Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

consrv.dll


  • This topic is locked This topic is locked
26 replies to this topic

#1 sarahelyse

sarahelyse

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:24 AM

Posted 26 May 2012 - 01:30 PM

Hello, I was performing a scan with AVG and it detected a file called "cosrv.dll" and identified it as a trojan horse. I also ran a scan with MBAM but it found nothing. It's located in the system32 folder so I haven't tried using AVG to remove it, as I am afraid it will make my computer crash.

I haven't noticed my computer doing anything abnormal. It isn't slower and all the programs I use open properly.

Any help would be highly appreciated.

Here are the contents of my DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26
Run by Sarah at 12:50:57 on 2012-05-26
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1979.632 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
C:\Program Files (x86)\AVG\AVG10\avgemca.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\PROGRA~2\AVG\AVG10\avgrsa.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
{555d4d79-4bd2-4094-a395-cfc534424a05}
uRun: [AdobeBridge]
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
StartupFolder: C:\Users\Sarah\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 208.180.42.100 208.180.42.68 192.168.1.1
TCP: Interfaces\{2FA37FA0-BDA4-4A53-BCF9-27A325F26A3D} : DhcpNameServer = 40.7.1.100
TCP: Interfaces\{64F31CAB-BAEB-4FB5-AEFD-8A8C7E5CF68E} : DhcpNameServer = 208.180.42.100 208.180.42.68 192.168.1.1
TCP: Interfaces\{64F31CAB-BAEB-4FB5-AEFD-8A8C7E5CF68E}\16474777966696 : DhcpNameServer = 192.168.4.1 64.134.255.2 64.134.255.10
TCP: Interfaces\{64F31CAB-BAEB-4FB5-AEFD-8A8C7E5CF68E}\34F60707562735973616D6F62756D27657563747 : DhcpNameServer = 208.180.42.100 208.180.42.68 192.168.33.1
TCP: Interfaces\{64F31CAB-BAEB-4FB5-AEFD-8A8C7E5CF68E}\3726F63616 : DhcpNameServer = 204.174.16.4 204.174.18.2
TCP: Interfaces\{64F31CAB-BAEB-4FB5-AEFD-8A8C7E5CF68E}\8616E6E616 : DhcpNameServer = 208.180.42.100 208.180.42.68
TCP: Interfaces\{64F31CAB-BAEB-4FB5-AEFD-8A8C7E5CF68E}\A6A6F62656 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{64F31CAB-BAEB-4FB5-AEFD-8A8C7E5CF68E}\C696E6B6379737 : DhcpNameServer = 208.180.42.100 208.180.42.68
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun-x64: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\fbgj87xk.default\
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff4.dll
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-4-27 98208]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-1-31 7391072]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]
R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [2012-3-12 918880]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\system32\DRIVERS\rtl8192se.sys --> C:\Windows\system32\DRIVERS\rtl8192se.sys [?]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-15 158856]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-5-29 167264]
S3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\DRIVERS\LVUSBS64.sys --> C:\Windows\system32\DRIVERS\LVUSBS64.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-12 129976]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2012-05-21 17:01:45 -------- d-----w- C:\Program Files (x86)\Microsoft XNA
2012-05-21 04:39:57 -------- d-----w- C:\Program Files (x86)\WB Games
2012-05-19 17:00:28 -------- d-----w- C:\Program Files\iPod
2012-05-19 17:00:27 -------- d-----w- C:\Program Files\iTunes
2012-05-19 17:00:27 -------- d-----w- C:\Program Files (x86)\iTunes
2012-05-19 16:56:44 -------- d-----w- C:\Program Files\Bonjour
2012-05-19 16:56:44 -------- d-----w- C:\Program Files (x86)\Bonjour
2012-05-13 03:21:47 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-05-13 03:21:28 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-13 03:21:28 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-05-10 23:57:50 1541120 ----a-w- C:\Windows\System32\DWrite.dll
2012-05-10 23:57:49 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
2012-05-10 23:57:49 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2012-05-10 23:57:49 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll
2012-05-10 23:57:49 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-05-10 23:57:48 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-05-10 23:57:48 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-05-10 23:57:48 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2012-05-10 23:57:48 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-05-10 23:57:48 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2012-05-10 23:52:35 5504880 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-10 23:52:33 3143680 ----a-w- C:\Windows\System32\win32k.sys
2012-05-10 23:52:32 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-10 23:52:31 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-10 23:51:48 75632 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-05-10 23:51:44 1895280 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-05-10 23:51:41 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 23:51:41 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-04-29 17:32:33 -------- d-----w- C:\Users\Sarah\AppData\Local\{C5BEA757-173F-4BAC-A8FA-1509B831B304}
2012-04-29 17:32:11 -------- d-----w- C:\Users\Sarah\AppData\Local\{7B8AA94B-5AF5-4505-A5F4-37DB4F29C7D0}
2012-04-27 05:49:06 -------- d-----w- C:\Users\Sarah\AppData\Local\{008F6AC1-D1A5-472A-A55D-FFC39EAC083D}
2012-04-27 05:48:43 -------- d-----w- C:\Users\Sarah\AppData\Local\{E466961D-27AE-4915-88A3-6B801E025050}
.
==================== Find3M ====================
.
2012-03-01 06:54:38 22896 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-03-01 06:45:41 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-03-01 06:40:14 80896 ----a-w- C:\Windows\System32\imagehlp.dll
2012-03-01 06:35:16 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-03-01 05:49:05 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-03-01 05:45:05 158720 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-03-01 05:40:44 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-02-28 06:35:54 1197568 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:33:03 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2012-02-28 05:40:21 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 05:38:16 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2012-02-28 05:17:41 482816 ----a-w- C:\Windows\System32\html.iec
2012-02-28 04:35:01 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 04:31:46 386048 ----a-w- C:\Windows\SysWow64\html.iec
2012-02-28 03:57:55 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 12:52:51.43 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:24 AM

Posted 26 May 2012 - 03:04 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 sarahelyse

sarahelyse
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:24 AM

Posted 26 May 2012 - 11:00 PM

Thanks for the quick reply!

Here's the log:

Scan result of Farbar Recovery Scan Tool Version: 25-05-2012
Ran by SYSTEM at 26-05-2012 22:43:33
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2046760 2010-02-05] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [6160928 2010-01-29] (Realtek Semiconductor)
HKLM\...\Run: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe [995840 2010-01-12] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [172032 2010-03-24] (Sun Microsystems, Inc.)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [161304 2010-08-25] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [386584 2010-08-25] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [415256 2010-08-25] (Intel Corporation)
HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2011-06-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-03-29] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe [2339168 2012-01-17] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [85160 2009-06-17] (Elaborate Bytes AG)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [982880 2012-03-12] ()
HKLM-x32\...\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 [928096 2012-01-19] ()
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
HKU\Sarah\...\Run: [AdobeBridge] [x]
HKU\Sarah\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [x]
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 208.180.42.100 208.180.42.68 192.168.1.1
Startup: C:\Users\Sarah\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
Startup: C:\Users\Sarah\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Services (Whitelisted) ======

3 AVG Security Toolbar Service; C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [167264 2011-11-10] ()
2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe" [7391072 2012-01-31] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe" [269520 2011-02-08] (AVG Technologies CZ, s.r.o.)
3 Microsoft SharePoint Workspace Audit Service; "C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" /auditservice [51740536 2011-06-12] (Microsoft Corporation)
3 ose64; "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [174440 2010-01-09] (Microsoft Corporation)
2 vToolbarUpdater10.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [918880 2012-03-12] ()

========================== Drivers (Whitelisted) =============

2 adfs; C:\Windows\SysWow64\Drivers\adfs.sys [73312 2009-06-08] (Adobe Systems, Inc.)
2 atksgt; C:\Windows\System32\Drivers\atksgt.sys [312480 2012-01-08] ()
3 AVGIDSDriver; C:\Windows\System32\Drivers\AVGIDSDriver.sys [118864 2011-05-27] (AVG Technologies CZ, s.r.o. )
0 AVGIDSEH; C:\Windows\System32\Drivers\AVGIDSEH.sys [26704 2011-02-22] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\Drivers\AVGIDSFilter.sys [29264 2011-02-10] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [304720 2011-01-07] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [41552 2011-03-01] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [37456 2011-03-16] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [377936 2011-04-04] (AVG Technologies CZ, s.r.o.)
2 lirsgt; C:\Windows\System32\Drivers\lirsgt.sys [43168 2012-01-08] ()
4 sptd; C:\Windows\System32\Drivers\sptd.sys [503352 2011-12-03] (Duplex Secure Ltd.)
3 RSUSBSTOR; C:\Windows\System32\Drivers\RtsUStor.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-05-26 22:43 - 2012-05-26 22:43 - 0000000 ____D C:\FRST
2012-05-26 18:52 - 2012-05-26 18:52 - 0000000 ____D C:\Users\Sarah\AppData\Local\Proxure
2012-05-26 18:47 - 2012-05-26 18:47 - 0000000 ____D C:\Users\All Users\ClubSanDisk
2012-05-26 18:46 - 2012-05-26 18:47 - 1394807 ____A C:\Users\Sarah\Downloads\FRST64.exe
2012-05-26 11:44 - 2012-05-26 11:53 - 0019585 ____A C:\Users\Sarah\Documents\MomGraph.docx
2012-05-26 09:57 - 2012-05-26 09:57 - 0022327 ____A C:\Users\Sarah\Documents\DDS.txt
2012-05-26 09:57 - 2012-05-26 09:57 - 0007095 ____A C:\Users\Sarah\Documents\Attach.txt
2012-05-26 09:50 - 2012-05-26 09:50 - 0607260 ____R (Swearware) C:\Users\Sarah\Downloads\dds.scr
2012-05-26 09:12 - 2012-05-26 09:12 - 0050477 ____A C:\Users\Sarah\Downloads\Defogger.exe
2012-05-26 09:12 - 2012-05-26 09:12 - 0000020 ____A C:\Users\Sarah\defogger_reenable
2012-05-25 13:03 - 2012-05-25 13:03 - 0000000 ____D C:\Users\Sarah\Documents\avg_arl_cdi_all_120_120126a4973
2012-05-25 12:47 - 2012-05-25 12:55 - 0000000 ____D C:\Users\Sarah\Documents\mbrfix
2012-05-25 12:46 - 2012-05-25 12:46 - 0042285 ____A C:\Users\Sarah\Downloads\mbrfix.zip
2012-05-25 12:45 - 2012-05-25 12:45 - 0463080 ____A (CNET Download.com) C:\Users\Sarah\Downloads\cnet_mbrfix_zip.exe
2012-05-25 11:21 - 2012-05-25 11:21 - 0009530 ____A C:\Users\Sarah\Downloads\274740_540736971_736366403_n.jpg
2012-05-21 09:01 - 2012-05-21 09:01 - 0000000 ____D C:\Program Files (x86)\Microsoft XNA
2012-05-20 20:41 - 2012-05-21 08:58 - 0001974 ____A C:\Users\Public\Desktop\Bastion.lnk
2012-05-20 20:39 - 2012-05-20 20:39 - 0000000 ____D C:\Program Files (x86)\WB Games
2012-05-20 19:17 - 2012-05-20 19:19 - 0000000 ____D C:\Users\Sarah\Documents\t-bastio
2012-05-19 09:01 - 2012-05-19 09:01 - 0001743 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-05-19 09:00 - 2012-05-19 09:01 - 0000000 ____D C:\Program Files\iTunes
2012-05-19 09:00 - 2012-05-19 09:01 - 0000000 ____D C:\Program Files (x86)\iTunes
2012-05-19 09:00 - 2012-05-19 09:00 - 0000000 ____D C:\Program Files\iPod
2012-05-19 08:58 - 2012-05-19 08:58 - 0000000 ____D C:\Program Files (x86)\Apple Software Update
2012-05-19 08:56 - 2012-05-19 08:56 - 0000000 ____D C:\Program Files\Bonjour
2012-05-19 08:56 - 2012-05-19 08:56 - 0000000 ____D C:\Program Files (x86)\Bonjour
2012-05-19 08:52 - 2012-05-19 08:53 - 76761968 ____A (Apple Inc.) C:\Users\Sarah\Downloads\iTunes64Setup.exe
2012-05-18 19:54 - 2012-05-18 19:55 - 0040499 ____A C:\Users\Sarah\Downloads\photo.JPG
2012-05-12 19:21 - 2012-05-12 19:21 - 0000000 ____D C:\Users\All Users\Mozilla
2012-05-12 19:21 - 2012-05-12 19:21 - 0000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-05-10 15:57 - 2012-03-02 22:29 - 1837568 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2012-05-10 15:57 - 2012-03-02 22:29 - 1541120 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-05-10 15:57 - 2012-03-02 22:29 - 0902656 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2012-05-10 15:57 - 2012-03-02 22:29 - 0320512 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2012-05-10 15:57 - 2012-03-02 22:29 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2012-05-10 15:57 - 2012-03-02 21:40 - 1170944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2012-05-10 15:57 - 2012-03-02 21:40 - 1074176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-05-10 15:57 - 2012-03-02 21:40 - 0739840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2012-05-10 15:57 - 2012-03-02 21:40 - 0218624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2012-05-10 15:57 - 2012-03-02 21:40 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2012-05-10 15:52 - 2012-04-01 21:34 - 5504880 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-10 15:52 - 2012-04-01 20:46 - 3958128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-10 15:52 - 2012-04-01 20:46 - 3902320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-10 15:52 - 2012-04-01 19:01 - 3143680 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-10 15:51 - 2012-03-30 03:09 - 1895280 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-05-10 15:51 - 2012-03-16 23:55 - 0075632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-05-09 13:45 - 2012-05-09 13:45 - 0183925 ____A C:\Users\Sarah\Downloads\comicbook.jpg
2012-05-08 22:36 - 2012-05-08 22:36 - 0581405 ____A C:\Users\Sarah\Documents\persuasiveaid.pptx
2012-05-07 21:43 - 2012-05-08 22:13 - 0094340 ____A C:\Users\Sarah\Documents\11-3.pptx
2012-05-07 19:31 - 2012-05-07 19:42 - 0002057 ____A C:\Users\Sarah\Documents\ddewqf.txt
2012-05-06 20:11 - 2012-05-17 09:40 - 0027862 ____A C:\Users\Sarah\Documents\EAB_Application_2012.docx
2012-04-29 23:23 - 2012-05-01 18:18 - 1868501 ____A C:\Users\Sarah\Documents\invite.docx
2012-04-29 23:23 - 2012-04-29 23:23 - 1654770 ____A C:\Users\Sarah\Documents\populations.pptx
2012-04-29 13:24 - 2012-04-29 13:24 - 0015354 ____A C:\Users\Sarah\Documents\fark.docx
2012-04-29 13:13 - 2012-04-29 13:19 - 0015339 ____A C:\Users\Sarah\Desktop\fark.docx
2012-04-29 09:32 - 2012-04-29 09:32 - 0000000 ____D C:\Users\Sarah\AppData\Local\{C5BEA757-173F-4BAC-A8FA-1509B831B304}
2012-04-29 09:32 - 2012-04-29 09:32 - 0000000 ____D C:\Users\Sarah\AppData\Local\{7B8AA94B-5AF5-4505-A5F4-37DB4F29C7D0}
2012-04-26 21:49 - 2012-04-26 21:49 - 0000000 ____D C:\Users\Sarah\AppData\Local\{008F6AC1-D1A5-472A-A55D-FFC39EAC083D}
2012-04-26 21:48 - 2012-04-26 21:48 - 0000000 ____D C:\Users\Sarah\AppData\Local\{E466961D-27AE-4915-88A3-6B801E025050}
2012-04-26 21:38 - 2008-12-26 13:28 - 468881642 ____N C:\Users\Sarah\Documents\100_2511.MOV

