Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow and freezing computer


  • This topic is locked This topic is locked
38 replies to this topic

#1 pilotandmechanic

pilotandmechanic

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:37 AM

Posted 25 May 2012 - 05:34 PM

I did an ESET scan, and it found many problems, so then I ran Malwarebytes, and it found 47 files, which I've cleared. I would like to know if I still have any issues. Here is the HiJack This log. Thank You. Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:18:48 PM, on 5/25/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
C:\Program Files (x86)\RALINK\Common\RaUI.exe
C:\Program Files (x86)\YoWindow\yowindow.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll
O2 - BHO: StartNow Toolbar Helper - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O3 - Toolbar: StartNow Toolbar - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: YoWindow.lnk = C:\Program Files (x86)\YoWindow\yowindow.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files (x86)\RALINK\Common\RaUI.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O20 - AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: Peachtree SmartPosting 2011 - Sage Software, Inc. - C:\Program Files (x86)\Sage\Peachtree\SmartPostingService2011.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\SysWOW64\PSIService.exe
O23 - Service: Pervasive PSQL Workgroup Engine (psqlWGE) - Pervasive Software Inc. - C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Scan2PC - Unknown owner - C:\Program Files (x86)\Scan2PC\Sc2PCS64.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service for StartNow Toolbar - Unknown owner - C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: Block Level Backup Engine Service (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10591 bytes

Edit: Moved topic from Windows 7 to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 pilotandmechanic

pilotandmechanic
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:37 AM

Posted 26 May 2012 - 06:05 PM

Sorry about putting it in the wrong area.

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:37 AM

Posted 30 May 2012 - 12:36 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 pilotandmechanic

pilotandmechanic
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:37 AM

Posted 31 May 2012 - 06:25 PM

Here is the checkup.txt log. Results of screen317's Security Check version 0.99.41
Windows 7 x64 (UAC is enabled)
Out of date service pack!!
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Kaspersky Internet Security
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
JavaFX 2.1.0
Java™ 6 Update 29
Java™ 7 Update 4
Adobe Flash Player 11.2.202.235
Adobe Reader X (10.1.1)
Mozilla Firefox (12.0)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes Anti-Malware mbam.exe
Kaspersky Lab Kaspersky Internet Security 2011 avp.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

#5 pilotandmechanic

pilotandmechanic
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:37 AM

Posted 31 May 2012 - 06:28 PM

Here is the DDS.txt .
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1
Run by Chris and Cassandra at 19:17:56 on 2012-05-31
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6135.3786 [GMT -4:00]
.
AV: Kaspersky Internet Security *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k NetworkService
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\AEADISRV.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Windows\SysWOW64\PSIService.exe
C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe
C:\Program Files (x86)\Scan2PC\Sc2PCS64.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\RALINK\Common\RaUI.exe
C:\Program Files (x86)\YoWindow\yowindow.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Users\Chris and Cassandra\Downloads\SecurityCheck.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll
BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\CHRISA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\YoWindow.lnk - C:\Program Files (x86)\YoWindow\yowindow.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\RALINK~1.LNK - C:\Program Files (x86)\RALINK\Common\RaUI.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\OFFICE11\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{BE2BAAE6-9762-4218-BE67-83CC721BEB46} : DhcpNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{D6F03E94-2316-4CCC-A6F1-B5A134C78AF6} : DhcpNameServer = 65.32.5.111 65.32.5.112
AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO-X64: Canon Easy-WebPrint EX BHO - No File
BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll
BHO-X64: IEVkbdBHO - No File
BHO-X64: StartNow Toolbar Helper: {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
BHO-X64: StartNow Toolbar Helper - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
BHO-X64: link filter bho - No File
TB-X64: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB-X64: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File
mRun-x64: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
AppInit_DLLs-X64: C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Chris and Cassandra\AppData\Roaming\Mozilla\Firefox\Profiles\9zmye6v6.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z206&form=ZGAADF&install_date=20110927&q=
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Users\Chris and Cassandra\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: C:\Users\Chris and Cassandra\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\Users\Chris and Cassandra\AppData\Roaming\Mozilla\Firefox\Profiles\9zmye6v6.default\extensions\support@ancestry.com\plugins\npImgCtl.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R0 mv61xx;mv61xx;C:\Windows\system32\DRIVERS\mv61xx.sys --> C:\Windows\system32\DRIVERS\mv61xx.sys [?]
R1 kl2;kl2;C:\Windows\system32\DRIVERS\kl2.sys --> C:\Windows\system32\DRIVERS\kl2.sys [?]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys --> C:\Windows\system32\DRIVERS\klim6.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-22 654408]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-9-16 80896]
R2 psqlWGE;Pervasive PSQL Workgroup Engine;C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe [2008-6-6 435496]
R2 Scan2PC;Scan2PC;C:\Program Files (x86)\Scan2PC\Sc2PCS64.exe [2011-1-5 93184]
R2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [2011-7-27 267488]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\system32\DRIVERS\klmouflt.sys --> C:\Windows\system32\DRIVERS\klmouflt.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 rt61x64;Ralink RT61 Wireless Driver for Windows Vista;C:\Windows\system32\DRIVERS\netr6164.sys --> C:\Windows\system32\DRIVERS\netr6164.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe [2010-11-2 365336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-29 257696]
S3 ENTECH64;ENTECH64;\??\C:\Windows\system32\DRIVERS\ENTECH64.sys --> C:\Windows\system32\DRIVERS\ENTECH64.sys [?]
S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\system32\DRIVERS\htcnprot.sys --> C:\Windows\system32\DRIVERS\htcnprot.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-29 129976]
S3 Peachtree SmartPosting 2011;Peachtree SmartPosting 2011;C:\Program Files (x86)\Sage\Peachtree\SmartPostingService2011.exe [2010-9-13 43816]
S3 SkLaggProtocol;Marvell Link Aggregation Protocol;C:\Windows\system32\DRIVERS\yk60x64l.sys --> C:\Windows\system32\DRIVERS\yk60x64l.sys [?]
S3 SkVlanProtocol;Marvell VLAN Protocol;C:\Windows\system32\DRIVERS\yk60x64v.sys --> C:\Windows\system32\DRIVERS\yk60x64v.sys [?]
S3 SWDUMon;SWDUMon;C:\Windows\system32\DRIVERS\SWDUMon.sys --> C:\Windows\system32\DRIVERS\SWDUMon.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-05-30 10:32:43 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2A759DA2-25F4-440F-B90F-64F1286415B8}\offreg.dll
2012-05-29 14:04:45 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2A759DA2-25F4-440F-B90F-64F1286415B8}\mpengine.dll
2012-05-25 09:44:33 -------- d-----w- C:\Program Files (x86)\Oracle
2012-05-25 09:44:13 772504 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-05-23 01:06:32 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-05-23 00:38:37 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-22 21:39:03 -------- d-----w- C:\Program Files (x86)\ESET
2012-05-21 23:37:28 388096 ----a-r- C:\Users\Chris and Cassandra\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-05-21 23:37:28 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-05-11 21:23:08 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
2012-05-11 21:23:08 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2012-05-11 21:23:08 1541120 ----a-w- C:\Windows\System32\DWrite.dll
2012-05-11 21:23:08 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-05-11 21:23:07 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-05-11 21:23:07 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-05-11 21:23:07 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2012-05-11 21:23:07 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll
2012-05-11 21:23:07 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-05-11 21:23:07 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2012-05-11 21:22:55 5504880 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-11 21:22:55 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-11 21:22:55 3143680 ----a-w- C:\Windows\System32\win32k.sys
2012-05-11 21:22:54 75632 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-05-11 21:22:54 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-11 21:22:51 1895280 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-05-11 21:22:50 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 21:22:50 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-11 21:22:50 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-11 21:22:50 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-05-11 21:22:50 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
.
==================== Find3M ====================
.
2012-05-23 01:06:52 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-23 01:06:52 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-04 22:47:02 687504 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-04-04 19:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 19:18:21.85 ===============

#6 pilotandmechanic

pilotandmechanic
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:37 AM

Posted 31 May 2012 - 06:30 PM

Here is the attach.txt NLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 4/28/2010 8:22:43 PM
System Uptime: 5/30/2012 9:20:26 PM (22 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P6T DELUXE V2
Processor: Intel® Core™ i7 CPU 920 @ 2.67GHz | LGA1366 | 2668/133mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 932 GiB total, 716.783 GiB free.
D: is CDROM (UDF)
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP275: 2/10/2012 8:48:34 PM - Windows Update
RP276: 2/14/2012 2:57:12 AM - Windows Update
RP277: 2/17/2012 2:55:02 AM - Windows Update
RP278: 2/17/2012 3:00:11 AM - Windows Update
RP279: 2/17/2012 9:02:56 PM - Removed TuneUp Utilities 2012
RP280: 2/17/2012 9:03:42 PM - Removed TuneUp Utilities Language Pack (en-US)
RP281: 2/19/2012 3:00:10 AM - Windows Update
RP282: 2/21/2012 6:25:17 PM - Windows Update
RP283: 2/24/2012 3:03:08 AM - Windows Update
RP284: 2/28/2012 2:18:58 AM - Windows Update
RP285: 3/2/2012 2:18:58 AM - Windows Update
RP286: 3/6/2012 5:57:37 PM - Windows Update
RP287: 3/9/2012 2:19:00 AM - Windows Update
RP288: 3/13/2012 1:17:10 PM - Windows Update
RP289: 3/14/2012 3:00:12 AM - Windows Update
RP290: 3/16/2012 2:45:40 AM - Windows Update
RP291: 3/20/2012 8:43:29 AM - Windows Update
RP292: 3/23/2012 3:06:21 PM - Windows Update
RP293: 3/27/2012 5:42:32 PM - Windows Update
RP294: 3/29/2012 5:54:29 AM - Windows Update
RP295: 4/13/2012 11:54:30 AM - Windows Update
RP296: 4/14/2012 3:00:28 AM - Windows Update
RP297: 4/17/2012 3:21:59 PM - Windows Update
RP298: 4/20/2012 4:03:40 AM - Windows Update
RP299: 4/24/2012 11:00:21 AM - Windows Update
RP300: 4/27/2012 6:21:08 PM - Windows Update
RP301: 5/1/2012 2:07:57 AM - Windows Update
RP302: 5/3/2012 2:55:01 PM - Windows Update
RP303: 5/4/2012 10:24:19 AM - Windows Update
RP304: 5/8/2012 12:26:14 PM - Windows Update
RP305: 5/11/2012 7:13:35 PM - Windows Update
RP306: 5/12/2012 3:00:15 AM - Windows Update
RP307: 5/15/2012 7:00:50 AM - Windows Update
RP308: 5/18/2012 4:27:56 AM - Windows Update
RP309: 5/21/2012 7:04:20 PM - Installed HiJackThis
RP310: 5/21/2012 7:30:20 PM - Removed HiJackThis
RP311: 5/21/2012 7:37:09 PM - Installed HiJackThis
RP312: 5/22/2012 4:27:45 AM - Windows Update
RP313: 5/25/2012 2:56:38 AM - Windows Update
RP314: 5/25/2012 5:43:17 AM - Installed Java™ 7 Update 4
RP315: 5/25/2012 5:44:16 AM - Installed JavaFX 2.1.0
RP316: 5/29/2012 10:04:18 AM - Windows Update
.
==== Installed Programs ======================
.
3ivx MPEG-4 5.0.4 (remove only)
Adobe AIR
Adobe Reader X (10.1.1)
AI Suite
Apple Application Support
Apple Software Update
ArcSoft Panorama Maker 3
ASUSUpdate
Canon Easy-WebPrint EX
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MP Navigator EX 3.0
Canon MP560 series User Registration
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
CCC Help English
Cessna NAVIII Trainer v9.03
Choice Guard
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
Crystal Reports 2008 Runtime SP1
DivX Setup
EPSON Scan
EPSON Stylus CX9400Fax Series Scanner Driver Update
EPU-6 Engine
ESET Online Scanner v3
Express Gate Updater
Facebook Plug-In
FL Sales Associate Exam Prep 7.04.13
Free Picture Resize Starter 4.5
Futuremark SystemInfo
GoToMeeting 4.5.0.456
HiJackThis
Host OpenAL (ADI)
HTC BMP USB Driver
HTC Driver Installer
HTC Sync
IRIS 2.2
Java Auto Updater
Java™ 6 Update 29
Java™ 7 Update 4
JavaFX 2.1.0
Kaspersky Internet Security 2011
Ken Ward's Zipper 1.4000
Logitech SetPoint
Malwarebytes Anti-Malware version 1.61.0.1400
marvell 61xx
Marvell Miniport Driver
Marvell Network Configuration Utility
MediacoderSE
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works 6-9 Converter
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
MusicIP MyDJ Plug-in
Nations Photo Lab ROES Easy
Nikon Message Center
OLYMPUS Master 2
PC Probe II
Peachtree Accounting 2011
PeachTree Signature Ready Forms
Pervasive PSQL v10 SP2 Workgroup (32-bit)
PictureProject
PictureProject In Touch Downloader 1.0
PREMIUM
QuickTime
Ralink Wireless LAN
Sage Integration Services
Sage Message Center
Scan2PC
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
SoundMAX
StartNow Toolbar
TaxACT 2010 Business 1065 Edition
The Lord of the Rings FREE Trial
TurboV
Ulead Burn.Now 4.5
Ulead Burn.Now 4.5 SE
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VC80CRTRedist - 8.0.50727.6195
Virtual Cable Tester
VSO Image Resizer 3.0.1.82
Watchtower Library 2010 - English
Windows 7 Upgrade Advisor
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
WinRAR archiver
WinZip 12.1
WordBiz version 1.8
Yahoo! BrowserPlus 2.9.8
YoWindow
.
==== Event Viewer Messages From Past Week ========
.
5/30/2012 9:22:35 PM, Error: Service Control Manager [7022] - The Diagnostic Service Host service hung on starting.
5/30/2012 9:21:03 PM, Error: Service Control Manager [7023] - The IP Helper service terminated with the following error: The specified module could not be found.
5/30/2012 8:56:02 PM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
5/29/2012 8:34:38 AM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.100 with the system having network hardware address 00-26-9E-7A-8C-DB. Network operations on this system may be disrupted as a result.
.
==== End Of File ===========================

