:09:06.0042 5720 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
22:09:06.0044 5720 KSecPkg - ok
22:09:06.0061 5720 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
22:09:06.0062 5720 ksthunk - ok
22:09:06.0106 5720 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
22:09:06.0120 5720 KtmRm - ok
22:09:06.0172 5720 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
22:09:06.0188 5720 LanmanServer - ok
22:09:06.0248 5720 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
22:09:06.0253 5720 LanmanWorkstation - ok
22:09:06.0281 5720 lirsgt (156ab2e56dc3ca0b582e3362e07cded7) C:\Windows\system32\DRIVERS\lirsgt.sys
22:09:06.0282 5720 lirsgt - ok
22:09:06.0314 5720 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
22:09:06.0316 5720 lltdio - ok
22:09:06.0364 5720 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
22:09:06.0377 5720 lltdsvc - ok
22:09:06.0396 5720 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
22:09:06.0398 5720 lmhosts - ok
22:09:06.0529 5720 LMS (0405f4bcd1c7a7b309f620fe0b5de5e6) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
22:09:06.0531 5720 LMS - ok
22:09:06.0605 5720 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
22:09:06.0607 5720 LSI_FC - ok
22:09:06.0666 5720 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
22:09:06.0669 5720 LSI_SAS - ok
22:09:06.0715 5720 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
22:09:06.0717 5720 LSI_SAS2 - ok
22:09:06.0768 5720 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
22:09:06.0772 5720 LSI_SCSI - ok
22:09:06.0833 5720 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
22:09:06.0836 5720 luafv - ok
22:09:06.0998 5720 McAfee SiteAdvisor Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
22:09:07.0001 5720 McAfee SiteAdvisor Service - ok
22:09:07.0008 5720 McMPFSvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
22:09:07.0011 5720 McMPFSvc - ok
22:09:07.0036 5720 mcmscsvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
22:09:07.0039 5720 mcmscsvc - ok
22:09:07.0045 5720 McNaiAnn (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
22:09:07.0048 5720 McNaiAnn - ok
22:09:07.0078 5720 McNASvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
22:09:07.0080 5720 McNASvc - ok
22:09:07.0195 5720 McODS (dd01bf24dd6bf70a90549f9a7bb2d1eb) C:\Program Files\McAfee\VirusScan\mcods.exe
22:09:07.0203 5720 McODS - ok
22:09:07.0211 5720 McProxy (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
22:09:07.0215 5720 McProxy - ok
22:09:07.0275 5720 McPvDrv (a0c364079e7ae6c3127bee8e196f00e5) C:\Windows\system32\drivers\McPvDrv.sys
22:09:07.0277 5720 McPvDrv - ok
22:09:07.0319 5720 McShield (e998e3b12101288d716558466cbf6ae1) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
22:09:07.0348 5720 McShield - ok
22:09:07.0378 5720 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
22:09:07.0381 5720 Mcx2Svc - ok
22:09:07.0457 5720 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
22:09:07.0458 5720 megasas - ok
22:09:07.0497 5720 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
22:09:07.0545 5720 MegaSR - ok
22:09:07.0594 5720 mfeapfk (01884cb7655c8908b43ff5e364fe6fd2) C:\Windows\system32\drivers\mfeapfk.sys
22:09:07.0595 5720 mfeapfk - ok
22:09:07.0707 5720 mfeavfk (dab9a9cdfb04e4d68924492aa043019d) C:\Windows\system32\drivers\mfeavfk.sys
22:09:07.0710 5720 mfeavfk - ok
22:09:07.0727 5720 mfeavfk01 - ok
22:09:07.0776 5720 mfefire (b26782c3d6045b4464017d7926877560) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
22:09:07.0778 5720 mfefire - ok
22:09:07.0834 5720 mfefirek (ce9a3680675c0907ade16404ca967b49) C:\Windows\system32\drivers\mfefirek.sys
22:09:07.0837 5720 mfefirek - ok
22:09:07.0912 5720 mfehidk (60cf67458dd29cd17e77f2327b1a9a54) C:\Windows\system32\drivers\mfehidk.sys
22:09:07.0912 5720 mfehidk - ok
22:09:07.0943 5720 mfenlfk (a8129cfb919347f8533c934b365e9202) C:\Windows\system32\DRIVERS\mfenlfk.sys
22:09:07.0943 5720 mfenlfk - ok
22:09:07.0958 5720 mferkdet (5041fa2bd2b3a2693b015771bfbf6dca) C:\Windows\system32\drivers\mferkdet.sys
22:09:07.0958 5720 mferkdet - ok
22:09:08.0036 5720 mfevtp (723a5eb6cef7f408c3d0f15a82a6bff8) C:\Windows\system32\mfevtps.exe
22:09:08.0036 5720 mfevtp - ok
22:09:08.0083 5720 mfewfpk (919c56db14a0e1e2ab6da5d2821dc26e) C:\Windows\system32\drivers\mfewfpk.sys
22:09:08.0083 5720 mfewfpk - ok
22:09:08.0114 5720 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:09:08.0114 5720 MMCSS - ok
22:09:08.0224 5720 MOBKbackup (8cc001c65c31633171991fa72a551d43) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
22:09:08.0224 5720 MOBKbackup - ok