============ 3 Months Modified Files and Folders =============

2012-05-26 22:43 - 2012-05-26 22:43 - 0000000 ____D C:\FRST
2012-05-26 22:07 - 2010-10-25 13:30 - 0000000 ____D C:\Users\All Users\Recovery
2012-05-26 19:38 - 2010-04-27 00:29 - 1555596 ____A C:\Windows\WindowsUpdate.log
2012-05-26 19:37 - 2009-07-13 20:45 - 0023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-05-26 19:37 - 2009-07-13 20:45 - 0023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-05-26 19:28 - 2012-02-20 17:10 - 0002666 ____A C:\Windows\setupact.log
2012-05-26 19:28 - 2010-04-27 00:21 - 1556291584 __ASH C:\hiberfil.sys
2012-05-26 19:28 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-05-26 18:52 - 2012-05-26 18:52 - 0000000 ____D C:\Users\Sarah\AppData\Local\Proxure
2012-05-26 18:47 - 2012-05-26 18:47 - 0000000 ____D C:\Users\All Users\ClubSanDisk
2012-05-26 18:47 - 2012-05-26 18:46 - 1394807 ____A C:\Users\Sarah\Downloads\FRST64.exe
2012-05-26 18:43 - 2009-07-13 21:13 - 0739728 ____A C:\Windows\System32\PerfStringBackup.INI
2012-05-26 18:33 - 2010-11-07 10:07 - 0000000 ____D C:\Windows\System32\Drivers\AVG
2012-05-26 11:53 - 2012-05-26 11:44 - 0019585 ____A C:\Users\Sarah\Documents\MomGraph.docx
2012-05-26 09:57 - 2012-05-26 09:57 - 0022327 ____A C:\Users\Sarah\Documents\DDS.txt
2012-05-26 09:57 - 2012-05-26 09:57 - 0007095 ____A C:\Users\Sarah\Documents\Attach.txt
2012-05-26 09:50 - 2012-05-26 09:50 - 0607260 ____R (Swearware) C:\Users\Sarah\Downloads\dds.scr
2012-05-26 09:12 - 2012-05-26 09:12 - 0050477 ____A C:\Users\Sarah\Downloads\Defogger.exe
2012-05-26 09:12 - 2012-05-26 09:12 - 0000020 ____A C:\Users\Sarah\defogger_reenable
2012-05-26 09:12 - 2010-10-25 13:52 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-05-26 09:12 - 2010-10-25 13:15 - 0000000 ____D C:\users\Sarah
2012-05-25 13:03 - 2012-05-25 13:03 - 0000000 ____D C:\Users\Sarah\Documents\avg_arl_cdi_all_120_120126a4973
2012-05-25 12:55 - 2012-05-25 12:47 - 0000000 ____D C:\Users\Sarah\Documents\mbrfix
2012-05-25 12:46 - 2012-05-25 12:46 - 0042285 ____A C:\Users\Sarah\Downloads\mbrfix.zip
2012-05-25 12:45 - 2012-05-25 12:45 - 0463080 ____A (CNET Download.com) C:\Users\Sarah\Downloads\cnet_mbrfix_zip.exe
2012-05-25 11:52 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-05-25 11:47 - 2010-04-27 01:19 - 0000000 ___RD C:\Users\Public\Recorded TV
2012-05-25 11:47 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\registration
2012-05-25 11:21 - 2012-05-25 11:21 - 0009530 ____A C:\Users\Sarah\Downloads\274740_540736971_736366403_n.jpg
2012-05-25 10:32 - 2010-10-27 14:34 - 0000000 ____D C:\Users\Sarah\AppData\Roaming\Apple Computer
2012-05-21 09:01 - 2012-05-21 09:01 - 0000000 ____D C:\Program Files (x86)\Microsoft XNA
2012-05-21 08:58 - 2012-05-20 20:41 - 0001974 ____A C:\Users\Public\Desktop\Bastion.lnk
2012-05-20 20:39 - 2012-05-20 20:39 - 0000000 ____D C:\Program Files (x86)\WB Games
2012-05-20 19:19 - 2012-05-20 19:17 - 0000000 ____D C:\Users\Sarah\Documents\t-bastio
2012-05-19 16:17 - 2010-10-30 20:18 - 0000000 ____D C:\Users\Sarah\AppData\Local\Deployment
2012-05-19 09:01 - 2012-05-19 09:01 - 0001743 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-05-19 09:01 - 2012-05-19 09:00 - 0000000 ____D C:\Program Files\iTunes
2012-05-19 09:01 - 2012-05-19 09:00 - 0000000 ____D C:\Program Files (x86)\iTunes
2012-05-19 09:00 - 2012-05-19 09:00 - 0000000 ____D C:\Program Files\iPod
2012-05-19 08:58 - 2012-05-19 08:58 - 0000000 ____D C:\Program Files (x86)\Apple Software Update
2012-05-19 08:56 - 2012-05-19 08:56 - 0000000 ____D C:\Program Files\Bonjour
2012-05-19 08:56 - 2012-05-19 08:56 - 0000000 ____D C:\Program Files (x86)\Bonjour
2012-05-19 08:53 - 2012-05-19 08:52 - 76761968 ____A (Apple Inc.) C:\Users\Sarah\Downloads\iTunes64Setup.exe
2012-05-19 08:52 - 2012-02-18 20:24 - 0000000 ____D C:\Users\Sarah\AppData\Roaming\Skype
2012-05-18 19:55 - 2012-05-18 19:54 - 0040499 ____A C:\Users\Sarah\Downloads\photo.JPG
2012-05-17 09:40 - 2012-05-06 20:11 - 0027862 ____A C:\Users\Sarah\Documents\EAB_Application_2012.docx
2012-05-14 21:06 - 2011-10-07 21:55 - 0000000 ___RD C:\Program Files (x86)\Skype
2012-05-14 06:58 - 2009-07-13 20:45 - 4998064 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-14 06:57 - 2010-03-24 12:02 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-12 19:21 - 2012-05-12 19:21 - 0000000 ____D C:\Users\All Users\Mozilla
2012-05-12 19:21 - 2012-05-12 19:21 - 0000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-05-11 16:40 - 2010-03-24 10:28 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-05-11 12:58 - 2011-05-31 07:41 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-05-09 13:45 - 2012-05-09 13:45 - 0183925 ____A C:\Users\Sarah\Downloads\comicbook.jpg
2012-05-08 22:36 - 2012-05-08 22:36 - 0581405 ____A C:\Users\Sarah\Documents\persuasiveaid.pptx
2012-05-08 22:13 - 2012-05-07 21:43 - 0094340 ____A C:\Users\Sarah\Documents\11-3.pptx
2012-05-07 22:04 - 2011-08-21 14:51 - 0000000 ____D C:\Users\Sarah\Documents\SCHOOL
2012-05-07 19:42 - 2012-05-07 19:31 - 0002057 ____A C:\Users\Sarah\Documents\ddewqf.txt
2012-05-01 18:18 - 2012-04-29 23:23 - 1868501 ____A C:\Users\Sarah\Documents\invite.docx
2012-04-29 23:23 - 2012-04-29 23:23 - 1654770 ____A C:\Users\Sarah\Documents\populations.pptx
2012-04-29 13:24 - 2012-04-29 13:24 - 0015354 ____A C:\Users\Sarah\Documents\fark.docx
2012-04-29 13:19 - 2012-04-29 13:13 - 0015339 ____A C:\Users\Sarah\Desktop\fark.docx
2012-04-29 09:44 - 2010-03-24 09:53 - 0000000 ____D C:\Program Files (x86)\Windows Live
2012-04-29 09:32 - 2012-04-29 09:32 - 0000000 ____D C:\Users\Sarah\AppData\Local\{C5BEA757-173F-4BAC-A8FA-1509B831B304}
2012-04-29 09:32 - 2012-04-29 09:32 - 0000000 ____D C:\Users\Sarah\AppData\Local\{7B8AA94B-5AF5-4505-A5F4-37DB4F29C7D0}
2012-04-26 21:49 - 2012-04-26 21:49 - 0000000 ____D C:\Users\Sarah\AppData\Local\{008F6AC1-D1A5-472A-A55D-FFC39EAC083D}
2012-04-26 21:48 - 2012-04-26 21:48 - 0000000 ____D C:\Users\Sarah\AppData\Local\{E466961D-27AE-4915-88A3-6B801E025050}
2012-04-26 21:47 - 2010-10-26 19:48 - 0000000 ____D C:\Users\Sarah\Tracing
2012-04-25 18:06 - 2012-04-25 18:06 - 0094337 ____A C:\Users\Sarah\Documents\10-3ses.pptx
2012-04-25 18:05 - 2012-04-24 19:06 - 0094338 ____A C:\Users\Sarah\Documents\Process Speech .pptx
2012-04-24 22:51 - 2012-04-24 21:47 - 1519645 ____A C:\Users\Sarah\Documents\THE ZODIAC KILLER.pptx
2012-04-13 20:37 - 2012-04-13 20:36 - 0000000 ____D C:\Users\Sarah\AppData\Local\{E64B7F16-DF01-43F5-9772-7524B526C217}
2012-04-13 20:36 - 2012-04-13 20:36 - 0000000 ____D C:\Users\Sarah\AppData\Local\{E810E33C-C4D4-48FD-BE0A-11FD45483D63}
2012-04-13 04:24 - 2012-04-13 04:24 - 0000000 ____D C:\Users\Sarah\AppData\Local\{82C26BE4-92B2-4229-810B-4F67AA2EE4D0}
2012-04-12 12:57 - 2009-07-13 18:34 - 0000478 ____A C:\Windows\win.ini
2012-04-12 12:37 - 2012-04-12 12:37 - 0000000 ____D C:\Users\Sarah\AppData\Local\{138F689A-3012-42DF-84B7-88631619631C}
2012-04-11 15:59 - 2012-04-11 15:59 - 0000000 ____D C:\Users\Sarah\AppData\Local\{433AF292-5DDB-49DF-9243-A3805A1B94D1}
2012-04-11 04:13 - 2012-04-11 04:13 - 0018048 ____A C:\Users\Sarah\Documents\The world.docx
2012-04-11 03:49 - 2012-04-11 03:49 - 0000000 ____D C:\Users\Sarah\AppData\Local\{31E3DECC-C165-4ECD-915A-43779C402652}
2012-04-10 20:05 - 2012-04-10 20:05 - 0036352 ____A C:\Users\Sarah\Documents\speech.doc
2012-04-10 12:34 - 2012-04-10 12:34 - 0000000 ____D C:\Users\Sarah\AppData\Local\{1B25CA2A-BDC7-4936-83F0-ADF8844829D9}
2012-04-09 12:44 - 2012-04-09 12:44 - 0000000 ____D C:\Users\Sarah\AppData\Local\{EB8636B6-1370-49BD-892A-7689F19A5DD1}
2012-04-08 06:45 - 2012-04-08 06:45 - 0000000 ____D C:\Users\Sarah\AppData\Local\{43DED8B1-CF59-4633-BCF1-1390EDFAFC81}
2012-04-07 04:56 - 2012-04-07 04:56 - 0000000 ____D C:\Users\Sarah\AppData\Local\{A8D187E3-E132-4942-9E56-CA79B6B82AA2}
2012-04-06 12:37 - 2012-04-06 12:36 - 0000000 ____D C:\Users\Sarah\AppData\Local\{1FEA2992-6A18-4ADA-8FEA-6F5B1D4E3772}
2012-04-04 18:24 - 2012-04-04 18:17 - 0000537 ____A C:\Users\Sarah\Documents\brown email.txt
2012-04-04 17:56 - 2012-04-04 17:56 - 0000000 ____D C:\Users\Sarah\AppData\Local\{28D1B1B3-C4AE-42D1-83A9-77176B0B4A49}
2012-04-01 21:34 - 2012-05-10 15:52 - 5504880 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-04-01 20:46 - 2012-05-10 15:52 - 3958128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-04-01 20:46 - 2012-05-10 15:52 - 3902320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-04-01 19:01 - 2012-05-10 15:52 - 3143680 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-30 03:09 - 2012-05-10 15:51 - 1895280 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-28 21:31 - 2012-03-28 21:31 - 0028160 ____A C:\Users\Sarah\Documents\Unit-11-Review-APES.doc
2012-03-25 21:01 - 2012-01-09 20:49 - 0096256 ____A C:\Users\Sarah\Documents\omnivoresdilemmaquestions.doc
2012-03-25 09:07 - 2012-03-25 09:06 - 0000000 ____D C:\Users\Sarah\AppData\Local\{5EAF86B1-2D91-44F4-90AB-7C150929FB22}
2012-03-25 09:06 - 2012-03-25 09:06 - 0000000 ____D C:\Users\Sarah\AppData\Local\{D7D5E419-4E48-4F93-A210-5ABC459C56A5}
2012-03-18 09:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2012-03-17 14:01 - 2012-03-17 13:58 - 91771496 ____A C:\Users\Sarah\Downloads\Legend of Korra - Welcome To Republic City Part 2.flv
2012-03-17 12:56 - 2012-02-25 22:14 - 0000000 ____D C:\Users\Sarah\Documents\Stripper_ENG
2012-03-16 23:55 - 2012-05-10 15:51 - 0075632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-03-16 14:18 - 2012-03-16 14:18 - 0000000 ____D C:\Users\Sarah\AppData\Local\{F9E33E4E-61E6-4A22-8ECB-5B2B1FCB7EDE}
2012-03-16 14:18 - 2012-03-16 14:18 - 0000000 ____D C:\Users\Sarah\AppData\Local\{954E8991-30D8-49F4-A615-27C96FABE28E}
2012-03-14 12:38 - 2012-03-14 12:38 - 0000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2012-03-12 14:37 - 2011-12-13 13:40 - 0000000 ____D C:\Users\All Users\AVG Secure Search
2012-03-12 14:37 - 2011-12-13 13:40 - 0000000 ____D C:\Program Files (x86)\AVG Secure Search
2012-03-10 17:23 - 2012-03-10 17:22 - 0000000 ____D C:\Users\Sarah\AppData\Local\{9BE1EAFF-5655-4CF5-A360-F25108B72EAC}
2012-03-10 17:22 - 2012-03-10 17:22 - 0000000 ____D C:\Users\Sarah\AppData\Local\{3672AB11-EB7F-49B6-BC6E-FDF660CA76D2}
2012-03-05 15:05 - 2012-03-05 15:05 - 0000000 ____D C:\Users\Sarah\AppData\Local\{DD93563F-C89A-4BA1-8D8D-F4800EE945E3}
2012-03-05 15:05 - 2012-03-05 15:05 - 0000000 ____D C:\Users\Sarah\AppData\Local\{5A384AD1-1A0C-4D3F-9C77-0AF23BFB9B62}
2012-03-03 20:36 - 2012-03-03 20:36 - 0000000 ____D C:\Program Files (x86)\Black Isle
2012-03-02 22:29 - 2012-05-10 15:57 - 1837568 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2012-03-02 22:29 - 2012-05-10 15:57 - 1541120 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-03-02 22:29 - 2012-05-10 15:57 - 0902656 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2012-03-02 22:29 - 2012-05-10 15:57 - 0320512 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2012-03-02 22:29 - 2012-05-10 15:57 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2012-03-02 21:40 - 2012-05-10 15:57 - 1170944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2012-03-02 21:40 - 2012-05-10 15:57 - 1074176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-03-02 21:40 - 2012-05-10 15:57 - 0739840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2012-03-02 21:40 - 2012-05-10 15:57 - 0218624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2012-03-02 21:40 - 2012-05-10 15:57 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2012-02-29 22:54 - 2012-04-12 12:39 - 0022896 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-02-29 22:45 - 2012-04-12 12:39 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-02-29 22:40 - 2012-04-12 12:39 - 0080896 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-02-29 22:35 - 2012-04-12 12:39 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-02-29 21:49 - 2012-04-12 12:39 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-02-29 21:45 - 2012-04-12 12:39 - 0158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-02-29 21:40 - 2012-04-12 12:39 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-02-28 16:38 - 2010-10-30 11:52 - 0000000 ____D C:\Users\Sarah\AppData\Roaming\vlc
2012-02-28 15:31 - 2012-02-28 15:31 - 0000000 ____D C:\Users\Sarah\AppData\Local\{1A955992-7E15-4857-98D9-4DA308C2DBB1}
2012-02-28 15:31 - 2012-02-28 15:30 - 0000000 ____D C:\Users\Sarah\AppData\Local\{A6D52D4A-C6C0-4716-AD20-6B7BD52BDD3C}
2012-02-27 22:35 - 2012-04-11 17:17 - 1501184 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-02-27 22:35 - 2012-04-11 17:17 - 1197568 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-02-27 22:35 - 2012-04-11 17:17 - 0134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-02-27 22:33 - 2012-04-11 17:17 - 9335296 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-02-27 22:33 - 2012-04-11 17:17 - 1026560 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2012-02-27 22:33 - 2012-04-11 17:17 - 0703488 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-02-27 22:33 - 2012-04-11 17:17 - 0097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-02-27 22:33 - 2012-04-11 17:17 - 0082944 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-02-27 22:33 - 2012-04-11 17:17 - 0057856 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-02-27 22:32 - 2012-04-11 17:17 - 2458624 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-02-27 22:32 - 2012-04-11 17:17 - 12372480 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-02-27 22:32 - 2012-04-11 17:17 - 0445952 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-02-27 22:32 - 2012-04-11 17:17 - 0256000 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-02-27 22:32 - 2012-04-11 17:17 - 0247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-02-27 22:32 - 2012-04-11 17:17 - 0064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-02-27 22:29 - 2012-04-11 17:17 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-02-27 21:40 - 2012-04-11 17:17 - 1230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-02-27 21:40 - 2012-04-11 17:17 - 0981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-02-27 21:40 - 2012-04-11 17:17 - 0132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-02-27 21:38 - 2012-04-11 17:17 - 5998592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-02-27 21:38 - 2012-04-11 17:17 - 0606208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll
2012-02-27 21:38 - 2012-04-11 17:17 - 0599552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-02-27 21:38 - 2012-04-11 17:17 - 0067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-02-27 21:38 - 2012-04-11 17:17 - 0064512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-02-27 21:38 - 2012-04-11 17:17 - 0048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-02-27 21:38 - 2012-04-11 17:17 - 0044544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-02-27 21:37 - 2012-04-11 17:17 - 2072576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-02-27 21:37 - 2012-04-11 17:17 - 10991104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-02-27 21:37 - 2012-04-11 17:17 - 0381440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-02-27 21:37 - 2012-04-11 17:17 - 0185856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-02-27 21:37 - 2012-04-11 17:17 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-02-27 21:35 - 2012-04-11 17:17 - 0012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-02-27 21:17 - 2012-04-11 17:17 - 0482816 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-02-27 20:35 - 2012-04-11 17:17 - 1638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-02-27 20:31 - 2012-04-11 17:17 - 0386048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-02-27 19:57 - 2012-04-11 17:17 - 1638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-02-27 18:20 - 2012-02-27 18:20 - 0000090 ____A C:\Users\Sarah\Documents\fafsa.txt