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:37 AM

Posted 31 May 2012 - 10:48 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 pilotandmechanic

pilotandmechanic
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:37 AM

Posted 01 June 2012 - 08:15 PM

Here is the Combofix log. ComboFix 12-06-01.03 - Chris and Cassandra 06/01/2012 20:35:29.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6135.3757 [GMT -4:00]
Running from: c:\users\Chris and Cassandra\Downloads\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\StartNow Toolbar
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_images.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_maps.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_news.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_videos.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_web.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_amazon.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_ebay.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_facebook.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_games.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_msn.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_shopping.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_travel.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_twitter.png
c:\program files (x86)\StartNow Toolbar\Resources\images\startnow_logo.png
c:\program files (x86)\StartNow Toolbar\Resources\installer.xml
c:\program files (x86)\StartNow Toolbar\Resources\protect\index.html
c:\program files (x86)\StartNow Toolbar\Resources\protect\NotIE6.css
c:\program files (x86)\StartNow Toolbar\Resources\protect\OnlyIE6.css
c:\program files (x86)\StartNow Toolbar\Resources\protect\SearchProtectIcon.png
c:\program files (x86)\StartNow Toolbar\Resources\protect\window.css
c:\program files (x86)\StartNow Toolbar\Resources\protect\window.js
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\index.html
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\LeftImage.png
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\NotIE6.css
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\OnlyIE6.css
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\window.css
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\window.js
c:\program files (x86)\StartNow Toolbar\Resources\skin\chevron_button.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_hover.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_normal.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_background.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_left.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_middle.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\separator.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\splitter.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png
c:\program files (x86)\StartNow Toolbar\Resources\toolbar.xml
c:\program files (x86)\StartNow Toolbar\Resources\update.xml
c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe
c:\program files (x86)\StartNow Toolbar\Toolbar32.dll
c:\program files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
c:\program files (x86)\StartNow Toolbar\uninstall.dat
c:\users\Chris and Cassandra\AppData\Roaming\Mozilla\Firefox\Profiles\9zmye6v6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
c:\users\Chris and Cassandra\AppData\Roaming\Mozilla\Firefox\Profiles\9zmye6v6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome.manifest
c:\users\Chris and Cassandra\AppData\Roaming\Mozilla\Firefox\Profiles\9zmye6v6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.js
c:\users\Chris and Cassandra\AppData\Roaming\Mozilla\Firefox\Profiles\9zmye6v6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.xul
c:\users\Chris and Cassandra\AppData\Roaming\Mozilla\Firefox\Profiles\9zmye6v6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\buttons.js
c:\users\Chris and Cassandra\AppData\Roaming\Mozilla\Firefox\Profiles\9zmye6v6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\constants.js
c:\users\Chris and Cassandra\AppData\Roaming\Mozilla\Firefox\Profiles\9zmye6v6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\events.js
c:\users\Chris and Cassandra\AppData\Roaming\Mozilla\Firefox\Profiles\9zmye6v6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\globals.js
c:\users\Chris and Cassandra\AppData\Roaming\Mozilla\Firefox\Profiles\9zmye6v6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\htmldialog.js
c:\users\Chris and Cassandra\AppData\Roaming\Mozilla\Firefox\Profiles\9zmye6v6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\htmldialog.xul
c:\users\Chris and Cassandra\AppData\Roaming\Mozilla\Firefox\Profiles\9zmye6v6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\htmldropdown.xul
c:\users\Chris and Cassandra\AppData\Roaming\Mozilla\Firefox\Profiles\9zmye6v6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\init.js
c:\users\Chris and Cassandra\AppData\Roaming\Mozilla\Firefox\Profiles\9zmye6v6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_images.png
c:\users\Chris and Cassandra\AppData\Roaming\Mozilla\Firefox\Profiles\9zmye6v6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_maps.png
c:\users\Chris and Cassandra\AppData\Roaming\Mozilla\Firefox\Profiles\9zmye6v6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_news.png
c:\users\Chris and Cassandra\AppData\Roaming\Mozilla\Firefox\Profiles\9zmye6v6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_videos.png
c:\users\Chris and Cassandra\AppData\Roaming\Mozilla\Firefox\Profiles\9zmye6v6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_web.png
c:\users\Chris and Cassandra\AppData\Roaming\Mozilla\Firefox\Profiles\9zmye6v6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_amazon.png
c:\users\Chris and Cassandra\AppData\Roaming\Mozilla\Firefox\Profiles\9zmye6v6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_ebay.png
c:\users\Chris and Cassandra\AppData\Roaming\Mozilla\Firefox\Profiles\9zmye6v6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_facebook.png
c:\users\Chris and Cassandra\AppData\Roaming\Mozilla\Firefox\Profiles\9zmye6v6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_games.png
c:\users\Chris and Cassandra\AppData\Roaming\Mozilla\Firefox\Profiles\9zmye6v6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_msn.png
c:\users\Chris and Cassandra\AppData\Roaming\Mozilla\Firefox\Profiles\9zmye6v6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_shopping.png
c:\users\Chris and Cassandra\AppData\Roaming\Mozilla\Firefox\Profiles\9zmye6v6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_travel.png
c:\users\Chris and Cassandra\AppData\Roaming\Mozilla\Firefox\Profiles\9zmye6v6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_twitter.png
c:\users\Chris and Cassandra\AppData\Roaming\Mozilla\Firefox\Profiles\9zmye6v6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\startnow_logo.png
c:\users\Chris and Cassandra\AppData\Roaming\Mozilla\Firefox\Profiles\9zmye6v6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\installer.xml
c:\users\Chris and Cassandra\AppData\Roaming\Mozilla\Firefox\Profiles\9zmye6v6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\index.html
c:\users\Chris and Cassandra\AppData\Roaming\Mozilla\Firefox\Profiles\9zmye6v6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\NotIE6.css
c:\users\Chris and Cassandra\AppData\Roaming\Mozilla\Firefox\Profiles\9zmye6v6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\OnlyIE6.css
c:\users\Chris and Cassandra\AppData\Roaming\Mozilla\Firefox\Profiles\9zmye6v6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\SearchProtectIcon.png
c:\users\Chris and Cassandra\AppData\Roaming\Mozilla\Firefox\Profiles\9zmye6v6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\Web.config
c:\users\Chris and Cassandra\AppData\Roaming\Mozilla\Firefox\Profiles\9zmye6v6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\window.css
c:\users\Chris and Cassandra\AppData\Roaming\Mozilla\Firefox\Profiles\9zmye6v6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\window.js
c:\users\Chris and Cassandra\AppData\Roaming\Mozilla\Firefox\Profiles\9zmye6v6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\index.html
c:\users\Chris and Cassandra\AppData\Roaming\Mozilla\Firefox\Profiles\9zmye6v6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\LeftImage.png
c:\users\Chris and Cassandra\AppData\Roaming\Mozilla\Firefox\Profiles\9zmye6v6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\NotIE6.css
c:\users\Chris and Cassandra\AppData\Roaming\Mozilla\Firefox\Profiles\9zmye6v6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\OnlyIE6.css
c:\users\Chris and Cassandra\AppData\Roaming\Mozilla\Firefox\Profiles\9zmye6v6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\window.css
c:\users\Chris and Cassandra\AppData\Roaming\Mozilla\Firefox\Profiles\9zmye6v6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\window.js
c:\users\Chris and Cassandra\AppData\Roaming\Mozilla\Firefox\Profiles\9zmye6v6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\chevron_button.png
c:\users\Chris and Cassandra\AppData\Roaming\Mozilla\Firefox\Profiles\9zmye6v6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_hover.png
c:\users\Chris and Cassandra\AppData\Roaming\Mozilla\Firefox\Profiles\9zmye6v6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_normal.png
c:\users\Chris and Cassandra\AppData\Roaming\Mozilla\Firefox\Profiles\9zmye6v6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_dropdown_button_normal.png
c:\users\Chris and Cassandra\AppData\Roaming\Mozilla\Firefox\Profiles\9zmye6v6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_background.png
c:\users\Chris and Cassandra\AppData\Roaming\Mozilla\Firefox\Profiles\9zmye6v6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_left.png
c:\users\Chris and Cassandra\AppData\Roaming\Mozilla\Firefox\Profiles\9zmye6v6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_middle.png
c:\users\Chris and Cassandra\AppData\Roaming\Mozilla\Firefox\Profiles\9zmye6v6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\separator.png
c:\users\Chris and Cassandra\AppData\Roaming\Mozilla\Firefox\Profiles\9zmye6v6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\splitter.png
c:\users\Chris and Cassandra\AppData\Roaming\Mozilla\Firefox\Profiles\9zmye6v6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ff_hover_c.png
c:\users\Chris and Cassandra\AppData\Roaming\Mozilla\Firefox\Profiles\9zmye6v6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_c.png
c:\users\Chris and Cassandra\AppData\Roaming\Mozilla\Firefox\Profiles\9zmye6v6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_l.png
c:\users\Chris and Cassandra\AppData\Roaming\Mozilla\Firefox\Profiles\9zmye6v6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_r.png
c:\users\Chris and Cassandra\AppData\Roaming\Mozilla\Firefox\Profiles\9zmye6v6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_c.png
c:\users\Chris and Cassandra\AppData\Roaming\Mozilla\Firefox\Profiles\9zmye6v6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_l.png
c:\users\Chris and Cassandra\AppData\Roaming\Mozilla\Firefox\Profiles\9zmye6v6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_r.png
c:\users\Chris and Cassandra\AppData\Roaming\Mozilla\Firefox\Profiles\9zmye6v6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\toolbar.xml
c:\users\Chris and Cassandra\AppData\Roaming\Mozilla\Firefox\Profiles\9zmye6v6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\locale\en-US\{5911488E-9D1E-40ec-8CBB-06B231CC153F}.dtd
c:\users\Chris and Cassandra\AppData\Roaming\Mozilla\Firefox\Profiles\9zmye6v6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\skin\overlay.css
c:\users\Chris and Cassandra\AppData\Roaming\Mozilla\Firefox\Profiles\9zmye6v6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\install.rdf
c:\users\Chris and Cassandra\AppData\Roaming\Mozilla\Firefox\Profiles\9zmye6v6.default\searchplugins\bing-zugo.xml
c:\users\Chris and Cassandra\Documents\~WRL0002.tmp
c:\users\Chris and Cassandra\Documents\~WRL0004.tmp
c:\users\Chris and Cassandra\Documents\~WRL0922.tmp
c:\users\Chris and Cassandra\Documents\~WRL4021.tmp
c:\users\Chris and Cassandra\g2mdlhlpx.exe
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Updater Service for StartNow Toolbar
-------\Service_Updater Service for StartNow Toolbar
.
.
((((((((((((((((((((((((( Files Created from 2012-05-02 to 2012-06-02 )))))))))))))))))))))))))))))))
.
.
2012-06-02 00:57 . 2012-06-02 00:57 -------- d--h--w- c:\windows\AxInstSV
2012-06-02 00:39 . 2012-06-02 00:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-01 09:19 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3B929AB1-203E-4EEC-9A4F-C6E84A066BFF}\mpengine.dll
2012-05-25 09:45 . 2012-05-25 09:45 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-05-25 09:44 . 2012-05-25 09:44 -------- d-----w- c:\program files (x86)\Oracle
2012-05-25 09:44 . 2012-04-04 22:47 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-05-23 01:06 . 2012-05-23 01:06 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-23 00:38 . 2012-05-23 00:38 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-22 21:39 . 2012-05-22 21:39 -------- d-----w- c:\program files (x86)\ESET
2012-05-21 23:37 . 2012-05-21 23:37 388096 ----a-r- c:\users\Chris and Cassandra\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-05-21 23:37 . 2012-05-21 23:37 -------- d-----w- c:\program files (x86)\Trend Micro
2012-05-11 21:23 . 2012-03-03 06:29 1541120 ----a-w- c:\windows\system32\DWrite.dll
2012-05-11 21:23 . 2012-03-03 06:29 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-05-11 21:23 . 2012-03-03 05:40 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-11 21:23 . 2012-03-03 05:40 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2012-05-11 21:23 . 2012-03-03 06:29 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-05-11 21:23 . 2012-03-03 06:29 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
2012-05-11 21:23 . 2012-03-03 06:29 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-05-11 21:23 . 2012-03-03 05:40 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-05-11 21:23 . 2012-03-03 05:40 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-05-11 21:23 . 2012-03-03 05:40 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-05-11 21:22 . 2012-04-02 05:34 5504880 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-11 21:22 . 2012-04-02 04:46 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-11 21:22 . 2012-04-02 03:01 3143680 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 21:22 . 2012-04-02 04:46 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-11 21:22 . 2012-03-17 07:55 75632 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-11 21:22 . 2012-03-30 11:09 1895280 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-11 21:22 . 2012-04-02 05:26 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-11 21:22 . 2012-04-02 05:24 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 21:22 . 2012-04-02 05:24 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-11 21:22 . 2012-04-02 05:24 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-11 21:22 . 2012-04-02 04:40 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-23 01:06 . 2012-04-29 11:25 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-23 01:06 . 2011-07-10 12:54 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-04 22:47 . 2010-04-22 18:52 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-04 19:56 . 2009-07-21 19:51 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-11-03 365336]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-10 343168]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\users\Chris and Cassandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
YoWindow.lnk - c:\program files (x86)\YoWindow\yowindow.exe [2011-9-17 759808]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Ralink Wireless Utility.lnk - c:\program files (x86)\RALINK\Common\RaUI.exe [2011-6-24 1040384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\sbhook.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-23 257696]
R3 ENTECH64;ENTECH64;c:\windows\system32\DRIVERS\ENTECH64.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-29 129976]
R3 Peachtree SmartPosting 2011;Peachtree SmartPosting 2011;c:\program files (x86)\Sage\Peachtree\SmartPostingService2011.exe [2010-09-14 43816]
R3 SkLaggProtocol;Marvell Link Aggregation Protocol;c:\windows\system32\DRIVERS\yk60x64l.sys [x]
R3 SkVlanProtocol;Marvell VLAN Protocol;c:\windows\system32\DRIVERS\yk60x64v.sys [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896]
S2 psqlWGE;Pervasive PSQL Workgroup Engine;c:\program files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe [2010-09-14 435496]
S2 Scan2PC;Scan2PC;c:\program files (x86)\Scan2PC\Sc2PCS64.exe [2009-08-10 93184]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 rt61x64;Ralink RT61 Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr6164.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - KLBG
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-29 01:06]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAX"="c:\program files (x86)\Analog Devices\SoundMAX\soundmax.exe" [2008-08-20 3858432]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"combofix"="c:\combofix\CF11484.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\x64\kloehk.dll c:\progra~2\KASPER~1\KASPER~1\x64\sbhook64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
FF - ProfilePath - c:\users\Chris and Cassandra\AppData\Roaming\Mozilla\Firefox\Profiles\9zmye6v6.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z206&form=ZGAADF&install_date=20110927&q=
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-StartNow Toolbar - c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe
AddRemove-Nations Photo Lab ROES Easy - c:\windows\system32\javaws.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\windows\SysWOW64\PSIService.exe
.
**************************************************************************
.
Completion time: 2012-06-01 21:03:35 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-02 01:03
.
Pre-Run: 771,174,981,632 bytes free
Post-Run: 771,149,312,000 bytes free
.
- - End Of File - - 45CAB50FDCCCC4CAD66D071B9DDD0160
I sure appreciate you taking your time to do this for me. After it's all said and done could you tell me what I was infected with, and for how long? I don't know right now how the computer is doing because I haven't had much time to use it lately, but I'll try and let you know. Thanks again.