22:09:08.0270 5720 MOBKFilter (3800c23d0d90c59aafcdefdc82b5c4af) C:\Windows\system32\DRIVERS\MOBK.sys
22:09:08.0270 5720 MOBKFilter - ok
22:09:08.0302 5720 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
22:09:08.0302 5720 Modem - ok
22:09:08.0333 5720 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
22:09:08.0333 5720 monitor - ok
22:09:08.0364 5720 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
22:09:08.0380 5720 mouclass - ok
22:09:08.0395 5720 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
22:09:08.0395 5720 mouhid - ok
22:09:08.0426 5720 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
22:09:08.0442 5720 mountmgr - ok
22:09:08.0489 5720 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
22:09:08.0504 5720 mpio - ok
22:09:08.0551 5720 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
22:09:08.0567 5720 mpsdrv - ok
22:09:08.0660 5720 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
22:09:08.0678 5720 MpsSvc - ok
22:09:08.0713 5720 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
22:09:08.0716 5720 MRxDAV - ok
22:09:08.0749 5720 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:09:08.0751 5720 mrxsmb - ok
22:09:08.0799 5720 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:09:08.0805 5720 mrxsmb10 - ok
22:09:08.0815 5720 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:09:08.0817 5720 mrxsmb20 - ok
22:09:08.0849 5720 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
22:09:08.0850 5720 msahci - ok
22:09:08.0883 5720 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
22:09:08.0886 5720 msdsm - ok
22:09:08.0915 5720 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
22:09:08.0927 5720 MSDTC - ok
22:09:08.0968 5720 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
22:09:08.0969 5720 Msfs - ok
22:09:08.0996 5720 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
22:09:08.0998 5720 mshidkmdf - ok
22:09:09.0019 5720 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
22:09:09.0020 5720 msisadrv - ok
22:09:09.0066 5720 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
22:09:09.0076 5720 MSiSCSI - ok
22:09:09.0082 5720 msiserver - ok
22:09:09.0194 5720 MSK80Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
22:09:09.0196 5720 MSK80Service - ok
22:09:09.0236 5720 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
22:09:09.0237 5720 MSKSSRV - ok
22:09:09.0242 5720 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
22:09:09.0243 5720 MSPCLOCK - ok
22:09:09.0250 5720 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
22:09:09.0251 5720 MSPQM - ok
22:09:09.0293 5720 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
22:09:09.0297 5720 MsRPC - ok
22:09:09.0325 5720 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
22:09:09.0325 5720 mssmbios - ok
22:09:09.0331 5720 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
22:09:09.0332 5720 MSTEE - ok
22:09:09.0364 5720 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
22:09:09.0366 5720 MTConfig - ok
22:09:09.0388 5720 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
22:09:09.0389 5720 Mup - ok
22:09:09.0448 5720 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
22:09:09.0453 5720 napagent - ok
22:09:09.0499 5720 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
22:09:09.0513 5720 NativeWifiP - ok
22:09:09.0619 5720 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
22:09:09.0628 5720 NDIS - ok
22:09:09.0647 5720 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
22:09:09.0649 5720 NdisCap - ok
22:09:09.0671 5720 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
22:09:09.0671 5720 NdisTapi - ok
22:09:09.0702 5720 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
22:09:09.0702 5720 Ndisuio - ok
22:09:09.0733 5720 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
22:09:09.0736 5720 NdisWan - ok
22:09:09.0768 5720 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
22:09:09.0770 5720 NDProxy - ok
22:09:09.0791 5720 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
22:09:09.0792 5720 NetBIOS - ok
22:09:09.0831 5720 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
22:09:09.0833 5720 NetBT - ok
22:09:09.0864 5720 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:09:09.0865 5720 Netlogon - ok
22:09:09.0906 5720 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
22:09:09.0909 5720 Netman - ok
22:09:09.0943 5720 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
22:09:09.0947 5720 netprofm - ok
22:09:10.0014 5720 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:09:10.0017 5720 NetTcpPortSharing - ok
22:09:10.0081 5720 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
22:09:10.0083 5720 nfrd960 - ok