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 29%
Total physical RAM: 1978.93 MB
Available physical RAM: 1387.97 MB
Total Pagefile: 1978.93 MB
Available Pagefile: 1374.43 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:218.65 GB) (Free:120.46 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (RECOVERY) (Fixed) (Total:13.94 GB) (Free:2.3 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
5 Drive h: () (Removable) (Total:3.73 GB) (Free:3.68 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 0 B
Disk 1 Online 3819 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 218 GB 200 MB
Partition 3 Primary 13 GB 218 GB
Partition 4 Primary 103 MB 232 GB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 218 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E RECOVERY NTFS Partition 13 GB Healthy

======================================================================================================

Disk: 0
Partition 4
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F HP_TOOLS FAT32 Partition 103 MB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3818 MB 16 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H FAT32 Removable 3818 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-05-25 12:18

======================= End Of Log ==========================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:24 AM

Posted 27 May 2012 - 07:48 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 sarahelyse

sarahelyse
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:24 AM

Posted 28 May 2012 - 11:11 AM

I attempted to run combofix last night and I was unable to. I turned off all security software and I didn't have any CD Emulation software running. It took a long time - I wasn't watching the clock but I'm guessing around 3 hours - to get to stage 48. Once at stage 48 it stopped. I let my computer run overnight, and when I woke up in the morning, it was still stuck on stage 48, so I closed combofix without letting it complete.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:24 AM

Posted 28 May 2012 - 11:38 AM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 sarahelyse

sarahelyse
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:24 AM

Posted 28 May 2012 - 05:52 PM

Ok I ran combofix on safe mode, and it completed and rebooted my computer, but when it started back up I didn't put it in safe mode and combofix was unable to prepare a log. I left my computer alone for several hours and combofix remained stuck on the "preparing a log" screen. So I cancelled it and put my computer back in safe mode, and ran combofix again, and this time when I rebooted it was able to prepare a log.

I checked my system32 folder and consrv.dll is still there.

Here's the log from combofix:

ComboFix 12-05-27.02 - Sarah 05/28/2012 16:07:29.3.1 - x64 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1979.1337 [GMT -5:00]
Running from: c:\users\Sarah\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\programdata\ntuser.dat
c:\users\Sarah\AppData\Local\Microsoft\Windows\Temporary Internet Files\{06B57CAE-2D36-48D8-9FAD-B43792E43D8B}.xps
c:\users\Sarah\AppData\Local\Microsoft\Windows\Temporary Internet Files\{2D4EB87F-5C63-4221-B972-5E57F87A3290}.xps
c:\users\Sarah\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9237191C-A859-4243-9DFF-72C14A5E01DC}.xps
c:\users\Sarah\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9BDA3D37-C530-4736-AA2B-3BF6A02EA331}.xps
c:\users\Sarah\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D5A16BC2-1299-47FA-9642-EF989AD32529}.xps
c:\users\Sarah\Documents\~WRL4039.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-04-28 to 2012-05-28 )))))))))))))))))))))))))))))))
.
.
2012-05-28 21:16 . 2012-05-28 21:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-27 06:43 . 2012-05-27 06:44 -------- d-----w- C:\FRST
2012-05-27 02:52 . 2012-05-27 02:52 -------- d-----w- c:\users\Sarah\AppData\Local\Proxure
2012-05-27 02:47 . 2012-05-27 02:47 -------- d-----w- c:\programdata\ClubSanDisk
2012-05-21 17:01 . 2012-05-21 17:01 -------- d-----w- c:\program files (x86)\Microsoft XNA
2012-05-21 04:39 . 2012-05-21 04:39 -------- d-----w- c:\program files (x86)\WB Games
2012-05-19 17:00 . 2012-05-19 17:00 -------- d-----w- c:\program files\iPod
2012-05-19 17:00 . 2012-05-19 17:01 -------- d-----w- c:\program files\iTunes
2012-05-19 17:00 . 2012-05-19 17:01 -------- d-----w- c:\program files (x86)\iTunes
2012-05-19 16:58 . 2012-05-19 16:58 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-05-19 16:56 . 2012-05-19 16:56 -------- d-----w- c:\program files\Bonjour
2012-05-19 16:56 . 2012-05-19 16:56 -------- d-----w- c:\program files (x86)\Bonjour
2012-05-13 03:21 . 2012-05-13 03:21 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-05-13 03:21 . 2012-05-13 03:21 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-13 03:21 . 2012-05-13 03:21 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-05-10 23:57 . 2012-03-03 06:29 1541120 ----a-w- c:\windows\system32\DWrite.dll
2012-05-10 23:57 . 2012-03-03 06:29 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-05-10 23:57 . 2012-03-03 06:29 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
2012-05-10 23:57 . 2012-03-03 05:40 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-10 23:57 . 2012-03-03 05:40 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2012-05-10 23:57 . 2012-03-03 06:29 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-05-10 23:57 . 2012-03-03 06:29 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-05-10 23:57 . 2012-03-03 05:40 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-05-10 23:57 . 2012-03-03 05:40 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-05-10 23:57 . 2012-03-03 05:40 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-05-10 23:52 . 2012-04-02 05:34 5504880 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-10 23:52 . 2012-04-02 03:01 3143680 ----a-w- c:\windows\system32\win32k.sys
2012-05-10 23:52 . 2012-04-02 04:46 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-10 23:52 . 2012-04-02 04:46 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-10 23:51 . 2012-03-17 07:55 75632 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-10 23:51 . 2012-03-30 11:09 1895280 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-10 23:51 . 2012-04-02 05:24 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 23:51 . 2012-04-02 04:40 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-01 06:54 . 2012-04-12 20:39 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:45 . 2012-04-12 20:39 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 06:40 . 2012-04-12 20:39 80896 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 06:35 . 2012-04-12 20:39 5120 ----a-w- c:\windows\system32\wmi.dll
2012-03-01 05:49 . 2012-04-12 20:39 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-03-01 05:45 . 2012-04-12 20:39 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:40 . 2012-04-12 20:39 5120 ----a-w- c:\windows\SysWow64\wmi.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
c:\users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2010-10-30 0]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 245120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
R2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-15 158856]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [x]
R3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\DRIVERS\LVUSBS64.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-13 129976]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-01-29 6160928]
"RtkOSD"="c:\program files (x86)\Realtek\Audio\OSD\RtVOsd64.exe" [2010-01-13 995840]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-03-24 172032]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 208.180.42.100 208.180.42.68 192.168.1.1
FF - ProfilePath - c:\users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\fbgj87xk.default\
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-ROC_roc_dec12 - c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{10CD364B-FFCC-48BE-B469-B9622A033075} - c:\programdata\{A3A26C56-02C3-4F76-A033-12EE2FB52AE6}\Fences.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-28 16:22:24 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-28 21:22
.
Pre-Run: 135,936,729,088 bytes free
Post-Run: 135,611,666,432 bytes free
.
- - End Of File - - 9AD6CB612A872BF48E8B409D1B0AC802

Edited by sarahelyse, 28 May 2012 - 05:57 PM.


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:24 AM

Posted 28 May 2012 - 08:42 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 sarahelyse

sarahelyse
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:24 AM

Posted 29 May 2012 - 12:49 PM

Here's the log from TDSSkiller:

00:13:20.0714 2064 TDSS rootkit removing tool 2.7.38.0 May 25 2012 17:35:31
00:13:23.0270 2064 ============================================================
00:13:23.0270 2064 Current date / time: 2012/05/29 00:13:23.0270
00:13:23.0270 2064 SystemInfo:
00:13:23.0270 2064
00:13:23.0270 2064 OS Version: 6.1.7600 ServicePack: 0.0
00:13:23.0270 2064 Product type: Workstation
00:13:23.0270 2064 ComputerName: SARAH-PC
00:13:23.0270 2064 UserName: Sarah
00:13:23.0270 2064 Windows directory: C:\Windows
00:13:23.0270 2064 System windows directory: C:\Windows
00:13:23.0270 2064 Running under WOW64
00:13:23.0271 2064 Processor architecture: Intel x64
00:13:23.0271 2064 Number of processors: 1
00:13:23.0271 2064 Page size: 0x1000
00:13:23.0271 2064 Boot type: Normal boot
00:13:23.0271 2064 ============================================================
00:13:27.0230 2064 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:13:27.0275 2064 ============================================================
00:13:27.0275 2064 \Device\Harddisk0\DR0:
00:13:27.0276 2064 MBR partitions:
00:13:27.0276 2064 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
00:13:27.0276 2064 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x1B54E800
00:13:27.0276 2064 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1B5B2800, BlocksNum 0x1BDF000
00:13:27.0276 2064 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x1D191800, BlocksNum 0x33970
00:13:27.0276 2064 ============================================================
00:13:27.0329 2064 C: <-> \Device\Harddisk0\DR0\Partition1
00:13:27.0598 2064 D: <-> \Device\Harddisk0\DR0\Partition2
00:13:27.0686 2064 E: <-> \Device\Harddisk0\DR0\Partition3
00:13:27.0709 2064 ============================================================
00:13:27.0709 2064 Initialize success
00:13:27.0709 2064 ============================================================
00:13:35.0957 1904 ============================================================
00:13:35.0957 1904 Scan started
00:13:35.0957 1904 Mode: Manual;
00:13:35.0957 1904 ============================================================
00:13:59.0238 1904 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
00:13:59.0484 1904 1394ohci - ok
00:13:59.0562 1904 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
00:13:59.0583 1904 ACPI - ok
00:13:59.0627 1904 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
00:13:59.0751 1904 AcpiPmi - ok
00:14:01.0615 1904 adfs (d44bcaf639e4e45307c2bc80715273d5) C:\Windows\system32\drivers\adfs.sys
00:14:01.0860 1904 adfs - ok
00:14:13.0378 1904 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
00:14:13.0836 1904 adp94xx - ok
00:14:21.0837 1904 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
00:14:22.0081 1904 adpahci - ok
00:14:22.0155 1904 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
00:14:22.0329 1904 adpu320 - ok
00:14:22.0370 1904 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
00:14:22.0372 1904 AeLookupSvc - ok
00:14:24.0475 1904 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
00:14:24.0638 1904 AERTFilters - ok
00:14:34.0078 1904 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
00:14:34.0260 1904 AFD - ok
00:14:34.0340 1904 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
00:14:34.0455 1904 agp440 - ok
00:14:36.0056 1904 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
00:14:36.0218 1904 ALG - ok
00:14:36.0609 1904 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
00:14:36.0772 1904 aliide - ok
00:14:36.0798 1904 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
00:14:36.0944 1904 amdide - ok
00:14:37.0003 1904 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
00:14:37.0114 1904 AmdK8 - ok
00:14:38.0343 1904 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
00:14:38.0507 1904 AmdPPM - ok
00:14:40.0667 1904 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
00:14:40.0987 1904 amdsata - ok
00:14:41.0034 1904 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
00:14:41.0338 1904 amdsbs - ok
00:14:41.0406 1904 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
00:14:41.0415 1904 amdxata - ok
00:14:42.0648 1904 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
00:14:42.0811 1904 AppID - ok
00:14:43.0514 1904 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
00:14:43.0689 1904 AppIDSvc - ok
00:14:45.0142 1904 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
00:14:45.0302 1904 Appinfo - ok
00:14:45.0432 1904 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
00:14:45.0621 1904 Apple Mobile Device - ok
00:14:45.0767 1904 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
00:14:45.0874 1904 arc - ok
00:14:45.0915 1904 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
00:14:46.0049 1904 arcsas - ok
00:14:46.0518 1904 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
00:14:46.0682 1904 AsyncMac - ok
00:14:47.0221 1904 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
00:14:47.0377 1904 atapi - ok
00:14:47.0420 1904 atksgt (09149d03629a44f4773e621c432d1d89) C:\Windows\system32\DRIVERS\atksgt.sys
00:14:47.0546 1904 atksgt - ok
00:14:47.0641 1904 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
00:14:47.0674 1904 AudioEndpointBuilder - ok
00:14:47.0686 1904 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
00:14:47.0692 1904 AudioSrv - ok
00:14:47.0805 1904 AVG Security Toolbar Service - ok
00:16:25.0261 1904 AVGIDSAgent (ba60fd7a64b9759a14c0fba4a9ed4c7b) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
00:16:25.0555 1904 AVGIDSAgent - ok
00:16:42.0374 1904 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys
00:16:42.0533 1904 AVGIDSDriver - ok
00:16:43.0153 1904 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys
00:16:43.0310 1904 AVGIDSFilter - ok
00:16:43.0345 1904 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys
00:16:43.0471 1904 AVGIDSHA - ok
00:16:43.0545 1904 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
00:16:43.0645 1904 Avgldx64 - ok
00:16:43.0717 1904 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
00:16:43.0731 1904 Avgmfx64 - ok
00:16:43.0798 1904 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
00:16:43.0821 1904 Avgrkx64 - ok
00:16:43.0864 1904 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS\avgtdia.sys
00:16:43.0995 1904 Avgtdia - ok
00:16:48.0984 1904 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
00:16:48.0989 1904 avgwd - ok
00:16:51.0486 1904 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
00:16:51.0696 1904 AxInstSV - ok
00:16:51.0794 1904 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
00:16:51.0960 1904 b06bdrv - ok
00:16:52.0046 1904 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
00:16:52.0236 1904 b57nd60a - ok
00:16:54.0438 1904 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
00:16:54.0614 1904 BDESVC - ok
00:16:54.0657 1904 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
00:16:54.0807 1904 Beep - ok
00:17:18.0425 1904 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll
00:17:19.0654 1904 BITS - ok
00:17:21.0535 1904 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
00:17:21.0749 1904 blbdrive - ok
00:17:31.0764 1904 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
00:17:32.0011 1904 Bonjour Service - ok
00:17:32.0045 1904 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
00:17:32.0194 1904 bowser - ok
00:17:32.0228 1904 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
00:17:32.0381 1904 BrFiltLo - ok
00:17:32.0712 1904 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
00:17:32.0876 1904 BrFiltUp - ok
00:17:34.0761 1904 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
00:17:34.0927 1904 BridgeMP - ok
00:17:34.0966 1904 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
00:17:35.0114 1904 Browser - ok
00:17:35.0174 1904 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
00:17:35.0405 1904 Brserid - ok
00:17:35.0449 1904 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
00:17:35.0581 1904 BrSerWdm - ok
00:17:35.0979 1904 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
00:17:36.0145 1904 BrUsbMdm - ok
00:17:36.0471 1904 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
00:17:36.0635 1904 BrUsbSer - ok
00:17:38.0122 1904 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
00:17:38.0292 1904 BTHMODEM - ok
00:17:38.0357 1904 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
00:17:38.0473 1904 bthserv - ok
00:17:38.0534 1904 catchme - ok
00:17:38.0577 1904 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
00:17:38.0739 1904 cdfs - ok
00:17:41.0644 1904 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
00:17:41.0817 1904 cdrom - ok
00:17:41.0885 1904 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
00:17:42.0001 1904 CertPropSvc - ok
00:17:43.0023 1904 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
00:17:43.0190 1904 circlass - ok
00:17:50.0194 1904 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
00:17:50.0353 1904 CLFS - ok
00:17:50.0442 1904 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:17:50.0451 1904 clr_optimization_v2.0.50727_32 - ok
00:17:50.0530 1904 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:17:50.0541 1904 clr_optimization_v2.0.50727_64 - ok
00:17:54.0745 1904 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:17:55.0919 1904 clr_optimization_v4.0.30319_32 - ok
00:17:55.0961 1904 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:17:56.0091 1904 clr_optimization_v4.0.30319_64 - ok
00:17:56.0151 1904 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
00:17:56.0267 1904 CmBatt - ok
00:17:56.0747 1904 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
00:17:56.0900 1904 cmdide - ok
00:17:56.0960 1904 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
00:17:57.0080 1904 CNG - ok
00:17:57.0632 1904 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
00:17:57.0789 1904 Compbatt - ok
00:17:57.0851 1904 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
00:17:57.0961 1904 CompositeBus - ok
00:17:57.0993 1904 COMSysApp - ok
00:17:58.0033 1904 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
00:17:58.0139 1904 crcdisk - ok
00:18:01.0580 1904 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
00:18:01.0748 1904 CryptSvc - ok
00:18:01.0809 1904 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
00:18:01.0817 1904 DcomLaunch - ok
00:18:01.0849 1904 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
00:18:01.0956 1904 defragsvc - ok
00:18:02.0020 1904 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
00:18:02.0210 1904 DfsC - ok
00:18:08.0305 1904 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
00:18:08.0471 1904 Dhcp - ok
00:18:09.0287 1904 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
00:18:09.0461 1904 discache - ok
00:18:09.0529 1904 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
00:18:09.0551 1904 Disk - ok
00:18:13.0186 1904 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
00:18:13.0349 1904 Dnscache - ok
00:18:13.0397 1904 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
00:18:13.0530 1904 dot3svc - ok
00:18:13.0558 1904 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
00:18:13.0561 1904 DPS - ok
00:18:13.0613 1904 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
00:18:13.0721 1904 drmkaud - ok
00:18:37.0373 1904 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
00:18:37.0814 1904 DXGKrnl - ok
00:18:37.0852 1904 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
00:18:38.0191 1904 EapHost - ok
00:18:38.0479 1904 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
00:18:38.0856 1904 ebdrv - ok
00:18:39.0037 1904 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
00:18:39.0146 1904 EFS - ok
00:18:48.0034 1904 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
00:18:48.0133 1904 ehRecvr - ok
00:18:48.0172 1904 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
00:18:48.0198 1904 ehSched - ok
00:18:48.0290 1904 ElbyCDIO (9a47ac3dfcf81d30922cdaaf1c2d579f) C:\Windows\system32\Drivers\ElbyCDIO.sys
00:18:48.0376 1904 ElbyCDIO - ok
00:18:48.0462 1904 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
00:18:48.0545 1904 elxstor - ok
00:18:48.0585 1904 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
00:18:48.0676 1904 ErrDev - ok
00:18:48.0733 1904 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
00:18:48.0739 1904 EventSystem - ok
00:18:48.0783 1904 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
00:18:48.0919 1904 exfat - ok
00:18:48.0956 1904 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
00:18:49.0090 1904 fastfat - ok
00:18:49.0196 1904 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
00:18:49.0341 1904 Fax - ok
00:18:49.0375 1904 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
00:18:49.0481 1904 fdc - ok
00:18:49.0576 1904 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
00:18:49.0695 1904 fdPHost - ok
00:18:49.0713 1904 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
00:18:49.0722 1904 FDResPub - ok
00:18:49.0741 1904 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
00:18:49.0743 1904 FileInfo - ok
00:18:49.0761 1904 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
00:18:49.0797 1904 Filetrace - ok
00:18:49.0842 1904 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
00:18:49.0966 1904 flpydisk - ok
00:18:50.0000 1904 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
00:18:50.0005 1904 FltMgr - ok
00:18:50.0191 1904 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
00:18:50.0490 1904 FontCache - ok
00:18:50.0594 1904 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:18:50.0622 1904 FontCache3.0.0.0 - ok
00:18:50.0709 1904 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
00:18:50.0712 1904 FsDepends - ok
00:18:50.0748 1904 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
00:18:50.0905 1904 Fs_Rec - ok
00:18:50.0976 1904 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
00:18:50.0986 1904 fvevol - ok
00:18:51.0046 1904 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
00:18:51.0101 1904 gagp30kx - ok
00:18:51.0181 1904 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
00:18:51.0307 1904 GEARAspiWDM - ok
00:18:51.0382 1904 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
00:18:51.0445 1904 gpsvc - ok
00:18:51.0471 1904 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
00:18:51.0529 1904 hcw85cir - ok
00:18:51.0599 1904 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
00:18:51.0727 1904 HdAudAddService - ok
00:18:51.0771 1904 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
00:18:51.0825 1904 HDAudBus - ok
00:18:51.0844 1904 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
00:18:51.0884 1904 HidBatt - ok
00:18:51.0918 1904 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
00:18:51.0947 1904 HidBth - ok
00:18:51.0973 1904 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
00:18:52.0037 1904 HidIr - ok
00:18:52.0061 1904 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
00:18:52.0130 1904 hidserv - ok
00:18:52.0202 1904 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
00:18:52.0317 1904 HidUsb - ok
00:18:52.0354 1904 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
00:18:52.0532 1904 hkmsvc - ok
00:18:57.0005 1904 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
00:18:57.0166 1904 HomeGroupListener - ok
00:18:57.0208 1904 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
00:18:57.0340 1904 HomeGroupProvider - ok
00:18:57.0461 1904 hpqwmiex (ef3ea06057132138b4e5895a61601dbe) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
00:18:57.0465 1904 hpqwmiex - ok
00:18:57.0550 1904 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
00:18:57.0681 1904 HpSAMD - ok
00:18:57.0757 1904 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
00:18:57.0872 1904 HTTP - ok
00:18:57.0894 1904 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
00:18:58.0036 1904 hwpolicy - ok
00:19:00.0102 1904 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
00:19:00.0266 1904 i8042prt - ok
00:19:00.0334 1904 iaStor (be7d72fcf442c26975942007e0831241) C:\Windows\system32\DRIVERS\iaStor.sys
00:19:00.0337 1904 iaStor - ok
00:19:08.0074 1904 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
00:19:08.0321 1904 iaStorV - ok
00:19:08.0471 1904 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:19:08.0503 1904 idsvc - ok
00:22:35.0442 1904 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
00:22:35.0839 1904 igfx - ok
00:22:36.0039 1904 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
00:22:36.0172 1904 iirsp - ok
00:22:52.0173 1904 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
00:22:52.0345 1904 IKEEXT - ok
00:22:52.0546 1904 IntcAzAudAddService (a3bcbd0f710580a07d1b929d787d36ce) C:\Windows\system32\drivers\RTKVHD64.sys
00:22:52.0833 1904 IntcAzAudAddService - ok
00:22:52.0988 1904 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
00:22:53.0139 1904 intelide - ok
00:22:53.0189 1904 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
00:22:53.0314 1904 intelppm - ok
00:22:55.0317 1904 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
00:22:55.0485 1904 IPBusEnum - ok
00:22:57.0108 1904 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:22:57.0275 1904 IpFilterDriver - ok
00:22:57.0363 1904 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
00:22:57.0456 1904 iphlpsvc - ok
00:22:57.0495 1904 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
00:22:57.0629 1904 IPMIDRV - ok
00:22:57.0719 1904 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
00:22:57.0880 1904 IPNAT - ok
00:22:57.0983 1904 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
00:22:58.0142 1904 iPod Service - ok
00:22:58.0610 1904 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
00:22:58.0769 1904 IRENUM - ok
00:22:58.0818 1904 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
00:22:58.0941 1904 isapnp - ok
00:23:03.0235 1904 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
00:23:03.0392 1904 iScsiPrt - ok
00:23:03.0437 1904 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
00:23:03.0554 1904 kbdclass - ok
00:23:03.0612 1904 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
00:23:03.0730 1904 kbdhid - ok
00:23:04.0424 1904 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
00:23:04.0426 1904 KeyIso - ok
00:23:06.0344 1904 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
00:23:06.0501 1904 KSecDD - ok
00:23:09.0485 1904 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
00:23:09.0638 1904 KSecPkg - ok
00:23:09.0677 1904 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
00:23:09.0811 1904 ksthunk - ok
00:23:09.0896 1904 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
00:23:09.0997 1904 KtmRm - ok
00:23:10.0071 1904 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
00:23:10.0169 1904 LanmanServer - ok
00:23:10.0209 1904 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
00:23:10.0343 1904 LanmanWorkstation - ok
00:23:10.0382 1904 lirsgt (5ea407821bb3104c31a705175ab4f309) C:\Windows\system32\DRIVERS\lirsgt.sys
00:23:10.0520 1904 lirsgt - ok
00:23:11.0691 1904 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
00:23:11.0857 1904 lltdio - ok
00:23:11.0931 1904 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
00:23:12.0039 1904 lltdsvc - ok
00:23:12.0065 1904 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
00:23:12.0211 1904 lmhosts - ok
00:23:12.0285 1904 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
00:23:12.0382 1904 LSI_FC - ok
00:23:12.0415 1904 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
00:23:12.0560 1904 LSI_SAS - ok
00:23:12.0625 1904 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
00:23:12.0728 1904 LSI_SAS2 - ok
00:23:12.0749 1904 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
00:23:12.0902 1904 LSI_SCSI - ok
00:23:12.0931 1904 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
00:23:13.0082 1904 luafv - ok
00:23:13.0143 1904 LVUSBS64 (6562fcee704f14c05f5338b147d67a16) C:\Windows\system32\DRIVERS\LVUSBS64.sys
00:23:13.0254 1904 LVUSBS64 - ok
00:23:14.0971 1904 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
00:23:15.0138 1904 Mcx2Svc - ok
00:23:15.0172 1904 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
00:23:15.0306 1904 megasas - ok
00:23:15.0354 1904 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
00:23:15.0476 1904 MegaSR - ok
00:23:17.0498 1904 Microsoft SharePoint Workspace Audit Service - ok
00:23:18.0896 1904 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
00:23:18.0898 1904 MMCSS - ok
00:23:18.0940 1904 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
00:23:19.0073 1904 Modem - ok
00:23:19.0701 1904 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
00:23:19.0702 1904 monitor - ok
00:23:20.0719 1904 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
00:23:20.0876 1904 mouclass - ok
00:23:20.0928 1904 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
00:23:21.0048 1904 mouhid - ok
00:23:22.0993 1904 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
00:23:23.0152 1904 mountmgr - ok
00:23:23.0233 1904 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
00:23:23.0244 1904 MozillaMaintenance - ok
00:23:23.0282 1904 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
00:23:23.0423 1904 mpio - ok
00:23:23.0453 1904 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
00:23:23.0599 1904 mpsdrv - ok
00:23:23.0633 1904 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
00:23:23.0773 1904 MRxDAV - ok
00:23:23.0810 1904 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:23:23.0951 1904 mrxsmb - ok
00:23:23.0995 1904 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:23:24.0133 1904 mrxsmb10 - ok
00:23:24.0163 1904 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:23:24.0309 1904 mrxsmb20 - ok
00:23:24.0344 1904 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
00:23:24.0476 1904 msahci - ok
00:23:24.0509 1904 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
00:23:24.0646 1904 msdsm - ok
00:23:27.0268 1904 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
00:23:27.0437 1904 MSDTC - ok
00:23:28.0062 1904 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
00:23:28.0224 1904 Msfs - ok
00:23:28.0383 1904 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
00:23:28.0549 1904 mshidkmdf - ok
00:23:28.0940 1904 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
00:23:29.0091 1904 msisadrv - ok
00:23:29.0126 1904 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
00:23:29.0267 1904 MSiSCSI - ok
00:23:29.0276 1904 msiserver - ok
00:23:29.0330 1904 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
00:23:29.0453 1904 MSKSSRV - ok
00:23:29.0470 1904 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
00:23:29.0622 1904 MSPCLOCK - ok
00:23:29.0638 1904 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
00:23:29.0794 1904 MSPQM - ok
00:23:36.0783 1904 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
00:23:36.0954 1904 MsRPC - ok
00:23:37.0614 1904 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
00:23:37.0781 1904 mssmbios - ok
00:23:37.0820 1904 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
00:23:37.0968 1904 MSTEE - ok
00:23:38.0381 1904 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
00:23:38.0546 1904 MTConfig - ok
00:23:40.0002 1904 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
00:23:40.0164 1904 Mup - ok
00:23:49.0617 1904 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
00:23:49.0806 1904 napagent - ok
00:23:49.0918 1904 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
00:23:50.0056 1904 NativeWifiP - ok
00:24:09.0728 1904 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
00:24:09.0926 1904 NDIS - ok
00:24:09.0971 1904 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
00:24:10.0122 1904 NdisCap - ok
00:24:10.0185 1904 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
00:24:10.0468 1904 NdisTapi - ok
00:24:10.0538 1904 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
00:24:10.0764 1904 Ndisuio - ok
00:24:15.0407 1904 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
00:24:15.0578 1904 NdisWan - ok
00:24:15.0611 1904 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
00:24:15.0762 1904 NDProxy - ok
00:24:16.0768 1904 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
00:24:16.0943 1904 NetBIOS - ok
00:24:23.0625 1904 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
00:24:23.0889 1904 NetBT - ok
00:24:23.0915 1904 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
00:24:23.0917 1904 Netlogon - ok
00:24:26.0600 1904 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
00:24:26.0748 1904 Netman - ok
00:24:26.0797 1904 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
00:24:26.0805 1904 netprofm - ok
00:24:26.0919 1904 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:24:27.0007 1904 NetTcpPortSharing - ok
00:24:27.0353 1904 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
00:24:27.0903 1904 netw5v64 - ok
00:24:28.0128 1904 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
00:24:28.0688 1904 nfrd960 - ok
00:24:28.0789 1904 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
00:24:28.0910 1904 NlaSvc - ok
00:24:28.0948 1904 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
00:24:29.0035 1904 Npfs - ok
00:24:29.0073 1904 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
00:24:29.0181 1904 nsi - ok
00:24:29.0200 1904 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
00:24:29.0223 1904 nsiproxy - ok
00:24:29.0364 1904 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
00:24:29.0519 1904 Ntfs - ok
00:24:29.0683 1904 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
00:24:29.0784 1904 Null - ok
00:24:29.0831 1904 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
00:24:29.0970 1904 nvraid - ok
00:24:30.0058 1904 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
00:24:30.0103 1904 nvstor - ok
00:24:30.0163 1904 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
00:24:30.0317 1904 nv_agp - ok
00:24:30.0357 1904 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
00:24:30.0544 1904 ohci1394 - ok
00:24:30.0705 1904 ose64 (4965b005492cba7719e82b71e3245495) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:24:30.0758 1904 ose64 - ok
00:24:31.0222 1904 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
00:24:31.0486 1904 osppsvc - ok
00:24:31.0736 1904 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
00:24:31.0867 1904 p2pimsvc - ok
00:24:31.0920 1904 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
00:24:32.0042 1904 p2psvc - ok
00:24:32.0162 1904 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
00:24:32.0250 1904 Parport - ok
00:24:32.0280 1904 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys
00:24:32.0313 1904 partmgr - ok
00:24:32.0358 1904 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
00:24:32.0567 1904 PcaSvc - ok
00:24:32.0642 1904 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
00:24:32.0722 1904 pci - ok
00:24:32.0751 1904 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
00:24:32.0944 1904 pciide - ok
00:24:33.0021 1904 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
00:24:33.0316 1904 pcmcia - ok
00:24:33.0438 1904 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
00:24:33.0543 1904 pcw - ok
00:24:33.0650 1904 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
00:24:33.0825 1904 PEAUTH - ok
00:24:33.0964 1904 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
00:24:34.0169 1904 PerfHost - ok
00:24:34.0267 1904 PID_0928 (db5c32a4130e6b36cd6ed7a5a6c7751e) C:\Windows\system32\DRIVERS\LV561V64.SYS
00:24:34.0325 1904 PID_0928 - ok
00:24:34.0479 1904 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
00:24:34.0714 1904 pla - ok
00:24:42.0852 1904 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
00:24:42.0858 1904 PlugPlay - ok
00:24:42.0897 1904 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
00:24:43.0040 1904 PNRPAutoReg - ok
00:24:49.0403 1904 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
00:24:49.0407 1904 PNRPsvc - ok
00:25:02.0326 1904 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
00:25:02.0750 1904 PolicyAgent - ok
00:25:07.0652 1904 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
00:25:07.0830 1904 Power - ok
00:25:07.0907 1904 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
00:25:08.0043 1904 PptpMiniport - ok
00:25:08.0075 1904 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
00:25:08.0215 1904 Processor - ok
00:25:12.0578 1904 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
00:25:12.0742 1904 ProfSvc - ok
00:25:12.0774 1904 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
00:25:12.0776 1904 ProtectedStorage - ok
00:25:12.0840 1904 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
00:25:12.0841 1904 Psched - ok
00:25:12.0949 1904 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
00:25:12.0978 1904 ql2300 - ok
00:25:13.0148 1904 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
00:25:13.0155 1904 ql40xx - ok
00:25:13.0196 1904 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
00:25:13.0337 1904 QWAVE - ok
00:25:13.0381 1904 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
00:25:13.0510 1904 QWAVEdrv - ok
00:25:13.0911 1904 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
00:25:14.0110 1904 RasAcd - ok
00:25:14.0168 1904 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
00:25:14.0287 1904 RasAgileVpn - ok
00:25:16.0822 1904 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
00:25:16.0998 1904 RasAuto - ok
00:25:17.0026 1904 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:25:17.0344 1904 Rasl2tp - ok
00:25:17.0424 1904 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
00:25:17.0616 1904 RasMan - ok
00:25:17.0677 1904 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
00:25:17.0797 1904 RasPppoe - ok
00:25:17.0826 1904 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
00:25:17.0975 1904 RasSstp - ok
00:25:26.0567 1904 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
00:25:26.0965 1904 rdbss - ok
00:25:27.0022 1904 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
00:25:27.0711 1904 rdpbus - ok
00:25:28.0569 1904 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:25:28.0997 1904 RDPCDD - ok
00:25:29.0063 1904 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
00:25:29.0215 1904 RDPENCDD - ok
00:25:29.0423 1904 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
00:25:29.0632 1904 RDPREFMP - ok
00:25:36.0984 1904 RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys
00:25:37.0605 1904 RDPWD - ok
00:25:44.0170 1904 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