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:37 AM

Posted 03 June 2012 - 09:17 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:37 AM

Posted 05 June 2012 - 11:52 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 pilotandmechanic

pilotandmechanic
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:37 AM

Posted 06 June 2012 - 08:34 PM

21:18:19.0289 5696 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
21:18:19.0774 5696 ============================================================
21:18:19.0774 5696 Current date / time: 2012/06/06 21:18:19.0774
21:18:19.0774 5696 SystemInfo:
21:18:19.0774 5696
21:18:19.0774 5696 OS Version: 6.1.7600 ServicePack: 0.0
21:18:19.0774 5696 Product type: Workstation
21:18:19.0774 5696 ComputerName: CHRISANDCASS-PC
21:18:19.0774 5696 UserName: Chris and Cassandra
21:18:19.0774 5696 Windows directory: C:\Windows
21:18:19.0774 5696 System windows directory: C:\Windows
21:18:19.0774 5696 Running under WOW64
21:18:19.0774 5696 Processor architecture: Intel x64
21:18:19.0774 5696 Number of processors: 8
21:18:19.0774 5696 Page size: 0x1000
21:18:19.0774 5696 Boot type: Normal boot
21:18:19.0774 5696 ============================================================
21:18:20.0452 5696 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:18:20.0471 5696 ============================================================
21:18:20.0471 5696 \Device\Harddisk0\DR0:
21:18:20.0471 5696 MBR partitions:
21:18:20.0471 5696 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
21:18:20.0471 5696 ============================================================
21:18:20.0478 5696 C: <-> \Device\Harddisk0\DR0\Partition0
21:18:20.0478 5696 ============================================================
21:18:20.0478 5696 Initialize success
21:18:20.0478 5696 ============================================================
21:18:38.0561 5284 ============================================================
21:18:38.0561 5284 Scan started
21:18:38.0561 5284 Mode: Manual;
21:18:38.0561 5284 ============================================================
21:18:39.0456 5284 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
21:18:39.0459 5284 1394ohci - ok
21:18:39.0486 5284 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
21:18:39.0490 5284 ACPI - ok
21:18:39.0506 5284 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
21:18:39.0507 5284 AcpiPmi - ok
21:18:39.0555 5284 ADIHdAudAddService (59aa63b5dcc9b99c25acc1bc5e9e6816) C:\Windows\system32\drivers\ADIHdAud.sys
21:18:39.0561 5284 ADIHdAudAddService - ok
21:18:39.0626 5284 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:18:39.0627 5284 AdobeARMservice - ok
21:18:39.0724 5284 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:18:39.0726 5284 AdobeFlashPlayerUpdateSvc - ok
21:18:39.0800 5284 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:18:39.0806 5284 adp94xx - ok
21:18:39.0828 5284 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:18:39.0832 5284 adpahci - ok
21:18:39.0841 5284 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:18:39.0843 5284 adpu320 - ok
21:18:39.0858 5284 AEADIFilters (3bdb13c79cc8c06e2f8182595903ed69) C:\Windows\system32\AEADISRV.EXE
21:18:39.0859 5284 AEADIFilters - ok
21:18:39.0877 5284 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
21:18:39.0879 5284 AeLookupSvc - ok
21:18:39.0934 5284 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
21:18:39.0940 5284 AFD - ok
21:18:39.0955 5284 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
21:18:39.0956 5284 agp440 - ok
21:18:39.0964 5284 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
21:18:39.0965 5284 ALG - ok
21:18:39.0971 5284 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
21:18:39.0971 5284 aliide - ok
21:18:40.0003 5284 AMD External Events Utility (5ec60409bd50953bd4f892b18840039e) C:\Windows\system32\atiesrxx.exe
21:18:40.0005 5284 AMD External Events Utility - ok
21:18:40.0011 5284 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
21:18:40.0012 5284 amdide - ok
21:18:40.0031 5284 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:18:40.0032 5284 AmdK8 - ok
21:18:40.0453 5284 amdkmdag (322e5c178990f116f00e3d923f4e6b1c) C:\Windows\system32\DRIVERS\atikmdag.sys
21:18:40.0561 5284 amdkmdag - ok
21:18:40.0655 5284 amdkmdap (961a81a84fdd700e361e8294528a37ba) C:\Windows\system32\DRIVERS\atikmpag.sys
21:18:40.0658 5284 amdkmdap - ok
21:18:40.0674 5284 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:18:40.0675 5284 AmdPPM - ok
21:18:40.0690 5284 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
21:18:40.0691 5284 amdsata - ok
21:18:40.0718 5284 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:18:40.0720 5284 amdsbs - ok
21:18:40.0729 5284 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
21:18:40.0729 5284 amdxata - ok
21:18:40.0753 5284 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
21:18:40.0753 5284 AppID - ok
21:18:40.0781 5284 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
21:18:40.0782 5284 AppIDSvc - ok
21:18:40.0804 5284 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
21:18:40.0806 5284 Appinfo - ok
21:18:40.0843 5284 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:18:40.0844 5284 arc - ok
21:18:40.0855 5284 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:18:40.0856 5284 arcsas - ok
21:18:40.0883 5284 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:18:40.0883 5284 AsyncMac - ok
21:18:40.0886 5284 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
21:18:40.0887 5284 atapi - ok
21:18:40.0918 5284 AtiHDAudioService (230cf51113cd4b830b3bfd09b0d4c066) C:\Windows\system32\drivers\AtihdW76.sys
21:18:40.0919 5284 AtiHDAudioService - ok
21:18:41.0327 5284 atikmdag (322e5c178990f116f00e3d923f4e6b1c) C:\Windows\system32\DRIVERS\atikmdag.sys
21:18:41.0368 5284 atikmdag - ok
21:18:41.0462 5284 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
21:18:41.0474 5284 AudioEndpointBuilder - ok
21:18:41.0481 5284 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
21:18:41.0485 5284 AudioSrv - ok
21:18:41.0555 5284 AVP (b2b3fcba37671c853879df7dde8a839a) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
21:18:41.0558 5284 AVP - ok
21:18:41.0583 5284 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
21:18:41.0585 5284 AxInstSV - ok
21:18:41.0655 5284 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:18:41.0660 5284 b06bdrv - ok
21:18:41.0699 5284 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:18:41.0702 5284 b57nd60a - ok
21:18:41.0733 5284 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
21:18:41.0735 5284 BDESVC - ok
21:18:41.0743 5284 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:18:41.0743 5284 Beep - ok
21:18:41.0790 5284 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
21:18:41.0801 5284 BFE - ok
21:18:41.0855 5284 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll
21:18:41.0864 5284 BITS - ok
21:18:41.0883 5284 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:18:41.0883 5284 blbdrive - ok
21:18:41.0907 5284 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
21:18:41.0908 5284 bowser - ok
21:18:41.0917 5284 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:18:41.0917 5284 BrFiltLo - ok
21:18:41.0924 5284 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:18:41.0924 5284 BrFiltUp - ok
21:18:41.0953 5284 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
21:18:41.0954 5284 BridgeMP - ok
21:18:41.0976 5284 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
21:18:41.0978 5284 Browser - ok
21:18:41.0996 5284 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:18:41.0999 5284 Brserid - ok
21:18:42.0010 5284 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:18:42.0011 5284 BrSerWdm - ok
21:18:42.0020 5284 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:18:42.0021 5284 BrUsbMdm - ok
21:18:42.0033 5284 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:18:42.0033 5284 BrUsbSer - ok
21:18:42.0045 5284 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:18:42.0046 5284 BTHMODEM - ok
21:18:42.0063 5284 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
21:18:42.0065 5284 bthserv - ok
21:18:42.0076 5284 catchme - ok
21:18:42.0100 5284 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:18:42.0101 5284 cdfs - ok
21:18:42.0120 5284 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
21:18:42.0122 5284 cdrom - ok
21:18:42.0153 5284 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
21:18:42.0155 5284 CertPropSvc - ok
21:18:42.0170 5284 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:18:42.0170 5284 circlass - ok
21:18:42.0207 5284 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:18:42.0211 5284 CLFS - ok
21:18:42.0276 5284 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:18:42.0277 5284 clr_optimization_v2.0.50727_32 - ok
21:18:42.0326 5284 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:18:42.0327 5284 clr_optimization_v2.0.50727_64 - ok
21:18:42.0381 5284 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:18:42.0383 5284 clr_optimization_v4.0.30319_32 - ok
21:18:42.0403 5284 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:18:42.0405 5284 clr_optimization_v4.0.30319_64 - ok
21:18:42.0418 5284 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:18:42.0418 5284 CmBatt - ok
21:18:42.0436 5284 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
21:18:42.0437 5284 cmdide - ok
21:18:42.0479 5284 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
21:18:42.0484 5284 CNG - ok
21:18:42.0501 5284 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:18:42.0501 5284 Compbatt - ok
21:18:42.0525 5284 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
21:18:42.0526 5284 CompositeBus - ok
21:18:42.0531 5284 COMSysApp - ok
21:18:42.0547 5284 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
21:18:42.0547 5284 crcdisk - ok
21:18:42.0574 5284 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
21:18:42.0577 5284 CryptSvc - ok
21:18:42.0622 5284 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
21:18:42.0629 5284 DcomLaunch - ok
21:18:42.0661 5284 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
21:18:42.0665 5284 defragsvc - ok
21:18:42.0673 5284 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
21:18:42.0675 5284 DfsC - ok
21:18:42.0716 5284 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
21:18:42.0721 5284 Dhcp - ok
21:18:42.0729 5284 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:18:42.0730 5284 discache - ok
21:18:42.0741 5284 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
21:18:42.0741 5284 Disk - ok
21:18:42.0757 5284 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
21:18:42.0760 5284 Dnscache - ok
21:18:42.0790 5284 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
21:18:42.0793 5284 dot3svc - ok
21:18:42.0821 5284 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
21:18:42.0824 5284 DPS - ok
21:18:42.0846 5284 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:18:42.0847 5284 drmkaud - ok
21:18:42.0895 5284 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
21:18:42.0906 5284 DXGKrnl - ok
21:18:42.0934 5284 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
21:18:42.0936 5284 EapHost - ok
21:18:43.0088 5284 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
21:18:43.0129 5284 ebdrv - ok
21:18:43.0191 5284 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
21:18:43.0193 5284 EFS - ok
21:18:43.0275 5284 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
21:18:43.0287 5284 ehRecvr - ok
21:18:43.0305 5284 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
21:18:43.0307 5284 ehSched - ok
21:18:43.0360 5284 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
21:18:43.0367 5284 elxstor - ok
21:18:43.0390 5284 ENTECH64 (12c061d9f9621be916d58191872ec281) C:\Windows\system32\DRIVERS\ENTECH64.sys
21:18:43.0390 5284 ENTECH64 - ok
21:18:43.0424 5284 EPSON_PM_RPCV4_01 (1e345f2a2d95da3190596e691cde9342) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
21:18:43.0425 5284 EPSON_PM_RPCV4_01 - ok
21:18:43.0450 5284 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
21:18:43.0451 5284 ErrDev - ok
21:18:43.0485 5284 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
21:18:43.0488 5284 EventSystem - ok
21:18:43.0511 5284 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:18:43.0513 5284 exfat - ok
21:18:43.0534 5284 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:18:43.0536 5284 fastfat - ok
21:18:43.0586 5284 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
21:18:43.0614 5284 Fax - ok
21:18:43.0623 5284 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:18:43.0624 5284 fdc - ok
21:18:43.0630 5284 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
21:18:43.0631 5284 fdPHost - ok
21:18:43.0642 5284 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
21:18:43.0643 5284 FDResPub - ok
21:18:43.0658 5284 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:18:43.0659 5284 FileInfo - ok
21:18:43.0670 5284 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:18:43.0671 5284 Filetrace - ok
21:18:43.0677 5284 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
21:18:43.0678 5284 flpydisk - ok
21:18:43.0701 5284 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
21:18:43.0704 5284 FltMgr - ok
21:18:43.0770 5284 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
21:18:43.0786 5284 FontCache - ok
21:18:43.0867 5284 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:18:43.0867 5284 FontCache3.0.0.0 - ok
21:18:43.0895 5284 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:18:43.0896 5284 FsDepends - ok
21:18:43.0910 5284 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
21:18:43.0911 5284 Fs_Rec - ok
21:18:43.0933 5284 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:18:43.0936 5284 fvevol - ok
21:18:43.0950 5284 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:18:43.0951 5284 gagp30kx - ok
21:18:43.0990 5284 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
21:18:44.0008 5284 gpsvc - ok
21:18:44.0016 5284 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:18:44.0016 5284 hcw85cir - ok
21:18:44.0044 5284 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
21:18:44.0048 5284 HdAudAddService - ok
21:18:44.0069 5284 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:18:44.0071 5284 HDAudBus - ok
21:18:44.0078 5284 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:18:44.0079 5284 HidBatt - ok
21:18:44.0090 5284 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:18:44.0092 5284 HidBth - ok
21:18:44.0106 5284 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:18:44.0106 5284 HidIr - ok
21:18:44.0131 5284 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
21:18:44.0132 5284 hidserv - ok
21:18:44.0157 5284 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
21:18:44.0158 5284 HidUsb - ok
21:18:44.0188 5284 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
21:18:44.0190 5284 hkmsvc - ok
21:18:44.0209 5284 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
21:18:44.0213 5284 HomeGroupListener - ok
21:18:44.0248 5284 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
21:18:44.0252 5284 HomeGroupProvider - ok
21:18:44.0268 5284 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
21:18:44.0269 5284 HpSAMD - ok
21:18:44.0294 5284 HTCAND64 (f47cec45fb85791d4ab237563ad0fa8f) C:\Windows\system32\Drivers\ANDROIDUSB.sys
21:18:44.0294 5284 HTCAND64 - ok
21:18:44.0304 5284 htcnprot (b8b1b284362e1d8135112573395d5da5) C:\Windows\system32\DRIVERS\htcnprot.sys
21:18:44.0304 5284 htcnprot - ok
21:18:44.0352 5284 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
21:18:44.0360 5284 HTTP - ok
21:18:44.0380 5284 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
21:18:44.0380 5284 hwpolicy - ok
21:18:44.0425 5284 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
21:18:44.0426 5284 i8042prt - ok
21:18:44.0455 5284 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
21:18:44.0459 5284 iaStorV - ok
21:18:44.0508 5284 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
21:18:44.0510 5284 IDriverT - ok
21:18:44.0615 5284 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:18:44.0630 5284 idsvc - ok
21:18:44.0714 5284 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
21:18:44.0715 5284 iirsp - ok
21:18:44.0776 5284 IJPLMSVC (a06efd4965f8a3f97a8c9a291d032678) C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
21:18:44.0777 5284 IJPLMSVC - ok
21:18:44.0835 5284 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
21:18:44.0851 5284 IKEEXT - ok
21:18:44.0862 5284 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
21:18:44.0862 5284 intelide - ok
21:18:44.0877 5284 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:18:44.0878 5284 intelppm - ok
21:18:44.0902 5284 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
21:18:44.0904 5284 IPBusEnum - ok
21:18:44.0918 5284 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:18:44.0919 5284 IpFilterDriver - ok
21:18:44.0957 5284 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
21:18:44.0971 5284 iphlpsvc - ok
21:18:44.0981 5284 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
21:18:44.0982 5284 IPMIDRV - ok
21:18:44.0998 5284 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:18:44.0999 5284 IPNAT - ok
21:18:45.0020 5284 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:18:45.0021 5284 IRENUM - ok
21:18:45.0030 5284 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
21:18:45.0031 5284 isapnp - ok
21:18:45.0053 5284 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
21:18:45.0056 5284 iScsiPrt - ok
21:18:45.0075 5284 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
21:18:45.0075 5284 kbdclass - ok
21:18:45.0085 5284 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
21:18:45.0086 5284 kbdhid - ok
21:18:45.0100 5284 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
21:18:45.0101 5284 KeyIso - ok
21:18:45.0148 5284 KL1 (8d7120743a0973ceab548b475c9d4289) C:\Windows\system32\DRIVERS\kl1.sys
21:18:45.0153 5284 KL1 - ok
21:18:45.0188 5284 kl2 (cd146d8e525d6eebdcaf24120a8ab9ce) C:\Windows\system32\DRIVERS\kl2.sys
21:18:45.0188 5284 kl2 - ok
21:18:45.0253 5284 KLIF (c1786c2f8de0f62e076f7ef8dea4e87a) C:\Windows\system32\DRIVERS\klif.sys
21:18:45.0259 5284 KLIF - ok
21:18:45.0280 5284 KLIM6 (2a64b3a9eed93a2e96537b67c079fc96) C:\Windows\system32\DRIVERS\klim6.sys
21:18:45.0281 5284 KLIM6 - ok
21:18:45.0296 5284 klmouflt (9468d07e91ba136d82415f5dfc1fe168) C:\Windows\system32\DRIVERS\klmouflt.sys
21:18:45.0297 5284 klmouflt - ok
21:18:45.0312 5284 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
21:18:45.0313 5284 KSecDD - ok
21:18:45.0322 5284 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
21:18:45.0323 5284 KSecPkg - ok
21:18:45.0332 5284 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:18:45.0332 5284 ksthunk - ok
21:18:45.0371 5284 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
21:18:45.0376 5284 KtmRm - ok
21:18:45.0407 5284 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
21:18:45.0410 5284 LanmanServer - ok
21:18:45.0433 5284 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
21:18:45.0437 5284 LanmanWorkstation - ok
21:18:45.0495 5284 LBTServ (88e52495b47c67126b510af53fdb0bc7) C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
21:18:45.0497 5284 LBTServ - ok
21:18:45.0520 5284 LHidFilt (b6552d382ff070b4ed34cbd6737277c0) C:\Windows\system32\DRIVERS\LHidFilt.Sys
21:18:45.0521 5284 LHidFilt - ok
21:18:45.0538 5284 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:18:45.0539 5284 lltdio - ok
21:18:45.0574 5284 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
21:18:45.0579 5284 lltdsvc - ok
21:18:45.0593 5284 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
21:18:45.0595 5284 lmhosts - ok
21:18:45.0604 5284 LMouFilt (73c1f563ab73d459dffe682d66476558) C:\Windows\system32\DRIVERS\LMouFilt.Sys
21:18:45.0605 5284 LMouFilt - ok
21:18:45.0628 5284 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:18:45.0629 5284 LSI_FC - ok
21:18:45.0637 5284 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:18:45.0638 5284 LSI_SAS - ok
21:18:45.0653 5284 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:18:45.0654 5284 LSI_SAS2 - ok
21:18:45.0671 5284 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:18:45.0672 5284 LSI_SCSI - ok
21:18:45.0695 5284 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:18:45.0697 5284 luafv - ok
21:18:45.0731 5284 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
21:18:45.0732 5284 MBAMProtector - ok
21:18:45.0828 5284 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
21:18:45.0833 5284 MBAMService - ok
21:18:45.0853 5284 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
21:18:45.0855 5284 Mcx2Svc - ok
21:18:45.0868 5284 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
21:18:45.0868 5284 megasas - ok
21:18:45.0883 5284 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
21:18:45.0886 5284 MegaSR - ok
21:18:45.0899 5284 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:18:45.0901 5284 MMCSS - ok
21:18:45.0912 5284 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:18:45.0912 5284 Modem - ok
21:18:45.0935 5284 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:18:45.0936 5284 monitor - ok
21:18:45.0960 5284 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:18:45.0960 5284 mouclass - ok
21:18:45.0971 5284 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:18:45.0972 5284 mouhid - ok
21:18:45.0984 5284 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
21:18:45.0985 5284 mountmgr - ok
21:18:46.0012 5284 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:18:46.0013 5284 MozillaMaintenance - ok
21:18:46.0031 5284 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
21:18:46.0033 5284 mpio - ok
21:18:46.0043 5284 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:18:46.0044 5284 mpsdrv - ok
21:18:46.0086 5284 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
21:18:46.0102 5284 MpsSvc - ok
21:18:46.0122 5284 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
21:18:46.0124 5284 MRxDAV - ok
21:18:46.0143 5284 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:18:46.0145 5284 mrxsmb - ok
21:18:46.0172 5284 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:18:46.0176 5284 mrxsmb10 - ok
21:18:46.0186 5284 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:18:46.0188 5284 mrxsmb20 - ok
21:18:46.0200 5284 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
21:18:46.0201 5284 msahci - ok
21:18:46.0212 5284 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
21:18:46.0214 5284 msdsm - ok
21:18:46.0234 5284 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
21:18:46.0237 5284 MSDTC - ok
21:18:46.0255 5284 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:18:46.0256 5284 Msfs - ok
21:18:46.0264 5284 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:18:46.0265 5284 mshidkmdf - ok
21:18:46.0272 5284 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
21:18:46.0273 5284 msisadrv - ok
21:18:46.0298 5284 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
21:18:46.0301 5284 MSiSCSI - ok
21:18:46.0304 5284 msiserver - ok
21:18:46.0316 5284 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:18:46.0317 5284 MSKSSRV - ok
21:18:46.0332 5284 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:18:46.0333 5284 MSPCLOCK - ok
