Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Antivirus 2012 but not?


  • This topic is locked This topic is locked
29 replies to this topic

#1 Jeff Franklin

Jeff Franklin

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:09 PM

Posted 19 May 2012 - 10:04 AM

My system is Windows 7 Professional SP1, 64-bit. It has all the recent Windows / Office updates with the last update on 5/10/2012.

Twice this week, my wife tells me that she is getting a strange popup for Windows Antivirus 2012. The first time, I walk in and find the computer with an Internet Explorer 9 browser window open with "Windows Antivirus 2012" supposedly running a scan in it. I instantly kill the process. She tells me that she opened her email (Mozilla Thunderbird 5.0) and clicked an open tab (she uses the email a lot and just leaves it open so she can quickly use the link in it) that has a legitimate link in it that takes you to a www.ustream.tv (I edited this from Ustream.com, which was wrong) site with eagles on it. She uses the link all the time; so, I doubt the email is infected. In fact, it is an email that she composed that is saved in her Sent folder. As soon as clicking the open tab (just clicking the tab, NOT clicking the link in the tab), a popup came up saying the computer is infected. She clicked OK; and, that is when the browser window opened with "Windows Antivirus 2012". The second time, she stopped when the first popup displays. I checked the running processes and again Internet Explorer was running. I killed the IE processes.

Now, this doesn't happen every time she uses the email tab. She probably has used it a dozen times this week, and only twice did the problem crop up.

So, I do some investigating. I first go into Windows Explorer and make it show all hidden and system files/folders. Then I find websites with information about Windows Antivirus 2012 that display registry entries and files associated with it. I then start looking for these files or registry entries normally associated with Windows Antivirus 2012. I can't find any on the computer.

Running a full scan with NOD32 version 4.2.71.2 with the latest definitions show nothing.

I run the latest Malwarebytes Free with the latest definitions. It found one folder entry for "PlaySushi" but no files in the following location C:\Users\[My User Account Name]\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com. It promptly deleted it. I can't imagine that an empty folder was doing this.

So, I run Hijackthis. Other than it stating files missing in the \System32 folder that are there (I manually looked for them), I don't see anything out of the ordinary. But, I have attached my log file.

So, what am I missing? And, why does Hijack This believe I am missing those files in the \System32 folder, when they are there?

Thank you for your help.

PLEASE NOTE: after posting this, I edited the post to change ustream.com to ustream.tv which is the correct address.

Attached Files


Edited by Jeff Franklin, 19 May 2012 - 11:15 AM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:09 PM

Posted 19 May 2012 - 12:08 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Jeff Franklin

Jeff Franklin
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:09 PM

Posted 19 May 2012 - 05:02 PM

Hello Gringo,

The computer is working fine except twice in the past week we have received the warning when clicking on a tab in Mozilla Thunderbird. However, most of the time, clicking the tab does not trigger the virus warning.

Here are the files you requested.

Checkup.txt

Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is disabled!)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 7 Update 4
Adobe Flash Player 11.2.202.235
Adobe Reader X (10.1.3)
Mozilla Firefox (12.0.)
Mozilla Thunderbird 5.0. Thunderbird out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````


DDS.txt:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.0
Run by Doctor at 14:55:35 on 2012-05-19
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8175.6530 [GMT -7:00]
.
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\APC\APC PowerChute Personal Edition\dataserv.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\DllHost.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Users\Doctor\Desktop\SecurityCheck.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\notepad.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
uRun: [Google Update] "C:\Users\Doctor\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Facebook Update] "C:\Users\Doctor\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
mRun: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
mRun: [<NO NAME>]
mRun: [Display] C:\Program Files (x86)\APC\APC PowerChute Personal Edition\DataCollectionLauncher.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\APCUPS~1.LNK - C:\Program Files (x86)\APC\APC PowerChute Personal Edition\Display.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
TCP: DhcpNameServer = 192.168.1.1 24.116.2.50 24.116.2.34
TCP: Interfaces\{165B481F-11E6-4D03-9B6D-DE9FC88972B9} : DhcpNameServer = 192.168.1.1 24.116.2.50 24.116.2.34
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
mRun-x64: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
mRun-x64: [(Default)]
mRun-x64: [Display] C:\Program Files (x86)\APC\APC PowerChute Personal Edition\DataCollectionLauncher.exe
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Doctor\AppData\Roaming\Mozilla\Firefox\Profiles\shctpsv3.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.excite.com/|http://www.pcqanda.com/dc/dcboard.php?az=show_topics&forum=2|http://www.google.com/ig|http://www.wrh.noaa.gov/fgz/|http://www.giveawayoftheday.com/|about:blank
FF - prefs.js: network.proxy.http - 158.203.31.128
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF - plugin: C:\Program Files\Microsoft Silverlight\2.0.40115.0\npctrl.dll
FF - plugin: C:\Program Files\Microsoft Silverlight\3.0.40723.0\npctrl.dll
FF - plugin: C:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll
FF - plugin: C:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll
FF - plugin: C:\Program Files\Microsoft Silverlight\4.0.50524.0\npctrl.dll
FF - plugin: C:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll
FF - plugin: C:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll
FF - plugin: C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll
FF - plugin: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
FF - plugin: C:\Program Files\Microsoft Silverlight\npctrl.dll
FF - plugin: C:\Users\Doctor\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Doctor\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: capability.policy.policynames - allowclipboard
FF - user.js: capability.policy.allowclipboard.sites - hxxp://e13.email.excite.com
FF - user.js: capability.policy.allowclipboard.Clipboard.cutcopy - allAccess
FF - user.js: capability.policy.allowclipboard.Clipboard.paste - allAccess
============= SERVICES / DRIVERS ===============
.
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 APC Data Service;APC Data Service;C:\Program Files (x86)\APC\APC PowerChute Personal Edition\dataserv.exe [2010-9-14 21880]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-6-15 249648]
R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]
R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-1-12 810144]
R2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys --> C:\Windows\system32\DRIVERS\epfwwfpr.sys [?]
R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]
R2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-7-9 2655768]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\system32\Drivers\EtronHub3.sys --> C:\Windows\system32\Drivers\EtronHub3.sys [?]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\system32\Drivers\EtronXHCI.sys --> C:\Windows\system32\Drivers\EtronXHCI.sys [?]
R3 lvpopf64;Logitech POP Suppression Filter;C:\Windows\system32\DRIVERS\lvpopf64.sys --> C:\Windows\system32\DRIVERS\lvpopf64.sys [?]
R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]
R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\drivers\LVUSBS64.sys --> C:\Windows\system32\drivers\LVUSBS64.sys [?]
R3 LVUVC64;Logitech QuickCam Fusion(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-7-7 195336]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-7-16 130976]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-24 129976]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-05-19 06:12:25 -------- d-----w- C:\Users\Doctor\AppData\Roaming\Malwarebytes
2012-05-19 06:12:19 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-05-19 06:12:19 -------- d-----w- C:\ProgramData\Malwarebytes
2012-05-19 06:12:19 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-13 23:43:42 -------- d-----w- C:\Users\Doctor\AppData\Roaming\Rainbow
2012-05-13 15:29:11 -------- d-----w- C:\Users\Doctor\AppData\Roaming\ActionWorks
2012-05-13 15:29:11 -------- d-----w- C:\ProgramData\ActionWorks
2012-05-13 01:56:20 -------- d-----w- C:\Users\Doctor\AppData\Roaming\WiiSports101in1
2012-05-13 01:56:20 -------- d-----w- C:\Users\Doctor\AppData\Roaming\Jewels of the East India Company
2012-05-12 21:12:15 -------- d-----w- C:\Users\Doctor\AppData\Roaming\CitadelArcanes
2012-05-12 21:06:59 -------- d-----w- C:\Program Files (x86)\Jewels of the East India Company
2012-05-12 21:01:05 -------- d-----w- C:\Program Files (x86)\Citadel Arcanes
2012-05-12 20:59:26 -------- d-----w- C:\Program Files (x86)\Garden Rescue
2012-05-10 13:31:23 772552 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-05-10 13:06:50 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{11321F32-8C59-4BA1-A277-8B1EF0050DF3}\mpengine.dll
2012-05-10 13:04:05 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-10 13:04:04 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-05-10 13:04:03 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-10 13:04:03 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-10 13:04:02 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-05-10 13:04:01 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-05-10 13:03:46 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-05-10 13:03:46 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-05-10 13:03:29 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 13:03:29 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-10 13:03:29 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-10 13:03:29 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-05-10 13:03:29 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-03 05:36:11 -------- d-----w- C:\Users\Doctor\AppData\Roaming\Legacy
2012-05-03 05:28:08 -------- d-----w- C:\Program Files (x86)\Brainville
2012-05-03 05:26:18 -------- d-----w- C:\Program Files (x86)\Joining Hands
2012-04-28 23:02:36 -------- d-----w- C:\Users\Doctor\AppData\Roaming\cerasus.media
2012-04-28 21:27:30 -------- d-----w- C:\ProgramData\10tons
2012-04-28 21:12:09 -------- d-----w- C:\Users\Doctor\AppData\Roaming\pigsels
2012-04-28 16:28:35 -------- d-----w- C:\Program Files (x86)\Coloropus
2012-04-26 02:30:17 -------- d-----w- C:\Program Files (x86)\freebird
2012-04-25 01:08:41 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-04-25 01:08:40 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-25 01:08:40 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-04-22 02:14:33 14744 ----a-w- C:\Users\Doctor\AppData\Roaming\Microsoft\IdentityCRL\production\ppcrlconfig.dll
2012-04-22 02:07:00 -------- d-----w- C:\Windows\SysWow64\xlive
2012-04-22 02:06:57 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
.
==================== Find3M ====================
.
2012-05-10 13:31:14 687560 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-05-10 13:18:17 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-10 13:18:17 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-03-01 06:46:16 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-03-01 06:38:27 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-03-01 06:33:50 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-03-01 06:28:47 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-03-01 05:37:41 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-03-01 05:33:23 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-03-01 05:29:16 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-23 17:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 14:56:21.99 ===============


Attach.txt:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume5
Install Date: 7/9/2011 8:10:54 PM
System Uptime: 5/19/2012 2:52:19 PM (0 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | Z68X-UD3H-B3
Processor: Intel® Core™ i5-2500K CPU @ 3.30GHz | Socket 1155 | 3601/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 488 GiB total, 394.851 GiB free.
D: is FIXED (NTFS) - 210 GiB total, 126.634 GiB free.
E: is FIXED (NTFS) - 71 GiB total, 35.242 GiB free.
F: is FIXED (NTFS) - 49 GiB total, 33.62 GiB free.
G: is FIXED (NTFS) - 57 GiB total, 39.38 GiB free.
H: is FIXED (NTFS) - 56 GiB total, 56.321 GiB free.
Z: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP100: 5/6/2012 12:22:19 AM - Scheduled Checkpoint
RP101: 5/10/2012 6:05:50 AM - Windows Update
RP102: 5/10/2012 6:20:07 AM - Windows Update
RP103: 5/10/2012 6:28:24 AM - Removed Java™ 6 Update 31
RP104: 5/10/2012 6:31:03 AM - Installed Java™ 7 Update 4
RP106: 5/16/2012 8:12:48 AM - Paint.NET v3.5.10
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
µTorrent
12noon Display Changer
3D Mahjong Deluxe
3DMark 11
4 Elements II
Adobe AIR
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
Adobe Shockwave Player 11.6
Adore Puzzle
APC PowerChute Personal Edition 3.0
Apple Application Support
Apple Software Update
Ashampoo Burning Studio 6 FREE v.6.80
Astro Avenger 2
Audacity 1.3.13 (Unicode)
Azada: In Libro
Big Fish Games: Game Manager
Bing Bar
Brainville
Bubble Bonanza
Build-a-lot: On Vacation
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MP Navigator EX 2.1
Canon My Printer
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
CCC Help English
Citadel Arcanes
Coloropus
Cradle of Egypt
CyberLink BD_3D Advisor 2.0
DHTML Menu Builder 4.20
eReg
Etron USB3.0 Host Controller
Facebook Video Calling 1.2.0.159
Farm Frenzy: Viking Heroes
FreeSpace 2
Futuremark SystemInfo
Garden Rescue
Google Chrome
Google Earth
Intel® Management Engine Components
Island Tribe 3
Java Auto Updater
Java™ 7 Update 4
Jewels of the East India Company
Jigsaw Boom
Jigsaws Galore
Joining Hands
LAME v3.98.3 for Audacity
Logitech Vid HD
Luxor Evolved
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft Choice Guard
Microsoft Flight
Microsoft Flight Simulator 2004 A Century of Flight
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Monitor Asset Manager
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird (5.0)
MSVCRT
My Kingdom for the Princess III
Need For Speed Hot Pursuit 2
Need for Speed™ Hot Pursuit
OpenAL
Opera 11.52
Origin
Patricia's Quest for Sun
Pioneer Lands
Pro Evolution Soccer 2010
Pro Evolution Soccer 2012
QuickTime
Ray Adams ATI Tray Tools
Real Alternative 2.0.2
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Roads of Rome III
Safari
SeaMonkey (2.4.1)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Star Defender III
Star Wars X-Wing Alliance
Stellarium 0.11.0
swMSM
SwordSearcher 6.0.1.3
TalkShoe Live! 2.0
The Golden Years: Way Out West
TIE Fighter Collector's CD-ROM
Toki Tori
TUGZip 3.5
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2598290) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
USA Extreme Landscapes
USA Extreme Landscapes HI and AK
vEmotion - VoIP audio assistant
ViewSonic Monitor Drivers x64
Virtual Farm 2
VLC media player 1.1.10
Westward
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Upload Tool
Windows Media Player Firefox Plugin
Winning Eleven 9
WinRAR 4.01 (32-bit)
Word U
X-Lite 3.0
X-Wing Install System 2.71
Youda Farmer 3: Seasons
Youda Survivor 2
Zuma's Revenge - Adventure
.
==== End Of File ===========================

Thank you for your help.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:09 PM

Posted 19 May 2012 - 06:07 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Jeff Franklin

Jeff Franklin
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:09 PM

Posted 19 May 2012 - 06:30 PM

Computer is still acting normally. Haven't seen the virus warning message while clicking the tab in Thunderbird (we have tried many times today).