00:25:44.0775 1904 rdyboost - ok
00:25:49.0965 1904 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
00:25:50.0772 1904 RemoteAccess - ok
00:25:55.0773 1904 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
00:25:56.0150 1904 RemoteRegistry - ok
00:25:58.0698 1904 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
00:25:58.0920 1904 RpcEptMapper - ok
00:25:59.0543 1904 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
00:26:00.0016 1904 RpcLocator - ok
00:26:17.0598 1904 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
00:26:17.0603 1904 RpcSs - ok
00:26:17.0693 1904 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
00:26:17.0928 1904 rspndr - ok
00:26:18.0014 1904 RSUSBSTOR - ok
00:26:18.0123 1904 RTL8167 (777fc2c418465404e3d8a290dc247d24) C:\Windows\system32\DRIVERS\Rt64win7.sys
00:26:18.0309 1904 RTL8167 - ok
00:26:18.0441 1904 rtl8192se (03e0627c26943916a7276ac5306206c7) C:\Windows\system32\DRIVERS\rtl8192se.sys
00:26:18.0576 1904 rtl8192se - ok
00:26:18.0608 1904 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
00:26:18.0615 1904 SamSs - ok
00:26:18.0661 1904 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
00:26:18.0787 1904 sbp2port - ok
00:26:18.0837 1904 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
00:26:19.0007 1904 SCardSvr - ok
00:26:19.0090 1904 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
00:26:19.0261 1904 scfilter - ok
00:26:48.0269 1904 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
00:26:48.0783 1904 Schedule - ok
00:26:48.0826 1904 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
00:26:48.0828 1904 SCPolicySvc - ok
00:26:48.0897 1904 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys
00:26:49.0214 1904 sdbus - ok
00:26:49.0259 1904 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
00:26:49.0644 1904 SDRSVC - ok
00:26:49.0745 1904 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
00:26:50.0070 1904 secdrv - ok
00:26:51.0132 1904 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
00:26:51.0304 1904 seclogon - ok
00:26:53.0229 1904 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
00:26:53.0233 1904 SENS - ok
00:26:54.0422 1904 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
00:26:54.0702 1904 SensrSvc - ok
00:26:55.0780 1904 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
00:26:56.0150 1904 Serenum - ok
00:26:59.0651 1904 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
00:26:59.0896 1904 Serial - ok
00:27:00.0784 1904 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
00:27:01.0205 1904 sermouse - ok
00:27:03.0945 1904 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
00:27:04.0119 1904 SessionEnv - ok
00:27:04.0147 1904 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
00:27:04.0315 1904 sffdisk - ok
00:27:05.0019 1904 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
00:27:05.0321 1904 sffp_mmc - ok
00:27:05.0867 1904 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
00:27:06.0169 1904 sffp_sd - ok
00:27:06.0793 1904 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
00:27:07.0062 1904 sfloppy - ok
00:27:16.0997 1904 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
00:27:17.0365 1904 SharedAccess - ok
00:27:27.0335 1904 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
00:27:27.0528 1904 ShellHWDetection - ok
00:27:28.0574 1904 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
00:27:28.0769 1904 SiSRaid2 - ok
00:27:30.0426 1904 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
00:27:30.0589 1904 SiSRaid4 - ok
00:27:34.0422 1904 SkypeUpdate (62b825015fa289d2c5ebf8b00846a8ff) C:\Program Files (x86)\Skype\Updater\Updater.exe
00:27:34.0582 1904 SkypeUpdate - ok
00:27:34.0640 1904 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
00:27:34.0762 1904 Smb - ok
00:27:34.0826 1904 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
00:27:34.0949 1904 SNMPTRAP - ok
00:27:35.0418 1904 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
00:27:35.0576 1904 spldr - ok
00:27:52.0998 1904 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
00:27:53.0353 1904 Spooler - ok
00:27:53.0784 1904 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
00:27:54.0192 1904 sppsvc - ok
00:27:54.0325 1904 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
00:27:54.0764 1904 sppuinotify - ok
00:28:07.0590 1904 sptd (34f974f8b3c86de03a30dcbe79091c97) C:\Windows\System32\Drivers\sptd.sys
00:28:07.0753 1904 sptd - ok
00:28:07.0867 1904 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
00:28:08.0007 1904 srv - ok
00:28:08.0097 1904 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
00:28:08.0250 1904 srv2 - ok
00:28:08.0330 1904 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
00:28:08.0432 1904 SrvHsfHDA - ok
00:28:08.0543 1904 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
00:28:08.0654 1904 SrvHsfV92 - ok
00:28:08.0878 1904 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
00:28:09.0033 1904 SrvHsfWinac - ok
00:28:09.0070 1904 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
00:28:09.0226 1904 srvnet - ok
00:28:09.0300 1904 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
00:28:09.0408 1904 SSDPSRV - ok
00:28:09.0443 1904 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
00:28:09.0446 1904 SstpSvc - ok
00:28:09.0484 1904 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
00:28:09.0659 1904 stexstor - ok
00:28:22.0076 1904 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
00:28:22.0286 1904 stisvc - ok
00:28:22.0315 1904 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
00:28:22.0472 1904 swenum - ok
00:28:22.0527 1904 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
00:28:22.0674 1904 swprv - ok
00:28:22.0767 1904 SynTP (91853f78b68f9f036670291f5edd4eae) C:\Windows\system32\DRIVERS\SynTP.sys
00:28:22.0930 1904 SynTP - ok
00:29:11.0552 1904 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
00:29:11.0910 1904 SysMain - ok
00:29:12.0084 1904 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
00:29:12.0289 1904 TabletInputService - ok
00:29:12.0379 1904 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
00:29:12.0594 1904 TapiSrv - ok
00:29:12.0632 1904 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
00:29:12.0878 1904 TBS - ok
00:30:02.0765 1904 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys
00:30:02.0998 1904 Tcpip - ok
00:30:03.0283 1904 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys
00:30:03.0296 1904 TCPIP6 - ok
00:30:08.0773 1904 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
00:30:09.0057 1904 tcpipreg - ok
00:30:09.0637 1904 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
00:30:09.0951 1904 TDPIPE - ok
00:30:10.0866 1904 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
00:30:11.0234 1904 TDTCP - ok
00:30:14.0951 1904 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
00:30:15.0230 1904 tdx - ok
00:30:17.0383 1904 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
00:30:17.0633 1904 TermDD - ok
00:30:38.0453 1904 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
00:30:38.0639 1904 TermService - ok
00:30:38.0670 1904 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
00:30:38.0873 1904 Themes - ok
00:30:40.0965 1904 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
00:30:40.0967 1904 THREADORDER - ok
00:30:45.0754 1904 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
00:30:46.0103 1904 TrkWks - ok
00:30:46.0199 1904 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
00:30:46.0359 1904 TrustedInstaller - ok
00:30:46.0398 1904 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:30:46.0550 1904 tssecsrv - ok
00:30:50.0001 1904 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
00:30:50.0003 1904 tunnel - ok
00:30:52.0188 1904 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
00:30:52.0571 1904 uagp35 - ok
00:31:00.0416 1904 udfs (c06e6f4679ceb8f430b90a51d76d8d3c) C:\Windows\system32\DRIVERS\udfs.sys
00:31:00.0585 1904 udfs - ok
00:31:00.0620 1904 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
00:31:00.0852 1904 UI0Detect - ok
00:31:02.0200 1904 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
00:31:02.0354 1904 uliagpkx - ok
00:31:03.0376 1904 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
00:31:03.0541 1904 umbus - ok
00:31:03.0858 1904 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
00:31:04.0021 1904 UmPass - ok
00:31:14.0985 1904 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
00:31:15.0174 1904 upnphost - ok
00:31:15.0236 1904 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
00:31:15.0358 1904 USBAAPL64 - ok
00:31:18.0234 1904 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
00:31:18.0603 1904 usbccgp - ok
00:31:18.0660 1904 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
00:31:18.0921 1904 usbcir - ok
00:31:20.0829 1904 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\DRIVERS\usbehci.sys
00:31:21.0102 1904 usbehci - ok
00:31:32.0402 1904 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
00:31:32.0662 1904 usbhub - ok
00:31:33.0414 1904 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys
00:31:33.0734 1904 usbohci - ok
00:31:34.0575 1904 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
00:31:34.0893 1904 usbprint - ok
00:31:34.0973 1904 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
00:31:35.0123 1904 usbscan - ok
00:31:37.0598 1904 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:31:37.0925 1904 USBSTOR - ok
00:31:38.0916 1904 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\DRIVERS\usbuhci.sys
00:31:39.0135 1904 usbuhci - ok
00:31:40.0266 1904 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
00:31:40.0503 1904 UxSms - ok
00:31:41.0432 1904 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
00:31:41.0436 1904 VaultSvc - ok
00:31:42.0365 1904 VClone (84bb306b7863883018d7f3eb0c453bd5) C:\Windows\system32\DRIVERS\VClone.sys
00:31:42.0594 1904 VClone - ok
00:31:43.0625 1904 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
00:31:43.0832 1904 vdrvroot - ok
00:31:43.0909 1904 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
00:31:44.0096 1904 vds - ok
00:31:44.0136 1904 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
00:31:44.0314 1904 vga - ok
00:31:45.0144 1904 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
00:31:45.0363 1904 VgaSave - ok
00:31:50.0725 1904 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
00:31:50.0955 1904 vhdmp - ok
00:31:50.0983 1904 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
00:31:51.0188 1904 viaide - ok
00:31:53.0197 1904 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
00:31:53.0584 1904 volmgr - ok
00:32:02.0620 1904 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
00:32:02.0833 1904 volmgrx - ok
00:32:02.0897 1904 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
00:32:03.0064 1904 volsnap - ok
00:32:03.0150 1904 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
00:32:03.0299 1904 vsmraid - ok
00:32:03.0461 1904 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
00:32:03.0624 1904 VSS - ok
00:32:03.0792 1904 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
00:32:03.0943 1904 vwifibus - ok
00:32:05.0519 1904 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
00:32:05.0739 1904 vwififlt - ok
00:32:15.0281 1904 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
00:32:15.0512 1904 W32Time - ok
00:32:16.0335 1904 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
00:32:16.0564 1904 WacomPen - ok
00:32:18.0902 1904 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
00:32:19.0114 1904 WANARP - ok
00:32:19.0124 1904 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
00:32:19.0126 1904 Wanarpv6 - ok
00:32:19.0278 1904 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
00:32:19.0503 1904 WatAdminSvc - ok
00:32:56.0669 1904 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
00:32:57.0017 1904 wbengine - ok
00:33:18.0953 1904 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
00:33:19.0166 1904 WbioSrvc - ok
00:33:19.0230 1904 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
00:33:19.0404 1904 wcncsvc - ok
00:33:19.0437 1904 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
00:33:19.0743 1904 WcsPlugInService - ok
00:33:22.0144 1904 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
00:33:22.0356 1904 Wd - ok
00:33:38.0503 1904 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
00:33:38.0712 1904 Wdf01000 - ok
00:33:38.0748 1904 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
00:33:38.0949 1904 WdiServiceHost - ok
00:33:38.0960 1904 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
00:33:38.0964 1904 WdiSystemHost - ok
00:33:39.0026 1904 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
00:33:39.0203 1904 WebClient - ok
00:33:39.0264 1904 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
00:33:39.0418 1904 Wecsvc - ok
00:33:39.0445 1904 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
00:33:39.0759 1904 wercplsupport - ok
00:33:41.0778 1904 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
00:33:41.0786 1904 WerSvc - ok
00:33:43.0988 1904 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
00:33:44.0201 1904 WfpLwf - ok
00:33:44.0805 1904 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
00:33:45.0007 1904 WIMMount - ok
00:33:45.0085 1904 WinDefend - ok
00:33:45.0106 1904 WinHttpAutoProxySvc - ok
00:33:45.0194 1904 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
00:33:45.0483 1904 Winmgmt - ok
00:34:38.0916 1904 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
00:34:39.0280 1904 WinRM - ok
00:34:39.0536 1904 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
00:34:39.0708 1904 WinUsb - ok
00:35:01.0965 1904 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
00:35:02.0019 1904 Wlansvc - ok
00:36:04.0570 1904 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:36:05.0288 1904 wlidsvc - ok
00:36:08.0297 1904 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
00:36:08.0467 1904 WmiAcpi - ok
00:36:15.0707 1904 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
00:36:16.0212 1904 wmiApSrv - ok
00:36:16.0297 1904 WMPNetworkSvc - ok
00:36:16.0337 1904 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
00:36:16.0683 1904 WPCSvc - ok
00:36:19.0073 1904 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
00:36:19.0267 1904 WPDBusEnum - ok
00:36:19.0303 1904 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
00:36:19.0469 1904 ws2ifsl - ok
00:36:19.0579 1904 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll
00:36:19.0820 1904 wscsvc - ok
00:36:19.0830 1904 WSearch - ok
00:36:20.0059 1904 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
00:36:20.0097 1904 wuauserv - ok
00:36:20.0258 1904 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
00:36:20.0361 1904 WudfPf - ok
00:36:25.0257 1904 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:36:25.0556 1904 WUDFRd - ok
00:36:28.0411 1904 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
00:36:28.0762 1904 wudfsvc - ok
00:36:28.0906 1904 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
00:36:29.0385 1904 WwanSvc - ok
00:36:29.0459 1904 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
00:36:29.0825 1904 yukonw7 - ok
00:36:29.0933 1904 MBR (0x1B8) (e2a9c3a524e2afe3d0ec7b71691f43cb) \Device\Harddisk0\DR0
00:37:55.0141 1904 \Device\Harddisk0\DR0 - ok
00:37:55.0225 1904 Boot (0x1200) (ba223ec1a2d915a5b668ca1824db3ed2) \Device\Harddisk0\DR0\Partition0
00:37:55.0477 1904 \Device\Harddisk0\DR0\Partition0 - ok
00:37:55.0562 1904 Boot (0x1200) (9c9e73b5c215cc462ba1be939a53419b) \Device\Harddisk0\DR0\Partition1
00:37:55.0798 1904 \Device\Harddisk0\DR0\Partition1 - ok
00:37:55.0886 1904 Boot (0x1200) (bdb85c3dbb10c60928d4a81e26202649) \Device\Harddisk0\DR0\Partition2
00:37:56.0119 1904 \Device\Harddisk0\DR0\Partition2 - ok
00:37:56.0208 1904 Boot (0x1200) (57f3e432e3b69a732d30648e2e7c6c48) \Device\Harddisk0\DR0\Partition3
00:37:56.0286 1904 \Device\Harddisk0\DR0\Partition3 - ok
00:37:56.0289 1904 ============================================================
00:37:56.0289 1904 Scan finished
00:37:56.0289 1904 ============================================================
00:37:56.0305 4312 Detected object count: 0
00:37:56.0305 4312 Actual detected object count: 0
00:45:46.0547 2504 ============================================================
00:45:46.0547 2504 Scan started
00:45:46.0547 2504 Mode: Manual;
00:45:46.0547 2504 ============================================================
00:45:46.0881 2504 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
00:45:46.0883 2504 1394ohci - ok
00:45:46.0937 2504 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
00:45:46.0940 2504 ACPI - ok
00:45:46.0968 2504 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
00:45:46.0969 2504 AcpiPmi - ok
00:45:47.0019 2504 adfs (d44bcaf639e4e45307c2bc80715273d5) C:\Windows\system32\drivers\adfs.sys
00:45:47.0021 2504 adfs - ok
00:45:47.0077 2504 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
00:45:47.0081 2504 adp94xx - ok
00:45:47.0136 2504 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
00:45:47.0139 2504 adpahci - ok
00:45:47.0189 2504 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
00:45:47.0191 2504 adpu320 - ok
00:45:47.0236 2504 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
00:45:47.0238 2504 AeLookupSvc - ok
00:45:47.0324 2504 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
00:45:47.0325 2504 AERTFilters - ok
00:45:47.0387 2504 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
00:45:47.0390 2504 AFD - ok
00:45:47.0419 2504 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
00:45:47.0421 2504 agp440 - ok
00:45:47.0460 2504 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
00:45:47.0461 2504 ALG - ok
00:45:47.0511 2504 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
00:45:47.0512 2504 aliide - ok
00:45:47.0534 2504 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
00:45:47.0534 2504 amdide - ok
00:45:47.0562 2504 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
00:45:47.0563 2504 AmdK8 - ok
00:45:47.0604 2504 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
00:45:47.0605 2504 AmdPPM - ok
00:45:47.0646 2504 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
00:45:47.0648 2504 amdsata - ok
00:45:47.0693 2504 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
00:45:47.0721 2504 amdsbs - ok
00:45:47.0764 2504 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
00:45:47.0765 2504 amdxata - ok
00:45:47.0801 2504 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
00:45:47.0802 2504 AppID - ok
00:45:47.0841 2504 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
00:45:47.0842 2504 AppIDSvc - ok
00:45:47.0862 2504 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
00:45:47.0863 2504 Appinfo - ok
00:45:47.0969 2504 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
00:45:47.0970 2504 Apple Mobile Device - ok
00:45:48.0026 2504 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
00:45:48.0028 2504 arc - ok
00:45:48.0074 2504 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
00:45:48.0075 2504 arcsas - ok
00:45:48.0098 2504 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
00:45:48.0099 2504 AsyncMac - ok
00:45:48.0118 2504 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
00:45:48.0119 2504 atapi - ok
00:45:48.0190 2504 atksgt (09149d03629a44f4773e621c432d1d89) C:\Windows\system32\DRIVERS\atksgt.sys
00:45:48.0192 2504 atksgt - ok
00:45:48.0265 2504 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
00:45:48.0270 2504 AudioEndpointBuilder - ok
00:45:48.0284 2504 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
00:45:48.0289 2504 AudioSrv - ok
00:45:48.0354 2504 AVG Security Toolbar Service - ok
00:45:48.0731 2504 AVGIDSAgent (ba60fd7a64b9759a14c0fba4a9ed4c7b) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
00:45:48.0765 2504 AVGIDSAgent - ok
00:45:48.0930 2504 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys
00:45:48.0931 2504 AVGIDSDriver - ok
00:45:48.0958 2504 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys
00:45:48.0959 2504 AVGIDSFilter - ok
00:45:48.0989 2504 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys
00:45:48.0990 2504 AVGIDSHA - ok
00:45:49.0045 2504 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
00:45:49.0047 2504 Avgldx64 - ok
00:45:49.0084 2504 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
00:45:49.0155 2504 Avgmfx64 - ok
00:45:49.0188 2504 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
00:45:49.0189 2504 Avgrkx64 - ok
00:45:49.0241 2504 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS\avgtdia.sys
00:45:49.0244 2504 Avgtdia - ok
00:45:49.0443 2504 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
00:45:49.0445 2504 avgwd - ok
00:45:49.0485 2504 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
00:45:49.0487 2504 AxInstSV - ok
00:45:49.0551 2504 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
00:45:49.0554 2504 b06bdrv - ok
00:45:49.0613 2504 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
00:45:49.0615 2504 b57nd60a - ok
00:45:49.0671 2504 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
00:45:49.0673 2504 BDESVC - ok
00:45:49.0692 2504 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
00:45:49.0693 2504 Beep - ok
00:45:49.0762 2504 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll
00:45:49.0769 2504 BITS - ok
00:45:49.0811 2504 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
00:45:49.0812 2504 blbdrive - ok
00:45:49.0905 2504 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
00:45:49.0909 2504 Bonjour Service - ok
00:45:49.0952 2504 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
00:45:49.0953 2504 bowser - ok
00:45:49.0979 2504 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
00:45:49.0980 2504 BrFiltLo - ok
00:45:50.0006 2504 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
00:45:50.0007 2504 BrFiltUp - ok
00:45:50.0033 2504 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
00:45:50.0041 2504 BridgeMP - ok
00:45:50.0084 2504 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
00:45:50.0086 2504 Browser - ok
00:45:50.0148 2504 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
00:45:50.0150 2504 Brserid - ok
00:45:50.0213 2504 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
00:45:50.0213 2504 BrSerWdm - ok
00:45:50.0231 2504 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
00:45:50.0231 2504 BrUsbMdm - ok
00:45:50.0265 2504 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
00:45:50.0265 2504 BrUsbSer - ok
00:45:50.0344 2504 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
00:45:50.0345 2504 BTHMODEM - ok
00:45:50.0398 2504 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
00:45:50.0400 2504 bthserv - ok
00:45:50.0408 2504 catchme - ok
00:45:50.0485 2504 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
00:45:50.0486 2504 cdfs - ok
00:45:50.0542 2504 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
00:45:50.0544 2504 cdrom - ok
00:45:50.0572 2504 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
00:45:50.0573 2504 CertPropSvc - ok
00:45:50.0615 2504 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
00:45:50.0616 2504 circlass - ok
00:45:50.0675 2504 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
00:45:50.0678 2504 CLFS - ok
00:45:50.0752 2504 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:45:50.0754 2504 clr_optimization_v2.0.50727_32 - ok
00:45:50.0818 2504 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:45:50.0819 2504 clr_optimization_v2.0.50727_64 - ok
00:45:50.0911 2504 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:45:50.0913 2504 clr_optimization_v4.0.30319_32 - ok
00:45:50.0972 2504 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:45:50.0974 2504 clr_optimization_v4.0.30319_64 - ok
00:45:51.0006 2504 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
00:45:51.0007 2504 CmBatt - ok
00:45:51.0032 2504 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
00:45:51.0034 2504 cmdide - ok
00:45:51.0110 2504 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
00:45:51.0114 2504 CNG - ok
00:45:51.0193 2504 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
00:45:51.0194 2504 Compbatt - ok
00:45:51.0214 2504 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
00:45:51.0214 2504 CompositeBus - ok
00:45:51.0225 2504 COMSysApp - ok
00:45:51.0267 2504 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
00:45:51.0268 2504 crcdisk - ok
00:45:51.0341 2504 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
00:45:51.0343 2504 CryptSvc - ok
00:45:51.0402 2504 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
00:45:51.0407 2504 DcomLaunch - ok
00:45:51.0471 2504 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
00:45:51.0474 2504 defragsvc - ok
00:45:51.0506 2504 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
00:45:51.0507 2504 DfsC - ok
00:45:51.0562 2504 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
00:45:51.0564 2504 Dhcp - ok
00:45:51.0593 2504 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
00:45:51.0594 2504 discache - ok
00:45:51.0633 2504 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
00:45:51.0634 2504 Disk - ok
00:45:51.0669 2504 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
00:45:51.0672 2504 Dnscache - ok
00:45:51.0722 2504 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
00:45:51.0724 2504 dot3svc - ok
00:45:51.0749 2504 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
00:45:51.0751 2504 DPS - ok
00:45:51.0783 2504 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
00:45:51.0783 2504 drmkaud - ok
00:45:51.0869 2504 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
00:45:51.0895 2504 DXGKrnl - ok
00:45:51.0935 2504 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
00:45:51.0937 2504 EapHost - ok
00:45:52.0123 2504 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
00:45:52.0145 2504 ebdrv - ok
00:45:52.0277 2504 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
00:45:52.0279 2504 EFS - ok
00:45:52.0369 2504 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
00:45:52.0374 2504 ehRecvr - ok
00:45:52.0481 2504 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
00:45:52.0483 2504 ehSched - ok
00:45:52.0542 2504 ElbyCDIO (9a47ac3dfcf81d30922cdaaf1c2d579f) C:\Windows\system32\Drivers\ElbyCDIO.sys
00:45:52.0543 2504 ElbyCDIO - ok
00:45:52.0597 2504 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
00:45:52.0601 2504 elxstor - ok
00:45:52.0638 2504 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
00:45:52.0639 2504 ErrDev - ok
00:45:52.0709 2504 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
00:45:52.0712 2504 EventSystem - ok
00:45:52.0747 2504 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
00:45:52.0749 2504 exfat - ok
00:45:52.0786 2504 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
00:45:52.0788 2504 fastfat - ok
00:45:52.0859 2504 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
00:45:52.0864 2504 Fax - ok
00:45:52.0906 2504 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
00:45:52.0907 2504 fdc - ok
00:45:52.0929 2504 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
00:45:52.0931 2504 fdPHost - ok
00:45:52.0955 2504 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
00:45:52.0957 2504 FDResPub - ok
00:45:52.0984 2504 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
00:45:52.0985 2504 FileInfo - ok
00:45:53.0003 2504 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
00:45:53.0004 2504 Filetrace - ok
00:45:53.0025 2504 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
00:45:53.0026 2504 flpydisk - ok
00:45:53.0075 2504 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
00:45:53.0077 2504 FltMgr - ok
00:45:53.0175 2504 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
00:45:53.0184 2504 FontCache - ok
00:45:53.0281 2504 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:45:53.0282 2504 FontCache3.0.0.0 - ok
00:45:53.0340 2504 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
00:45:53.0341 2504 FsDepends - ok
00:45:53.0379 2504 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
00:45:53.0380 2504 Fs_Rec - ok
00:45:53.0419 2504 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
00:45:53.0421 2504 fvevol - ok
00:45:53.0455 2504 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
00:45:53.0456 2504 gagp30kx - ok
00:45:53.0497 2504 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
00:45:53.0498 2504 GEARAspiWDM - ok
00:45:53.0570 2504 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
00:45:53.0577 2504 gpsvc - ok
00:45:53.0603 2504 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
00:45:53.0604 2504 hcw85cir - ok
00:45:53.0652 2504 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
00:45:53.0655 2504 HdAudAddService - ok
00:45:53.0724 2504 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
00:45:53.0725 2504 HDAudBus - ok
00:45:53.0754 2504 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
00:45:53.0755 2504 HidBatt - ok
00:45:53.0793 2504 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
00:45:53.0795 2504 HidBth - ok
00:45:53.0837 2504 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
00:45:53.0838 2504 HidIr - ok
00:45:53.0870 2504 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
00:45:53.0872 2504 hidserv - ok
00:45:53.0911 2504 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
00:45:53.0911 2504 HidUsb - ok
00:45:53.0952 2504 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
00:45:53.0955 2504 hkmsvc - ok
00:45:53.0982 2504 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
00:45:53.0985 2504 HomeGroupListener - ok
00:45:54.0029 2504 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
00:45:54.0032 2504 HomeGroupProvider - ok
00:45:54.0130 2504 hpqwmiex (ef3ea06057132138b4e5895a61601dbe) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
00:45:54.0132 2504 hpqwmiex - ok
00:45:54.0169 2504 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
00:45:54.0170 2504 HpSAMD - ok
00:45:54.0244 2504 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
00:45:54.0250 2504 HTTP - ok
00:45:54.0270 2504 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
00:45:54.0271 2504 hwpolicy - ok
00:45:54.0298 2504 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
00:45:54.0300 2504 i8042prt - ok
00:45:54.0364 2504 iaStor (be7d72fcf442c26975942007e0831241) C:\Windows\system32\DRIVERS\iaStor.sys
00:45:54.0369 2504 iaStor - ok
00:45:54.0438 2504 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
00:45:54.0441 2504 iaStorV - ok