22:09:10.0142 5720 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
22:09:10.0147 5720 NlaSvc - ok
22:09:10.0191 5720 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
22:09:10.0192 5720 Npfs - ok
22:09:10.0213 5720 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
22:09:10.0215 5720 nsi - ok
22:09:10.0227 5720 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
22:09:10.0228 5720 nsiproxy - ok
22:09:10.0419 5720 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
22:09:10.0451 5720 Ntfs - ok
22:09:10.0616 5720 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
22:09:10.0626 5720 Null - ok
22:09:10.0697 5720 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
22:09:10.0705 5720 NVENETFD - ok
22:09:10.0752 5720 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
22:09:10.0761 5720 nvraid - ok
22:09:10.0822 5720 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
22:09:10.0825 5720 nvstor - ok
22:09:10.0863 5720 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
22:09:10.0866 5720 nv_agp - ok
22:09:11.0014 5720 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:09:11.0024 5720 odserv - ok
22:09:11.0056 5720 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
22:09:11.0058 5720 ohci1394 - ok
22:09:11.0109 5720 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:09:11.0112 5720 ose - ok
22:09:11.0181 5720 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:09:11.0184 5720 p2pimsvc - ok
22:09:11.0223 5720 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
22:09:11.0228 5720 p2psvc - ok
22:09:11.0261 5720 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
22:09:11.0263 5720 Parport - ok
22:09:11.0306 5720 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
22:09:11.0307 5720 partmgr - ok
22:09:11.0323 5720 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
22:09:11.0327 5720 PcaSvc - ok
22:09:11.0383 5720 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
22:09:11.0385 5720 pci - ok
22:09:11.0416 5720 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
22:09:11.0417 5720 pciide - ok
22:09:11.0458 5720 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
22:09:11.0466 5720 pcmcia - ok
22:09:11.0502 5720 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
22:09:11.0503 5720 pcw - ok
22:09:11.0565 5720 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
22:09:11.0582 5720 PEAUTH - ok
22:09:11.0668 5720 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
22:09:11.0671 5720 PerfHost - ok
22:09:11.0830 5720 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
22:09:11.0877 5720 pla - ok
22:09:11.0981 5720 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
22:09:12.0015 5720 PlugPlay - ok
22:09:12.0038 5720 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
22:09:12.0041 5720 PNRPAutoReg - ok
22:09:12.0084 5720 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:09:12.0087 5720 PNRPsvc - ok
22:09:12.0155 5720 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
22:09:12.0159 5720 PolicyAgent - ok
22:09:12.0205 5720 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
22:09:12.0208 5720 Power - ok
22:09:12.0305 5720 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
22:09:12.0307 5720 PptpMiniport - ok
22:09:12.0336 5720 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
22:09:12.0338 5720 Processor - ok
22:09:12.0395 5720 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
22:09:12.0412 5720 ProfSvc - ok
22:09:12.0443 5720 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:09:12.0445 5720 ProtectedStorage - ok
22:09:12.0473 5720 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
22:09:12.0531 5720 Psched - ok
22:09:12.0716 5720 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
22:09:12.0774 5720 ql2300 - ok
22:09:12.0955 5720 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
22:09:12.0958 5720 ql40xx - ok
22:09:13.0021 5720 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
22:09:13.0046 5720 QWAVE - ok
22:09:13.0083 5720 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
22:09:13.0085 5720 QWAVEdrv - ok
22:09:13.0105 5720 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
22:09:13.0107 5720 RasAcd - ok
22:09:13.0158 5720 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:09:13.0159 5720 RasAgileVpn - ok
22:09:13.0184 5720 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
22:09:13.0188 5720 RasAuto - ok
22:09:13.0236 5720 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:09:13.0238 5720 Rasl2tp - ok
22:09:13.0297 5720 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
22:09:13.0313 5720 RasMan - ok