Here are the results of the scans you asked for:



TDSSKiller.2.7.35.0_19.05.2012_16.13.41_log.txt:

16:13:41.0982 5376 TDSS rootkit removing tool 2.7.35.0 May 16 2012 07:37:57
16:13:42.0403 5376 ============================================================
16:13:42.0403 5376 Current date / time: 2012/05/19 16:13:42.0403
16:13:42.0403 5376 SystemInfo:
16:13:42.0403 5376
16:13:42.0403 5376 OS Version: 6.1.7601 ServicePack: 1.0
16:13:42.0403 5376 Product type: Workstation
16:13:42.0403 5376 ComputerName: CORE-I5-2500K
16:13:42.0403 5376 UserName: Doctor
16:13:42.0403 5376 Windows directory: C:\Windows
16:13:42.0403 5376 System windows directory: C:\Windows
16:13:42.0403 5376 Running under WOW64
16:13:42.0403 5376 Processor architecture: Intel x64
16:13:42.0403 5376 Number of processors: 4
16:13:42.0403 5376 Page size: 0x1000
16:13:42.0403 5376 Boot type: Normal boot
16:13:42.0403 5376 ============================================================
16:13:48.0987 5376 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:13:49.0002 5376 Drive \Device\Harddisk1\DR1 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x540BE, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000040
16:13:49.0002 5376 ============================================================
16:13:49.0002 5376 \Device\Harddisk0\DR0:
16:13:49.0002 5376 MBR partitions:
16:13:49.0002 5376 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x8DFE2F5
16:13:49.0018 5376 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x8DFE373, BlocksNum 0x61A7927
16:13:49.0033 5376 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xEFA5CD9, BlocksNum 0x7148223
16:13:49.0049 5376 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x160EDF3B, BlocksNum 0x70D6646
16:13:49.0049 5376 \Device\Harddisk1\DR1:
16:13:49.0049 5376 MBR partitions:
16:13:49.0049 5376 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:13:49.0049 5376 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3D05D800
16:13:49.0049 5376 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x3D090000, BlocksNum 0x1A4B5000
16:13:49.0049 5376 ============================================================
16:13:49.0080 5376 C: <-> \Device\Harddisk1\DR1\Partition1
16:13:49.0111 5376 D: <-> \Device\Harddisk1\DR1\Partition2
16:13:49.0143 5376 E: <-> \Device\Harddisk0\DR0\Partition0
16:13:49.0174 5376 F: <-> \Device\Harddisk0\DR0\Partition1
16:13:49.0205 5376 G: <-> \Device\Harddisk0\DR0\Partition2
16:13:49.0221 5376 H: <-> \Device\Harddisk0\DR0\Partition3
16:13:49.0221 5376 ============================================================
16:13:49.0221 5376 Initialize success
16:13:49.0221 5376 ============================================================
16:14:23.0592 4496 ============================================================
16:14:23.0592 4496 Scan started
16:14:23.0592 4496 Mode: Manual;
16:14:23.0592 4496 ============================================================
16:14:24.0231 4496 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
16:14:24.0247 4496 1394ohci - ok
16:14:24.0278 4496 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
16:14:24.0278 4496 ACPI - ok
16:14:24.0294 4496 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
16:14:24.0309 4496 AcpiPmi - ok
16:14:24.0372 4496 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:14:24.0372 4496 AdobeARMservice - ok
16:14:24.0403 4496 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
16:14:24.0434 4496 adp94xx - ok
16:14:24.0450 4496 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
16:14:24.0496 4496 adpahci - ok
16:14:24.0512 4496 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
16:14:24.0512 4496 adpu320 - ok
16:14:24.0543 4496 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
16:14:24.0543 4496 AeLookupSvc - ok
16:14:24.0652 4496 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
16:14:24.0668 4496 AFD - ok
16:14:24.0684 4496 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
16:14:24.0699 4496 agp440 - ok
16:14:24.0699 4496 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
16:14:24.0699 4496 ALG - ok
16:14:24.0715 4496 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
16:14:24.0715 4496 aliide - ok
16:14:24.0762 4496 AMD External Events Utility (0bde3222789749571c3d706f0181203d) C:\Windows\system32\atiesrxx.exe
16:14:24.0762 4496 AMD External Events Utility - ok
16:14:24.0762 4496 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
16:14:24.0777 4496 amdide - ok
16:14:24.0793 4496 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
16:14:24.0808 4496 AmdK8 - ok
16:14:25.0011 4496 amdkmdag (75bbd04f450ce109031a215fd4ec667a) C:\Windows\system32\DRIVERS\atikmdag.sys
16:14:25.0152 4496 amdkmdag - ok
16:14:25.0183 4496 amdkmdap (adb8ee976ce4a47c54d39f2581593c03) C:\Windows\system32\DRIVERS\atikmpag.sys
16:14:25.0183 4496 amdkmdap - ok
16:14:25.0198 4496 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
16:14:25.0198 4496 AmdPPM - ok
16:14:25.0214 4496 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
16:14:25.0230 4496 amdsata - ok
16:14:25.0230 4496 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
16:14:25.0245 4496 amdsbs - ok
16:14:25.0245 4496 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
16:14:25.0245 4496 amdxata - ok
16:14:25.0276 4496 APC Data Service (378a326ba649e01aac767355aab9e90c) C:\Program Files (x86)\APC\APC PowerChute Personal Edition\dataserv.exe
16:14:25.0276 4496 APC Data Service - ok
16:14:25.0308 4496 APC UPS Service (84a1a403d2dd63ef941674cc87ff503c) C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
16:14:25.0323 4496 APC UPS Service - ok
16:14:25.0323 4496 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
16:14:25.0339 4496 AppID - ok
16:14:25.0339 4496 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
16:14:25.0354 4496 AppIDSvc - ok
16:14:25.0370 4496 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
16:14:25.0370 4496 Appinfo - ok
16:14:25.0417 4496 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:14:25.0417 4496 Apple Mobile Device - ok
16:14:25.0464 4496 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
16:14:25.0464 4496 AppMgmt - ok
16:14:25.0479 4496 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
16:14:25.0495 4496 arc - ok
16:14:25.0495 4496 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
16:14:25.0495 4496 arcsas - ok
16:14:25.0510 4496 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:14:25.0510 4496 AsyncMac - ok
16:14:25.0526 4496 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
16:14:25.0526 4496 atapi - ok
16:14:25.0542 4496 AtiHDAudioService (cbd14f698def12ee3557604b726cb8eb) C:\Windows\system32\drivers\AtihdW76.sys
16:14:25.0542 4496 AtiHDAudioService - ok
16:14:25.0573 4496 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:14:25.0588 4496 AudioEndpointBuilder - ok
16:14:25.0588 4496 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:14:25.0604 4496 AudioSrv - ok
16:14:25.0620 4496 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
16:14:25.0620 4496 AxInstSV - ok
16:14:25.0635 4496 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
16:14:25.0635 4496 b06bdrv - ok
16:14:25.0666 4496 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:14:25.0666 4496 b57nd60a - ok
16:14:25.0729 4496 BBSvc (2ed050291bc1d7f9e322e328db3aaecf) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
16:14:25.0729 4496 BBSvc - ok
16:14:25.0760 4496 BBUpdate (785de7abda13309d6065305542829e76) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
16:14:25.0760 4496 BBUpdate - ok
16:14:25.0776 4496 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
16:14:25.0776 4496 BDESVC - ok
16:14:25.0791 4496 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:14:25.0791 4496 Beep - ok
16:14:25.0838 4496 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
16:14:25.0838 4496 BFE - ok
16:14:25.0869 4496 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
16:14:25.0885 4496 BITS - ok
16:14:25.0885 4496 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:14:25.0900 4496 blbdrive - ok
16:14:25.0978 4496 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
16:14:25.0978 4496 Bonjour Service - ok
16:14:26.0010 4496 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
16:14:26.0025 4496 bowser - ok
16:14:26.0041 4496 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
16:14:26.0041 4496 BrFiltLo - ok
16:14:26.0056 4496 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
16:14:26.0056 4496 BrFiltUp - ok
16:14:26.0056 4496 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
16:14:26.0072 4496 Browser - ok
16:14:26.0072 4496 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:14:26.0088 4496 Brserid - ok
16:14:26.0103 4496 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:14:26.0103 4496 BrSerWdm - ok
16:14:26.0119 4496 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:14:26.0119 4496 BrUsbMdm - ok
16:14:26.0134 4496 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:14:26.0134 4496 BrUsbSer - ok
16:14:26.0150 4496 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
16:14:26.0150 4496 BTHMODEM - ok
16:14:26.0166 4496 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
16:14:26.0166 4496 bthserv - ok
16:14:26.0181 4496 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:14:26.0181 4496 cdfs - ok
16:14:26.0197 4496 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
16:14:26.0212 4496 cdrom - ok
16:14:26.0228 4496 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:14:26.0228 4496 CertPropSvc - ok
16:14:26.0228 4496 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
16:14:26.0228 4496 circlass - ok
16:14:26.0244 4496 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:14:26.0275 4496 CLFS - ok
16:14:26.0306 4496 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:14:26.0306 4496 clr_optimization_v2.0.50727_32 - ok
16:14:26.0353 4496 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:14:26.0353 4496 clr_optimization_v2.0.50727_64 - ok
16:14:26.0400 4496 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:14:26.0400 4496 clr_optimization_v4.0.30319_32 - ok
16:14:26.0446 4496 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:14:26.0446 4496 clr_optimization_v4.0.30319_64 - ok
16:14:26.0446 4496 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
16:14:26.0462 4496 CmBatt - ok
16:14:26.0462 4496 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
16:14:26.0478 4496 cmdide - ok
16:14:26.0509 4496 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
16:14:26.0509 4496 CNG - ok
16:14:26.0509 4496 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
16:14:26.0509 4496 Compbatt - ok
16:14:26.0509 4496 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
16:14:26.0509 4496 CompositeBus - ok
16:14:26.0524 4496 COMSysApp - ok
16:14:26.0540 4496 cpuz135 (262969a3fab32b9e17e63e2d17a57744) C:\Windows\system32\drivers\cpuz135_x64.sys
16:14:26.0540 4496 cpuz135 - ok
16:14:26.0556 4496 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
16:14:26.0556 4496 crcdisk - ok
16:14:26.0571 4496 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
16:14:26.0571 4496 CryptSvc - ok
16:14:26.0618 4496 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
16:14:26.0618 4496 CSC - ok
16:14:26.0649 4496 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
16:14:26.0649 4496 CscService - ok
16:14:26.0696 4496 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:14:26.0696 4496 DcomLaunch - ok
16:14:26.0727 4496 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
16:14:26.0727 4496 defragsvc - ok
16:14:26.0758 4496 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
16:14:26.0758 4496 DfsC - ok
16:14:26.0790 4496 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
16:14:26.0790 4496 Dhcp - ok
16:14:26.0790 4496 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:14:26.0821 4496 discache - ok
16:14:26.0836 4496 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
16:14:26.0852 4496 Disk - ok
16:14:26.0868 4496 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
16:14:26.0868 4496 dmvsc - ok
16:14:26.0883 4496 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
16:14:26.0883 4496 Dnscache - ok
16:14:26.0899 4496 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
16:14:26.0899 4496 dot3svc - ok
16:14:26.0914 4496 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
16:14:26.0914 4496 DPS - ok
16:14:26.0930 4496 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:14:26.0930 4496 drmkaud - ok
16:14:26.0961 4496 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
16:14:26.0977 4496 DXGKrnl - ok
16:14:27.0008 4496 eamonm (aca3fe4f18a945b7bf2618a79f6f670b) C:\Windows\system32\DRIVERS\eamonm.sys
16:14:27.0024 4496 eamonm - ok
16:14:27.0039 4496 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
16:14:27.0039 4496 EapHost - ok
16:14:27.0117 4496 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
16:14:27.0180 4496 ebdrv - ok
16:14:27.0226 4496 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
16:14:27.0242 4496 EFS - ok
16:14:27.0258 4496 ehdrv (6672438bdcbfd87250d22112d458294d) C:\Windows\system32\DRIVERS\ehdrv.sys
16:14:27.0273 4496 ehdrv - ok
16:14:27.0320 4496 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
16:14:27.0320 4496 ehRecvr - ok
16:14:27.0336 4496 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
16:14:27.0336 4496 ehSched - ok
16:14:27.0382 4496 EhttpSrv (deb2b067745d92ff17a5068dfd2360bc) C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
16:14:27.0382 4496 EhttpSrv - ok
16:14:27.0414 4496 ekrn (191d8eccc40f05b52fac0513f35ba01d) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
16:14:27.0414 4496 ekrn - ok
16:14:27.0460 4496 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
16:14:27.0460 4496 elxstor - ok
16:14:27.0476 4496 epfwwfpr (954fade8e59f159b0a71d0cfcc99a76e) C:\Windows\system32\DRIVERS\epfwwfpr.sys
16:14:27.0476 4496 epfwwfpr - ok
16:14:27.0476 4496 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
16:14:27.0492 4496 ErrDev - ok
16:14:27.0507 4496 EtronHub3 (72eccb2f5c9cfc32a9b2a60933832501) C:\Windows\system32\Drivers\EtronHub3.sys
16:14:27.0523 4496 EtronHub3 - ok
16:14:27.0523 4496 EtronXHCI (7bb310f6fb9e1b9d21dd2ce7eb0d5464) C:\Windows\system32\Drivers\EtronXHCI.sys
16:14:27.0523 4496 EtronXHCI - ok
16:14:27.0554 4496 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
16:14:27.0554 4496 EventSystem - ok
16:14:27.0554 4496 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:14:27.0570 4496 exfat - ok
16:14:27.0585 4496 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:14:27.0601 4496 fastfat - ok
16:14:27.0648 4496 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
16:14:27.0648 4496 Fax - ok
16:14:27.0663 4496 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
16:14:27.0679 4496 fdc - ok
16:14:27.0694 4496 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
16:14:27.0694 4496 fdPHost - ok
16:14:27.0694 4496 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
16:14:27.0694 4496 FDResPub - ok
16:14:27.0710 4496 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:14:27.0710 4496 FileInfo - ok
16:14:27.0726 4496 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:14:27.0726 4496 Filetrace - ok
16:14:27.0741 4496 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
16:14:27.0741 4496 flpydisk - ok
16:14:27.0757 4496 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
16:14:27.0772 4496 FltMgr - ok
16:14:27.0819 4496 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
16:14:27.0835 4496 FontCache - ok
16:14:27.0897 4496 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:14:27.0897 4496 FontCache3.0.0.0 - ok
16:14:27.0897 4496 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:14:27.0913 4496 FsDepends - ok
16:14:27.0944 4496 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
16:14:27.0944 4496 Fs_Rec - ok
16:14:27.0991 4496 Futuremark SystemInfo Service (79b4cde2b69ed8ba4011859780a66a4d) C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
16:14:27.0991 4496 Futuremark SystemInfo Service - ok
16:14:28.0022 4496 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:14:28.0053 4496 fvevol - ok
16:14:28.0053 4496 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
16:14:28.0053 4496 gagp30kx - ok
16:14:28.0084 4496 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:14:28.0084 4496 GEARAspiWDM - ok
16:14:28.0116 4496 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
16:14:28.0131 4496 gpsvc - ok
16:14:28.0131 4496 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:14:28.0131 4496 hcw85cir - ok
16:14:28.0162 4496 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
16:14:28.0162 4496 HdAudAddService - ok
16:14:28.0194 4496 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:14:28.0194 4496 HDAudBus - ok
16:14:28.0194 4496 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
16:14:28.0209 4496 HidBatt - ok
16:14:28.0225 4496 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
16:14:28.0240 4496 HidBth - ok
16:14:28.0240 4496 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
16:14:28.0256 4496 HidIr - ok
16:14:28.0272 4496 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
16:14:28.0272 4496 hidserv - ok
16:14:28.0287 4496 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
16:14:28.0287 4496 HidUsb - ok
16:14:28.0303 4496 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
16:14:28.0303 4496 hkmsvc - ok
16:14:28.0318 4496 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
16:14:28.0318 4496 HomeGroupListener - ok
16:14:28.0334 4496 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
16:14:28.0334 4496 HomeGroupProvider - ok
16:14:28.0350 4496 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
16:14:28.0350 4496 HpSAMD - ok
16:14:28.0381 4496 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
16:14:28.0381 4496 HTTP - ok
16:14:28.0396 4496 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
16:14:28.0396 4496 hwpolicy - ok
16:14:28.0412 4496 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
16:14:28.0412 4496 i8042prt - ok
16:14:28.0443 4496 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
16:14:28.0443 4496 iaStorV - ok
16:14:28.0506 4496 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:14:28.0521 4496 idsvc - ok
16:14:28.0521 4496 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
16:14:28.0521 4496 iirsp - ok
16:14:28.0552 4496 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
16:14:28.0568 4496 IKEEXT - ok
16:14:28.0677 4496 IntcAzAudAddService (8f6ed52134ebb4ce2953ec37c9275497) C:\Windows\system32\drivers\RTKVHD64.sys
16:14:28.0693 4496 IntcAzAudAddService - ok
16:14:28.0740 4496 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
16:14:28.0740 4496 intelide - ok
16:14:28.0771 4496 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:14:28.0786 4496 intelppm - ok
16:14:28.0786 4496 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
16:14:28.0786 4496 IPBusEnum - ok
16:14:28.0802 4496 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:14:28.0802 4496 IpFilterDriver - ok
16:14:28.0833 4496 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
16:14:28.0833 4496 iphlpsvc - ok
16:14:28.0849 4496 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
16:14:28.0849 4496 IPMIDRV - ok
16:14:28.0864 4496 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:14:28.0864 4496 IPNAT - ok
16:14:28.0927 4496 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
16:14:28.0942 4496 iPod Service - ok
16:14:28.0958 4496 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:14:28.0958 4496 IRENUM - ok
16:14:28.0958 4496 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
16:14:28.0974 4496 isapnp - ok
16:14:28.0989 4496 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
16:14:29.0005 4496 iScsiPrt - ok
16:14:29.0020 4496 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
16:14:29.0020 4496 kbdclass - ok
16:14:29.0036 4496 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
16:14:29.0036 4496 kbdhid - ok
16:14:29.0052 4496 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:14:29.0067 4496 KeyIso - ok
16:14:29.0067 4496 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
16:14:29.0067 4496 KSecDD - ok
16:14:29.0098 4496 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
16:14:29.0114 4496 KSecPkg - ok
16:14:29.0114 4496 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:14:29.0130 4496 ksthunk - ok
16:14:29.0145 4496 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
16:14:29.0161 4496 KtmRm - ok
16:14:29.0176 4496 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
16:14:29.0176 4496 LanmanServer - ok
16:14:29.0192 4496 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
16:14:29.0192 4496 LanmanWorkstation - ok
16:14:29.0254 4496 LBTServ (19eff704cd16dd0429e128431f1dd631) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
16:14:29.0270 4496 LBTServ - ok
16:14:29.0286 4496 LHidFilt (1074c77a47835e03c15bf92452f9a750) C:\Windows\system32\DRIVERS\LHidFilt.Sys
16:14:29.0301 4496 LHidFilt - ok
16:14:29.0317 4496 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:14:29.0317 4496 lltdio - ok
16:14:29.0332 4496 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
16:14:29.0332 4496 lltdsvc - ok
16:14:29.0348 4496 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
16:14:29.0348 4496 lmhosts - ok
16:14:29.0364 4496 LMouFilt (96999c364c649e2866a268f7420a304a) C:\Windows\system32\DRIVERS\LMouFilt.Sys
16:14:29.0379 4496 LMouFilt - ok
16:14:29.0457 4496 LMS (0803906d607a9b83184447b75b60ecc2) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
16:14:29.0457 4496 LMS - ok
16:14:29.0473 4496 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
16:14:29.0488 4496 LSI_FC - ok
16:14:29.0488 4496 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
16:14:29.0504 4496 LSI_SAS - ok
16:14:29.0520 4496 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
16:14:29.0520 4496 LSI_SAS2 - ok
16:14:29.0535 4496 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
16:14:29.0551 4496 LSI_SCSI - ok
16:14:29.0566 4496 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:14:29.0566 4496 luafv - ok
16:14:29.0660 4496 lvpopf64 (ce6e5146039d248feb991fbc9e2b6a7b) C:\Windows\system32\DRIVERS\lvpopf64.sys
16:14:29.0676 4496 lvpopf64 - ok
16:14:29.0754 4496 LVPr2M64 (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys
16:14:29.0754 4496 LVPr2M64 - ok
16:14:29.0754 4496 LVPr2Mon (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys
16:14:29.0754 4496 LVPr2Mon - ok
16:14:29.0785 4496 LVPrcS64 (a35679e56e78091e1042a2d7adbf2958) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
16:14:29.0785 4496 LVPrcS64 - ok
16:14:29.0816 4496 LVUSBS64 (6d5ea90f86f9b28cd44af6ba9be03bf9) C:\Windows\system32\drivers\LVUSBS64.sys
16:14:29.0816 4496 LVUSBS64 - ok
16:14:29.0941 4496 LVUVC64 (eb12688842ede30c843a123fa6855858) C:\Windows\system32\DRIVERS\lvuvc64.sys
16:14:29.0956 4496 LVUVC64 - ok
16:14:30.0003 4496 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
16:14:30.0003 4496 Mcx2Svc - ok
16:14:30.0066 4496 MDM (7cf1b716372b89568ae4c0fe769f5869) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
16:14:30.0066 4496 MDM - ok
16:14:30.0081 4496 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
16:14:30.0112 4496 megasas - ok
16:14:30.0128 4496 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
16:14:30.0128 4496 MegaSR - ok
16:14:30.0128 4496 MEIx64 (1c6e73fc46b509eff9d0086aa37132df) C:\Windows\system32\DRIVERS\HECIx64.sys
16:14:30.0144 4496 MEIx64 - ok
16:14:30.0144 4496 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:14:30.0144 4496 MMCSS - ok
16:14:30.0159 4496 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:14:30.0159 4496 Modem - ok
16:14:30.0175 4496 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:14:30.0175 4496 monitor - ok
16:14:30.0190 4496 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
16:14:30.0190 4496 mouclass - ok
16:14:30.0206 4496 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:14:30.0206 4496 mouhid - ok
16:14:30.0222 4496 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
16:14:30.0237 4496 mountmgr - ok
16:14:30.0268 4496 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:14:30.0284 4496 MozillaMaintenance - ok
16:14:30.0300 4496 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
16:14:30.0300 4496 mpio - ok
16:14:30.0315 4496 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:14:30.0331 4496 mpsdrv - ok
16:14:30.0362 4496 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
16:14:30.0362 4496 MpsSvc - ok
16:14:30.0378 4496 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
16:14:30.0378 4496 MRxDAV - ok
16:14:30.0393 4496 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:14:30.0393 4496 mrxsmb - ok
16:14:30.0424 4496 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:14:30.0424 4496 mrxsmb10 - ok
16:14:30.0440 4496 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:14:30.0440 4496 mrxsmb20 - ok
16:14:30.0440 4496 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
16:14:30.0456 4496 msahci - ok
16:14:30.0471 4496 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
16:14:30.0471 4496 msdsm - ok
16:14:30.0487 4496 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
16:14:30.0487 4496 MSDTC - ok
16:14:30.0487 4496 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:14:30.0487 4496 Msfs - ok
16:14:30.0502 4496 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:14:30.0502 4496 mshidkmdf - ok