21:18:46.0340 5284 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:18:46.0340 5284 MSPQM - ok
21:18:46.0362 5284 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
21:18:46.0366 5284 MsRPC - ok
21:18:46.0380 5284 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
21:18:46.0381 5284 mssmbios - ok
21:18:46.0394 5284 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:18:46.0395 5284 MSTEE - ok
21:18:46.0404 5284 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:18:46.0405 5284 MTConfig - ok
21:18:46.0427 5284 MTsensor (6936198f2cc25b39cf5262436c80df46) C:\Windows\system32\DRIVERS\ASACPI.sys
21:18:46.0427 5284 MTsensor - ok
21:18:46.0443 5284 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:18:46.0444 5284 Mup - ok
21:18:46.0483 5284 mv61xx (e884fd7fb31bc82041aab75be5c81eef) C:\Windows\system32\DRIVERS\mv61xx.sys
21:18:46.0484 5284 mv61xx - ok
21:18:46.0526 5284 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
21:18:46.0535 5284 napagent - ok
21:18:46.0592 5284 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:18:46.0596 5284 NativeWifiP - ok
21:18:46.0651 5284 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
21:18:46.0662 5284 NDIS - ok
21:18:46.0679 5284 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:18:46.0679 5284 NdisCap - ok
21:18:46.0692 5284 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:18:46.0693 5284 NdisTapi - ok
21:18:46.0714 5284 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
21:18:46.0715 5284 Ndisuio - ok
21:18:46.0729 5284 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
21:18:46.0731 5284 NdisWan - ok
21:18:46.0737 5284 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
21:18:46.0737 5284 NDProxy - ok
21:18:46.0751 5284 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:18:46.0752 5284 NetBIOS - ok
21:18:46.0775 5284 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
21:18:46.0779 5284 NetBT - ok
21:18:46.0802 5284 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
21:18:46.0803 5284 Netlogon - ok
21:18:46.0844 5284 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
21:18:46.0850 5284 Netman - ok
21:18:46.0878 5284 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
21:18:46.0884 5284 netprofm - ok
21:18:46.0958 5284 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:18:46.0960 5284 NetTcpPortSharing - ok
21:18:46.0975 5284 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:18:46.0976 5284 nfrd960 - ok
21:18:47.0017 5284 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
21:18:47.0022 5284 NlaSvc - ok
21:18:47.0031 5284 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:18:47.0031 5284 Npfs - ok
21:18:47.0052 5284 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
21:18:47.0054 5284 nsi - ok
21:18:47.0064 5284 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:18:47.0064 5284 nsiproxy - ok
21:18:47.0141 5284 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
21:18:47.0159 5284 Ntfs - ok
21:18:47.0234 5284 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:18:47.0234 5284 Null - ok
21:18:47.0259 5284 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
21:18:47.0261 5284 nvraid - ok
21:18:47.0288 5284 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
21:18:47.0290 5284 nvstor - ok
21:18:47.0304 5284 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
21:18:47.0306 5284 nv_agp - ok
21:18:47.0317 5284 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
21:18:47.0318 5284 ohci1394 - ok
21:18:47.0377 5284 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:18:47.0378 5284 ose - ok
21:18:47.0415 5284 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:18:47.0420 5284 p2pimsvc - ok
21:18:47.0447 5284 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
21:18:47.0453 5284 p2psvc - ok
21:18:47.0483 5284 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:18:47.0485 5284 Parport - ok
21:18:47.0508 5284 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys
21:18:47.0509 5284 partmgr - ok
21:18:47.0549 5284 PassThru Service (5fbcc9eeefaca3019d5bd5979618f298) C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
21:18:47.0550 5284 PassThru Service - ok
21:18:47.0564 5284 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
21:18:47.0567 5284 PcaSvc - ok
21:18:47.0585 5284 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
21:18:47.0588 5284 pci - ok
21:18:47.0594 5284 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
21:18:47.0594 5284 pciide - ok
21:18:47.0618 5284 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:18:47.0620 5284 pcmcia - ok
21:18:47.0633 5284 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:18:47.0633 5284 pcw - ok
21:18:47.0672 5284 Peachtree SmartPosting 2011 (ed7826c234e3caaa994886b83f92618d) C:\Program Files (x86)\Sage\Peachtree\SmartPostingService2011.exe
21:18:47.0673 5284 Peachtree SmartPosting 2011 - ok
21:18:47.0706 5284 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:18:47.0714 5284 PEAUTH - ok
21:18:47.0778 5284 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
21:18:47.0780 5284 PerfHost - ok
21:18:47.0899 5284 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
21:18:47.0926 5284 pla - ok
21:18:47.0970 5284 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
21:18:47.0977 5284 PlugPlay - ok
21:18:48.0002 5284 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
21:18:48.0004 5284 PNRPAutoReg - ok
21:18:48.0031 5284 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:18:48.0035 5284 PNRPsvc - ok
21:18:48.0079 5284 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
21:18:48.0088 5284 PolicyAgent - ok
21:18:48.0118 5284 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
21:18:48.0122 5284 Power - ok
21:18:48.0177 5284 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
21:18:48.0178 5284 PptpMiniport - ok
21:18:48.0199 5284 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:18:48.0199 5284 Processor - ok
21:18:48.0223 5284 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
21:18:48.0226 5284 ProfSvc - ok
21:18:48.0241 5284 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
21:18:48.0243 5284 ProtectedStorage - ok
21:18:48.0299 5284 ProtexisLicensing (f115af58abe5605d7d709cbfbd83f418) C:\Windows\SysWOW64\PSIService.exe
21:18:48.0301 5284 ProtexisLicensing - ok
21:18:48.0335 5284 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
21:18:48.0336 5284 Psched - ok
21:18:48.0411 5284 psqlWGE (bb05bba187e49e978c3e9dc2c979667e) C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe
21:18:48.0414 5284 psqlWGE - ok
21:18:48.0501 5284 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:18:48.0518 5284 ql2300 - ok
21:18:48.0587 5284 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:18:48.0589 5284 ql40xx - ok
21:18:48.0620 5284 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
21:18:48.0625 5284 QWAVE - ok
21:18:48.0638 5284 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:18:48.0639 5284 QWAVEdrv - ok
21:18:48.0646 5284 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:18:48.0647 5284 RasAcd - ok
21:18:48.0666 5284 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:18:48.0666 5284 RasAgileVpn - ok
21:18:48.0680 5284 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
21:18:48.0682 5284 RasAuto - ok
21:18:48.0698 5284 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:18:48.0699 5284 Rasl2tp - ok
21:18:48.0720 5284 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
21:18:48.0725 5284 RasMan - ok
21:18:48.0736 5284 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:18:48.0737 5284 RasPppoe - ok
21:18:48.0752 5284 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:18:48.0753 5284 RasSstp - ok
21:18:48.0786 5284 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
21:18:48.0789 5284 rdbss - ok
21:18:48.0802 5284 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:18:48.0803 5284 rdpbus - ok
21:18:48.0817 5284 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:18:48.0818 5284 RDPCDD - ok
21:18:48.0830 5284 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:18:48.0830 5284 RDPENCDD - ok
21:18:48.0840 5284 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:18:48.0840 5284 RDPREFMP - ok
21:18:48.0865 5284 RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys
21:18:48.0868 5284 RDPWD - ok
21:18:48.0889 5284 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
21:18:48.0892 5284 rdyboost - ok
21:18:48.0917 5284 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
21:18:48.0920 5284 RemoteAccess - ok
21:18:48.0929 5284 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
21:18:48.0933 5284 RemoteRegistry - ok
21:18:48.0951 5284 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
21:18:48.0954 5284 RpcEptMapper - ok
21:18:48.0970 5284 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
21:18:48.0971 5284 RpcLocator - ok
21:18:49.0013 5284 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
21:18:49.0018 5284 RpcSs - ok
21:18:49.0030 5284 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:18:49.0032 5284 rspndr - ok
21:18:49.0066 5284 rt61x64 (5020d8b04e39ec876d5943d3b6d1f04d) C:\Windows\system32\DRIVERS\netr6164.sys
21:18:49.0070 5284 rt61x64 - ok
21:18:49.0093 5284 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
21:18:49.0095 5284 SamSs - ok
21:18:49.0109 5284 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
21:18:49.0110 5284 sbp2port - ok
21:18:49.0165 5284 Scan2PC (4fa9ce45eef1f588f66144a9af767d1a) C:\Program Files (x86)\Scan2PC\Sc2PCS64.exe
21:18:49.0166 5284 Scan2PC - ok
21:18:49.0196 5284 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
21:18:49.0200 5284 SCardSvr - ok
21:18:49.0211 5284 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
21:18:49.0212 5284 scfilter - ok
21:18:49.0264 5284 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
21:18:49.0274 5284 Schedule - ok
21:18:49.0302 5284 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
21:18:49.0304 5284 SCPolicySvc - ok
21:18:49.0320 5284 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
21:18:49.0324 5284 SDRSVC - ok
21:18:49.0357 5284 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:18:49.0358 5284 secdrv - ok
21:18:49.0367 5284 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
21:18:49.0370 5284 seclogon - ok
21:18:49.0383 5284 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
21:18:49.0385 5284 SENS - ok
21:18:49.0398 5284 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
21:18:49.0400 5284 SensrSvc - ok
21:18:49.0411 5284 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:18:49.0412 5284 Serenum - ok
21:18:49.0550 5284 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:18:49.0576 5284 Serial - ok
21:18:49.0587 5284 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:18:49.0588 5284 sermouse - ok
21:18:49.0610 5284 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
21:18:49.0613 5284 SessionEnv - ok
21:18:49.0623 5284 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
21:18:49.0623 5284 sffdisk - ok
21:18:49.0635 5284 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
21:18:49.0636 5284 sffp_mmc - ok
21:18:49.0639 5284 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
21:18:49.0640 5284 sffp_sd - ok
21:18:49.0648 5284 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
21:18:49.0648 5284 sfloppy - ok
21:18:49.0681 5284 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
21:18:49.0685 5284 SharedAccess - ok
21:18:49.0723 5284 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
21:18:49.0729 5284 ShellHWDetection - ok
21:18:49.0739 5284 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:18:49.0740 5284 SiSRaid2 - ok
21:18:49.0751 5284 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
21:18:49.0753 5284 SiSRaid4 - ok
21:18:49.0777 5284 SkLaggProtocol (8c84b7756b1b269c4e302cc09edc8dce) C:\Windows\system32\DRIVERS\yk60x64l.sys
21:18:49.0778 5284 SkLaggProtocol - ok
21:18:49.0798 5284 SkVlanProtocol (5bc4ed412a202e4e1ef6a5877625d5d6) C:\Windows\system32\DRIVERS\yk60x64v.sys
21:18:49.0799 5284 SkVlanProtocol - ok
21:18:49.0823 5284 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:18:49.0824 5284 Smb - ok
21:18:49.0854 5284 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
21:18:49.0856 5284 SNMPTRAP - ok
21:18:49.0863 5284 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:18:49.0864 5284 spldr - ok
21:18:49.0900 5284 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
21:18:49.0906 5284 Spooler - ok
21:18:50.0071 5284 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
21:18:50.0087 5284 sppsvc - ok
21:18:50.0149 5284 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
21:18:50.0152 5284 sppuinotify - ok
21:18:50.0193 5284 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
21:18:50.0199 5284 srv - ok
21:18:50.0217 5284 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
21:18:50.0221 5284 srv2 - ok
21:18:50.0234 5284 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
21:18:50.0236 5284 srvnet - ok
21:18:50.0261 5284 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
21:18:50.0265 5284 SSDPSRV - ok
21:18:50.0278 5284 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
21:18:50.0281 5284 SstpSvc - ok
21:18:50.0288 5284 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
21:18:50.0288 5284 stexstor - ok
21:18:50.0343 5284 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
21:18:50.0366 5284 stisvc - ok
21:18:50.0408 5284 SWDUMon (2de29c3e75b1409c71cf1807145035b3) C:\Windows\system32\DRIVERS\SWDUMon.sys
21:18:50.0408 5284 SWDUMon - ok
21:18:50.0415 5284 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
21:18:50.0415 5284 swenum - ok
21:18:50.0446 5284 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
21:18:50.0462 5284 swprv - ok
21:18:50.0555 5284 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
21:18:50.0579 5284 SysMain - ok
21:18:50.0646 5284 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
21:18:50.0649 5284 TabletInputService - ok
21:18:50.0672 5284 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
21:18:50.0678 5284 TapiSrv - ok
21:18:50.0698 5284 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
21:18:50.0701 5284 TBS - ok
21:18:50.0819 5284 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys
21:18:50.0840 5284 Tcpip - ok
21:18:50.0964 5284 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys
21:18:50.0976 5284 TCPIP6 - ok
21:18:51.0015 5284 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
21:18:51.0016 5284 tcpipreg - ok
21:18:51.0037 5284 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:18:51.0037 5284 TDPIPE - ok
21:18:51.0052 5284 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
21:18:51.0053 5284 TDTCP - ok
21:18:51.0081 5284 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
21:18:51.0082 5284 tdx - ok
21:18:51.0089 5284 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
21:18:51.0090 5284 TermDD - ok
21:18:51.0131 5284 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
21:18:51.0137 5284 TermService - ok
21:18:51.0147 5284 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
21:18:51.0150 5284 Themes - ok
21:18:51.0167 5284 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:18:51.0168 5284 THREADORDER - ok
21:18:51.0186 5284 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
21:18:51.0189 5284 TrkWks - ok
21:18:51.0235 5284 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
21:18:51.0237 5284 TrustedInstaller - ok
21:18:51.0243 5284 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:18:51.0244 5284 tssecsrv - ok
21:18:51.0272 5284 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
21:18:51.0274 5284 tunnel - ok
21:18:51.0285 5284 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
21:18:51.0286 5284 uagp35 - ok
21:18:51.0313 5284 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
21:18:51.0317 5284 udfs - ok
21:18:51.0330 5284 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
21:18:51.0333 5284 UI0Detect - ok
21:18:51.0342 5284 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
21:18:51.0342 5284 uliagpkx - ok
21:18:51.0357 5284 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
21:18:51.0357 5284 umbus - ok
21:18:51.0368 5284 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
21:18:51.0368 5284 UmPass - ok
21:18:51.0408 5284 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
21:18:51.0414 5284 upnphost - ok
21:18:51.0448 5284 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
21:18:51.0449 5284 usbaudio - ok
21:18:51.0461 5284 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
21:18:51.0463 5284 usbccgp - ok
21:18:51.0483 5284 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
21:18:51.0484 5284 usbcir - ok
21:18:51.0493 5284 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\drivers\usbehci.sys
21:18:51.0493 5284 usbehci - ok
21:18:51.0516 5284 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
21:18:51.0521 5284 usbhub - ok
21:18:51.0529 5284 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
21:18:51.0529 5284 usbohci - ok
21:18:51.0543 5284 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:18:51.0544 5284 usbprint - ok
21:18:51.0566 5284 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
21:18:51.0567 5284 usbscan - ok
21:18:51.0581 5284 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:18:51.0582 5284 USBSTOR - ok
21:18:51.0592 5284 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
21:18:51.0593 5284 usbuhci - ok
21:18:51.0604 5284 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
21:18:51.0606 5284 UxSms - ok
21:18:51.0627 5284 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
21:18:51.0628 5284 VaultSvc - ok
21:18:51.0632 5284 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
21:18:51.0633 5284 vdrvroot - ok
21:18:51.0681 5284 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
21:18:51.0689 5284 vds - ok
21:18:51.0698 5284 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:18:51.0698 5284 vga - ok
21:18:51.0712 5284 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:18:51.0713 5284 VgaSave - ok
21:18:51.0735 5284 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
21:18:51.0737 5284 vhdmp - ok
21:18:51.0747 5284 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
21:18:51.0748 5284 viaide - ok
21:18:51.0760 5284 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
21:18:51.0761 5284 volmgr - ok
21:18:51.0783 5284 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
21:18:51.0787 5284 volmgrx - ok
21:18:51.0809 5284 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
21:18:51.0811 5284 volsnap - ok
21:18:51.0829 5284 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
21:18:51.0831 5284 vsmraid - ok
21:18:51.0904 5284 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
21:18:51.0916 5284 VSS - ok
21:18:52.0001 5284 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
21:18:52.0002 5284 vwifibus - ok
21:18:52.0027 5284 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
21:18:52.0033 5284 W32Time - ok
21:18:52.0048 5284 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
21:18:52.0048 5284 WacomPen - ok
21:18:52.0074 5284 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
21:18:52.0075 5284 WANARP - ok
21:18:52.0078 5284 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
21:18:52.0079 5284 Wanarpv6 - ok
21:18:52.0148 5284 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
21:18:52.0170 5284 WatAdminSvc - ok
21:18:52.0249 5284 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
21:18:52.0261 5284 wbengine - ok
21:18:52.0304 5284 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
21:18:52.0308 5284 WbioSrvc - ok
21:18:52.0335 5284 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
21:18:52.0341 5284 wcncsvc - ok
21:18:52.0357 5284 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
21:18:52.0360 5284 WcsPlugInService - ok
21:18:52.0377 5284 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
21:18:52.0378 5284 Wd - ok
21:18:52.0435 5284 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:18:52.0443 5284 Wdf01000 - ok
21:18:52.0455 5284 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:18:52.0458 5284 WdiServiceHost - ok
21:18:52.0461 5284 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:18:52.0463 5284 WdiSystemHost - ok
21:18:52.0495 5284 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
21:18:52.0500 5284 WebClient - ok
21:18:52.0516 5284 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
21:18:52.0521 5284 Wecsvc - ok
21:18:52.0538 5284 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
21:18:52.0541 5284 wercplsupport - ok
21:18:52.0580 5284 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
21:18:52.0583 5284 WerSvc - ok
21:18:52.0593 5284 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:18:52.0594 5284 WfpLwf - ok
21:18:52.0600 5284 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:18:52.0601 5284 WIMMount - ok
21:18:52.0626 5284 WinDefend - ok
21:18:52.0632 5284 WinHttpAutoProxySvc - ok
21:18:52.0684 5284 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
21:18:52.0687 5284 Winmgmt - ok
21:18:52.0781 5284 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
21:18:52.0815 5284 WinRM - ok
21:18:52.0927 5284 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
21:18:52.0928 5284 WinUsb - ok
21:18:52.0985 5284 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
21:18:53.0000 5284 Wlansvc - ok
21:18:53.0011 5284 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
21:18:53.0011 5284 WmiAcpi - ok
21:18:53.0045 5284 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
21:18:53.0048 5284 wmiApSrv - ok
21:18:53.0055 5284 WMPNetworkSvc - ok
21:18:53.0068 5284 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
21:18:53.0071 5284 WPCSvc - ok
21:18:53.0103 5284 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
21:18:53.0106 5284 WPDBusEnum - ok
21:18:53.0119 5284 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:18:53.0120 5284 ws2ifsl - ok
21:18:53.0137 5284 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll
21:18:53.0140 5284 wscsvc - ok
21:18:53.0143 5284 WSearch - ok
21:18:53.0252 5284 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
21:18:53.0284 5284 wuauserv - ok
21:18:53.0326 5284 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
21:18:53.0328 5284 WudfPf - ok
21:18:53.0347 5284 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:18:53.0349 5284 WUDFRd - ok
21:18:53.0358 5284 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
21:18:53.0360 5284 wudfsvc - ok
21:18:53.0390 5284 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
21:18:53.0394 5284 WwanSvc - ok
21:18:53.0436 5284 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
21:18:53.0440 5284 yukonw7 - ok
21:18:53.0468 5284 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:18:53.0634 5284 \Device\Harddisk0\DR0 - ok
21:18:53.0637 5284 Boot (0x1200) (89145cee0c960da0ba76d9e8682cdabf) \Device\Harddisk0\DR0\Partition0
21:18:53.0638 5284 \Device\Harddisk0\DR0\Partition0 - ok
21:18:53.0639 5284 ============================================================
21:18:53.0639 5284 Scan finished
21:18:53.0639 5284 ============================================================
21:18:53.0647 3076 Detected object count: 0
21:18:53.0647 3076 Actual detected object count: 0