00:45:54.0593 2504 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:45:54.0631 2504 idsvc - ok
00:45:55.0224 2504 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
00:45:55.0377 2504 igfx - ok
00:45:55.0549 2504 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
00:45:55.0550 2504 iirsp - ok
00:45:55.0626 2504 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
00:45:55.0633 2504 IKEEXT - ok
00:45:55.0773 2504 IntcAzAudAddService (a3bcbd0f710580a07d1b929d787d36ce) C:\Windows\system32\drivers\RTKVHD64.sys
00:45:55.0789 2504 IntcAzAudAddService - ok
00:45:55.0990 2504 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
00:45:55.0991 2504 intelide - ok
00:45:56.0013 2504 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
00:45:56.0014 2504 intelppm - ok
00:45:56.0041 2504 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
00:45:56.0043 2504 IPBusEnum - ok
00:45:56.0068 2504 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:45:56.0070 2504 IpFilterDriver - ok
00:45:56.0122 2504 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
00:45:56.0127 2504 iphlpsvc - ok
00:45:56.0164 2504 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
00:45:56.0166 2504 IPMIDRV - ok
00:45:56.0210 2504 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
00:45:56.0211 2504 IPNAT - ok
00:45:56.0319 2504 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
00:45:56.0325 2504 iPod Service - ok
00:45:56.0357 2504 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
00:45:56.0357 2504 IRENUM - ok
00:45:56.0387 2504 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
00:45:56.0387 2504 isapnp - ok
00:45:56.0432 2504 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
00:45:56.0434 2504 iScsiPrt - ok
00:45:56.0478 2504 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
00:45:56.0479 2504 kbdclass - ok
00:45:56.0515 2504 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
00:45:56.0516 2504 kbdhid - ok
00:45:56.0554 2504 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
00:45:56.0555 2504 KeyIso - ok
00:45:56.0588 2504 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
00:45:56.0589 2504 KSecDD - ok
00:45:56.0618 2504 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
00:45:56.0620 2504 KSecPkg - ok
00:45:56.0648 2504 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
00:45:56.0649 2504 ksthunk - ok
00:45:56.0701 2504 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
00:45:56.0705 2504 KtmRm - ok
00:45:56.0743 2504 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
00:45:56.0746 2504 LanmanServer - ok
00:45:56.0781 2504 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
00:45:56.0784 2504 LanmanWorkstation - ok
00:45:56.0820 2504 lirsgt (5ea407821bb3104c31a705175ab4f309) C:\Windows\system32\DRIVERS\lirsgt.sys
00:45:56.0821 2504 lirsgt - ok
00:45:56.0847 2504 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
00:45:56.0848 2504 lltdio - ok
00:45:56.0891 2504 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
00:45:56.0895 2504 lltdsvc - ok
00:45:56.0914 2504 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
00:45:56.0915 2504 lmhosts - ok
00:45:56.0956 2504 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
00:45:56.0957 2504 LSI_FC - ok
00:45:56.0998 2504 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
00:45:56.0999 2504 LSI_SAS - ok
00:45:57.0022 2504 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
00:45:57.0023 2504 LSI_SAS2 - ok
00:45:57.0038 2504 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
00:45:57.0039 2504 LSI_SCSI - ok
00:45:57.0069 2504 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
00:45:57.0070 2504 luafv - ok
00:45:57.0103 2504 LVUSBS64 (6562fcee704f14c05f5338b147d67a16) C:\Windows\system32\DRIVERS\LVUSBS64.sys
00:45:57.0104 2504 LVUSBS64 - ok
00:45:57.0146 2504 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
00:45:57.0148 2504 Mcx2Svc - ok
00:45:57.0188 2504 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
00:45:57.0189 2504 megasas - ok
00:45:57.0240 2504 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
00:45:57.0315 2504 MegaSR - ok
00:45:57.0402 2504 Microsoft SharePoint Workspace Audit Service - ok
00:45:57.0441 2504 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
00:45:57.0443 2504 MMCSS - ok
00:45:57.0467 2504 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
00:45:57.0468 2504 Modem - ok
00:45:57.0493 2504 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
00:45:57.0494 2504 monitor - ok
00:45:57.0510 2504 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
00:45:57.0511 2504 mouclass - ok
00:45:57.0533 2504 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
00:45:57.0534 2504 mouhid - ok
00:45:57.0566 2504 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
00:45:57.0567 2504 mountmgr - ok
00:45:57.0628 2504 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
00:45:57.0629 2504 MozillaMaintenance - ok
00:45:57.0699 2504 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
00:45:57.0701 2504 mpio - ok
00:45:57.0737 2504 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
00:45:57.0738 2504 mpsdrv - ok
00:45:57.0773 2504 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
00:45:57.0774 2504 MRxDAV - ok
00:45:57.0817 2504 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:45:57.0819 2504 mrxsmb - ok
00:45:57.0857 2504 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:45:57.0859 2504 mrxsmb10 - ok
00:45:57.0880 2504 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:45:57.0881 2504 mrxsmb20 - ok
00:45:57.0918 2504 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
00:45:57.0919 2504 msahci - ok
00:45:57.0959 2504 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
00:45:57.0960 2504 msdsm - ok
00:45:58.0003 2504 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
00:45:58.0005 2504 MSDTC - ok
00:45:58.0052 2504 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
00:45:58.0053 2504 Msfs - ok
00:45:58.0065 2504 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
00:45:58.0066 2504 mshidkmdf - ok
00:45:58.0097 2504 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
00:45:58.0098 2504 msisadrv - ok
00:45:58.0200 2504 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
00:45:58.0203 2504 MSiSCSI - ok
00:45:58.0213 2504 msiserver - ok
00:45:58.0237 2504 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
00:45:58.0238 2504 MSKSSRV - ok
00:45:58.0256 2504 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
00:45:58.0257 2504 MSPCLOCK - ok
00:45:58.0279 2504 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
00:45:58.0279 2504 MSPQM - ok
00:45:58.0325 2504 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
00:45:58.0328 2504 MsRPC - ok
00:45:58.0363 2504 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
00:45:58.0364 2504 mssmbios - ok
00:45:58.0384 2504 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
00:45:58.0384 2504 MSTEE - ok
00:45:58.0407 2504 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
00:45:58.0408 2504 MTConfig - ok
00:45:58.0428 2504 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
00:45:58.0430 2504 Mup - ok
00:45:58.0491 2504 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
00:45:58.0496 2504 napagent - ok
00:45:58.0547 2504 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
00:45:58.0549 2504 NativeWifiP - ok
00:45:58.0653 2504 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
00:45:58.0660 2504 NDIS - ok
00:45:58.0684 2504 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
00:45:58.0685 2504 NdisCap - ok
00:45:58.0720 2504 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
00:45:58.0721 2504 NdisTapi - ok
00:45:58.0738 2504 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
00:45:58.0739 2504 Ndisuio - ok
00:45:58.0770 2504 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
00:45:58.0772 2504 NdisWan - ok
00:45:58.0792 2504 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
00:45:58.0794 2504 NDProxy - ok
00:45:58.0816 2504 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
00:45:58.0818 2504 NetBIOS - ok
00:45:58.0850 2504 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
00:45:58.0852 2504 NetBT - ok
00:45:58.0887 2504 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
00:45:58.0889 2504 Netlogon - ok
00:45:58.0929 2504 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
00:45:58.0933 2504 Netman - ok
00:45:58.0979 2504 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
00:45:58.0983 2504 netprofm - ok
00:45:59.0091 2504 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:45:59.0092 2504 NetTcpPortSharing - ok
00:46:00.0689 2504 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
00:46:00.0727 2504 netw5v64 - ok
00:46:00.0900 2504 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
00:46:00.0901 2504 nfrd960 - ok
00:46:00.0971 2504 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
00:46:00.0975 2504 NlaSvc - ok
00:46:01.0010 2504 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
00:46:01.0011 2504 Npfs - ok
00:46:01.0068 2504 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
00:46:01.0070 2504 nsi - ok
00:46:01.0095 2504 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
00:46:01.0095 2504 nsiproxy - ok
00:46:01.0232 2504 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
00:46:01.0243 2504 Ntfs - ok
00:46:01.0400 2504 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
00:46:01.0401 2504 Null - ok
00:46:01.0436 2504 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
00:46:01.0437 2504 nvraid - ok
00:46:01.0475 2504 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
00:46:01.0478 2504 nvstor - ok
00:46:01.0502 2504 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
00:46:01.0503 2504 nv_agp - ok
00:46:01.0539 2504 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
00:46:01.0541 2504 ohci1394 - ok
00:46:01.0633 2504 ose64 (4965b005492cba7719e82b71e3245495) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:46:01.0635 2504 ose64 - ok
00:46:01.0923 2504 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
00:46:01.0957 2504 osppsvc - ok
00:46:02.0098 2504 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
00:46:02.0102 2504 p2pimsvc - ok
00:46:02.0150 2504 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
00:46:02.0174 2504 p2psvc - ok
00:46:02.0235 2504 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
00:46:02.0236 2504 Parport - ok
00:46:02.0263 2504 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys
00:46:02.0264 2504 partmgr - ok
00:46:02.0312 2504 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
00:46:02.0315 2504 PcaSvc - ok
00:46:02.0360 2504 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
00:46:02.0361 2504 pci - ok
00:46:02.0390 2504 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
00:46:02.0391 2504 pciide - ok
00:46:02.0439 2504 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
00:46:02.0441 2504 pcmcia - ok
00:46:02.0467 2504 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
00:46:02.0468 2504 pcw - ok
00:46:02.0514 2504 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
00:46:02.0519 2504 PEAUTH - ok
00:46:02.0616 2504 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
00:46:02.0618 2504 PerfHost - ok
00:46:02.0697 2504 PID_0928 (db5c32a4130e6b36cd6ed7a5a6c7751e) C:\Windows\system32\DRIVERS\LV561V64.SYS
00:46:02.0702 2504 PID_0928 - ok
00:46:02.0889 2504 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
00:46:02.0901 2504 pla - ok
00:46:02.0952 2504 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
00:46:02.0957 2504 PlugPlay - ok
00:46:02.0981 2504 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
00:46:02.0983 2504 PNRPAutoReg - ok
00:46:03.0020 2504 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
00:46:03.0025 2504 PNRPsvc - ok
00:46:03.0080 2504 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
00:46:03.0085 2504 PolicyAgent - ok
00:46:03.0129 2504 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
00:46:03.0132 2504 Power - ok
00:46:03.0185 2504 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
00:46:03.0186 2504 PptpMiniport - ok
00:46:03.0219 2504 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
00:46:03.0220 2504 Processor - ok
00:46:03.0259 2504 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
00:46:03.0262 2504 ProfSvc - ok
00:46:03.0298 2504 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
00:46:03.0299 2504 ProtectedStorage - ok
00:46:03.0331 2504 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
00:46:03.0332 2504 Psched - ok
00:46:03.0436 2504 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
00:46:03.0447 2504 ql2300 - ok
00:46:03.0604 2504 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
00:46:03.0605 2504 ql40xx - ok
00:46:03.0653 2504 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
00:46:03.0656 2504 QWAVE - ok
00:46:03.0683 2504 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
00:46:03.0684 2504 QWAVEdrv - ok
00:46:03.0725 2504 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
00:46:03.0726 2504 RasAcd - ok
00:46:03.0747 2504 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
00:46:03.0748 2504 RasAgileVpn - ok
00:46:03.0767 2504 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
00:46:03.0770 2504 RasAuto - ok
00:46:03.0796 2504 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:46:03.0797 2504 Rasl2tp - ok
00:46:03.0846 2504 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
00:46:03.0850 2504 RasMan - ok
00:46:03.0889 2504 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
00:46:03.0891 2504 RasPppoe - ok
00:46:03.0916 2504 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
00:46:03.0917 2504 RasSstp - ok
00:46:04.0022 2504 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
00:46:04.0025 2504 rdbss - ok
00:46:04.0056 2504 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
00:46:04.0057 2504 rdpbus - ok
00:46:04.0101 2504 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:46:04.0102 2504 RDPCDD - ok
00:46:04.0117 2504 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
00:46:04.0118 2504 RDPENCDD - ok
00:46:04.0134 2504 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
00:46:04.0135 2504 RDPREFMP - ok
00:46:04.0184 2504 RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys
00:46:04.0186 2504 RDPWD - ok
00:46:04.0216 2504 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
00:46:04.0218 2504 rdyboost - ok
00:46:04.0252 2504 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
00:46:04.0254 2504 RemoteAccess - ok
00:46:04.0292 2504 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
00:46:04.0294 2504 RemoteRegistry - ok
00:46:04.0314 2504 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
00:46:04.0317 2504 RpcEptMapper - ok
00:46:04.0349 2504 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
00:46:04.0351 2504 RpcLocator - ok
00:46:04.0396 2504 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
00:46:04.0402 2504 RpcSs - ok
00:46:04.0438 2504 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
00:46:04.0439 2504 rspndr - ok
00:46:04.0450 2504 RSUSBSTOR - ok
00:46:04.0503 2504 RTL8167 (777fc2c418465404e3d8a290dc247d24) C:\Windows\system32\DRIVERS\Rt64win7.sys
00:46:04.0505 2504 RTL8167 - ok
00:46:04.0599 2504 rtl8192se (03e0627c26943916a7276ac5306206c7) C:\Windows\system32\DRIVERS\rtl8192se.sys
00:46:04.0607 2504 rtl8192se - ok
00:46:04.0642 2504 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
00:46:04.0644 2504 SamSs - ok
00:46:04.0683 2504 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
00:46:04.0685 2504 sbp2port - ok
00:46:04.0732 2504 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
00:46:04.0735 2504 SCardSvr - ok
00:46:04.0752 2504 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
00:46:04.0753 2504 scfilter - ok
00:46:04.0841 2504 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
00:46:04.0851 2504 Schedule - ok
00:46:04.0892 2504 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
00:46:04.0894 2504 SCPolicySvc - ok
00:46:04.0931 2504 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys
00:46:04.0932 2504 sdbus - ok
00:46:04.0975 2504 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
00:46:04.0978 2504 SDRSVC - ok
00:46:04.0999 2504 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
00:46:05.0000 2504 secdrv - ok
00:46:05.0023 2504 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
00:46:05.0026 2504 seclogon - ok
00:46:05.0043 2504 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
00:46:05.0117 2504 SENS - ok
00:46:05.0132 2504 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
00:46:05.0134 2504 SensrSvc - ok
00:46:05.0164 2504 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
00:46:05.0165 2504 Serenum - ok
00:46:05.0209 2504 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
00:46:05.0211 2504 Serial - ok
00:46:05.0338 2504 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
00:46:05.0339 2504 sermouse - ok
00:46:05.0767 2504 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
00:46:05.0770 2504 SessionEnv - ok
00:46:05.0876 2504 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
00:46:05.0877 2504 sffdisk - ok
00:46:05.0980 2504 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
00:46:05.0981 2504 sffp_mmc - ok
00:46:06.0086 2504 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
00:46:06.0087 2504 sffp_sd - ok
00:46:06.0137 2504 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
00:46:06.0138 2504 sfloppy - ok
00:46:06.0194 2504 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
00:46:06.0197 2504 SharedAccess - ok
00:46:06.0248 2504 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
00:46:06.0252 2504 ShellHWDetection - ok
00:46:06.0295 2504 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
00:46:06.0297 2504 SiSRaid2 - ok
00:46:06.0326 2504 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
00:46:06.0327 2504 SiSRaid4 - ok
00:46:06.0418 2504 SkypeUpdate (62b825015fa289d2c5ebf8b00846a8ff) C:\Program Files (x86)\Skype\Updater\Updater.exe
00:46:06.0419 2504 SkypeUpdate - ok
00:46:06.0452 2504 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
00:46:06.0453 2504 Smb - ok
00:46:06.0494 2504 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
00:46:06.0496 2504 SNMPTRAP - ok
00:46:06.0519 2504 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
00:46:06.0520 2504 spldr - ok
00:46:06.0580 2504 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
00:46:06.0586 2504 Spooler - ok
00:46:06.0774 2504 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
00:46:06.0799 2504 sppsvc - ok
00:46:06.0940 2504 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
00:46:07.0009 2504 sppuinotify - ok
00:46:07.0089 2504 sptd (34f974f8b3c86de03a30dcbe79091c97) C:\Windows\System32\Drivers\sptd.sys
00:46:07.0092 2504 sptd - ok
00:46:07.0152 2504 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
00:46:07.0155 2504 srv - ok
00:46:07.0190 2504 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
00:46:07.0193 2504 srv2 - ok
00:46:07.0248 2504 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
00:46:07.0250 2504 SrvHsfHDA - ok
00:46:07.0357 2504 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
00:46:07.0367 2504 SrvHsfV92 - ok
00:46:07.0578 2504 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
00:46:07.0589 2504 SrvHsfWinac - ok
00:46:07.0631 2504 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
00:46:07.0633 2504 srvnet - ok
00:46:07.0673 2504 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
00:46:07.0677 2504 SSDPSRV - ok
00:46:07.0704 2504 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
00:46:07.0707 2504 SstpSvc - ok
00:46:07.0746 2504 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
00:46:07.0747 2504 stexstor - ok
00:46:07.0813 2504 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
00:46:07.0819 2504 stisvc - ok
00:46:07.0845 2504 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
00:46:07.0846 2504 swenum - ok
00:46:07.0906 2504 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
00:46:07.0911 2504 swprv - ok
00:46:07.0964 2504 SynTP (91853f78b68f9f036670291f5edd4eae) C:\Windows\system32\DRIVERS\SynTP.sys
00:46:07.0967 2504 SynTP - ok
00:46:08.0090 2504 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
00:46:08.0109 2504 SysMain - ok
00:46:08.0244 2504 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
00:46:08.0247 2504 TabletInputService - ok
00:46:08.0287 2504 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
00:46:08.0291 2504 TapiSrv - ok
00:46:08.0314 2504 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
00:46:08.0317 2504 TBS - ok
00:46:08.0471 2504 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys
00:46:08.0484 2504 Tcpip - ok
00:46:08.0738 2504 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys
00:46:08.0751 2504 TCPIP6 - ok
00:46:08.0918 2504 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
00:46:08.0919 2504 tcpipreg - ok
00:46:08.0945 2504 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
00:46:08.0946 2504 TDPIPE - ok
00:46:08.0982 2504 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
00:46:08.0984 2504 TDTCP - ok
00:46:09.0011 2504 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
00:46:09.0012 2504 tdx - ok
00:46:09.0046 2504 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
00:46:09.0047 2504 TermDD - ok
00:46:09.0113 2504 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
00:46:09.0120 2504 TermService - ok
00:46:09.0144 2504 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
00:46:09.0146 2504 Themes - ok
00:46:09.0184 2504 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
00:46:09.0186 2504 THREADORDER - ok
00:46:09.0221 2504 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
00:46:09.0224 2504 TrkWks - ok
00:46:09.0286 2504 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
00:46:09.0287 2504 TrustedInstaller - ok
00:46:09.0326 2504 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:46:09.0327 2504 tssecsrv - ok
00:46:09.0364 2504 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
00:46:09.0365 2504 tunnel - ok
00:46:09.0408 2504 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
00:46:09.0410 2504 uagp35 - ok
00:46:09.0466 2504 udfs (c06e6f4679ceb8f430b90a51d76d8d3c) C:\Windows\system32\DRIVERS\udfs.sys
00:46:09.0469 2504 udfs - ok
00:46:09.0521 2504 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
00:46:09.0524 2504 UI0Detect - ok
00:46:09.0563 2504 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
00:46:09.0564 2504 uliagpkx - ok
00:46:09.0606 2504 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
00:46:09.0607 2504 umbus - ok
00:46:09.0644 2504 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
00:46:09.0645 2504 UmPass - ok
00:46:09.0695 2504 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
00:46:09.0699 2504 upnphost - ok
00:46:09.0750 2504 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
00:46:09.0751 2504 USBAAPL64 - ok
00:46:09.0795 2504 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
00:46:09.0796 2504 usbccgp - ok
00:46:09.0858 2504 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
00:46:09.0859 2504 usbcir - ok
00:46:09.0881 2504 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\DRIVERS\usbehci.sys
00:46:09.0882 2504 usbehci - ok
00:46:09.0923 2504 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
00:46:09.0926 2504 usbhub - ok
00:46:09.0957 2504 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys
00:46:09.0958 2504 usbohci - ok
00:46:09.0999 2504 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
00:46:10.0000 2504 usbprint - ok
00:46:10.0040 2504 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
00:46:10.0041 2504 usbscan - ok
00:46:10.0071 2504 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:46:10.0072 2504 USBSTOR - ok
00:46:10.0123 2504 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\DRIVERS\usbuhci.sys
00:46:10.0125 2504 usbuhci - ok
00:46:10.0164 2504 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
00:46:10.0166 2504 UxSms - ok
00:46:10.0196 2504 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
00:46:10.0198 2504 VaultSvc - ok
00:46:10.0231 2504 VClone (84bb306b7863883018d7f3eb0c453bd5) C:\Windows\system32\DRIVERS\VClone.sys
00:46:10.0232 2504 VClone - ok
00:46:10.0266 2504 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
00:46:10.0267 2504 vdrvroot - ok
00:46:10.0318 2504 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
00:46:10.0324 2504 vds - ok
00:46:10.0350 2504 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
00:46:10.0351 2504 vga - ok
00:46:10.0377 2504 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
00:46:10.0378 2504 VgaSave - ok
00:46:10.0433 2504 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
00:46:10.0435 2504 vhdmp - ok
00:46:10.0467 2504 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
00:46:10.0468 2504 viaide - ok
00:46:10.0492 2504 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
00:46:10.0493 2504 volmgr - ok
00:46:10.0551 2504 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
00:46:10.0554 2504 volmgrx - ok
00:46:10.0600 2504 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
00:46:10.0602 2504 volsnap - ok
00:46:10.0637 2504 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
00:46:10.0638 2504 vsmraid - ok
00:46:10.0778 2504 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
00:46:10.0791 2504 VSS - ok
00:46:10.0935 2504 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
00:46:10.0935 2504 vwifibus - ok
00:46:10.0954 2504 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
00:46:10.0955 2504 vwififlt - ok
00:46:11.0008 2504 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
00:46:11.0012 2504 W32Time - ok
00:46:11.0056 2504 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
00:46:11.0057 2504 WacomPen - ok
00:46:11.0105 2504 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
00:46:11.0106 2504 WANARP - ok
00:46:11.0116 2504 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
00:46:11.0117 2504 Wanarpv6 - ok
00:46:11.0217 2504 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
00:46:11.0226 2504 WatAdminSvc - ok
00:46:11.0334 2504 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
00:46:11.0346 2504 wbengine - ok
00:46:11.0481 2504 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
00:46:11.0484 2504 WbioSrvc - ok
00:46:11.0538 2504 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
00:46:11.0543 2504 wcncsvc - ok
00:46:11.0581 2504 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
00:46:11.0584 2504 WcsPlugInService - ok
00:46:11.0641 2504 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
00:46:11.0641 2504 Wd - ok
00:46:11.0707 2504 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
00:46:11.0712 2504 Wdf01000 - ok
00:46:11.0739 2504 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
00:46:11.0742 2504 WdiServiceHost - ok
00:46:11.0751 2504 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
00:46:11.0779 2504 WdiSystemHost - ok
00:46:11.0835 2504 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
00:46:11.0839 2504 WebClient - ok
00:46:11.0877 2504 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
00:46:11.0881 2504 Wecsvc - ok
00:46:11.0902 2504 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
00:46:11.0906 2504 wercplsupport - ok
00:46:11.0928 2504 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
00:46:11.0931 2504 WerSvc - ok
00:46:11.0999 2504 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
00:46:12.0000 2504 WfpLwf - ok
00:46:12.0023 2504 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
00:46:12.0023 2504 WIMMount - ok
00:46:12.0076 2504 WinDefend - ok
00:46:12.0091 2504 WinHttpAutoProxySvc - ok
00:46:12.0152 2504 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
00:46:12.0154 2504 Winmgmt - ok
00:46:12.0282 2504 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
00:46:12.0302 2504 WinRM - ok
00:46:12.0512 2504 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
00:46:12.0513 2504 WinUsb - ok
00:46:12.0591 2504 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
00:46:12.0599 2504 Wlansvc - ok
00:46:12.0812 2504 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:46:12.0828 2504 wlidsvc - ok
00:46:12.0984 2504 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
00:46:12.0984 2504 WmiAcpi - ok
00:46:13.0100 2504 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
00:46:13.0102 2504 wmiApSrv - ok
00:46:13.0157 2504 WMPNetworkSvc - ok
00:46:13.0197 2504 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
00:46:13.0200 2504 WPCSvc - ok
00:46:13.0231 2504 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
00:46:13.0234 2504 WPDBusEnum - ok
00:46:13.0264 2504 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
00:46:13.0265 2504 ws2ifsl - ok
00:46:13.0307 2504 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll
00:46:13.0310 2504 wscsvc - ok
00:46:13.0320 2504 WSearch - ok
00:46:13.0485 2504 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
00:46:13.0503 2504 wuauserv - ok
00:46:13.0652 2504 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
00:46:13.0653 2504 WudfPf - ok
00:46:13.0690 2504 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:46:13.0692 2504 WUDFRd - ok
00:46:13.0729 2504 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
00:46:13.0732 2504 wudfsvc - ok
00:46:13.0771 2504 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
00:46:13.0775 2504 WwanSvc - ok
00:46:13.0853 2504 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
00:46:13.0857 2504 yukonw7 - ok
00:46:13.0895 2504 MBR (0x1B8) (e2a9c3a524e2afe3d0ec7b71691f43cb) \Device\Harddisk0\DR0
00:46:14.0126 2504 \Device\Harddisk0\DR0 - ok
00:46:14.0133 2504 Boot (0x1200) (ba223ec1a2d915a5b668ca1824db3ed2) \Device\Harddisk0\DR0\Partition0
00:46:14.0135 2504 \Device\Harddisk0\DR0\Partition0 - ok
00:46:14.0147 2504 Boot (0x1200) (9c9e73b5c215cc462ba1be939a53419b) \Device\Harddisk0\DR0\Partition1
00:46:14.0148 2504 \Device\Harddisk0\DR0\Partition1 - ok
00:46:14.0182 2504 Boot (0x1200) (bdb85c3dbb10c60928d4a81e26202649) \Device\Harddisk0\DR0\Partition2
00:46:14.0184 2504 \Device\Harddisk0\DR0\Partition2 - ok
00:46:14.0201 2504 Boot (0x1200) (57f3e432e3b69a732d30648e2e7c6c48) \Device\Harddisk0\DR0\Partition3
00:46:14.0202 2504 \Device\Harddisk0\DR0\Partition3 - ok
00:46:14.0207 2504 ============================================================
00:46:14.0207 2504 Scan finished
00:46:14.0207 2504 ============================================================
00:46:14.0220 1904 Detected object count: 0
00:46:14.0220 1904 Actual detected object count: 0