16:14:30.0518 4496 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
16:14:30.0534 4496 msisadrv - ok
16:14:30.0549 4496 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
16:14:30.0549 4496 MSiSCSI - ok
16:14:30.0549 4496 msiserver - ok
16:14:30.0580 4496 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:14:30.0580 4496 MSKSSRV - ok
16:14:30.0580 4496 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:14:30.0580 4496 MSPCLOCK - ok
16:14:30.0596 4496 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:14:30.0612 4496 MSPQM - ok
16:14:30.0627 4496 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
16:14:30.0643 4496 MsRPC - ok
16:14:30.0643 4496 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
16:14:30.0643 4496 mssmbios - ok
16:14:30.0658 4496 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:14:30.0658 4496 MSTEE - ok
16:14:30.0658 4496 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
16:14:30.0658 4496 MTConfig - ok
16:14:30.0674 4496 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:14:30.0674 4496 Mup - ok
16:14:30.0705 4496 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
16:14:30.0705 4496 napagent - ok
16:14:30.0752 4496 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:14:30.0768 4496 NativeWifiP - ok
16:14:30.0814 4496 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
16:14:30.0846 4496 NDIS - ok
16:14:30.0846 4496 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:14:30.0861 4496 NdisCap - ok
16:14:30.0861 4496 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:14:30.0861 4496 NdisTapi - ok
16:14:30.0877 4496 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
16:14:30.0877 4496 Ndisuio - ok
16:14:30.0877 4496 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
16:14:30.0892 4496 NdisWan - ok
16:14:30.0908 4496 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
16:14:30.0924 4496 NDProxy - ok
16:14:30.0924 4496 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:14:30.0939 4496 NetBIOS - ok
16:14:30.0955 4496 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
16:14:30.0955 4496 NetBT - ok
16:14:30.0986 4496 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:14:30.0986 4496 Netlogon - ok
16:14:31.0017 4496 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
16:14:31.0033 4496 Netman - ok
16:14:31.0048 4496 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
16:14:31.0064 4496 netprofm - ok
16:14:31.0111 4496 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:14:31.0111 4496 NetTcpPortSharing - ok
16:14:31.0126 4496 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
16:14:31.0158 4496 nfrd960 - ok
16:14:31.0173 4496 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
16:14:31.0173 4496 NlaSvc - ok
16:14:31.0189 4496 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:14:31.0204 4496 Npfs - ok
16:14:31.0220 4496 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
16:14:31.0220 4496 nsi - ok
16:14:31.0220 4496 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:14:31.0220 4496 nsiproxy - ok
16:14:31.0298 4496 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
16:14:31.0314 4496 Ntfs - ok
16:14:31.0376 4496 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:14:31.0392 4496 Null - ok
16:14:31.0423 4496 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
16:14:31.0438 4496 nvraid - ok
16:14:31.0454 4496 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
16:14:31.0454 4496 nvstor - ok
16:14:31.0470 4496 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
16:14:31.0485 4496 nv_agp - ok
16:14:31.0563 4496 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:14:31.0563 4496 odserv - ok
16:14:31.0579 4496 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
16:14:31.0594 4496 ohci1394 - ok
16:14:31.0610 4496 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:14:31.0626 4496 ose - ok
16:14:31.0641 4496 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:14:31.0657 4496 p2pimsvc - ok
16:14:31.0672 4496 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
16:14:31.0672 4496 p2psvc - ok
16:14:31.0688 4496 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
16:14:31.0704 4496 Parport - ok
16:14:31.0719 4496 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
16:14:31.0719 4496 partmgr - ok
16:14:31.0735 4496 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
16:14:31.0735 4496 PcaSvc - ok
16:14:31.0750 4496 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
16:14:31.0750 4496 pci - ok
16:14:31.0766 4496 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
16:14:31.0782 4496 pciide - ok
16:14:31.0782 4496 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
16:14:31.0797 4496 pcmcia - ok
16:14:31.0797 4496 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:14:31.0813 4496 pcw - ok
16:14:31.0828 4496 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:14:31.0844 4496 PEAUTH - ok
16:14:31.0891 4496 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
16:14:31.0906 4496 PeerDistSvc - ok
16:14:31.0953 4496 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
16:14:31.0953 4496 PerfHost - ok
16:14:32.0031 4496 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
16:14:32.0047 4496 pla - ok
16:14:32.0094 4496 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
16:14:32.0094 4496 PlugPlay - ok
16:14:32.0109 4496 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
16:14:32.0109 4496 PNRPAutoReg - ok
16:14:32.0109 4496 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:14:32.0125 4496 PNRPsvc - ok
16:14:32.0140 4496 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
16:14:32.0156 4496 PolicyAgent - ok
16:14:32.0172 4496 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
16:14:32.0172 4496 Power - ok
16:14:32.0187 4496 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
16:14:32.0234 4496 PptpMiniport - ok
16:14:32.0250 4496 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
16:14:32.0250 4496 Processor - ok
16:14:32.0281 4496 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
16:14:32.0281 4496 ProfSvc - ok
16:14:32.0312 4496 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:14:32.0312 4496 ProtectedStorage - ok
16:14:32.0328 4496 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
16:14:32.0343 4496 Psched - ok
16:14:32.0406 4496 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
16:14:32.0421 4496 ql2300 - ok
16:14:32.0452 4496 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
16:14:32.0452 4496 ql40xx - ok
16:14:32.0468 4496 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
16:14:32.0468 4496 QWAVE - ok
16:14:32.0484 4496 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:14:32.0499 4496 QWAVEdrv - ok
16:14:32.0499 4496 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:14:32.0515 4496 RasAcd - ok
16:14:32.0530 4496 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:14:32.0530 4496 RasAgileVpn - ok
16:14:32.0546 4496 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
16:14:32.0546 4496 RasAuto - ok
16:14:32.0562 4496 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:14:32.0577 4496 Rasl2tp - ok
16:14:32.0593 4496 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
16:14:32.0608 4496 RasMan - ok
16:14:32.0608 4496 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:14:32.0608 4496 RasPppoe - ok
16:14:32.0624 4496 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:14:32.0624 4496 RasSstp - ok
16:14:32.0640 4496 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
16:14:32.0640 4496 rdbss - ok
16:14:32.0655 4496 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
16:14:32.0671 4496 rdpbus - ok
16:14:32.0671 4496 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:14:32.0671 4496 RDPCDD - ok
16:14:32.0702 4496 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
16:14:32.0702 4496 RDPDR - ok
16:14:32.0702 4496 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:14:32.0702 4496 RDPENCDD - ok
16:14:32.0702 4496 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:14:32.0702 4496 RDPREFMP - ok
16:14:32.0733 4496 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
16:14:32.0733 4496 RDPWD - ok
16:14:32.0749 4496 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
16:14:32.0764 4496 rdyboost - ok
16:14:32.0780 4496 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
16:14:32.0780 4496 RemoteAccess - ok
16:14:32.0796 4496 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
16:14:32.0796 4496 RemoteRegistry - ok
16:14:32.0811 4496 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
16:14:32.0811 4496 RpcEptMapper - ok
16:14:32.0827 4496 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
16:14:32.0827 4496 RpcLocator - ok
16:14:32.0858 4496 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:14:32.0858 4496 RpcSs - ok
16:14:32.0858 4496 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:14:32.0874 4496 rspndr - ok
16:14:32.0905 4496 RTL8167 (6d3c7e7d82d3dc92dc2a8b0df9f20f8a) C:\Windows\system32\DRIVERS\Rt64win7.sys
16:14:32.0905 4496 RTL8167 - ok
16:14:32.0920 4496 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
16:14:32.0920 4496 s3cap - ok
16:14:32.0920 4496 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:14:32.0920 4496 SamSs - ok
16:14:32.0920 4496 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
16:14:32.0936 4496 sbp2port - ok
16:14:32.0952 4496 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
16:14:32.0952 4496 SCardSvr - ok
16:14:32.0952 4496 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
16:14:32.0967 4496 scfilter - ok
16:14:32.0998 4496 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
16:14:33.0014 4496 Schedule - ok
16:14:33.0030 4496 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:14:33.0030 4496 SCPolicySvc - ok
16:14:33.0045 4496 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
16:14:33.0045 4496 SDRSVC - ok
16:14:33.0045 4496 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:14:33.0061 4496 secdrv - ok
16:14:33.0061 4496 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
16:14:33.0061 4496 seclogon - ok
16:14:33.0076 4496 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
16:14:33.0076 4496 SENS - ok
16:14:33.0076 4496 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
16:14:33.0076 4496 SensrSvc - ok
16:14:33.0092 4496 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
16:14:33.0092 4496 Serenum - ok
16:14:33.0108 4496 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
16:14:33.0123 4496 Serial - ok
16:14:33.0139 4496 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
16:14:33.0139 4496 sermouse - ok
16:14:33.0154 4496 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
16:14:33.0154 4496 SessionEnv - ok
16:14:33.0170 4496 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
16:14:33.0170 4496 sffdisk - ok
16:14:33.0186 4496 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
16:14:33.0186 4496 sffp_mmc - ok
16:14:33.0186 4496 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
16:14:33.0186 4496 sffp_sd - ok
16:14:33.0201 4496 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
16:14:33.0201 4496 sfloppy - ok
16:14:33.0232 4496 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
16:14:33.0232 4496 SharedAccess - ok
16:14:33.0264 4496 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
16:14:33.0279 4496 ShellHWDetection - ok
16:14:33.0279 4496 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
16:14:33.0310 4496 SiSRaid2 - ok
16:14:33.0310 4496 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
16:14:33.0326 4496 SiSRaid4 - ok
16:14:33.0326 4496 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:14:33.0326 4496 Smb - ok
16:14:33.0342 4496 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
16:14:33.0342 4496 SNMPTRAP - ok
16:14:33.0342 4496 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:14:33.0357 4496 spldr - ok
16:14:33.0388 4496 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
16:14:33.0388 4496 Spooler - ok
16:14:33.0498 4496 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
16:14:33.0544 4496 sppsvc - ok
16:14:33.0591 4496 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
16:14:33.0607 4496 sppuinotify - ok
16:14:33.0654 4496 sptd (34f974f8b3c86de03a30dcbe79091c97) C:\Windows\System32\Drivers\sptd.sys
16:14:33.0716 4496 sptd - ok
16:14:33.0763 4496 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
16:14:33.0794 4496 srv - ok
16:14:33.0810 4496 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
16:14:33.0825 4496 srv2 - ok
16:14:33.0841 4496 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
16:14:33.0841 4496 srvnet - ok
16:14:33.0872 4496 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
16:14:33.0872 4496 SSDPSRV - ok
16:14:33.0888 4496 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
16:14:33.0888 4496 SstpSvc - ok
16:14:33.0966 4496 StarWindServiceAE (e5c796b621f6fba8616511063d7f0ffe) C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
16:14:33.0981 4496 StarWindServiceAE - ok
16:14:33.0981 4496 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
16:14:33.0981 4496 stexstor - ok
16:14:33.0997 4496 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
16:14:34.0012 4496 StillCam - ok
16:14:34.0044 4496 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
16:14:34.0044 4496 stisvc - ok
16:14:34.0059 4496 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
16:14:34.0059 4496 storflt - ok
16:14:34.0090 4496 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
16:14:34.0090 4496 StorSvc - ok
16:14:34.0106 4496 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
16:14:34.0122 4496 storvsc - ok
16:14:34.0122 4496 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
16:14:34.0137 4496 swenum - ok
16:14:34.0168 4496 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
16:14:34.0168 4496 swprv - ok
16:14:34.0231 4496 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
16:14:34.0246 4496 SysMain - ok
16:14:34.0262 4496 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
16:14:34.0262 4496 TabletInputService - ok
16:14:34.0278 4496 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
16:14:34.0278 4496 TapiSrv - ok
16:14:34.0293 4496 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
16:14:34.0293 4496 TBS - ok
16:14:34.0371 4496 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
16:14:34.0387 4496 Tcpip - ok
16:14:34.0480 4496 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
16:14:34.0480 4496 TCPIP6 - ok
16:14:34.0512 4496 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
16:14:34.0512 4496 tcpipreg - ok
16:14:34.0512 4496 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:14:34.0527 4496 TDPIPE - ok
16:14:34.0543 4496 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
16:14:34.0543 4496 TDTCP - ok
16:14:34.0574 4496 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
16:14:34.0590 4496 tdx - ok
16:14:34.0605 4496 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
16:14:34.0605 4496 TermDD - ok
16:14:34.0636 4496 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
16:14:34.0636 4496 TermService - ok
16:14:34.0652 4496 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
16:14:34.0652 4496 Themes - ok
16:14:34.0683 4496 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:14:34.0683 4496 THREADORDER - ok
16:14:34.0777 4496 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
16:14:34.0777 4496 TrkWks - ok
16:14:34.0808 4496 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
16:14:34.0808 4496 TrustedInstaller - ok
16:14:34.0808 4496 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:14:34.0824 4496 tssecsrv - ok
16:14:34.0824 4496 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
16:14:34.0855 4496 TsUsbFlt - ok
16:14:34.0855 4496 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
16:14:34.0855 4496 TsUsbGD - ok
16:14:34.0870 4496 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
16:14:34.0886 4496 tunnel - ok
16:14:34.0886 4496 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
16:14:34.0902 4496 uagp35 - ok
16:14:34.0917 4496 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
16:14:34.0917 4496 udfs - ok
16:14:34.0933 4496 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
16:14:34.0933 4496 UI0Detect - ok
16:14:34.0933 4496 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
16:14:34.0948 4496 uliagpkx - ok
16:14:34.0948 4496 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
16:14:34.0948 4496 umbus - ok
16:14:34.0964 4496 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
16:14:34.0964 4496 UmPass - ok
16:14:34.0980 4496 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
16:14:34.0980 4496 UmRdpService - ok
16:14:35.0120 4496 UNS (eb79c6c91a99930015ef29ae7fa802d1) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
16:14:35.0151 4496 UNS - ok
16:14:35.0198 4496 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
16:14:35.0198 4496 upnphost - ok
16:14:35.0229 4496 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
16:14:35.0245 4496 usbaudio - ok
16:14:35.0260 4496 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
16:14:35.0276 4496 usbccgp - ok
16:14:35.0276 4496 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
16:14:35.0276 4496 usbcir - ok
16:14:35.0307 4496 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
16:14:35.0307 4496 usbehci - ok
16:14:35.0323 4496 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
16:14:35.0338 4496 usbhub - ok
16:14:35.0354 4496 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
16:14:35.0354 4496 usbohci - ok
16:14:35.0354 4496 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
16:14:35.0370 4496 usbprint - ok
16:14:35.0385 4496 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:14:35.0385 4496 USBSTOR - ok
16:14:35.0401 4496 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
16:14:35.0401 4496 usbuhci - ok
16:14:35.0401 4496 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
16:14:35.0416 4496 UxSms - ok
16:14:35.0432 4496 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:14:35.0432 4496 VaultSvc - ok
16:14:35.0448 4496 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
16:14:35.0463 4496 vdrvroot - ok
16:14:35.0494 4496 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
16:14:35.0494 4496 vds - ok
16:14:35.0494 4496 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:14:35.0494 4496 vga - ok
16:14:35.0494 4496 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:14:35.0510 4496 VgaSave - ok
16:14:35.0510 4496 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
16:14:35.0526 4496 vhdmp - ok
16:14:35.0526 4496 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
16:14:35.0541 4496 viaide - ok
16:14:35.0557 4496 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
16:14:35.0557 4496 vmbus - ok
16:14:35.0572 4496 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
16:14:35.0572 4496 VMBusHID - ok
16:14:35.0588 4496 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
16:14:35.0619 4496 volmgr - ok
16:14:35.0635 4496 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
16:14:35.0635 4496 volmgrx - ok
16:14:35.0666 4496 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
16:14:35.0682 4496 volsnap - ok
16:14:35.0682 4496 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
16:14:35.0697 4496 vsmraid - ok
16:14:35.0744 4496 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
16:14:35.0775 4496 VSS - ok
16:14:35.0791 4496 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
16:14:35.0806 4496 vwifibus - ok
16:14:35.0822 4496 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
16:14:35.0822 4496 W32Time - ok
16:14:35.0838 4496 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
16:14:35.0838 4496 WacomPen - ok
16:14:35.0853 4496 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:14:35.0853 4496 WANARP - ok
16:14:35.0853 4496 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:14:35.0853 4496 Wanarpv6 - ok
16:14:35.0931 4496 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
16:14:35.0947 4496 WatAdminSvc - ok
16:14:36.0009 4496 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
16:14:36.0025 4496 wbengine - ok
16:14:36.0040 4496 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
16:14:36.0056 4496 WbioSrvc - ok
16:14:36.0072 4496 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
16:14:36.0072 4496 wcncsvc - ok
16:14:36.0087 4496 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
16:14:36.0087 4496 WcsPlugInService - ok
16:14:36.0103 4496 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
16:14:36.0103 4496 Wd - ok
16:14:36.0134 4496 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:14:36.0150 4496 Wdf01000 - ok
16:14:36.0165 4496 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:14:36.0165 4496 WdiServiceHost - ok
16:14:36.0165 4496 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:14:36.0165 4496 WdiSystemHost - ok
16:14:36.0181 4496 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
16:14:36.0181 4496 WebClient - ok
16:14:36.0196 4496 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
16:14:36.0196 4496 Wecsvc - ok
16:14:36.0212 4496 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
16:14:36.0212 4496 wercplsupport - ok
16:14:36.0228 4496 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
16:14:36.0228 4496 WerSvc - ok
16:14:36.0243 4496 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:14:36.0243 4496 WfpLwf - ok
16:14:36.0259 4496 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:14:36.0259 4496 WIMMount - ok
16:14:36.0290 4496 WinDefend - ok
16:14:36.0290 4496 WinHttpAutoProxySvc - ok
16:14:36.0337 4496 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
16:14:36.0337 4496 Winmgmt - ok
16:14:36.0415 4496 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
16:14:36.0430 4496 WinRM - ok
16:14:36.0477 4496 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
16:14:36.0477 4496 Wlansvc - ok
16:14:36.0586 4496 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:14:36.0618 4496 wlidsvc - ok
16:14:36.0649 4496 WmBEnum (14dc5897bc6c4e03c023ad80abb7f539) C:\Windows\system32\drivers\WmBEnum.sys
16:14:36.0649 4496 WmBEnum - ok
16:14:36.0680 4496 WmFilter (2de0a0cea49972c82c7e9d36bd4c1247) C:\Windows\system32\drivers\WmFilter.sys
16:14:36.0680 4496 WmFilter - ok
16:14:36.0696 4496 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
16:14:36.0711 4496 WmiAcpi - ok
16:14:36.0727 4496 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
16:14:36.0727 4496 wmiApSrv - ok
16:14:36.0727 4496 WMPNetworkSvc - ok
16:14:36.0742 4496 WmVirHid (53c12ae1183f3f7787f1f1835001ccc0) C:\Windows\system32\drivers\WmVirHid.sys
16:14:36.0742 4496 WmVirHid - ok
16:14:36.0758 4496 WmXlCore (c807e470cca24f5e479da4872a7d2121) C:\Windows\system32\drivers\WmXlCore.sys
16:14:36.0789 4496 WmXlCore - ok
16:14:36.0805 4496 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
16:14:36.0805 4496 WPCSvc - ok
16:14:36.0820 4496 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
16:14:36.0820 4496 WPDBusEnum - ok
16:14:36.0820 4496 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:14:36.0820 4496 ws2ifsl - ok
16:14:36.0836 4496 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
16:14:36.0836 4496 wscsvc - ok
16:14:36.0852 4496 WSearch - ok
16:14:36.0930 4496 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
16:14:36.0961 4496 wuauserv - ok
16:14:36.0992 4496 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
16:14:36.0992 4496 WudfPf - ok
16:14:37.0008 4496 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:14:37.0023 4496 WUDFRd - ok
16:14:37.0023 4496 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
16:14:37.0039 4496 wudfsvc - ok
16:14:37.0039 4496 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
16:14:37.0039 4496 WwanSvc - ok
16:14:37.0054 4496 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
16:14:37.0273 4496 \Device\Harddisk0\DR0 - ok
16:14:37.0288 4496 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
16:14:37.0413 4496 \Device\Harddisk1\DR1 - ok
16:14:37.0429 4496 Boot (0x1200) (1badb564e710b9a9451f08be6e4cdb7a) \Device\Harddisk0\DR0\Partition0
16:14:37.0429 4496 \Device\Harddisk0\DR0\Partition0 - ok
16:14:37.0429 4496 Boot (0x1200) (0550ae66737354849cba93eb7ba20382) \Device\Harddisk0\DR0\Partition1
16:14:37.0429 4496 \Device\Harddisk0\DR0\Partition1 - ok
16:14:37.0429 4496 Boot (0x1200) (503b716f4b3673c4d6bbd0f2f4e340b7) \Device\Harddisk0\DR0\Partition2
16:14:37.0429 4496 \Device\Harddisk0\DR0\Partition2 - ok
16:14:37.0429 4496 Boot (0x1200) (98ebda13ee93bc68a948c10942b1aed7) \Device\Harddisk0\DR0\Partition3
16:14:37.0429 4496 \Device\Harddisk0\DR0\Partition3 - ok
16:14:37.0429 4496 Boot (0x1200) (228493558b115baec749f30dd7098349) \Device\Harddisk1\DR1\Partition0
16:14:37.0429 4496 \Device\Harddisk1\DR1\Partition0 - ok
16:14:37.0444 4496 Boot (0x1200) (160a4f9935dbf484f3cda2717c393831) \Device\Harddisk1\DR1\Partition1
16:14:37.0444 4496 \Device\Harddisk1\DR1\Partition1 - ok
16:14:37.0460 4496 Boot (0x1200) (6f3d44d6342a83f8a3b1dc325fddbe81) \Device\Harddisk1\DR1\Partition2
16:14:37.0460 4496 \Device\Harddisk1\DR1\Partition2 - ok
16:14:37.0460 4496 ============================================================
16:14:37.0460 4496 Scan finished
16:14:37.0460 4496 ============================================================
16:14:37.0460 1904 Detected object count: 0
16:14:37.0460 1904 Actual detected object count: 0
16:14:52.0545 4356 Deinitialize success