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:37 AM

Posted 06 June 2012 - 08:38 PM

Greetings

That looks very good and now send me the aswMBR report when it is complete


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 pilotandmechanic

pilotandmechanic
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:37 AM

Posted 06 June 2012 - 09:06 PM

Here's the aswMBR text. Sorry I took a while to get back to you; I've been pressed for time (working 7 days a week right now)!

21:18:19.0289 5696 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
21:18:19.0774 5696 ============================================================
21:18:19.0774 5696 Current date / time: 2012/06/06 21:18:19.0774
21:18:19.0774 5696 SystemInfo:
21:18:19.0774 5696
21:18:19.0774 5696 OS Version: 6.1.7600 ServicePack: 0.0
21:18:19.0774 5696 Product type: Workstation
21:18:19.0774 5696 ComputerName: CHRISANDCASS-PC
21:18:19.0774 5696 UserName: Chris and Cassandra
21:18:19.0774 5696 Windows directory: C:\Windows
21:18:19.0774 5696 System windows directory: C:\Windows
21:18:19.0774 5696 Running under WOW64
21:18:19.0774 5696 Processor architecture: Intel x64
21:18:19.0774 5696 Number of processors: 8
21:18:19.0774 5696 Page size: 0x1000
21:18:19.0774 5696 Boot type: Normal boot
21:18:19.0774 5696 ============================================================
21:18:20.0452 5696 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:18:20.0471 5696 ============================================================
21:18:20.0471 5696 \Device\Harddisk0\DR0:
21:18:20.0471 5696 MBR partitions:
21:18:20.0471 5696 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
21:18:20.0471 5696 ============================================================
21:18:20.0478 5696 C: <-> \Device\Harddisk0\DR0\Partition0
21:18:20.0478 5696 ============================================================
21:18:20.0478 5696 Initialize success
21:18:20.0478 5696 ============================================================
21:18:38.0561 5284 ============================================================
21:18:38.0561 5284 Scan started
21:18:38.0561 5284 Mode: Manual;
21:18:38.0561 5284 ============================================================
21:18:39.0456 5284 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
21:18:39.0459 5284 1394ohci - ok
21:18:39.0486 5284 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
21:18:39.0490 5284 ACPI - ok
21:18:39.0506 5284 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
21:18:39.0507 5284 AcpiPmi - ok
21:18:39.0555 5284 ADIHdAudAddService (59aa63b5dcc9b99c25acc1bc5e9e6816) C:\Windows\system32\drivers\ADIHdAud.sys
21:18:39.0561 5284 ADIHdAudAddService - ok
21:18:39.0626 5284 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:18:39.0627 5284 AdobeARMservice - ok
21:18:39.0724 5284 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:18:39.0726 5284 AdobeFlashPlayerUpdateSvc - ok
21:18:39.0800 5284 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:18:39.0806 5284 adp94xx - ok
21:18:39.0828 5284 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:18:39.0832 5284 adpahci - ok
21:18:39.0841 5284 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:18:39.0843 5284 adpu320 - ok
21:18:39.0858 5284 AEADIFilters (3bdb13c79cc8c06e2f8182595903ed69) C:\Windows\system32\AEADISRV.EXE
21:18:39.0859 5284 AEADIFilters - ok
21:18:39.0877 5284 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
21:18:39.0879 5284 AeLookupSvc - ok
21:18:39.0934 5284 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
21:18:39.0940 5284 AFD - ok
21:18:39.0955 5284 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
21:18:39.0956 5284 agp440 - ok
21:18:39.0964 5284 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
21:18:39.0965 5284 ALG - ok
21:18:39.0971 5284 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
21:18:39.0971 5284 aliide - ok
21:18:40.0003 5284 AMD External Events Utility (5ec60409bd50953bd4f892b18840039e) C:\Windows\system32\atiesrxx.exe
21:18:40.0005 5284 AMD External Events Utility - ok
21:18:40.0011 5284 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
21:18:40.0012 5284 amdide - ok
21:18:40.0031 5284 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:18:40.0032 5284 AmdK8 - ok
21:18:40.0453 5284 amdkmdag (322e5c178990f116f00e3d923f4e6b1c) C:\Windows\system32\DRIVERS\atikmdag.sys
21:18:40.0561 5284 amdkmdag - ok
21:18:40.0655 5284 amdkmdap (961a81a84fdd700e361e8294528a37ba) C:\Windows\system32\DRIVERS\atikmpag.sys
21:18:40.0658 5284 amdkmdap - ok
21:18:40.0674 5284 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:18:40.0675 5284 AmdPPM - ok
21:18:40.0690 5284 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
21:18:40.0691 5284 amdsata - ok
21:18:40.0718 5284 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:18:40.0720 5284 amdsbs - ok
21:18:40.0729 5284 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
21:18:40.0729 5284 amdxata - ok
21:18:40.0753 5284 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
21:18:40.0753 5284 AppID - ok
21:18:40.0781 5284 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
21:18:40.0782 5284 AppIDSvc - ok
21:18:40.0804 5284 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
21:18:40.0806 5284 Appinfo - ok
21:18:40.0843 5284 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:18:40.0844 5284 arc - ok
21:18:40.0855 5284 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:18:40.0856 5284 arcsas - ok
21:18:40.0883 5284 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:18:40.0883 5284 AsyncMac - ok
21:18:40.0886 5284 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
21:18:40.0887 5284 atapi - ok
21:18:40.0918 5284 AtiHDAudioService (230cf51113cd4b830b3bfd09b0d4c066) C:\Windows\system32\drivers\AtihdW76.sys
21:18:40.0919 5284 AtiHDAudioService - ok
21:18:41.0327 5284 atikmdag (322e5c178990f116f00e3d923f4e6b1c) C:\Windows\system32\DRIVERS\atikmdag.sys
21:18:41.0368 5284 atikmdag - ok
21:18:41.0462 5284 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
21:18:41.0474 5284 AudioEndpointBuilder - ok
21:18:41.0481 5284 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
21:18:41.0485 5284 AudioSrv - ok
21:18:41.0555 5284 AVP (b2b3fcba37671c853879df7dde8a839a) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
21:18:41.0558 5284 AVP - ok
21:18:41.0583 5284 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
21:18:41.0585 5284 AxInstSV - ok
21:18:41.0655 5284 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:18:41.0660 5284 b06bdrv - ok
21:18:41.0699 5284 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:18:41.0702 5284 b57nd60a - ok
21:18:41.0733 5284 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
21:18:41.0735 5284 BDESVC - ok
21:18:41.0743 5284 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:18:41.0743 5284 Beep - ok
21:18:41.0790 5284 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
21:18:41.0801 5284 BFE - ok
21:18:41.0855 5284 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll
21:18:41.0864 5284 BITS - ok
21:18:41.0883 5284 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:18:41.0883 5284 blbdrive - ok
21:18:41.0907 5284 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
21:18:41.0908 5284 bowser - ok
21:18:41.0917 5284 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:18:41.0917 5284 BrFiltLo - ok
21:18:41.0924 5284 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:18:41.0924 5284 BrFiltUp - ok
21:18:41.0953 5284 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
21:18:41.0954 5284 BridgeMP - ok
21:18:41.0976 5284 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
21:18:41.0978 5284 Browser - ok
21:18:41.0996 5284 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:18:41.0999 5284 Brserid - ok
21:18:42.0010 5284 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:18:42.0011 5284 BrSerWdm - ok
21:18:42.0020 5284 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:18:42.0021 5284 BrUsbMdm - ok
21:18:42.0033 5284 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:18:42.0033 5284 BrUsbSer - ok
21:18:42.0045 5284 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:18:42.0046 5284 BTHMODEM - ok
21:18:42.0063 5284 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
21:18:42.0065 5284 bthserv - ok
21:18:42.0076 5284 catchme - ok
21:18:42.0100 5284 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:18:42.0101 5284 cdfs - ok
21:18:42.0120 5284 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
21:18:42.0122 5284 cdrom - ok
21:18:42.0153 5284 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
21:18:42.0155 5284 CertPropSvc - ok
21:18:42.0170 5284 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:18:42.0170 5284 circlass - ok
21:18:42.0207 5284 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:18:42.0211 5284 CLFS - ok
21:18:42.0276 5284 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:18:42.0277 5284 clr_optimization_v2.0.50727_32 - ok
21:18:42.0326 5284 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:18:42.0327 5284 clr_optimization_v2.0.50727_64 - ok
21:18:42.0381 5284 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:18:42.0383 5284 clr_optimization_v4.0.30319_32 - ok
21:18:42.0403 5284 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:18:42.0405 5284 clr_optimization_v4.0.30319_64 - ok
21:18:42.0418 5284 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:18:42.0418 5284 CmBatt - ok
21:18:42.0436 5284 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
21:18:42.0437 5284 cmdide - ok
21:18:42.0479 5284 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
21:18:42.0484 5284 CNG - ok
21:18:42.0501 5284 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:18:42.0501 5284 Compbatt - ok
21:18:42.0525 5284 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
21:18:42.0526 5284 CompositeBus - ok
21:18:42.0531 5284 COMSysApp - ok
21:18:42.0547 5284 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
21:18:42.0547 5284 crcdisk - ok
21:18:42.0574 5284 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
21:18:42.0577 5284 CryptSvc - ok
21:18:42.0622 5284 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
21:18:42.0629 5284 DcomLaunch - ok
21:18:42.0661 5284 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
21:18:42.0665 5284 defragsvc - ok
21:18:42.0673 5284 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
21:18:42.0675 5284 DfsC - ok
21:18:42.0716 5284 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
21:18:42.0721 5284 Dhcp - ok
21:18:42.0729 5284 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:18:42.0730 5284 discache - ok
21:18:42.0741 5284 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
21:18:42.0741 5284 Disk - ok
21:18:42.0757 5284 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
21:18:42.0760 5284 Dnscache - ok
21:18:42.0790 5284 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
21:18:42.0793 5284 dot3svc - ok
21:18:42.0821 5284 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
21:18:42.0824 5284 DPS - ok
21:18:42.0846 5284 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:18:42.0847 5284 drmkaud - ok
21:18:42.0895 5284 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
21:18:42.0906 5284 DXGKrnl - ok
21:18:42.0934 5284 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
21:18:42.0936 5284 EapHost - ok
21:18:43.0088 5284 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
21:18:43.0129 5284 ebdrv - ok
21:18:43.0191 5284 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
21:18:43.0193 5284 EFS - ok
21:18:43.0275 5284 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
21:18:43.0287 5284 ehRecvr - ok
21:18:43.0305 5284 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
21:18:43.0307 5284 ehSched - ok
21:18:43.0360 5284 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
21:18:43.0367 5284 elxstor - ok
21:18:43.0390 5284 ENTECH64 (12c061d9f9621be916d58191872ec281) C:\Windows\system32\DRIVERS\ENTECH64.sys
21:18:43.0390 5284 ENTECH64 - ok
21:18:43.0424 5284 EPSON_PM_RPCV4_01 (1e345f2a2d95da3190596e691cde9342) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
21:18:43.0425 5284 EPSON_PM_RPCV4_01 - ok
21:18:43.0450 5284 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
21:18:43.0451 5284 ErrDev - ok
21:18:43.0485 5284 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
21:18:43.0488 5284 EventSystem - ok
21:18:43.0511 5284 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:18:43.0513 5284 exfat - ok
21:18:43.0534 5284 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:18:43.0536 5284 fastfat - ok
21:18:43.0586 5284 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
21:18:43.0614 5284 Fax - ok
21:18:43.0623 5284 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:18:43.0624 5284 fdc - ok
21:18:43.0630 5284 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
21:18:43.0631 5284 fdPHost - ok
21:18:43.0642 5284 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
21:18:43.0643 5284 FDResPub - ok
21:18:43.0658 5284 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:18:43.0659 5284 FileInfo - ok
21:18:43.0670 5284 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:18:43.0671 5284 Filetrace - ok
21:18:43.0677 5284 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
21:18:43.0678 5284 flpydisk - ok
21:18:43.0701 5284 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
21:18:43.0704 5284 FltMgr - ok
21:18:43.0770 5284 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
21:18:43.0786 5284 FontCache - ok
21:18:43.0867 5284 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:18:43.0867 5284 FontCache3.0.0.0 - ok
21:18:43.0895 5284 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:18:43.0896 5284 FsDepends - ok
21:18:43.0910 5284 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
21:18:43.0911 5284 Fs_Rec - ok
21:18:43.0933 5284 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:18:43.0936 5284 fvevol - ok
21:18:43.0950 5284 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:18:43.0951 5284 gagp30kx - ok
21:18:43.0990 5284 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
21:18:44.0008 5284 gpsvc - ok
21:18:44.0016 5284 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:18:44.0016 5284 hcw85cir - ok
21:18:44.0044 5284 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
21:18:44.0048 5284 HdAudAddService - ok
21:18:44.0069 5284 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:18:44.0071 5284 HDAudBus - ok
21:18:44.0078 5284 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:18:44.0079 5284 HidBatt - ok
21:18:44.0090 5284 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:18:44.0092 5284 HidBth - ok
21:18:44.0106 5284 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:18:44.0106 5284 HidIr - ok
21:18:44.0131 5284 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
21:18:44.0132 5284 hidserv - ok
21:18:44.0157 5284 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
21:18:44.0158 5284 HidUsb - ok
21:18:44.0188 5284 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
21:18:44.0190 5284 hkmsvc - ok
21:18:44.0209 5284 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
21:18:44.0213 5284 HomeGroupListener - ok
21:18:44.0248 5284 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
21:18:44.0252 5284 HomeGroupProvider - ok
21:18:44.0268 5284 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
21:18:44.0269 5284 HpSAMD - ok
21:18:44.0294 5284 HTCAND64 (f47cec45fb85791d4ab237563ad0fa8f) C:\Windows\system32\Drivers\ANDROIDUSB.sys
21:18:44.0294 5284 HTCAND64 - ok