22:09:13.0346 5720 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
22:09:13.0348 5720 RasPppoe - ok
22:09:13.0381 5720 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
22:09:13.0384 5720 RasSstp - ok
22:09:13.0442 5720 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
22:09:13.0455 5720 rdbss - ok
22:09:13.0485 5720 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
22:09:13.0487 5720 rdpbus - ok
22:09:13.0504 5720 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:09:13.0505 5720 RDPCDD - ok
22:09:13.0535 5720 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
22:09:13.0536 5720 RDPENCDD - ok
22:09:13.0547 5720 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
22:09:13.0548 5720 RDPREFMP - ok
22:09:13.0587 5720 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
22:09:13.0603 5720 RDPWD - ok
22:09:13.0656 5720 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
22:09:13.0659 5720 rdyboost - ok
22:09:13.0706 5720 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
22:09:13.0709 5720 RemoteAccess - ok
22:09:13.0738 5720 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
22:09:13.0741 5720 RemoteRegistry - ok
22:09:13.0772 5720 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
22:09:13.0775 5720 RpcEptMapper - ok
22:09:13.0811 5720 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
22:09:13.0814 5720 RpcLocator - ok
22:09:13.0882 5720 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
22:09:13.0891 5720 RpcSs - ok
22:09:13.0959 5720 RSPCIESTOR (546d7f426776090b90ef5f195b6ae662) C:\Windows\system32\DRIVERS\RtsPStor.sys
22:09:13.0962 5720 RSPCIESTOR - ok
22:09:14.0008 5720 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
22:09:14.0010 5720 rspndr - ok
22:09:14.0088 5720 RTL8167 (9140db0911de035fed0a9a77a2d156ea) C:\Windows\system32\DRIVERS\Rt64win7.sys
22:09:14.0093 5720 RTL8167 - ok
22:09:14.0120 5720 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:09:14.0122 5720 SamSs - ok
22:09:14.0150 5720 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
22:09:14.0152 5720 sbp2port - ok
22:09:14.0208 5720 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
22:09:14.0223 5720 SCardSvr - ok
22:09:14.0268 5720 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
22:09:14.0270 5720 scfilter - ok
22:09:14.0388 5720 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
22:09:14.0397 5720 Schedule - ok
22:09:14.0427 5720 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
22:09:14.0429 5720 SCPolicySvc - ok
22:09:14.0466 5720 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
22:09:14.0468 5720 sdbus - ok
22:09:14.0533 5720 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
22:09:14.0547 5720 SDRSVC - ok
22:09:14.0659 5720 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
22:09:14.0659 5720 SeaPort - ok
22:09:14.0690 5720 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:09:14.0690 5720 secdrv - ok
22:09:14.0721 5720 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
22:09:14.0721 5720 seclogon - ok
22:09:14.0737 5720 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
22:09:14.0737 5720 SENS - ok
22:09:14.0784 5720 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
22:09:14.0784 5720 SensrSvc - ok
22:09:14.0815 5720 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
22:09:14.0831 5720 Serenum - ok
22:09:14.0893 5720 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
22:09:14.0893 5720 Serial - ok
22:09:14.0955 5720 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
22:09:14.0955 5720 sermouse - ok
22:09:15.0018 5720 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
22:09:15.0033 5720 SessionEnv - ok
22:09:15.0049 5720 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
22:09:15.0049 5720 sffdisk - ok
22:09:15.0080 5720 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
22:09:15.0080 5720 sffp_mmc - ok
22:09:15.0096 5720 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
22:09:15.0096 5720 sffp_sd - ok
22:09:15.0111 5720 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
22:09:15.0111 5720 sfloppy - ok
22:09:15.0189 5720 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
22:09:15.0205 5720 SharedAccess - ok
22:09:15.0252 5720 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
22:09:15.0267 5720 ShellHWDetection - ok
22:09:15.0310 5720 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
22:09:15.0313 5720 SiSRaid2 - ok
22:09:15.0368 5720 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
22:09:15.0371 5720 SiSRaid4 - ok
22:09:15.0435 5720 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
22:09:15.0437 5720 Smb - ok
22:09:15.0495 5720 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