aswMBR.txt

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-19 16:16:17
-----------------------------
16:16:17.797 OS Version: Windows x64 6.1.7601 Service Pack 1
16:16:17.797 Number of processors: 4 586 0x2A07
16:16:17.798 ComputerName: CORE-I5-2500K UserName: Doctor
16:16:18.242 Initialize success
16:17:54.630 AVAST engine defs: 12051901
16:18:14.489 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:18:14.491 Disk 0 Vendor: WDC_WD2500JB-00REA0 20.00K20 Size: 238475MB BusType: 3
16:18:14.494 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP4T0L0-6
16:18:14.495 Disk 1 Vendor: WDC_WD7502AAEX-00Y9A0 05.01D05 Size: 715404MB BusType: 11
16:18:14.515 Disk 1 MBR read successfully
16:18:14.517 Disk 1 MBR scan
16:18:14.521 Disk 1 Windows 7 default MBR code
16:18:14.524 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
16:18:14.535 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 499899 MB offset 206848
16:18:14.552 Disk 1 Partition 3 00 07 HPFS/NTFS NTFS 215402 MB offset 1024000000
16:18:14.594 Disk 1 scanning C:\Windows\system32\drivers
16:18:20.527 Service scanning
16:18:31.815 Modules scanning
16:18:31.823 Disk 1 trace - called modules:
16:18:31.839 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
16:18:31.843 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa8007837060]
16:18:31.847 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa800751d1e0]
16:18:31.851 5 ACPI.sys[fffff88000f9f7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-6[0xfffffa8007553060]
16:18:32.648 AVAST engine scan C:\Windows
16:18:34.006 AVAST engine scan C:\Windows\system32
16:20:11.679 AVAST engine scan C:\Windows\system32\drivers
16:20:18.787 AVAST engine scan C:\Users\Doctor
16:23:36.381 AVAST engine scan C:\ProgramData
16:24:04.477 Scan finished successfully
16:25:24.208 Disk 1 MBR has been saved successfully to "C:\Users\Doctor\Desktop\MBR.dat"
16:25:24.208 The log file has been saved successfully to "C:\Users\Doctor\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:09 PM

Posted 19 May 2012 - 08:11 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Jeff Franklin

Jeff Franklin
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:09 PM

Posted 19 May 2012 - 09:58 PM

Combofix log file:

ComboFix 12-05-19.02 - Doctor 05/19/2012 19:45:03.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8175.6277 [GMT -7:00]
Running from: c:\users\Doctor\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2012-04-20 to 2012-05-20 )))))))))))))))))))))))))))))))
.
.
2012-05-20 02:47 . 2012-05-20 02:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-19 06:12 . 2012-05-19 06:12 -------- d-----w- c:\users\Doctor\AppData\Roaming\Malwarebytes
2012-05-19 06:12 . 2012-05-19 06:12 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-19 06:12 . 2012-05-19 06:12 -------- d-----w- c:\programdata\Malwarebytes
2012-05-19 06:12 . 2012-04-04 22:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-13 23:43 . 2012-05-13 23:43 -------- d-----w- c:\users\Doctor\AppData\Roaming\Rainbow
2012-05-13 15:29 . 2012-05-13 15:29 -------- d-----w- c:\users\Doctor\AppData\Roaming\ActionWorks
2012-05-13 15:29 . 2012-05-13 15:29 -------- d-----w- c:\programdata\ActionWorks
2012-05-13 01:56 . 2012-05-13 01:56 -------- d-----w- c:\users\Doctor\AppData\Roaming\Jewels of the East India Company
2012-05-13 01:56 . 2012-05-13 01:56 -------- d-----w- c:\users\Doctor\AppData\Roaming\WiiSports101in1
2012-05-12 21:12 . 2012-05-12 21:26 -------- d-----w- c:\users\Doctor\AppData\Roaming\CitadelArcanes
2012-05-12 21:06 . 2012-05-12 21:07 -------- d-----w- c:\program files (x86)\Jewels of the East India Company
2012-05-12 21:01 . 2012-05-12 21:01 -------- d-----w- c:\program files (x86)\Citadel Arcanes
2012-05-12 20:59 . 2012-05-12 20:59 -------- d-----w- c:\program files (x86)\Garden Rescue
2012-05-10 13:31 . 2012-05-10 13:31 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-05-10 13:31 . 2012-05-10 13:31 772552 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-05-10 13:20 . 2012-05-10 13:20 -------- d-----w- c:\program files\Microsoft Silverlight
2012-05-10 13:20 . 2012-05-10 13:20 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-05-10 13:06 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{11321F32-8C59-4BA1-A277-8B1EF0050DF3}\mpengine.dll
2012-05-10 13:04 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-10 13:04 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-10 13:04 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-10 13:04 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-10 13:04 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-10 13:04 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-10 13:03 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-10 13:03 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-10 13:03 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-10 13:03 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-10 13:03 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 13:03 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-10 13:03 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-03 05:36 . 2012-05-19 20:49 -------- d-----w- c:\users\Doctor\AppData\Roaming\Legacy
2012-05-03 05:28 . 2012-05-03 05:28 -------- d-----w- c:\program files (x86)\Brainville
2012-05-03 05:26 . 2012-05-03 05:26 -------- d-----w- c:\program files (x86)\Joining Hands
2012-04-28 23:02 . 2012-04-28 23:02 -------- d-----w- c:\users\Doctor\AppData\Roaming\cerasus.media
2012-04-28 21:27 . 2012-05-03 05:26 -------- d-----w- c:\programdata\10tons
2012-04-28 21:12 . 2012-04-28 21:12 -------- d-----w- c:\users\Doctor\AppData\Roaming\pigsels
2012-04-28 16:28 . 2012-04-28 16:28 -------- d-----w- c:\program files (x86)\Coloropus
2012-04-26 02:30 . 2012-04-26 02:30 -------- d-----w- c:\program files (x86)\freebird
2012-04-25 01:08 . 2012-04-25 01:08 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-04-25 01:08 . 2012-04-25 01:08 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-25 01:08 . 2012-04-25 01:08 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-04-22 02:07 . 2012-04-22 02:07 -------- d-----w- c:\windows\SysWow64\xlive
2012-04-22 02:06 . 2012-04-22 02:07 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-10 13:31 . 2011-07-10 14:05 687560 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-05-10 13:18 . 2012-04-02 22:25 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-10 13:18 . 2011-07-10 05:34 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-22 02:11 . 2009-08-18 19:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2012-04-22 02:11 . 2009-08-18 18:24 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-03-01 06:46 . 2012-04-12 14:33 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:38 . 2012-04-12 14:33 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 06:33 . 2012-04-12 14:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 06:28 . 2012-04-12 14:33 5120 ----a-w- c:\windows\system32\wmi.dll
2012-03-01 05:37 . 2012-04-12 14:33 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-03-01 05:33 . 2012-04-12 14:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:29 . 2012-04-12 14:33 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-02-28 06:56 . 2012-04-12 14:36 2311168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 06:49 . 2012-04-12 14:36 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 06:48 . 2012-04-12 14:36 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 06:42 . 2012-04-12 14:36 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-28 01:18 . 2012-04-12 14:36 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-02-28 01:11 . 2012-04-12 14:36 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11 . 2012-04-12 14:36 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-02-28 01:03 . 2012-04-12 14:36 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-02-23 17:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\Doctor\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-09-06 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-05-21 124512]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-08 336384]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files (x86)\APC\APC PowerChute Personal Edition\Display.exe [2010-9-14 271736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-07-08 195336]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-03-02 130976]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-25 129976]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 APC Data Service;APC Data Service;c:\program files (x86)\APC\APC PowerChute Personal Edition\dataserv.exe [2010-09-14 21880]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-06-16 249648]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-01-12 810144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 191000]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [x]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [x]
S3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [x]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [x]
S3 LVUVC64;Logitech QuickCam Fusion(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-729793638-3718837368-4036640313-1000Core.job
- c:\users\Doctor\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-06 23:07]
.
2012-05-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-729793638-3718837368-4036640313-1000UA.job
- c:\users\Doctor\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-06 23:07]
.
2012-05-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-729793638-3718837368-4036640313-1000Core.job
- c:\users\Doctor\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-10 05:32]
.
2012-05-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-729793638-3718837368-4036640313-1000UA.job
- c:\users\Doctor\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-10 05:32]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-05-09 11821160]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2918656]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-26 2782096]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-01-21 123400]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-06-23 1744152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 24.116.2.50 24.116.2.34
FF - ProfilePath - c:\users\Doctor\AppData\Roaming\Mozilla\Firefox\Profiles\shctpsv3.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.excite.com/|http://www.pcqanda.com/dc/dcboard.php?az=show_topics&forum=2|http://www.google.com/ig|http://www.wrh.noaa.gov/fgz/|http://www.giveawayoftheday.com/|about:blank
FF - prefs.js: network.proxy.http - 158.203.31.128
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.type - 0
FF - user.js: capability.policy.policynames - allowclipboard
FF - user.js: capability.policy.allowclipboard.sites - hxxp://e13.email.excite.com
FF - user.js: capability.policy.allowclipboard.Clipboard.cutcopy - allAccess
FF - user.js: capability.policy.allowclipboard.Clipboard.paste - allAccess
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-729793638-3718837368-4036640313-1000\¬ u*0*]
@Allowed: (Read) (RestrictedCode)
DUMPHIVE0.003 (REGF)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
c:\program files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
c:\program files (x86)\APC\APC PowerChute Personal Edition\apcsystray.exe
c:\program files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-05-19 19:52:51 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-20 02:52
.
Pre-Run: 423,213,240,320 bytes free
Post-Run: 423,729,147,904 bytes free
.
- - End Of File - - 56ED599D304C0D4262750E4853AFDFBE


Computer seems to be working normally. We haven't experienced the Windows 2012 Antivirus warning today (we did Friday night). No problems running Combofix.

What's the likely prognosis?

Thank you again, Gringo!

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:09 PM

Posted 19 May 2012 - 10:16 PM

Greetings

So far things look good. Did you do anything between friday and now?

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Jeff Franklin

Jeff Franklin
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:09 PM

Posted 19 May 2012 - 10:50 PM

I did three things Friday evening.

First, I did some manual searching for files (turning on the setting to show all files, folders, and drives and turning off the setting to hide protected operating system files) and registry entries commonly associated with Windows Antivirus 2012. I didn't find any.

Second, I downloaded and installed the newest version of Malwarebytes. I then updated Malwarebytes with the latest definitions. Then I ran a full scan. It only found one folder (C:\Users\[My User Account Name]\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com), which was empty anyway. It deleted the folder.

The third thing I did was to delete Internet Explorer's temporary files and Firefox's cache.

Then today, I decided to ask for a professional's opinion. That's when I came here and you started to give me great assistance (thank you).





Here are the results from tdsskiller:

20:29:10.0463 8964 TDSS rootkit removing tool 2.7.35.0 May 16 2012 07:37:57
20:29:10.0807 8964 ============================================================
20:29:10.0807 8964 Current date / time: 2012/05/19 20:29:10.0807
20:29:10.0807 8964 SystemInfo:
20:29:10.0807 8964
20:29:10.0807 8964 OS Version: 6.1.7601 ServicePack: 1.0
20:29:10.0807 8964 Product type: Workstation
20:29:10.0807 8964 ComputerName: CORE-I5-2500K
20:29:10.0807 8964 UserName: Doctor
20:29:10.0807 8964 Windows directory: C:\Windows
20:29:10.0807 8964 System windows directory: C:\Windows
20:29:10.0807 8964 Running under WOW64
20:29:10.0807 8964 Processor architecture: Intel x64
20:29:10.0807 8964 Number of processors: 4
20:29:10.0807 8964 Page size: 0x1000
20:29:10.0807 8964 Boot type: Normal boot
20:29:10.0807 8964 ============================================================
20:29:11.0478 8964 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:29:11.0478 8964 Drive \Device\Harddisk1\DR1 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x540BE, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000040
20:29:11.0480 8964 ============================================================
20:29:11.0480 8964 \Device\Harddisk0\DR0:
20:29:11.0480 8964 MBR partitions:
20:29:11.0480 8964 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x8DFE2F5
20:29:11.0480 8964 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x8DFE373, BlocksNum 0x61A7927
20:29:11.0480 8964 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xEFA5CD9, BlocksNum 0x7148223
20:29:11.0480 8964 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x160EDF3B, BlocksNum 0x70D6646
20:29:11.0480 8964 \Device\Harddisk1\DR1:
20:29:11.0480 8964 MBR partitions:
20:29:11.0480 8964 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:29:11.0480 8964 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3D05D800
20:29:11.0480 8964 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x3D090000, BlocksNum 0x1A4B5000
20:29:11.0480 8964 ============================================================
20:29:11.0509 8964 C: <-> \Device\Harddisk1\DR1\Partition1
20:29:11.0522 8964 D: <-> \Device\Harddisk1\DR1\Partition2
20:29:11.0523 8964 E: <-> \Device\Harddisk0\DR0\Partition0
20:29:11.0524 8964 F: <-> \Device\Harddisk0\DR0\Partition1
20:29:11.0524 8964 G: <-> \Device\Harddisk0\DR0\Partition2
20:29:11.0525 8964 H: <-> \Device\Harddisk0\DR0\Partition3
20:29:11.0525 8964 ============================================================
20:29:11.0525 8964 Initialize success
20:29:11.0525 8964 ============================================================
20:29:20.0542 1584 ============================================================
20:29:20.0542 1584 Scan started
20:29:20.0542 1584 Mode: Manual;
20:29:20.0542 1584 ============================================================
20:29:21.0213 1584 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
20:29:21.0229 1584 1394ohci - ok
20:29:21.0244 1584 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
20:29:21.0244 1584 ACPI - ok
20:29:21.0260 1584 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
20:29:21.0260 1584 AcpiPmi - ok
20:29:21.0338 1584 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:29:21.0338 1584 AdobeARMservice - ok
20:29:21.0369 1584 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
20:29:21.0369 1584 adp94xx - ok
20:29:21.0385 1584 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
20:29:21.0416 1584 adpahci - ok
20:29:21.0432 1584 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
20:29:21.0432 1584 adpu320 - ok
20:29:21.0447 1584 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
20:29:21.0447 1584 AeLookupSvc - ok
20:29:21.0494 1584 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
20:29:21.0494 1584 AFD - ok
20:29:21.0510 1584 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
20:29:21.0510 1584 agp440 - ok
20:29:21.0510 1584 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
20:29:21.0525 1584 ALG - ok
20:29:21.0525 1584 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
20:29:21.0525 1584 aliide - ok
20:29:21.0572 1584 AMD External Events Utility (0bde3222789749571c3d706f0181203d) C:\Windows\system32\atiesrxx.exe
20:29:21.0572 1584 AMD External Events Utility - ok
20:29:21.0588 1584 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
20:29:21.0588 1584 amdide - ok
20:29:21.0588 1584 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
20:29:21.0588 1584 AmdK8 - ok
20:29:21.0837 1584 amdkmdag (75bbd04f450ce109031a215fd4ec667a) C:\Windows\system32\DRIVERS\atikmdag.sys
20:29:21.0884 1584 amdkmdag - ok
20:29:21.0915 1584 amdkmdap (adb8ee976ce4a47c54d39f2581593c03) C:\Windows\system32\DRIVERS\atikmpag.sys
20:29:21.0915 1584 amdkmdap - ok
20:29:21.0915 1584 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
20:29:21.0931 1584 AmdPPM - ok
20:29:21.0946 1584 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
20:29:21.0946 1584 amdsata - ok
20:29:21.0962 1584 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
20:29:21.0962 1584 amdsbs - ok
20:29:21.0978 1584 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
20:29:21.0978 1584 amdxata - ok
20:29:22.0009 1584 APC Data Service (378a326ba649e01aac767355aab9e90c) C:\Program Files (x86)\APC\APC PowerChute Personal Edition\dataserv.exe
20:29:22.0009 1584 APC Data Service - ok
20:29:22.0040 1584 APC UPS Service (84a1a403d2dd63ef941674cc87ff503c) C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
20:29:22.0040 1584 APC UPS Service - ok
20:29:22.0056 1584 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
20:29:22.0056 1584 AppID - ok
20:29:22.0071 1584 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
20:29:22.0071 1584 AppIDSvc - ok
20:29:22.0087 1584 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
20:29:22.0087 1584 Appinfo - ok
20:29:22.0149 1584 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:29:22.0149 1584 Apple Mobile Device - ok
20:29:22.0180 1584 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
20:29:22.0180 1584 AppMgmt - ok
20:29:22.0196 1584 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
20:29:22.0196 1584 arc - ok
20:29:22.0196 1584 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
20:29:22.0196 1584 arcsas - ok
20:29:22.0212 1584 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:29:22.0212 1584 AsyncMac - ok
20:29:22.0227 1584 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
20:29:22.0227 1584 atapi - ok
20:29:22.0243 1584 AtiHDAudioService (cbd14f698def12ee3557604b726cb8eb) C:\Windows\system32\drivers\AtihdW76.sys
20:29:22.0243 1584 AtiHDAudioService - ok
20:29:22.0274 1584 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:29:22.0274 1584 AudioEndpointBuilder - ok
20:29:22.0274 1584 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:29:22.0290 1584 AudioSrv - ok
20:29:22.0290 1584 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
20:29:22.0290 1584 AxInstSV - ok
20:29:22.0321 1584 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
20:29:22.0321 1584 b06bdrv - ok
20:29:22.0336 1584 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:29:22.0336 1584 b57nd60a - ok
20:29:22.0383 1584 BBSvc (2ed050291bc1d7f9e322e328db3aaecf) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
20:29:22.0383 1584 BBSvc - ok
20:29:22.0414 1584 BBUpdate (785de7abda13309d6065305542829e76) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
20:29:22.0414 1584 BBUpdate - ok
20:29:22.0430 1584 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
20:29:22.0430 1584 BDESVC - ok
20:29:22.0446 1584 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:29:22.0446 1584 Beep - ok
20:29:22.0492 1584 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
20:29:22.0492 1584 BFE - ok
20:29:22.0539 1584 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
20:29:22.0539 1584 BITS - ok
20:29:22.0539 1584 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:29:22.0539 1584 blbdrive - ok
20:29:22.0617 1584 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
20:29:22.0617 1584 Bonjour Service - ok
20:29:22.0633 1584 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
20:29:22.0648 1584 bowser - ok
20:29:22.0664 1584 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
20:29:22.0664 1584 BrFiltLo - ok
20:29:22.0680 1584 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
20:29:22.0680 1584 BrFiltUp - ok
20:29:22.0680 1584 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
20:29:22.0695 1584 BridgeMP - ok
20:29:22.0695 1584 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
20:29:22.0711 1584 Browser - ok
20:29:22.0726 1584 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:29:22.0726 1584 Brserid - ok
20:29:22.0726 1584 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:29:22.0726 1584 BrSerWdm - ok
20:29:22.0726 1584 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:29:22.0726 1584 BrUsbMdm - ok
20:29:22.0742 1584 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:29:22.0742 1584 BrUsbSer - ok
20:29:22.0758 1584 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
20:29:22.0758 1584 BTHMODEM - ok
20:29:22.0758 1584 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
20:29:22.0758 1584 bthserv - ok
20:29:22.0758 1584 catchme - ok
20:29:22.0773 1584 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:29:22.0773 1584 cdfs - ok
20:29:22.0773 1584 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
20:29:22.0773 1584 cdrom - ok
20:29:22.0789 1584 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:29:22.0789 1584 CertPropSvc - ok
20:29:22.0789 1584 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
20:29:22.0789 1584 circlass - ok
20:29:22.0820 1584 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:29:22.0836 1584 CLFS - ok
20:29:22.0867 1584 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:29:22.0867 1584 clr_optimization_v2.0.50727_32 - ok
20:29:22.0882 1584 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:29:22.0898 1584 clr_optimization_v2.0.50727_64 - ok
20:29:22.0945 1584 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:29:22.0945 1584 clr_optimization_v4.0.30319_32 - ok
20:29:22.0960 1584 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:29:22.0960 1584 clr_optimization_v4.0.30319_64 - ok
20:29:22.0976 1584 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
20:29:22.0976 1584 CmBatt - ok
20:29:22.0976 1584 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
20:29:22.0992 1584 cmdide - ok
20:29:23.0023 1584 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
20:29:23.0038 1584 CNG - ok
20:29:23.0038 1584 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
20:29:23.0038 1584 Compbatt - ok
20:29:23.0038 1584 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
20:29:23.0054 1584 CompositeBus - ok
20:29:23.0054 1584 COMSysApp - ok
20:29:23.0070 1584 cpuz135 (262969a3fab32b9e17e63e2d17a57744) C:\Windows\system32\drivers\cpuz135_x64.sys
20:29:23.0070 1584 cpuz135 - ok
20:29:23.0085 1584 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
20:29:23.0085 1584 crcdisk - ok
20:29:23.0101 1584 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
20:29:23.0101 1584 CryptSvc - ok
20:29:23.0132 1584 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
20:29:23.0132 1584 CSC - ok
20:29:23.0179 1584 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
20:29:23.0179 1584 CscService - ok
20:29:23.0210 1584 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:29:23.0210 1584 DcomLaunch - ok
20:29:23.0226 1584 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
20:29:23.0226 1584 defragsvc - ok
20:29:23.0272 1584 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
20:29:23.0272 1584 DfsC - ok
20:29:23.0288 1584 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
20:29:23.0288 1584 Dhcp - ok
20:29:23.0288 1584 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:29:23.0319 1584 discache - ok
20:29:23.0335 1584 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
20:29:23.0335 1584 Disk - ok
20:29:23.0335 1584 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
20:29:23.0335 1584 dmvsc - ok
20:29:23.0366 1584 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
20:29:23.0366 1584 Dnscache - ok
20:29:23.0382 1584 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
20:29:23.0382 1584 dot3svc - ok
20:29:23.0397 1584 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
20:29:23.0397 1584 DPS - ok
20:29:23.0413 1584 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:29:23.0413 1584 drmkaud - ok
20:29:23.0444 1584 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
20:29:23.0460 1584 DXGKrnl - ok
20:29:23.0475 1584 eamonm (aca3fe4f18a945b7bf2618a79f6f670b) C:\Windows\system32\DRIVERS\eamonm.sys
20:29:23.0475 1584 eamonm - ok
20:29:23.0491 1584 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
20:29:23.0491 1584 EapHost - ok
20:29:23.0584 1584 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
20:29:23.0600 1584 ebdrv - ok
20:29:23.0678 1584 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
20:29:23.0678 1584 EFS - ok
20:29:23.0694 1584 ehdrv (6672438bdcbfd87250d22112d458294d) C:\Windows\system32\DRIVERS\ehdrv.sys
20:29:23.0709 1584 ehdrv - ok
20:29:23.0756 1584 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
20:29:23.0772 1584 ehRecvr - ok
20:29:23.0772 1584 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
20:29:23.0787 1584 ehSched - ok
20:29:23.0818 1584 EhttpSrv (deb2b067745d92ff17a5068dfd2360bc) C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
20:29:23.0818 1584 EhttpSrv - ok
20:29:23.0850 1584 ekrn (191d8eccc40f05b52fac0513f35ba01d) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
20:29:23.0865 1584 ekrn - ok
20:29:23.0912 1584 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
20:29:23.0912 1584 elxstor - ok
20:29:23.0928 1584 epfwwfpr (954fade8e59f159b0a71d0cfcc99a76e) C:\Windows\system32\DRIVERS\epfwwfpr.sys
20:29:23.0928 1584 epfwwfpr - ok
20:29:23.0928 1584 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
20:29:23.0943 1584 ErrDev - ok
20:29:23.0959 1584 EtronHub3 (72eccb2f5c9cfc32a9b2a60933832501) C:\Windows\system32\Drivers\EtronHub3.sys
20:29:23.0959 1584 EtronHub3 - ok
20:29:23.0974 1584 EtronXHCI (7bb310f6fb9e1b9d21dd2ce7eb0d5464) C:\Windows\system32\Drivers\EtronXHCI.sys
20:29:23.0974 1584 EtronXHCI - ok
20:29:23.0990 1584 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
20:29:24.0006 1584 EventSystem - ok
20:29:24.0006 1584 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:29:24.0006 1584 exfat - ok
20:29:24.0021 1584 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:29:24.0021 1584 fastfat - ok
20:29:24.0052 1584 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
20:29:24.0052 1584 Fax - ok
20:29:24.0052 1584 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
20:29:24.0068 1584 fdc - ok
20:29:24.0068 1584 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
20:29:24.0068 1584 fdPHost - ok
20:29:24.0084 1584 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
20:29:24.0084 1584 FDResPub - ok
20:29:24.0084 1584 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:29:24.0099 1584 FileInfo - ok
20:29:24.0099 1584 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:29:24.0115 1584 Filetrace - ok
20:29:24.0115 1584 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
20:29:24.0115 1584 flpydisk - ok
20:29:24.0130 1584 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
20:29:24.0146 1584 FltMgr - ok
20:29:24.0193 1584 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
20:29:24.0208 1584 FontCache - ok
20:29:24.0224 1584 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:29:24.0224 1584 FontCache3.0.0.0 - ok
20:29:24.0224 1584 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:29:24.0240 1584 FsDepends - ok
20:29:24.0255 1584 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
20:29:24.0255 1584 Fs_Rec - ok
20:29:24.0318 1584 Futuremark SystemInfo Service (79b4cde2b69ed8ba4011859780a66a4d) C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
20:29:24.0318 1584 Futuremark SystemInfo Service - ok
20:29:24.0333 1584 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:29:24.0333 1584 fvevol - ok
20:29:24.0349 1584 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
20:29:24.0349 1584 gagp30kx - ok
20:29:24.0364 1584 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:29:24.0364 1584 GEARAspiWDM - ok
20:29:24.0396 1584 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
20:29:24.0411 1584 gpsvc - ok
20:29:24.0411 1584 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:29:24.0411 1584 hcw85cir - ok
20:29:24.0442 1584 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
20:29:24.0442 1584 HdAudAddService - ok
20:29:24.0458 1584 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:29:24.0458 1584 HDAudBus - ok
20:29:24.0474 1584 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
20:29:24.0489 1584 HidBatt - ok
20:29:24.0567 1584 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
20:29:24.0583 1584 HidBth - ok
20:29:24.0598 1584 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
20:29:24.0598 1584 HidIr - ok
20:29:24.0598 1584 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
20:29:24.0598 1584 hidserv - ok
20:29:24.0614 1584 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
20:29:24.0614 1584 HidUsb - ok
20:29:24.0630 1584 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
20:29:24.0630 1584 hkmsvc - ok
20:29:24.0645 1584 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
20:29:24.0645 1584 HomeGroupListener - ok
20:29:24.0676 1584 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
20:29:24.0676 1584 HomeGroupProvider - ok
20:29:24.0692 1584 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
20:29:24.0692 1584 HpSAMD - ok
20:29:24.0723 1584 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
20:29:24.0723 1584 HTTP - ok
20:29:24.0739 1584 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
20:29:24.0739 1584 hwpolicy - ok
20:29:24.0739 1584 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
20:29:24.0739 1584 i8042prt - ok
20:29:24.0770 1584 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
20:29:24.0770 1584 iaStorV - ok
20:29:24.0832 1584 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:29:24.0832 1584 idsvc - ok
20:29:24.0848 1584 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
20:29:24.0848 1584 iirsp - ok
20:29:24.0879 1584 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
20:29:24.0879 1584 IKEEXT - ok
20:29:25.0004 1584 IntcAzAudAddService (8f6ed52134ebb4ce2953ec37c9275497) C:\Windows\system32\drivers\RTKVHD64.sys
20:29:25.0020 1584 IntcAzAudAddService - ok
20:29:25.0082 1584 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
20:29:25.0082 1584 intelide - ok
20:29:25.0082 1584 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:29:25.0082 1584 intelppm - ok
20:29:25.0098 1584 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
20:29:25.0113 1584 IPBusEnum - ok
20:29:25.0113 1584 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:29:25.0113 1584 IpFilterDriver - ok
20:29:25.0144 1584 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
20:29:25.0144 1584 iphlpsvc - ok
20:29:25.0160 1584 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
20:29:25.0160 1584 IPMIDRV - ok
20:29:25.0176 1584 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:29:25.0176 1584 IPNAT - ok
20:29:25.0222 1584 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
20:29:25.0238 1584 iPod Service - ok
20:29:25.0254 1584 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:29:25.0254 1584 IRENUM - ok
20:29:25.0254 1584 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
20:29:25.0254 1584 isapnp - ok
20:29:25.0269 1584 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
20:29:25.0269 1584 iScsiPrt - ok
20:29:25.0285 1584 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
20:29:25.0285 1584 kbdclass - ok
20:29:25.0285 1584 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
20:29:25.0285 1584 kbdhid - ok
20:29:25.0316 1584 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:29:25.0316 1584 KeyIso - ok
20:29:25.0316 1584 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
20:29:25.0332 1584 KSecDD - ok
20:29:25.0347 1584 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
20:29:25.0347 1584 KSecPkg - ok
20:29:25.0363 1584 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:29:25.0378 1584 ksthunk - ok
20:29:25.0394 1584 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
20:29:25.0394 1584 KtmRm - ok
20:29:25.0425 1584 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
20:29:25.0425 1584 LanmanServer - ok
20:29:25.0441 1584 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
20:29:25.0441 1584 LanmanWorkstation - ok
20:29:25.0503 1584 LBTServ (19eff704cd16dd0429e128431f1dd631) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
20:29:25.0519 1584 LBTServ - ok
20:29:25.0534 1584 LHidFilt (1074c77a47835e03c15bf92452f9a750) C:\Windows\system32\DRIVERS\LHidFilt.Sys
20:29:25.0534 1584 LHidFilt - ok
20:29:25.0550 1584 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:29:25.0550 1584 lltdio - ok
20:29:25.0566 1584 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
20:29:25.0566 1584 lltdsvc - ok
20:29:25.0581 1584 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
20:29:25.0581 1584 lmhosts - ok
20:29:25.0597 1584 LMouFilt (96999c364c649e2866a268f7420a304a) C:\Windows\system32\DRIVERS\LMouFilt.Sys
20:29:25.0597 1584 LMouFilt - ok
20:29:25.0644 1584 LMS (0803906d607a9b83184447b75b60ecc2) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
20:29:25.0644 1584 LMS - ok
20:29:25.0659 1584 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
20:29:25.0659 1584 LSI_FC - ok
20:29:25.0675 1584 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
20:29:25.0675 1584 LSI_SAS - ok
20:29:25.0675 1584 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
20:29:25.0675 1584 LSI_SAS2 - ok
20:29:25.0690 1584 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
20:29:25.0690 1584 LSI_SCSI - ok
20:29:25.0706 1584 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:29:25.0706 1584 luafv - ok
20:29:25.0800 1584 lvpopf64 (ce6e5146039d248feb991fbc9e2b6a7b) C:\Windows\system32\DRIVERS\lvpopf64.sys
20:29:25.0800 1584 lvpopf64 - ok
20:29:25.0878 1584 LVPr2M64 (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys
20:29:25.0878 1584 LVPr2M64 - ok
20:29:25.0878 1584 LVPr2Mon (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys
20:29:25.0878 1584 LVPr2Mon - ok
20:29:25.0924 1584 LVPrcS64 (a35679e56e78091e1042a2d7adbf2958) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
20:29:25.0924 1584 LVPrcS64 - ok
20:29:25.0940 1584 LVUSBS64 (6d5ea90f86f9b28cd44af6ba9be03bf9) C:\Windows\system32\drivers\LVUSBS64.sys
20:29:25.0940 1584 LVUSBS64 - ok
20:29:26.0065 1584 LVUVC64 (eb12688842ede30c843a123fa6855858) C:\Windows\system32\DRIVERS\lvuvc64.sys
20:29:26.0096 1584 LVUVC64 - ok
20:29:26.0127 1584 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
20:29:26.0127 1584 Mcx2Svc - ok
20:29:26.0158 1584 MDM (7cf1b716372b89568ae4c0fe769f5869) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
20:29:26.0174 1584 MDM - ok
20:29:26.0174 1584 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
20:29:26.0174 1584 megasas - ok
20:29:26.0190 1584 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
20:29:26.0190 1584 MegaSR - ok
20:29:26.0205 1584 MEIx64 (1c6e73fc46b509eff9d0086aa37132df) C:\Windows\system32\DRIVERS\HECIx64.sys
20:29:26.0205 1584 MEIx64 - ok
20:29:26.0236 1584 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:29:26.0236 1584 MMCSS - ok
20:29:26.0252 1584 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:29:26.0252 1584 Modem - ok
20:29:26.0268 1584 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:29:26.0268 1584 monitor - ok
20:29:26.0283 1584 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
20:29:26.0283 1584 mouclass - ok
20:29:26.0283 1584 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:29:26.0283 1584 mouhid - ok
20:29:26.0299 1584 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
20:29:26.0299 1584 mountmgr - ok
20:29:26.0330 1584 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:29:26.0330 1584 MozillaMaintenance - ok
20:29:26.0346 1584 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
20:29:26.0346 1584 mpio - ok
20:29:26.0361 1584 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:29:26.0361 1584 mpsdrv - ok
20:29:26.0392 1584 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
20:29:26.0408 1584 MpsSvc - ok
20:29:26.0408 1584 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
20:29:26.0424 1584 MRxDAV - ok
20:29:26.0439 1584 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:29:26.0439 1584 mrxsmb - ok
20:29:26.0470 1584 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:29:26.0470 1584 mrxsmb10 - ok
20:29:26.0502 1584 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:29:26.0502 1584 mrxsmb20 - ok
20:29:26.0502 1584 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
20:29:26.0502 1584 msahci - ok
20:29:26.0502 1584 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
20:29:26.0517 1584 msdsm - ok
20:29:26.0517 1584 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
20:29:26.0517 1584 MSDTC - ok
20:29:26.0533 1584 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:29:26.0533 1584 Msfs - ok
20:29:26.0548 1584 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:29:26.0548 1584 mshidkmdf - ok
20:29:26.0548 1584 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
20:29:26.0548 1584 msisadrv - ok
20:29:26.0580 1584 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
20:29:26.0580 1584 MSiSCSI - ok
20:29:26.0580 1584 msiserver - ok
20:29:26.0595 1584 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:29:26.0595 1584 MSKSSRV - ok
20:29:26.0611 1584 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:29:26.0611 1584 MSPCLOCK - ok
20:29:26.0611 1584 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:29:26.0611 1584 MSPQM - ok
20:29:26.0626 1584 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
20:29:26.0626 1584 MsRPC - ok
20:29:26.0642 1584 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
20:29:26.0642 1584 mssmbios - ok
20:29:26.0642 1584 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:29:26.0642 1584 MSTEE - ok
20:29:26.0658 1584 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
20:29:26.0658 1584 MTConfig - ok
20:29:26.0673 1584 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:29:26.0673 1584 Mup - ok
20:29:26.0704 1584 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
20:29:26.0704 1584 napagent - ok
20:29:26.0736 1584 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:29:26.0736 1584 NativeWifiP - ok
20:29:26.0798 1584 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
20:29:26.0798 1584 NDIS - ok
20:29:26.0814 1584 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:29:26.0814 1584 NdisCap - ok
20:29:26.0814 1584 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:29:26.0814 1584 NdisTapi - ok
20:29:26.0829 1584 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
20:29:26.0829 1584 Ndisuio - ok
20:29:26.0845 1584 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
20:29:26.0860 1584 NdisWan - ok
20:29:26.0860 1584 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
20:29:26.0876 1584 NDProxy - ok
20:29:26.0892 1584 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:29:26.0892 1584 NetBIOS - ok
20:29:26.0907 1584 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
20:29:26.0907 1584 NetBT - ok
20:29:26.0923 1584 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:29:26.0938 1584 Netlogon - ok
20:29:26.0954 1584 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
20:29:26.0970 1584 Netman - ok
20:29:26.0985 1584 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
20:29:26.0985 1584 netprofm - ok
20:29:27.0048 1584 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:29:27.0048 1584 NetTcpPortSharing - ok
20:29:27.0063 1584 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
20:29:27.0063 1584 nfrd960 - ok
20:29:27.0079 1584 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
20:29:27.0079 1584 NlaSvc - ok
20:29:27.0094 1584 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:29:27.0094 1584 Npfs - ok
20:29:27.0094 1584 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
20:29:27.0094 1584 nsi - ok
20:29:27.0110 1584 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:29:27.0110 1584 nsiproxy - ok
20:29:27.0172 1584 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
20:29:27.0188 1584 Ntfs - ok
20:29:27.0266 1584 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:29:27.0266 1584 Null - ok
20:29:27.0297 1584 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
20:29:27.0297 1584 nvraid - ok
20:29:27.0328 1584 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
20:29:27.0328 1584 nvstor - ok
20:29:27.0344 1584 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
20:29:27.0344 1584 nv_agp - ok
20:29:27.0422 1584 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:29:27.0422 1584 odserv - ok
20:29:27.0438 1584 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
20:29:27.0438 1584 ohci1394 - ok
20:29:27.0453 1584 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:29:27.0453 1584 ose - ok
20:29:27.0500 1584 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:29:27.0516 1584 p2pimsvc - ok
20:29:27.0531 1584 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
20:29:27.0531 1584 p2psvc - ok
20:29:27.0531 1584 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
20:29:27.0531 1584 Parport - ok
20:29:27.0562 1584 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
20:29:27.0562 1584 partmgr - ok
20:29:27.0578 1584 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
20:29:27.0578 1584 PcaSvc - ok
20:29:27.0594 1584 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
20:29:27.0625 1584 pci - ok
20:29:27.0625 1584 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
20:29:27.0640 1584 pciide - ok
20:29:27.0640 1584 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
20:29:27.0640 1584 pcmcia - ok
20:29:27.0640 1584 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:29:27.0640 1584 pcw - ok
20:29:27.0672 1584 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:29:27.0672 1584 PEAUTH - ok
20:29:27.0734 1584 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
20:29:27.0750 1584 PeerDistSvc - ok
20:29:27.0796 1584 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
20:29:27.0796 1584 PerfHost - ok
20:29:27.0874 1584 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
20:29:27.0890 1584 pla - ok
20:29:27.0937 1584 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
20:29:27.0937 1584 PlugPlay - ok
20:29:27.0952 1584 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
20:29:27.0952 1584 PNRPAutoReg - ok
20:29:27.0968 1584 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:29:27.0968 1584 PNRPsvc - ok
20:29:27.0999 1584 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
20:29:27.0999 1584 PolicyAgent - ok
20:29:28.0030 1584 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
20:29:28.0030 1584 Power - ok
20:29:28.0046 1584 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
20:29:28.0077 1584 PptpMiniport - ok
20:29:28.0077 1584 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
20:29:28.0093 1584 Processor - ok
20:29:28.0108 1584 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
20:29:28.0124 1584 ProfSvc - ok
20:29:28.0124 1584 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:29:28.0124 1584 ProtectedStorage - ok
20:29:28.0140 1584 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
20:29:28.0155 1584 Psched - ok
20:29:28.0186 1584 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
20:29:28.0202 1584 ql2300 - ok
20:29:28.0233 1584 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
20:29:28.0233 1584 ql40xx - ok
20:29:28.0264 1584 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
20:29:28.0264 1584 QWAVE - ok
20:29:28.0264 1584 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:29:28.0264 1584 QWAVEdrv - ok
20:29:28.0280 1584 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:29:28.0280 1584 RasAcd - ok
20:29:28.0296 1584 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:29:28.0296 1584 RasAgileVpn - ok
20:29:28.0311 1584 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
20:29:28.0311 1584 RasAuto - ok
20:29:28.0327 1584 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:29:28.0327 1584 Rasl2tp - ok
20:29:28.0342 1584 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
20:29:28.0342 1584 RasMan - ok
20:29:28.0358 1584 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:29:28.0358 1584 RasPppoe - ok
20:29:28.0374 1584 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:29:28.0389 1584 RasSstp - ok
20:29:28.0405 1584 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
20:29:28.0405 1584 rdbss - ok
20:29:28.0405 1584 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:29:28.0405 1584 rdpbus - ok
20:29:28.0420 1584 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:29:28.0420 1584 RDPCDD - ok
20:29:28.0436 1584 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
20:29:28.0436 1584 RDPDR - ok
20:29:28.0436 1584 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:29:28.0436 1584 RDPENCDD - ok
20:29:28.0436 1584 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:29:28.0436 1584 RDPREFMP - ok
20:29:28.0467 1584 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
20:29:28.0467 1584 RDPWD - ok
20:29:28.0483 1584 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
20:29:28.0483 1584 rdyboost - ok
20:29:28.0483 1584 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
20:29:28.0483 1584 RemoteAccess - ok
20:29:28.0498 1584 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
20:29:28.0498 1584 RemoteRegistry - ok
20:29:28.0514 1584 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
20:29:28.0514 1584 RpcEptMapper - ok
20:29:28.0530 1584 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
20:29:28.0530 1584 RpcLocator - ok
20:29:28.0545 1584 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:29:28.0545 1584 RpcSs - ok
20:29:28.0561 1584 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:29:28.0561 1584 rspndr - ok
20:29:28.0592 1584 RTL8167 (6d3c7e7d82d3dc92dc2a8b0df9f20f8a) C:\Windows\system32\DRIVERS\Rt64win7.sys
20:29:28.0592 1584 RTL8167 - ok
20:29:28.0608 1584 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
20:29:28.0608 1584 s3cap - ok
20:29:28.0608 1584 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:29:28.0608 1584 SamSs - ok
20:29:28.0608 1584 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
20:29:28.0608 1584 sbp2port - ok
20:29:28.0623 1584 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
20:29:28.0623 1584 SCardSvr - ok
20:29:28.0639 1584 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
20:29:28.0639 1584 scfilter - ok
20:29:28.0670 1584 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
20:29:28.0686 1584 Schedule - ok
20:29:28.0686 1584 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:29:28.0686 1584 SCPolicySvc - ok
20:29:28.0701 1584 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
20:29:28.0701 1584 SDRSVC - ok
20:29:28.0717 1584 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:29:28.0717 1584 secdrv - ok
20:29:28.0732 1584 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
20:29:28.0732 1584 seclogon - ok
20:29:28.0748 1584 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
20:29:28.0748 1584 SENS - ok
20:29:28.0748 1584 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
20:29:28.0748 1584 SensrSvc - ok
20:29:28.0764 1584 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
20:29:28.0764 1584 Serenum - ok
20:29:28.0764 1584 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
20:29:28.0764 1584 Serial - ok
20:29:28.0779 1584 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
20:29:28.0779 1584 sermouse - ok
20:29:28.0779 1584 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
20:29:28.0779 1584 SessionEnv - ok
20:29:28.0795 1584 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
20:29:28.0795 1584 sffdisk - ok
20:29:28.0810 1584 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
20:29:28.0810 1584 sffp_mmc - ok
20:29:28.0810 1584 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
20:29:28.0810 1584 sffp_sd - ok
20:29:28.0810 1584 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
20:29:28.0810 1584 sfloppy - ok
20:29:28.0842 1584 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
20:29:28.0842 1584 SharedAccess - ok
20:29:28.0857 1584 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
20:29:28.0857 1584 ShellHWDetection - ok
20:29:28.0888 1584 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
20:29:28.0888 1584 SiSRaid2 - ok
20:29:28.0888 1584 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
20:29:28.0888 1584 SiSRaid4 - ok
20:29:28.0888 1584 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:29:28.0904 1584 Smb - ok
20:29:28.0920 1584 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
20:29:28.0920 1584 SNMPTRAP - ok
20:29:28.0920 1584 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:29:28.0935 1584 spldr - ok
20:29:28.0966 1584 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
20:29:28.0966 1584 Spooler - ok
20:29:29.0076 1584 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
20:29:29.0091 1584 sppsvc - ok
20:29:29.0154 1584 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
20:29:29.0169 1584 sppuinotify - ok
20:29:29.0216 1584 sptd (34f974f8b3c86de03a30dcbe79091c97) C:\Windows\System32\Drivers\sptd.sys
20:29:29.0216 1584 sptd - ok
20:29:29.0263 1584 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
20:29:29.0263 1584 srv - ok
20:29:29.0278 1584 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
20:29:29.0278 1584 srv2 - ok
20:29:29.0294 1584 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
20:29:29.0294 1584 srvnet - ok
20:29:29.0325 1584 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
20:29:29.0325 1584 SSDPSRV - ok
20:29:29.0341 1584 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
20:29:29.0341 1584 SstpSvc - ok
20:29:29.0403 1584 StarWindServiceAE (e5c796b621f6fba8616511063d7f0ffe) C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
20:29:29.0403 1584 StarWindServiceAE - ok
20:29:29.0419 1584 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
20:29:29.0419 1584 stexstor - ok
20:29:29.0434 1584 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
20:29:29.0434 1584 StillCam - ok
20:29:29.0466 1584 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
20:29:29.0466 1584 stisvc - ok
20:29:29.0481 1584 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
20:29:29.0481 1584 storflt - ok
20:29:29.0512 1584 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
20:29:29.0512 1584 StorSvc - ok
20:29:29.0512 1584 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
20:29:29.0544 1584 storvsc - ok
20:29:29.0544 1584 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
20:29:29.0544 1584 swenum - ok
20:29:29.0606 1584 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
20:29:29.0606 1584 swprv - ok
20:29:29.0715 1584 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
20:29:29.0731 1584 SysMain - ok
20:29:29.0762 1584 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
20:29:29.0762 1584 TabletInputService - ok
20:29:29.0778 1584 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
20:29:29.0778 1584 TapiSrv - ok
20:29:29.0793 1584 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
20:29:29.0793 1584 TBS - ok
20:29:29.0887 1584 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
20:29:29.0887 1584 Tcpip - ok
20:29:29.0965 1584 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
20:29:29.0980 1584 TCPIP6 - ok
20:29:30.0012 1584 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
20:29:30.0012 1584 tcpipreg - ok
20:29:30.0012 1584 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:29:30.0012 1584 TDPIPE - ok
20:29:30.0043 1584 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
20:29:30.0043 1584 TDTCP - ok
20:29:30.0058 1584 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
20:29:30.0058 1584 tdx - ok
20:29:30.0058 1584 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
20:29:30.0058 1584 TermDD - ok
20:29:30.0090 1584 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
20:29:30.0105 1584 TermService - ok
20:29:30.0105 1584 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
20:29:30.0121 1584 Themes - ok
20:29:30.0121 1584 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:29:30.0121 1584 THREADORDER - ok
20:29:30.0136 1584 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
20:29:30.0136 1584 TrkWks - ok
20:29:30.0168 1584 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
20:29:30.0168 1584 TrustedInstaller - ok
20:29:30.0183 1584 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:29:30.0183 1584 tssecsrv - ok
20:29:30.0199 1584 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
20:29:30.0199 1584 TsUsbFlt - ok
20:29:30.0199 1584 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
20:29:30.0199 1584 TsUsbGD - ok
20:29:30.0214 1584 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
20:29:30.0214 1584 tunnel - ok
20:29:30.0214 1584 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
20:29:30.0214 1584 uagp35 - ok
20:29:30.0246 1584 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
20:29:30.0246 1584 udfs - ok
20:29:30.0261 1584 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
20:29:30.0261 1584 UI0Detect - ok
20:29:30.0261 1584 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
20:29:30.0261 1584 uliagpkx - ok
20:29:30.0261 1584 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
20:29:30.0277 1584 umbus - ok
20:29:30.0277 1584 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
20:29:30.0277 1584 UmPass - ok
20:29:30.0292 1584 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
20:29:30.0292 1584 UmRdpService - ok
20:29:30.0417 1584 UNS (eb79c6c91a99930015ef29ae7fa802d1) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
20:29:30.0433 1584 UNS - ok
20:29:30.0464 1584 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
20:29:30.0464 1584 upnphost - ok
20:29:30.0495 1584 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
20:29:30.0495 1584 usbaudio - ok
20:29:30.0511 1584 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
20:29:30.0511 1584 usbccgp - ok
20:29:30.0542 1584 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
20:29:30.0542 1584 usbcir - ok
20:29:30.0558 1584 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
20:29:30.0558 1584 usbehci - ok
20:29:30.0589 1584 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
20:29:30.0589 1584 usbhub - ok
20:29:30.0604 1584 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
20:29:30.0604 1584 usbohci - ok
20:29:30.0620 1584 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
20:29:30.0620 1584 usbprint - ok
20:29:30.0636 1584 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:29:30.0636 1584 USBSTOR - ok
20:29:30.0651 1584 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
20:29:30.0651 1584 usbuhci - ok
20:29:30.0667 1584 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
20:29:30.0667 1584 UxSms - ok
20:29:30.0682 1584 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:29:30.0682 1584 VaultSvc - ok
20:29:30.0698 1584 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
20:29:30.0729 1584 vdrvroot - ok
20:29:30.0760 1584 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
20:29:30.0760 1584 vds - ok
20:29:30.0760 1584 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:29:30.0760 1584 vga - ok
20:29:30.0760 1584 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:29:30.0776 1584 VgaSave - ok
20:29:30.0776 1584 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
20:29:30.0776 1584 vhdmp - ok
20:29:30.0792 1584 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
20:29:30.0792 1584 viaide - ok
20:29:30.0807 1584 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
20:29:30.0807 1584 vmbus - ok
20:29:30.0823 1584 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
20:29:30.0823 1584 VMBusHID - ok
20:29:30.0823 1584 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
20:29:30.0823 1584 volmgr - ok
20:29:30.0854 1584 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
20:29:30.0854 1584 volmgrx - ok
20:29:30.0870 1584 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
20:29:30.0870 1584 volsnap - ok
20:29:30.0885 1584 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
20:29:30.0885 1584 vsmraid - ok
20:29:30.0948 1584 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
20:29:30.0963 1584 VSS - ok
20:29:30.0979 1584 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
20:29:30.0979 1584 vwifibus - ok
20:29:30.0994 1584 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
20:29:31.0010 1584 W32Time - ok
20:29:31.0010 1584 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
20:29:31.0010 1584 WacomPen - ok
20:29:31.0041 1584 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:29:31.0041 1584 WANARP - ok
20:29:31.0041 1584 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:29:31.0041 1584 Wanarpv6 - ok
20:29:31.0119 1584 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
20:29:31.0135 1584 WatAdminSvc - ok
20:29:31.0197 1584 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
20:29:31.0197 1584 wbengine - ok
20:29:31.0244 1584 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
20:29:31.0244 1584 WbioSrvc - ok
20:29:31.0260 1584 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
20:29:31.0275 1584 wcncsvc - ok
20:29:31.0291 1584 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
20:29:31.0291 1584 WcsPlugInService - ok
20:29:31.0291 1584 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
20:29:31.0291 1584 Wd - ok
20:29:31.0322 1584 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:29:31.0322 1584 Wdf01000 - ok
20:29:31.0338 1584 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:29:31.0338 1584 WdiServiceHost - ok
20:29:31.0338 1584 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:29:31.0338 1584 WdiSystemHost - ok
20:29:31.0353 1584 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
20:29:31.0353 1584 WebClient - ok
20:29:31.0369 1584 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
20:29:31.0369 1584 Wecsvc - ok
20:29:31.0384 1584 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
20:29:31.0384 1584 wercplsupport - ok
20:29:31.0400 1584 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
20:29:31.0400 1584 WerSvc - ok
20:29:31.0400 1584 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:29:31.0416 1584 WfpLwf - ok
20:29:31.0416 1584 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:29:31.0416 1584 WIMMount - ok
20:29:31.0431 1584 WinDefend - ok
20:29:31.0431 1584 WinHttpAutoProxySvc - ok
20:29:31.0462 1584 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
20:29:31.0462 1584 Winmgmt - ok
20:29:31.0540 1584 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
20:29:31.0556 1584 WinRM - ok
20:29:31.0603 1584 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
20:29:31.0618 1584 Wlansvc - ok
20:29:31.0728 1584 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:29:31.0743 1584 wlidsvc - ok
20:29:31.0774 1584 WmBEnum (14dc5897bc6c4e03c023ad80abb7f539) C:\Windows\system32\drivers\WmBEnum.sys
20:29:31.0774 1584 WmBEnum - ok
20:29:31.0821 1584 WmFilter (2de0a0cea49972c82c7e9d36bd4c1247) C:\Windows\system32\drivers\WmFilter.sys
20:29:31.0821 1584 WmFilter - ok
20:29:31.0821 1584 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
20:29:31.0837 1584 WmiAcpi - ok
20:29:31.0852 1584 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
20:29:31.0852 1584 wmiApSrv - ok
20:29:31.0868 1584 WMPNetworkSvc - ok
20:29:31.0884 1584 WmVirHid (53c12ae1183f3f7787f1f1835001ccc0) C:\Windows\system32\drivers\WmVirHid.sys
20:29:31.0884 1584 WmVirHid - ok
20:29:31.0884 1584 WmXlCore (c807e470cca24f5e479da4872a7d2121) C:\Windows\system32\drivers\WmXlCore.sys
20:29:31.0884 1584 WmXlCore - ok
20:29:31.0899 1584 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
20:29:31.0899 1584 WPCSvc - ok
20:29:31.0899 1584 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
20:29:31.0915 1584 WPDBusEnum - ok
20:29:31.0915 1584 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:29:31.0915 1584 ws2ifsl - ok
20:29:31.0930 1584 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
20:29:31.0930 1584 wscsvc - ok
20:29:31.0930 1584 WSearch - ok
20:29:32.0024 1584 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
20:29:32.0040 1584 wuauserv - ok
20:29:32.0071 1584 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
20:29:32.0071 1584 WudfPf - ok
20:29:32.0086 1584 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:29:32.0086 1584 WUDFRd - ok
20:29:32.0086 1584 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
20:29:32.0102 1584 wudfsvc - ok
20:29:32.0102 1584 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
20:29:32.0118 1584 WwanSvc - ok
20:29:32.0118 1584 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
20:29:32.0320 1584 \Device\Harddisk0\DR0 - ok
20:29:32.0336 1584 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
20:29:32.0461 1584 \Device\Harddisk1\DR1 - ok
20:29:32.0461 1584 Boot (0x1200) (1badb564e710b9a9451f08be6e4cdb7a) \Device\Harddisk0\DR0\Partition0
20:29:32.0461 1584 \Device\Harddisk0\DR0\Partition0 - ok
20:29:32.0461 1584 Boot (0x1200) (0550ae66737354849cba93eb7ba20382) \Device\Harddisk0\DR0\Partition1
20:29:32.0461 1584 \Device\Harddisk0\DR0\Partition1 - ok
20:29:32.0461 1584 Boot (0x1200) (503b716f4b3673c4d6bbd0f2f4e340b7) \Device\Harddisk0\DR0\Partition2
20:29:32.0461 1584 \Device\Harddisk0\DR0\Partition2 - ok
20:29:32.0476 1584 Boot (0x1200) (98ebda13ee93bc68a948c10942b1aed7) \Device\Harddisk0\DR0\Partition3
20:29:32.0476 1584 \Device\Harddisk0\DR0\Partition3 - ok
20:29:32.0476 1584 Boot (0x1200) (228493558b115baec749f30dd7098349) \Device\Harddisk1\DR1\Partition0
20:29:32.0476 1584 \Device\Harddisk1\DR1\Partition0 - ok
20:29:32.0476 1584 Boot (0x1200) (160a4f9935dbf484f3cda2717c393831) \Device\Harddisk1\DR1\Partition1
20:29:32.0476 1584 \Device\Harddisk1\DR1\Partition1 - ok
20:29:32.0492 1584 Boot (0x1200) (6f3d44d6342a83f8a3b1dc325fddbe81) \Device\Harddisk1\DR1\Partition2
20:29:32.0492 1584 \Device\Harddisk1\DR1\Partition2 - ok
20:29:32.0492 1584 ============================================================
20:29:32.0492 1584 Scan finished
20:29:32.0492 1584 ============================================================
20:29:32.0508 5428 Detected object count: 0
20:29:32.0508 5428 Actual detected object count: 0