21:18:44.0304 5284 htcnprot (b8b1b284362e1d8135112573395d5da5) C:\Windows\system32\DRIVERS\htcnprot.sys
21:18:44.0304 5284 htcnprot - ok
21:18:44.0352 5284 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
21:18:44.0360 5284 HTTP - ok
21:18:44.0380 5284 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
21:18:44.0380 5284 hwpolicy - ok
21:18:44.0425 5284 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
21:18:44.0426 5284 i8042prt - ok
21:18:44.0455 5284 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
21:18:44.0459 5284 iaStorV - ok
21:18:44.0508 5284 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
21:18:44.0510 5284 IDriverT - ok
21:18:44.0615 5284 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:18:44.0630 5284 idsvc - ok
21:18:44.0714 5284 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
21:18:44.0715 5284 iirsp - ok
21:18:44.0776 5284 IJPLMSVC (a06efd4965f8a3f97a8c9a291d032678) C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
21:18:44.0777 5284 IJPLMSVC - ok
21:18:44.0835 5284 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
21:18:44.0851 5284 IKEEXT - ok
21:18:44.0862 5284 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
21:18:44.0862 5284 intelide - ok
21:18:44.0877 5284 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:18:44.0878 5284 intelppm - ok
21:18:44.0902 5284 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
21:18:44.0904 5284 IPBusEnum - ok
21:18:44.0918 5284 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:18:44.0919 5284 IpFilterDriver - ok
21:18:44.0957 5284 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
21:18:44.0971 5284 iphlpsvc - ok
21:18:44.0981 5284 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
21:18:44.0982 5284 IPMIDRV - ok
21:18:44.0998 5284 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:18:44.0999 5284 IPNAT - ok
21:18:45.0020 5284 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:18:45.0021 5284 IRENUM - ok
21:18:45.0030 5284 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
21:18:45.0031 5284 isapnp - ok
21:18:45.0053 5284 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
21:18:45.0056 5284 iScsiPrt - ok
21:18:45.0075 5284 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
21:18:45.0075 5284 kbdclass - ok
21:18:45.0085 5284 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
21:18:45.0086 5284 kbdhid - ok
21:18:45.0100 5284 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
21:18:45.0101 5284 KeyIso - ok
21:18:45.0148 5284 KL1 (8d7120743a0973ceab548b475c9d4289) C:\Windows\system32\DRIVERS\kl1.sys
21:18:45.0153 5284 KL1 - ok
21:18:45.0188 5284 kl2 (cd146d8e525d6eebdcaf24120a8ab9ce) C:\Windows\system32\DRIVERS\kl2.sys
21:18:45.0188 5284 kl2 - ok
21:18:45.0253 5284 KLIF (c1786c2f8de0f62e076f7ef8dea4e87a) C:\Windows\system32\DRIVERS\klif.sys
21:18:45.0259 5284 KLIF - ok
21:18:45.0280 5284 KLIM6 (2a64b3a9eed93a2e96537b67c079fc96) C:\Windows\system32\DRIVERS\klim6.sys
21:18:45.0281 5284 KLIM6 - ok
21:18:45.0296 5284 klmouflt (9468d07e91ba136d82415f5dfc1fe168) C:\Windows\system32\DRIVERS\klmouflt.sys
21:18:45.0297 5284 klmouflt - ok
21:18:45.0312 5284 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
21:18:45.0313 5284 KSecDD - ok
21:18:45.0322 5284 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
21:18:45.0323 5284 KSecPkg - ok
21:18:45.0332 5284 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:18:45.0332 5284 ksthunk - ok
21:18:45.0371 5284 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
21:18:45.0376 5284 KtmRm - ok
21:18:45.0407 5284 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
21:18:45.0410 5284 LanmanServer - ok
21:18:45.0433 5284 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
21:18:45.0437 5284 LanmanWorkstation - ok
21:18:45.0495 5284 LBTServ (88e52495b47c67126b510af53fdb0bc7) C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
21:18:45.0497 5284 LBTServ - ok
21:18:45.0520 5284 LHidFilt (b6552d382ff070b4ed34cbd6737277c0) C:\Windows\system32\DRIVERS\LHidFilt.Sys
21:18:45.0521 5284 LHidFilt - ok
21:18:45.0538 5284 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:18:45.0539 5284 lltdio - ok
21:18:45.0574 5284 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
21:18:45.0579 5284 lltdsvc - ok
21:18:45.0593 5284 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
21:18:45.0595 5284 lmhosts - ok
21:18:45.0604 5284 LMouFilt (73c1f563ab73d459dffe682d66476558) C:\Windows\system32\DRIVERS\LMouFilt.Sys
21:18:45.0605 5284 LMouFilt - ok
21:18:45.0628 5284 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:18:45.0629 5284 LSI_FC - ok
21:18:45.0637 5284 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:18:45.0638 5284 LSI_SAS - ok
21:18:45.0653 5284 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:18:45.0654 5284 LSI_SAS2 - ok
21:18:45.0671 5284 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:18:45.0672 5284 LSI_SCSI - ok
21:18:45.0695 5284 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:18:45.0697 5284 luafv - ok
21:18:45.0731 5284 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
21:18:45.0732 5284 MBAMProtector - ok
21:18:45.0828 5284 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
21:18:45.0833 5284 MBAMService - ok
21:18:45.0853 5284 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
21:18:45.0855 5284 Mcx2Svc - ok
21:18:45.0868 5284 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
21:18:45.0868 5284 megasas - ok
21:18:45.0883 5284 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
21:18:45.0886 5284 MegaSR - ok
21:18:45.0899 5284 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:18:45.0901 5284 MMCSS - ok
21:18:45.0912 5284 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:18:45.0912 5284 Modem - ok
21:18:45.0935 5284 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:18:45.0936 5284 monitor - ok
21:18:45.0960 5284 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:18:45.0960 5284 mouclass - ok
21:18:45.0971 5284 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:18:45.0972 5284 mouhid - ok
21:18:45.0984 5284 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
21:18:45.0985 5284 mountmgr - ok
21:18:46.0012 5284 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:18:46.0013 5284 MozillaMaintenance - ok
21:18:46.0031 5284 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
21:18:46.0033 5284 mpio - ok
21:18:46.0043 5284 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:18:46.0044 5284 mpsdrv - ok
21:18:46.0086 5284 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
21:18:46.0102 5284 MpsSvc - ok
21:18:46.0122 5284 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
21:18:46.0124 5284 MRxDAV - ok
21:18:46.0143 5284 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:18:46.0145 5284 mrxsmb - ok
21:18:46.0172 5284 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:18:46.0176 5284 mrxsmb10 - ok
21:18:46.0186 5284 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:18:46.0188 5284 mrxsmb20 - ok
21:18:46.0200 5284 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
21:18:46.0201 5284 msahci - ok
21:18:46.0212 5284 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
21:18:46.0214 5284 msdsm - ok
21:18:46.0234 5284 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
21:18:46.0237 5284 MSDTC - ok
21:18:46.0255 5284 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:18:46.0256 5284 Msfs - ok
21:18:46.0264 5284 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:18:46.0265 5284 mshidkmdf - ok
21:18:46.0272 5284 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
21:18:46.0273 5284 msisadrv - ok
21:18:46.0298 5284 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
21:18:46.0301 5284 MSiSCSI - ok
21:18:46.0304 5284 msiserver - ok
21:18:46.0316 5284 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:18:46.0317 5284 MSKSSRV - ok
21:18:46.0332 5284 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:18:46.0333 5284 MSPCLOCK - ok
21:18:46.0340 5284 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:18:46.0340 5284 MSPQM - ok
21:18:46.0362 5284 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
21:18:46.0366 5284 MsRPC - ok
21:18:46.0380 5284 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
21:18:46.0381 5284 mssmbios - ok
21:18:46.0394 5284 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:18:46.0395 5284 MSTEE - ok
21:18:46.0404 5284 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:18:46.0405 5284 MTConfig - ok
21:18:46.0427 5284 MTsensor (6936198f2cc25b39cf5262436c80df46) C:\Windows\system32\DRIVERS\ASACPI.sys
21:18:46.0427 5284 MTsensor - ok
21:18:46.0443 5284 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:18:46.0444 5284 Mup - ok
21:18:46.0483 5284 mv61xx (e884fd7fb31bc82041aab75be5c81eef) C:\Windows\system32\DRIVERS\mv61xx.sys
21:18:46.0484 5284 mv61xx - ok
21:18:46.0526 5284 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
21:18:46.0535 5284 napagent - ok
21:18:46.0592 5284 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:18:46.0596 5284 NativeWifiP - ok
21:18:46.0651 5284 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
21:18:46.0662 5284 NDIS - ok
21:18:46.0679 5284 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:18:46.0679 5284 NdisCap - ok
21:18:46.0692 5284 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:18:46.0693 5284 NdisTapi - ok
21:18:46.0714 5284 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
21:18:46.0715 5284 Ndisuio - ok
21:18:46.0729 5284 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
21:18:46.0731 5284 NdisWan - ok
21:18:46.0737 5284 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
21:18:46.0737 5284 NDProxy - ok
21:18:46.0751 5284 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:18:46.0752 5284 NetBIOS - ok
21:18:46.0775 5284 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
21:18:46.0779 5284 NetBT - ok
21:18:46.0802 5284 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
21:18:46.0803 5284 Netlogon - ok
21:18:46.0844 5284 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
21:18:46.0850 5284 Netman - ok
21:18:46.0878 5284 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
21:18:46.0884 5284 netprofm - ok
21:18:46.0958 5284 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:18:46.0960 5284 NetTcpPortSharing - ok
21:18:46.0975 5284 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:18:46.0976 5284 nfrd960 - ok
21:18:47.0017 5284 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
21:18:47.0022 5284 NlaSvc - ok
21:18:47.0031 5284 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:18:47.0031 5284 Npfs - ok
21:18:47.0052 5284 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
21:18:47.0054 5284 nsi - ok
21:18:47.0064 5284 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:18:47.0064 5284 nsiproxy - ok
21:18:47.0141 5284 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
21:18:47.0159 5284 Ntfs - ok
21:18:47.0234 5284 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:18:47.0234 5284 Null - ok
21:18:47.0259 5284 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
21:18:47.0261 5284 nvraid - ok
21:18:47.0288 5284 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
21:18:47.0290 5284 nvstor - ok
21:18:47.0304 5284 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
21:18:47.0306 5284 nv_agp - ok
21:18:47.0317 5284 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
21:18:47.0318 5284 ohci1394 - ok
21:18:47.0377 5284 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:18:47.0378 5284 ose - ok
21:18:47.0415 5284 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:18:47.0420 5284 p2pimsvc - ok
21:18:47.0447 5284 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
21:18:47.0453 5284 p2psvc - ok
21:18:47.0483 5284 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:18:47.0485 5284 Parport - ok
21:18:47.0508 5284 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys
21:18:47.0509 5284 partmgr - ok
21:18:47.0549 5284 PassThru Service (5fbcc9eeefaca3019d5bd5979618f298) C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
21:18:47.0550 5284 PassThru Service - ok
21:18:47.0564 5284 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
21:18:47.0567 5284 PcaSvc - ok
21:18:47.0585 5284 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
21:18:47.0588 5284 pci - ok
21:18:47.0594 5284 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
21:18:47.0594 5284 pciide - ok
21:18:47.0618 5284 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:18:47.0620 5284 pcmcia - ok
21:18:47.0633 5284 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:18:47.0633 5284 pcw - ok
21:18:47.0672 5284 Peachtree SmartPosting 2011 (ed7826c234e3caaa994886b83f92618d) C:\Program Files (x86)\Sage\Peachtree\SmartPostingService2011.exe
21:18:47.0673 5284 Peachtree SmartPosting 2011 - ok
21:18:47.0706 5284 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:18:47.0714 5284 PEAUTH - ok
21:18:47.0778 5284 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
21:18:47.0780 5284 PerfHost - ok
21:18:47.0899 5284 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
21:18:47.0926 5284 pla - ok
21:18:47.0970 5284 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
21:18:47.0977 5284 PlugPlay - ok
21:18:48.0002 5284 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
21:18:48.0004 5284 PNRPAutoReg - ok
21:18:48.0031 5284 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:18:48.0035 5284 PNRPsvc - ok
21:18:48.0079 5284 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
21:18:48.0088 5284 PolicyAgent - ok
21:18:48.0118 5284 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
21:18:48.0122 5284 Power - ok
21:18:48.0177 5284 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
21:18:48.0178 5284 PptpMiniport - ok
21:18:48.0199 5284 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:18:48.0199 5284 Processor - ok
21:18:48.0223 5284 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
21:18:48.0226 5284 ProfSvc - ok
21:18:48.0241 5284 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
21:18:48.0243 5284 ProtectedStorage - ok
21:18:48.0299 5284 ProtexisLicensing (f115af58abe5605d7d709cbfbd83f418) C:\Windows\SysWOW64\PSIService.exe
21:18:48.0301 5284 ProtexisLicensing - ok
21:18:48.0335 5284 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
21:18:48.0336 5284 Psched - ok
21:18:48.0411 5284 psqlWGE (bb05bba187e49e978c3e9dc2c979667e) C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe
21:18:48.0414 5284 psqlWGE - ok
21:18:48.0501 5284 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:18:48.0518 5284 ql2300 - ok
21:18:48.0587 5284 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:18:48.0589 5284 ql40xx - ok
21:18:48.0620 5284 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
21:18:48.0625 5284 QWAVE - ok
21:18:48.0638 5284 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:18:48.0639 5284 QWAVEdrv - ok
21:18:48.0646 5284 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:18:48.0647 5284 RasAcd - ok
21:18:48.0666 5284 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:18:48.0666 5284 RasAgileVpn - ok
21:18:48.0680 5284 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
21:18:48.0682 5284 RasAuto - ok
21:18:48.0698 5284 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:18:48.0699 5284 Rasl2tp - ok
21:18:48.0720 5284 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
21:18:48.0725 5284 RasMan - ok
21:18:48.0736 5284 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:18:48.0737 5284 RasPppoe - ok
21:18:48.0752 5284 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:18:48.0753 5284 RasSstp - ok