22:09:15.0499 5720 SNMPTRAP - ok
22:09:15.0513 5720 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
22:09:15.0514 5720 spldr - ok
22:09:15.0577 5720 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
22:09:15.0582 5720 Spooler - ok
22:09:15.0841 5720 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
22:09:15.0862 5720 sppsvc - ok
22:09:15.0974 5720 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
22:09:15.0979 5720 sppuinotify - ok
22:09:16.0058 5720 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
22:09:16.0067 5720 srv - ok
22:09:16.0106 5720 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
22:09:16.0111 5720 srv2 - ok
22:09:16.0187 5720 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
22:09:16.0198 5720 SrvHsfHDA - ok
22:09:16.0370 5720 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
22:09:16.0422 5720 SrvHsfV92 - ok
22:09:16.0628 5720 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
22:09:16.0662 5720 SrvHsfWinac - ok
22:09:16.0729 5720 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
22:09:16.0749 5720 srvnet - ok
22:09:16.0813 5720 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
22:09:16.0815 5720 SSDPSRV - ok
22:09:16.0848 5720 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
22:09:16.0851 5720 SstpSvc - ok
22:09:16.0962 5720 STacSV (7bf818b11c1fedc3e76d233124470a30) C:\Program Files\IDT\WDM\STacSV64.exe
22:09:16.0968 5720 STacSV - ok
22:09:17.0084 5720 Steam Client Service - ok
22:09:17.0126 5720 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
22:09:17.0128 5720 stexstor - ok
22:09:17.0232 5720 STHDA (ebc1a5e076a9be314d3d9e8ed19abb0a) C:\Windows\system32\DRIVERS\stwrt64.sys
22:09:17.0235 5720 STHDA - ok
22:09:17.0336 5720 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
22:09:17.0347 5720 stisvc - ok
22:09:17.0367 5720 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
22:09:17.0368 5720 swenum - ok
22:09:17.0438 5720 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
22:09:17.0467 5720 swprv - ok
22:09:17.0684 5720 SynTP (c447977ed2a4ae9346fe3a0579a34d7c) C:\Windows\system32\DRIVERS\SynTP.sys
22:09:17.0703 5720 SynTP - ok
22:09:18.0024 5720 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
22:09:18.0076 5720 SysMain - ok
22:09:18.0168 5720 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
22:09:18.0172 5720 TabletInputService - ok
22:09:18.0205 5720 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
22:09:18.0233 5720 TapiSrv - ok
22:09:18.0280 5720 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
22:09:18.0285 5720 TBS - ok
22:09:18.0529 5720 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
22:09:18.0581 5720 Tcpip - ok
22:09:18.0894 5720 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
22:09:18.0914 5720 TCPIP6 - ok
22:09:18.0992 5720 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
22:09:18.0993 5720 tcpipreg - ok
22:09:19.0017 5720 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
22:09:19.0019 5720 TDPIPE - ok
22:09:19.0057 5720 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
22:09:19.0060 5720 TDTCP - ok
22:09:19.0088 5720 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
22:09:19.0090 5720 tdx - ok
22:09:19.0150 5720 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
22:09:19.0151 5720 TermDD - ok
22:09:19.0224 5720 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
22:09:19.0241 5720 TermService - ok
22:09:19.0260 5720 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
22:09:19.0264 5720 Themes - ok
22:09:19.0301 5720 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:09:19.0303 5720 THREADORDER - ok
22:09:19.0346 5720 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
22:09:19.0351 5720 TrkWks - ok
22:09:19.0414 5720 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
22:09:19.0414 5720 TrustedInstaller - ok
22:09:19.0445 5720 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:09:19.0462 5720 tssecsrv - ok
22:09:19.0494 5720 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
22:09:19.0496 5720 TsUsbFlt - ok
22:09:19.0527 5720 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
22:09:19.0528 5720 TsUsbGD - ok
22:09:19.0585 5720 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
22:09:19.0587 5720 tunnel - ok
22:09:19.0633 5720 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
22:09:19.0635 5720 uagp35 - ok
22:09:19.0693 5720 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
22:09:19.0730 5720 udfs - ok
22:09:19.0776 5720 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
22:09:19.0779 5720 UI0Detect - ok
22:09:19.0813 5720 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