And, here are the results from aswMBR:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-19 16:16:17
-----------------------------
16:16:17.797 OS Version: Windows x64 6.1.7601 Service Pack 1
16:16:17.797 Number of processors: 4 586 0x2A07
16:16:17.798 ComputerName: CORE-I5-2500K UserName: Doctor
16:16:18.242 Initialize success
16:17:54.630 AVAST engine defs: 12051901
16:18:14.489 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:18:14.491 Disk 0 Vendor: WDC_WD2500JB-00REA0 20.00K20 Size: 238475MB BusType: 3
16:18:14.494 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP4T0L0-6
16:18:14.495 Disk 1 Vendor: WDC_WD7502AAEX-00Y9A0 05.01D05 Size: 715404MB BusType: 11
16:18:14.515 Disk 1 MBR read successfully
16:18:14.517 Disk 1 MBR scan
16:18:14.521 Disk 1 Windows 7 default MBR code
16:18:14.524 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
16:18:14.535 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 499899 MB offset 206848
16:18:14.552 Disk 1 Partition 3 00 07 HPFS/NTFS NTFS 215402 MB offset 1024000000
16:18:14.594 Disk 1 scanning C:\Windows\system32\drivers
16:18:20.527 Service scanning
16:18:31.815 Modules scanning
16:18:31.823 Disk 1 trace - called modules:
16:18:31.839 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
16:18:31.843 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa8007837060]
16:18:31.847 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa800751d1e0]
16:18:31.851 5 ACPI.sys[fffff88000f9f7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-6[0xfffffa8007553060]
16:18:32.648 AVAST engine scan C:\Windows
16:18:34.006 AVAST engine scan C:\Windows\system32
16:20:11.679 AVAST engine scan C:\Windows\system32\drivers
16:20:18.787 AVAST engine scan C:\Users\Doctor
16:23:36.381 AVAST engine scan C:\ProgramData
16:24:04.477 Scan finished successfully
16:25:24.208 Disk 1 MBR has been saved successfully to "C:\Users\Doctor\Desktop\MBR.dat"
16:25:24.208 The log file has been saved successfully to "C:\Users\Doctor\Desktop\aswMBR.txt"