21:18:48.0786 5284 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
21:18:48.0789 5284 rdbss - ok
21:18:48.0802 5284 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:18:48.0803 5284 rdpbus - ok
21:18:48.0817 5284 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:18:48.0818 5284 RDPCDD - ok
21:18:48.0830 5284 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:18:48.0830 5284 RDPENCDD - ok
21:18:48.0840 5284 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:18:48.0840 5284 RDPREFMP - ok
21:18:48.0865 5284 RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys
21:18:48.0868 5284 RDPWD - ok
21:18:48.0889 5284 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
21:18:48.0892 5284 rdyboost - ok
21:18:48.0917 5284 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
21:18:48.0920 5284 RemoteAccess - ok
21:18:48.0929 5284 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
21:18:48.0933 5284 RemoteRegistry - ok
21:18:48.0951 5284 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
21:18:48.0954 5284 RpcEptMapper - ok
21:18:48.0970 5284 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
21:18:48.0971 5284 RpcLocator - ok
21:18:49.0013 5284 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
21:18:49.0018 5284 RpcSs - ok
21:18:49.0030 5284 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:18:49.0032 5284 rspndr - ok
21:18:49.0066 5284 rt61x64 (5020d8b04e39ec876d5943d3b6d1f04d) C:\Windows\system32\DRIVERS\netr6164.sys
21:18:49.0070 5284 rt61x64 - ok
21:18:49.0093 5284 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
21:18:49.0095 5284 SamSs - ok
21:18:49.0109 5284 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
21:18:49.0110 5284 sbp2port - ok
21:18:49.0165 5284 Scan2PC (4fa9ce45eef1f588f66144a9af767d1a) C:\Program Files (x86)\Scan2PC\Sc2PCS64.exe
21:18:49.0166 5284 Scan2PC - ok
21:18:49.0196 5284 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
21:18:49.0200 5284 SCardSvr - ok
21:18:49.0211 5284 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
21:18:49.0212 5284 scfilter - ok
21:18:49.0264 5284 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
21:18:49.0274 5284 Schedule - ok
21:18:49.0302 5284 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
21:18:49.0304 5284 SCPolicySvc - ok
21:18:49.0320 5284 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
21:18:49.0324 5284 SDRSVC - ok
21:18:49.0357 5284 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:18:49.0358 5284 secdrv - ok
21:18:49.0367 5284 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
21:18:49.0370 5284 seclogon - ok
21:18:49.0383 5284 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
21:18:49.0385 5284 SENS - ok
21:18:49.0398 5284 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
21:18:49.0400 5284 SensrSvc - ok
21:18:49.0411 5284 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:18:49.0412 5284 Serenum - ok
21:18:49.0550 5284 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:18:49.0576 5284 Serial - ok
21:18:49.0587 5284 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:18:49.0588 5284 sermouse - ok
21:18:49.0610 5284 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
21:18:49.0613 5284 SessionEnv - ok
21:18:49.0623 5284 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
21:18:49.0623 5284 sffdisk - ok
21:18:49.0635 5284 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
21:18:49.0636 5284 sffp_mmc - ok
21:18:49.0639 5284 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
21:18:49.0640 5284 sffp_sd - ok
21:18:49.0648 5284 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
21:18:49.0648 5284 sfloppy - ok
21:18:49.0681 5284 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
21:18:49.0685 5284 SharedAccess - ok
21:18:49.0723 5284 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
21:18:49.0729 5284 ShellHWDetection - ok
21:18:49.0739 5284 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:18:49.0740 5284 SiSRaid2 - ok
21:18:49.0751 5284 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
21:18:49.0753 5284 SiSRaid4 - ok
21:18:49.0777 5284 SkLaggProtocol (8c84b7756b1b269c4e302cc09edc8dce) C:\Windows\system32\DRIVERS\yk60x64l.sys
21:18:49.0778 5284 SkLaggProtocol - ok
21:18:49.0798 5284 SkVlanProtocol (5bc4ed412a202e4e1ef6a5877625d5d6) C:\Windows\system32\DRIVERS\yk60x64v.sys
21:18:49.0799 5284 SkVlanProtocol - ok
21:18:49.0823 5284 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:18:49.0824 5284 Smb - ok
21:18:49.0854 5284 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
21:18:49.0856 5284 SNMPTRAP - ok
21:18:49.0863 5284 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:18:49.0864 5284 spldr - ok
21:18:49.0900 5284 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
21:18:49.0906 5284 Spooler - ok
21:18:50.0071 5284 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
21:18:50.0087 5284 sppsvc - ok
21:18:50.0149 5284 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
21:18:50.0152 5284 sppuinotify - ok
21:18:50.0193 5284 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
21:18:50.0199 5284 srv - ok
21:18:50.0217 5284 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
21:18:50.0221 5284 srv2 - ok
21:18:50.0234 5284 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
21:18:50.0236 5284 srvnet - ok
21:18:50.0261 5284 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
21:18:50.0265 5284 SSDPSRV - ok
21:18:50.0278 5284 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
21:18:50.0281 5284 SstpSvc - ok
21:18:50.0288 5284 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
21:18:50.0288 5284 stexstor - ok
21:18:50.0343 5284 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
21:18:50.0366 5284 stisvc - ok
21:18:50.0408 5284 SWDUMon (2de29c3e75b1409c71cf1807145035b3) C:\Windows\system32\DRIVERS\SWDUMon.sys
21:18:50.0408 5284 SWDUMon - ok
21:18:50.0415 5284 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
21:18:50.0415 5284 swenum - ok
21:18:50.0446 5284 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
21:18:50.0462 5284 swprv - ok
21:18:50.0555 5284 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
21:18:50.0579 5284 SysMain - ok
21:18:50.0646 5284 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
21:18:50.0649 5284 TabletInputService - ok
21:18:50.0672 5284 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
21:18:50.0678 5284 TapiSrv - ok
21:18:50.0698 5284 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
21:18:50.0701 5284 TBS - ok
21:18:50.0819 5284 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys
21:18:50.0840 5284 Tcpip - ok
21:18:50.0964 5284 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys
21:18:50.0976 5284 TCPIP6 - ok
21:18:51.0015 5284 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
21:18:51.0016 5284 tcpipreg - ok
21:18:51.0037 5284 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:18:51.0037 5284 TDPIPE - ok
21:18:51.0052 5284 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
21:18:51.0053 5284 TDTCP - ok
21:18:51.0081 5284 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
21:18:51.0082 5284 tdx - ok
21:18:51.0089 5284 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
21:18:51.0090 5284 TermDD - ok
21:18:51.0131 5284 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
21:18:51.0137 5284 TermService - ok
21:18:51.0147 5284 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
21:18:51.0150 5284 Themes - ok
21:18:51.0167 5284 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:18:51.0168 5284 THREADORDER - ok
21:18:51.0186 5284 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
21:18:51.0189 5284 TrkWks - ok
21:18:51.0235 5284 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
21:18:51.0237 5284 TrustedInstaller - ok
21:18:51.0243 5284 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:18:51.0244 5284 tssecsrv - ok
21:18:51.0272 5284 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
21:18:51.0274 5284 tunnel - ok
21:18:51.0285 5284 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
21:18:51.0286 5284 uagp35 - ok
21:18:51.0313 5284 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
21:18:51.0317 5284 udfs - ok
21:18:51.0330 5284 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
21:18:51.0333 5284 UI0Detect - ok
21:18:51.0342 5284 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
21:18:51.0342 5284 uliagpkx - ok
21:18:51.0357 5284 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
21:18:51.0357 5284 umbus - ok
21:18:51.0368 5284 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
21:18:51.0368 5284 UmPass - ok
21:18:51.0408 5284 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
21:18:51.0414 5284 upnphost - ok
21:18:51.0448 5284 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
21:18:51.0449 5284 usbaudio - ok
21:18:51.0461 5284 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
21:18:51.0463 5284 usbccgp - ok
21:18:51.0483 5284 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
21:18:51.0484 5284 usbcir - ok
21:18:51.0493 5284 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\drivers\usbehci.sys
21:18:51.0493 5284 usbehci - ok
21:18:51.0516 5284 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
21:18:51.0521 5284 usbhub - ok
21:18:51.0529 5284 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
21:18:51.0529 5284 usbohci - ok
21:18:51.0543 5284 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:18:51.0544 5284 usbprint - ok
21:18:51.0566 5284 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
21:18:51.0567 5284 usbscan - ok
21:18:51.0581 5284 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:18:51.0582 5284 USBSTOR - ok
21:18:51.0592 5284 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
21:18:51.0593 5284 usbuhci - ok
21:18:51.0604 5284 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
21:18:51.0606 5284 UxSms - ok
21:18:51.0627 5284 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
21:18:51.0628 5284 VaultSvc - ok
21:18:51.0632 5284 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
21:18:51.0633 5284 vdrvroot - ok
21:18:51.0681 5284 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
21:18:51.0689 5284 vds - ok
21:18:51.0698 5284 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:18:51.0698 5284 vga - ok
21:18:51.0712 5284 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:18:51.0713 5284 VgaSave - ok
21:18:51.0735 5284 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
21:18:51.0737 5284 vhdmp - ok
21:18:51.0747 5284 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
21:18:51.0748 5284 viaide - ok
21:18:51.0760 5284 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
21:18:51.0761 5284 volmgr - ok
21:18:51.0783 5284 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
21:18:51.0787 5284 volmgrx - ok
21:18:51.0809 5284 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
21:18:51.0811 5284 volsnap - ok
21:18:51.0829 5284 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
21:18:51.0831 5284 vsmraid - ok
21:18:51.0904 5284 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
21:18:51.0916 5284 VSS - ok
21:18:52.0001 5284 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
21:18:52.0002 5284 vwifibus - ok
21:18:52.0027 5284 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
21:18:52.0033 5284 W32Time - ok
21:18:52.0048 5284 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
21:18:52.0048 5284 WacomPen - ok
21:18:52.0074 5284 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
21:18:52.0075 5284 WANARP - ok
21:18:52.0078 5284 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
21:18:52.0079 5284 Wanarpv6 - ok
21:18:52.0148 5284 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
21:18:52.0170 5284 WatAdminSvc - ok
21:18:52.0249 5284 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
21:18:52.0261 5284 wbengine - ok
21:18:52.0304 5284 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
21:18:52.0308 5284 WbioSrvc - ok
21:18:52.0335 5284 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
21:18:52.0341 5284 wcncsvc - ok
21:18:52.0357 5284 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
21:18:52.0360 5284 WcsPlugInService - ok
21:18:52.0377 5284 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
21:18:52.0378 5284 Wd - ok
21:18:52.0435 5284 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:18:52.0443 5284 Wdf01000 - ok
21:18:52.0455 5284 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:18:52.0458 5284 WdiServiceHost - ok
21:18:52.0461 5284 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:18:52.0463 5284 WdiSystemHost - ok
21:18:52.0495 5284 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
21:18:52.0500 5284 WebClient - ok
21:18:52.0516 5284 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
21:18:52.0521 5284 Wecsvc - ok
21:18:52.0538 5284 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
21:18:52.0541 5284 wercplsupport - ok
21:18:52.0580 5284 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
21:18:52.0583 5284 WerSvc - ok
21:18:52.0593 5284 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:18:52.0594 5284 WfpLwf - ok
21:18:52.0600 5284 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:18:52.0601 5284 WIMMount - ok
21:18:52.0626 5284 WinDefend - ok
21:18:52.0632 5284 WinHttpAutoProxySvc - ok
21:18:52.0684 5284 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
21:18:52.0687 5284 Winmgmt - ok
21:18:52.0781 5284 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
21:18:52.0815 5284 WinRM - ok
21:18:52.0927 5284 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
21:18:52.0928 5284 WinUsb - ok
21:18:52.0985 5284 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
21:18:53.0000 5284 Wlansvc - ok
21:18:53.0011 5284 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
21:18:53.0011 5284 WmiAcpi - ok
21:18:53.0045 5284 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
21:18:53.0048 5284 wmiApSrv - ok
21:18:53.0055 5284 WMPNetworkSvc - ok
21:18:53.0068 5284 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
21:18:53.0071 5284 WPCSvc - ok
21:18:53.0103 5284 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
21:18:53.0106 5284 WPDBusEnum - ok
21:18:53.0119 5284 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:18:53.0120 5284 ws2ifsl - ok
21:18:53.0137 5284 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll
21:18:53.0140 5284 wscsvc - ok
21:18:53.0143 5284 WSearch - ok
21:18:53.0252 5284 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
21:18:53.0284 5284 wuauserv - ok
21:18:53.0326 5284 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
21:18:53.0328 5284 WudfPf - ok
21:18:53.0347 5284 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:18:53.0349 5284 WUDFRd - ok
21:18:53.0358 5284 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
21:18:53.0360 5284 wudfsvc - ok
21:18:53.0390 5284 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
21:18:53.0394 5284 WwanSvc - ok
21:18:53.0436 5284 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
21:18:53.0440 5284 yukonw7 - ok
21:18:53.0468 5284 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:18:53.0634 5284 \Device\Harddisk0\DR0 - ok
21:18:53.0637 5284 Boot (0x1200) (89145cee0c960da0ba76d9e8682cdabf) \Device\Harddisk0\DR0\Partition0
21:18:53.0638 5284 \Device\Harddisk0\DR0\Partition0 - ok
21:18:53.0639 5284 ============================================================
21:18:53.0639 5284 Scan finished
21:18:53.0639 5284 ============================================================
21:18:53.0647 3076 Detected object count: 0
21:18:53.0647 3076 Actual detected object count: 0