22:09:19.0815 5720 uliagpkx - ok
22:09:19.0863 5720 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
22:09:19.0865 5720 umbus - ok
22:09:19.0899 5720 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
22:09:19.0901 5720 UmPass - ok
22:09:20.0239 5720 UNS (6f895ca96552069b3d3ef5b4f6e90d3e) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
22:09:20.0259 5720 UNS - ok
22:09:20.0334 5720 Updater Service for AMZN (28a6edec8bc15fcc5b1dd700cafda71c) C:\Program Files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe
22:09:20.0335 5720 Updater Service for AMZN - ok
22:09:20.0488 5720 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
22:09:20.0488 5720 upnphost - ok
22:09:20.0634 5720 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
22:09:20.0636 5720 USBAAPL64 - ok
22:09:20.0707 5720 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
22:09:20.0710 5720 usbccgp - ok
22:09:20.0755 5720 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
22:09:20.0757 5720 usbcir - ok
22:09:20.0800 5720 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
22:09:20.0801 5720 usbehci - ok
22:09:20.0878 5720 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
22:09:20.0911 5720 usbhub - ok
22:09:20.0956 5720 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
22:09:20.0958 5720 usbohci - ok
22:09:20.0982 5720 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
22:09:20.0984 5720 usbprint - ok
22:09:21.0042 5720 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:09:21.0044 5720 USBSTOR - ok
22:09:21.0085 5720 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
22:09:21.0087 5720 usbuhci - ok
22:09:21.0141 5720 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
22:09:21.0159 5720 usbvideo - ok
22:09:21.0197 5720 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
22:09:21.0210 5720 UxSms - ok
22:09:21.0252 5720 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:09:21.0253 5720 VaultSvc - ok
22:09:21.0289 5720 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
22:09:21.0290 5720 vdrvroot - ok
22:09:21.0341 5720 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
22:09:21.0355 5720 vds - ok
22:09:21.0395 5720 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
22:09:21.0397 5720 vga - ok
22:09:21.0415 5720 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
22:09:21.0416 5720 VgaSave - ok
22:09:21.0459 5720 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
22:09:21.0502 5720 vhdmp - ok
22:09:21.0539 5720 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
22:09:21.0540 5720 viaide - ok
22:09:21.0579 5720 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
22:09:21.0581 5720 volmgr - ok
22:09:21.0620 5720 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
22:09:21.0623 5720 volmgrx - ok
22:09:21.0677 5720 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
22:09:21.0680 5720 volsnap - ok
22:09:21.0725 5720 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
22:09:21.0727 5720 vsmraid - ok
22:09:21.0897 5720 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
22:09:21.0909 5720 VSS - ok
22:09:22.0046 5720 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
22:09:22.0048 5720 vwifibus - ok
22:09:22.0078 5720 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
22:09:22.0080 5720 vwififlt - ok
22:09:22.0100 5720 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
22:09:22.0102 5720 vwifimp - ok
22:09:22.0175 5720 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
22:09:22.0192 5720 W32Time - ok
22:09:22.0238 5720 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
22:09:22.0240 5720 WacomPen - ok
22:09:22.0282 5720 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:09:22.0284 5720 WANARP - ok
22:09:22.0292 5720 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:09:22.0293 5720 Wanarpv6 - ok
22:09:22.0437 5720 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
22:09:22.0455 5720 WatAdminSvc - ok
22:09:22.0637 5720 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
22:09:22.0679 5720 wbengine - ok
22:09:22.0830 5720 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
22:09:22.0859 5720 WbioSrvc - ok
22:09:22.0909 5720 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
22:09:22.0925 5720 wcncsvc - ok
22:09:22.0941 5720 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
22:09:22.0956 5720 WcsPlugInService - ok
22:09:23.0019 5720 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
22:09:23.0019 5720 Wd - ok
22:09:23.0128 5720 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
22:09:23.0128 5720 Wdf01000 - ok