Here's the log from aswMBR:
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-29 00:51:35
-----------------------------
00:51:35.195 OS Version: Windows x64 6.1.7600
00:51:35.195 Number of processors: 1 586 0x170A
00:51:35.196 ComputerName: SARAH-PC UserName: Sarah
00:54:29.140 Initialize success
00:56:30.360 AVAST engine defs: 12052800
01:02:55.153 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
01:02:55.155 Disk 0 Vendor: SAMSUNG_ 2AC1 Size: 238475MB BusType: 3
01:02:55.169 Disk 0 MBR read successfully
01:02:55.172 Disk 0 MBR scan
01:02:55.176 Disk 0 unknown MBR code
01:02:55.190 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
01:02:55.199 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 223901 MB offset 409600
01:02:55.235 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 14270 MB offset 458958848
01:02:55.254 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 488183808
01:02:55.312 Disk 0 scanning C:\Windows\system32\drivers
01:04:09.624 Service scanning
01:12:36.249 Modules scanning
01:12:36.258 Disk 0 trace - called modules:
01:12:36.610 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys
01:12:36.615 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80026e9060]
01:12:36.622 3 CLASSPNP.SYS[fffff88000dbe43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800225e050]
01:12:41.092 AVAST engine scan C:\Windows
01:13:35.595 AVAST engine scan C:\Windows\system32
01:16:24.663 File: C:\Windows\system32\consrv.dll **INFECTED** Win32:Sirefef-HO [Rtk]
02:24:13.359 AVAST engine scan C:\Windows\system32\drivers
02:28:22.640 AVAST engine scan C:\Users\Sarah
02:43:49.345 Disk 0 MBR has been saved successfully to "C:\Users\Sarah\Documents\MBR.dat"
02:43:49.387 The log file has been saved successfully to "C:\Users\Sarah\Documents\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:24 AM