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:37 AM

Posted 06 June 2012 - 09:14 PM

Greetings

That is the same report from TDSSKiller I need the other report from aswMBR


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 pilotandmechanic

pilotandmechanic
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:37 AM

Posted 08 June 2012 - 07:42 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-06 21:23:33
-----------------------------
21:23:33.284 OS Version: Windows x64 6.1.7600
21:23:33.284 Number of processors: 8 586 0x1A05
21:23:33.285 ComputerName: CHRISANDCASS-PC UserName:
21:23:34.421 Initialize success
21:24:43.325 AVAST engine defs: 12060602
21:25:44.567 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3
21:25:44.569 Disk 0 Vendor: WDC_WD1001FALS-00J7B1 05.00K05 Size: 953869MB BusType: 3
21:25:44.578 Disk 0 MBR read successfully
21:25:44.581 Disk 0 MBR scan
21:25:44.585 Disk 0 Windows 7 default MBR code
21:25:44.588 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 953867 MB offset 2048
21:25:44.605 Disk 0 scanning C:\Windows\system32\drivers
21:25:49.659 Service scanning
21:26:01.562 Modules scanning
21:26:01.569 Disk 0 trace - called modules:
21:26:01.577 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
21:26:01.581 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80066d1060]
21:26:01.586 3 CLASSPNP.SYS[fffff8800207643f] -> nt!IofCallDriver -> [0xfffffa8006415520]
21:26:01.591 5 ACPI.sys[fffff88000f6c781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-3[0xfffffa8006384680]
21:26:03.452 AVAST engine scan C:\Windows
21:26:06.607 AVAST engine scan C:\Windows\system32
21:27:56.570 AVAST engine scan C:\Windows\system32\drivers
21:28:03.440 AVAST engine scan C:\Users\Chris and Cassandra
21:34:09.617 AVAST engine scan C:\ProgramData
21:36:33.274 Scan finished successfully
22:05:20.471 Disk 0 MBR has been saved successfully to "C:\Users\Chris and Cassandra\Desktop\MBR.dat"
22:05:20.475 The log file has been saved successfully to "C:\Users\Chris and Cassandra\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-06 21:23:33
-----------------------------
21:23:33.284 OS Version: Windows x64 6.1.7600
21:23:33.284 Number of processors: 8 586 0x1A05
21:23:33.285 ComputerName: CHRISANDCASS-PC UserName:
21:23:34.421 Initialize success
21:24:43.325 AVAST engine defs: 12060602
21:25:44.567 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3
21:25:44.569 Disk 0 Vendor: WDC_WD1001FALS-00J7B1 05.00K05 Size: 953869MB BusType: 3
21:25:44.578 Disk 0 MBR read successfully
21:25:44.581 Disk 0 MBR scan
21:25:44.585 Disk 0 Windows 7 default MBR code
21:25:44.588 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 953867 MB offset 2048
21:25:44.605 Disk 0 scanning C:\Windows\system32\drivers
21:25:49.659 Service scanning
21:26:01.562 Modules scanning
21:26:01.569 Disk 0 trace - called modules:
21:26:01.577 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
21:26:01.581 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80066d1060]
21:26:01.586 3 CLASSPNP.SYS[fffff8800207643f] -> nt!IofCallDriver -> [0xfffffa8006415520]
21:26:01.591 5 ACPI.sys[fffff88000f6c781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-3[0xfffffa8006384680]
21:26:03.452 AVAST engine scan C:\Windows
21:26:06.607 AVAST engine scan C:\Windows\system32
21:27:56.570 AVAST engine scan C:\Windows\system32\drivers
21:28:03.440 AVAST engine scan C:\Users\Chris and Cassandra
21:34:09.617 AVAST engine scan C:\ProgramData
21:36:33.274 Scan finished successfully
22:05:20.471 Disk 0 MBR has been saved successfully to "C:\Users\Chris and Cassandra\Desktop\MBR.dat"
22:05:20.475 The log file has been saved successfully to "C:\Users\Chris and Cassandra\Desktop\aswMBR.txt"
20:41:29.856 Disk 0 MBR has been saved successfully to "C:\Users\Chris and Cassandra\Desktop\MBR.dat"
20:41:29.867 The log file has been saved successfully to "C:\Users\Chris and Cassandra\Desktop\aswMBR.txt"




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users