22:09:23.0175 5720 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:09:23.0175 5720 WdiServiceHost - ok
22:09:23.0175 5720 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:09:23.0190 5720 WdiSystemHost - ok
22:09:23.0206 5720 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
22:09:23.0206 5720 WebClient - ok
22:09:23.0253 5720 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
22:09:23.0268 5720 Wecsvc - ok
22:09:23.0299 5720 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
22:09:23.0299 5720 wercplsupport - ok
22:09:23.0331 5720 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
22:09:23.0346 5720 WerSvc - ok
22:09:23.0393 5720 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
22:09:23.0393 5720 WfpLwf - ok
22:09:23.0424 5720 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
22:09:23.0424 5720 WIMMount - ok
22:09:23.0455 5720 WinDefend - ok
22:09:23.0455 5720 WinHttpAutoProxySvc - ok
22:09:23.0533 5720 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
22:09:23.0565 5720 Winmgmt - ok
22:09:23.0783 5720 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
22:09:23.0830 5720 WinRM - ok
22:09:24.0017 5720 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
22:09:24.0017 5720 WinUsb - ok
22:09:24.0111 5720 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
22:09:24.0126 5720 Wlansvc - ok
22:09:24.0204 5720 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
22:09:24.0204 5720 wlcrasvc - ok
22:09:24.0376 5720 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:09:24.0391 5720 wlidsvc - ok
22:09:24.0563 5720 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
22:09:24.0563 5720 WmiAcpi - ok
22:09:24.0641 5720 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
22:09:24.0657 5720 wmiApSrv - ok
22:09:24.0703 5720 WMPNetworkSvc - ok
22:09:24.0719 5720 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
22:09:24.0735 5720 WPCSvc - ok
22:09:24.0750 5720 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
22:09:24.0766 5720 WPDBusEnum - ok
22:09:24.0797 5720 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
22:09:24.0797 5720 ws2ifsl - ok
22:09:24.0842 5720 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
22:09:24.0846 5720 wscsvc - ok
22:09:24.0851 5720 WSearch - ok
22:09:25.0047 5720 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
22:09:25.0105 5720 wuauserv - ok
22:09:25.0265 5720 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
22:09:25.0267 5720 WudfPf - ok
22:09:25.0313 5720 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:09:25.0318 5720 WUDFRd - ok
22:09:25.0348 5720 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
22:09:25.0352 5720 wudfsvc - ok
22:09:25.0410 5720 WwanSvc (ce8cf9de9cbfdaa318bd04d8be3fcada) C:\Windows\System32\wwansvc.dll
22:09:25.0426 5720 WwanSvc - ok
22:09:25.0515 5720 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
22:09:25.0843 5720 \Device\Harddisk0\DR0 - ok
22:09:25.0849 5720 Boot (0x1200) (009eb7de70e39ed12a2afeddcdab9c05) \Device\Harddisk0\DR0\Partition0
22:09:25.0850 5720 \Device\Harddisk0\DR0\Partition0 - ok
22:09:25.0882 5720 Boot (0x1200) (b8d7b0392121960713eef91fb8d08caa) \Device\Harddisk0\DR0\Partition1
22:09:25.0884 5720 \Device\Harddisk0\DR0\Partition1 - ok
22:09:25.0913 5720 Boot (0x1200) (ccff4f8761e95ef157da89ad990159c3) \Device\Harddisk0\DR0\Partition2
22:09:25.0915 5720 \Device\Harddisk0\DR0\Partition2 - ok
22:09:25.0936 5720 Boot (0x1200) (5d0a6d0246c7393ce7a037e5e939dd4d) \Device\Harddisk0\DR0\Partition3
22:09:25.0937 5720 \Device\Harddisk0\DR0\Partition3 - ok
22:09:25.0941 5720 ============================================================
22:09:25.0941 5720 Scan finished
22:09:25.0941 5720 ============================================================
22:09:25.0957 7260 Detected object count: 0
22:09:25.0957 7260 Actual detected object count: 0

#14 rudi.brabbs

rudi.brabbs
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:45 PM

Posted 16 June 2012 - 04:27 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-16 22:15:09
-----------------------------
22:15:09.430 OS Version: Windows x64 6.1.7601 Service Pack 1
22:15:09.430 Number of processors: 4 586 0x2505
22:15:09.430 ComputerName: RUDI-HP UserName: Rudi
22:15:12.300 Initialize success
22:21:25.626 AVAST engine defs: 12061601
22:25:40.017 The log file has been saved successfully to "C:\Users\Rudi\Documents\aswMBR.txt"

Every things still fine :D

Thanks

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:45 PM

Posted 16 June 2012 - 09:46 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\program files (x86)\Common Files\Spigot

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users