Thank you for all of your help. I deeply appreciate it.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:09 PM

Posted 19 May 2012 - 10:58 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Jeff Franklin

Jeff Franklin
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:09 PM

Posted 19 May 2012 - 11:07 PM

I have a couple of quick questions.

1. The last time I ran Combofix, you asked me to turn off virus protection. Do you want me to do it again on this second go around?

2. Are there spaces before and/or after ClearJavaCache::?

#12 Jeff Franklin

Jeff Franklin
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:09 PM

Posted 19 May 2012 - 11:17 PM

Okay, I just went ahead and did it. The scan is going now. I found out I needed to turn off virus/malware protection. I also found from another post that there are no spaces before or after. I will have results soon. Thank you again.

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:09 PM

Posted 19 May 2012 - 11:22 PM

No problem and see you soon


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Jeff Franklin

Jeff Franklin
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:09 PM

Posted 19 May 2012 - 11:26 PM

ComboFix 12-05-19.02 - Doctor 05/19/2012 21:15:13.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8175.6368 [GMT -7:00]
Running from: c:\users\Doctor\Desktop\ComboFix.exe
Command switches used :: c:\users\Doctor\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-04-20 to 2012-05-20 )))))))))))))))))))))))))))))))
.
.
2012-05-20 04:17 . 2012-05-20 04:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-19 06:12 . 2012-05-19 06:12 -------- d-----w- c:\users\Doctor\AppData\Roaming\Malwarebytes
2012-05-19 06:12 . 2012-05-19 06:12 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-19 06:12 . 2012-05-19 06:12 -------- d-----w- c:\programdata\Malwarebytes
2012-05-19 06:12 . 2012-04-04 22:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-13 23:43 . 2012-05-13 23:43 -------- d-----w- c:\users\Doctor\AppData\Roaming\Rainbow
2012-05-13 15:29 . 2012-05-13 15:29 -------- d-----w- c:\users\Doctor\AppData\Roaming\ActionWorks
2012-05-13 15:29 . 2012-05-13 15:29 -------- d-----w- c:\programdata\ActionWorks
2012-05-13 01:56 . 2012-05-13 01:56 -------- d-----w- c:\users\Doctor\AppData\Roaming\Jewels of the East India Company
2012-05-13 01:56 . 2012-05-13 01:56 -------- d-----w- c:\users\Doctor\AppData\Roaming\WiiSports101in1
2012-05-12 21:12 . 2012-05-12 21:26 -------- d-----w- c:\users\Doctor\AppData\Roaming\CitadelArcanes
2012-05-12 21:06 . 2012-05-12 21:07 -------- d-----w- c:\program files (x86)\Jewels of the East India Company
2012-05-12 21:01 . 2012-05-12 21:01 -------- d-----w- c:\program files (x86)\Citadel Arcanes
2012-05-12 20:59 . 2012-05-12 20:59 -------- d-----w- c:\program files (x86)\Garden Rescue
2012-05-10 13:31 . 2012-05-10 13:31 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-05-10 13:31 . 2012-05-10 13:31 772552 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-05-10 13:20 . 2012-05-10 13:20 -------- d-----w- c:\program files\Microsoft Silverlight
2012-05-10 13:20 . 2012-05-10 13:20 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-05-10 13:06 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{11321F32-8C59-4BA1-A277-8B1EF0050DF3}\mpengine.dll
2012-05-10 13:04 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-10 13:04 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-10 13:04 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-10 13:04 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-10 13:04 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-10 13:04 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-10 13:03 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-10 13:03 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-10 13:03 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-10 13:03 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-10 13:03 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 13:03 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-10 13:03 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-03 05:36 . 2012-05-19 20:49 -------- d-----w- c:\users\Doctor\AppData\Roaming\Legacy
2012-05-03 05:28 . 2012-05-03 05:28 -------- d-----w- c:\program files (x86)\Brainville
2012-05-03 05:26 . 2012-05-03 05:26 -------- d-----w- c:\program files (x86)\Joining Hands
2012-04-28 23:02 . 2012-04-28 23:02 -------- d-----w- c:\users\Doctor\AppData\Roaming\cerasus.media
2012-04-28 21:27 . 2012-05-03 05:26 -------- d-----w- c:\programdata\10tons
2012-04-28 21:12 . 2012-04-28 21:12 -------- d-----w- c:\users\Doctor\AppData\Roaming\pigsels
2012-04-28 16:28 . 2012-04-28 16:28 -------- d-----w- c:\program files (x86)\Coloropus
2012-04-26 02:30 . 2012-04-26 02:30 -------- d-----w- c:\program files (x86)\freebird
2012-04-25 01:08 . 2012-04-25 01:08 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-04-25 01:08 . 2012-04-25 01:08 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-25 01:08 . 2012-04-25 01:08 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-04-22 02:07 . 2012-04-22 02:07 -------- d-----w- c:\windows\SysWow64\xlive
2012-04-22 02:06 . 2012-04-22 02:07 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-10 13:31 . 2011-07-10 14:05 687560 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-05-10 13:18 . 2012-04-02 22:25 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-10 13:18 . 2011-07-10 05:34 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-22 02:11 . 2009-08-18 19:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2012-04-22 02:11 . 2009-08-18 18:24 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-03-01 06:46 . 2012-04-12 14:33 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:38 . 2012-04-12 14:33 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 06:33 . 2012-04-12 14:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 06:28 . 2012-04-12 14:33 5120 ----a-w- c:\windows\system32\wmi.dll
2012-03-01 05:37 . 2012-04-12 14:33 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-03-01 05:33 . 2012-04-12 14:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:29 . 2012-04-12 14:33 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-02-28 06:56 . 2012-04-12 14:36 2311168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 06:49 . 2012-04-12 14:36 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 06:48 . 2012-04-12 14:36 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 06:42 . 2012-04-12 14:36 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-28 01:18 . 2012-04-12 14:36 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-02-28 01:11 . 2012-04-12 14:36 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11 . 2012-04-12 14:36 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-02-28 01:03 . 2012-04-12 14:36 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-02-23 17:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-20_02.49.17 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-05-20 02:49 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-05-20 04:18 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-05-20 02:49 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-20 04:18 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-20 02:49 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-20 04:18 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-21 03:09 . 2012-05-20 02:51 44494 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-05-20 02:51 37496 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-07-10 03:38 . 2012-05-20 02:51 9706 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-729793638-3718837368-4036640313-1000_UserData.bin
+ 2012-05-20 04:18 . 2012-05-20 04:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-05-20 02:49 . 2012-05-20 02:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-05-20 04:18 . 2009-10-07 08:46 131608 c:\windows\temp\logishrd\LVPrcInj02.dll
- 2012-05-20 02:49 . 2009-10-07 08:46 131608 c:\windows\Temp\logishrd\LVPrcInj02.dll
- 2009-07-14 02:36 . 2012-05-19 21:56 627066 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-05-20 02:53 627066 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-05-20 02:53 107382 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-05-19 21:56 107382 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-05-20 02:48 407752 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-05-20 04:17 407752 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-07-10 04:13 . 2012-05-20 04:17 1534592 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-07-10 04:13 . 2012-05-20 02:48 1534592 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-07-10 05:14 . 2012-05-20 04:17 33780436 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-729793638-3718837368-4036640313-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\Doctor\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-09-06 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-05-21 124512]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-08 336384]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files (x86)\APC\APC PowerChute Personal Edition\Display.exe [2010-9-14 271736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-07-08 195336]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-03-02 130976]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-25 129976]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 APC Data Service;APC Data Service;c:\program files (x86)\APC\APC PowerChute Personal Edition\dataserv.exe [2010-09-14 21880]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-06-16 249648]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-01-12 810144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 191000]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [x]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [x]
S3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [x]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [x]
S3 LVUVC64;Logitech QuickCam Fusion(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-729793638-3718837368-4036640313-1000Core.job
- c:\users\Doctor\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-06 23:07]
.
2012-05-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-729793638-3718837368-4036640313-1000UA.job
- c:\users\Doctor\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-06 23:07]
.
2012-05-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-729793638-3718837368-4036640313-1000Core.job
- c:\users\Doctor\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-10 05:32]
.
2012-05-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-729793638-3718837368-4036640313-1000UA.job
- c:\users\Doctor\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-10 05:32]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-05-09 11821160]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2918656]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-26 2782096]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-01-21 123400]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-06-23 1744152]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 24.116.2.50 24.116.2.34
FF - ProfilePath - c:\users\Doctor\AppData\Roaming\Mozilla\Firefox\Profiles\shctpsv3.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.excite.com/|http://www.pcqanda.com/dc/dcboard.php?az=show_topics&forum=2|http://www.google.com/ig|http://www.wrh.noaa.gov/fgz/|http://www.giveawayoftheday.com/|about:blank
FF - prefs.js: network.proxy.http - 158.203.31.128
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.type - 0
FF - user.js: capability.policy.policynames - allowclipboard
FF - user.js: capability.policy.allowclipboard.sites - hxxp://e13.email.excite.com
FF - user.js: capability.policy.allowclipboard.Clipboard.cutcopy - allAccess
FF - user.js: capability.policy.allowclipboard.Clipboard.paste - allAccess
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-729793638-3718837368-4036640313-1000\¬ u*0*]
@Allowed: (Read) (RestrictedCode)
DUMPHIVE0.003 (REGF)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
c:\program files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
c:\program files (x86)\APC\APC PowerChute Personal Edition\apcsystray.exe
c:\program files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-05-19 21:22:05 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-20 04:22
ComboFix2.txt 2012-05-20 02:52
.
Pre-Run: 423,670,403,072 bytes free
Post-Run: 423,728,664,576 bytes free
.
- - End Of File - - A1667069E9CBB602561384636B640630



No problems right now. 99% of the time since the problem has started (which was only 2 instances), the computer has worked fine. It's still as fast and responsive as it's always been.

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:09 PM

Posted 19 May 2012 - 11:46 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld



Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

µTorrent
Bing Bar
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users