Posted 29 May 2012 - 01:26 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

File::
C:\Windows\system32\consrv.dll

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 sarahelyse

sarahelyse
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:24 AM

Posted 30 May 2012 - 10:40 AM

I let it run for a few hours, but again it got stuck on stage 48, so I cancelled it. I wasn't in safe mode.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:24 AM

Posted 30 May 2012 - 12:18 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 sarahelyse

sarahelyse
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:24 AM

Posted 30 May 2012 - 03:40 PM

Here's the contents of OTL.txt:

OTL logfile created on: 5/30/2012 3:09:24 PM - Run 1
OTL by OldTimer - Version 3.2.44.0 Folder = C:\Users\Sarah\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.93 Gb Total Physical Memory | 0.98 Gb Available Physical Memory | 50.51% Memory free
3.87 Gb Paging File | 2.52 Gb Available in Paging File | 65.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218.65 Gb Total Space | 125.57 Gb Free Space | 57.43% Space Free | Partition Type: NTFS
Drive D: | 13.94 Gb Total Space | 2.30 Gb Free Space | 16.54% Space Free | Partition Type: NTFS
Drive E: | 99.18 Mb Total Space | 92.52 Mb Free Space | 93.29% Space Free | Partition Type: FAT32

Computer Name: SARAH-PC | User Name: Sarah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Sarah\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (AERTFilters) -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (RemoteAccess) -- C:\Windows\SysNative\mprdim.dll (Microsoft Corporation)
SRV:64bit: - (Mcx2Svc) -- C:\Windows\SysNative\Mcx2Svc.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (RemoteAccess) -- C:\Windows\SysWOW64\mprdim.dll (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (udfs) -- C:\Windows\SysNative\drivers\udfs.sys (Microsoft Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (rtl8192se) -- C:\Windows\SysNative\drivers\rtl8192se.sys (Realtek Semiconductor Corporation )
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (crcdisk) -- C:\Windows\SysNative\drivers\crcdisk.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (netw5v64) Intel® -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Logitech Inc.)
DRV:64bit: - (PID_0928) Logitech QuickCam Express(PID_0928) -- C:\Windows\SysNative\drivers\LV561V64.sys (Logitech Inc.)
DRV - (RSUSBSTOR) -- C:\Windows\SysWOW64\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {3235EB19-E6C2-4C64-B54D-5DC21DEF8610}
IE:64bit: - HKLM\..\SearchScopes\{3235EB19-E6C2-4C64-B54D-5DC21DEF8610}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{349EFA5B-D456-41BD-8A36-60579710C190}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1
IE - HKLM\..\SearchScopes,DefaultScope = {3235EB19-E6C2-4C64-B54D-5DC21DEF8610}
IE - HKLM\..\SearchScopes\{3235EB19-E6C2-4C64-B54D-5DC21DEF8610}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{349EFA5B-D456-41BD-8A36-60579710C190}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = F5 15 95 17 BC E6 A6 40 A2 90 2A 4F 93 53 CF 9F [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = F5 15 95 17 BC E6 A6 40 A2 90 2A 4F 93 53 CF 9F [binary data]

IE - HKU\S-1-5-21-774465301-4038617442-2456078481-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1
IE - HKU\S-1-5-21-774465301-4038617442-2456078481-1000\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = F5 15 95 17 BC E6 A6 40 A2 90 2A 4F 93 53 CF 9F [binary data]
IE - HKU\S-1-5-21-774465301-4038617442-2456078481-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-774465301-4038617442-2456078481-1000\..\SearchScopes\{3235EB19-E6C2-4C64-B54D-5DC21DEF8610}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-774465301-4038617442-2456078481-1000\..\SearchScopes\{349EFA5B-D456-41BD-8A36-60579710C190}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
IE - HKU\S-1-5-21-774465301-4038617442-2456078481-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={E86A827F-7A3E-4A7C-8DF4-9F71C7A5CC15}&mid=4d9ab7e3dca847d6bad41943ef3de55f-e68c6abcdb181bcfe77480b517f5c951fe9025d4&lang=us&ds=AVG&pr=fr&d=2011-12-13 15:40:04&v=9.0.0.18&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-774465301-4038617442-2456078481-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-774465301-4038617442-2456078481-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========



FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/12 22:21:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/08/14 22:10:33 | 000,000,000 | ---D | M]

[2010/10/25 16:55:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sarah\AppData\Roaming\Mozilla\Extensions
[2012/05/10 20:08:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\fbgj87xk.default\extensions
[2011/11/26 23:29:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/02/21 17:09:57 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/05/12 22:21:27 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/03/12 17:37:34 | 000,003,766 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/04/22 18:39:33 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/04/22 18:39:33 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - Extension: No name found = C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.1.1_0\
CHR - Extension: No name found = C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1374_0\
CHR - Extension: No name found = C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2012/05/28 16:17:37 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-774465301-4038617442-2456078481-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-774465301-4038617442-2456078481-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-774465301-4038617442-2456078481-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.180.42.100 208.180.42.68 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2FA37FA0-BDA4-4A53-BCF9-27A325F26A3D}: DhcpNameServer = 40.7.1.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{64F31CAB-BAEB-4FB5-AEFD-8A8C7E5CF68E}: DhcpNameServer = 208.180.42.100 208.180.42.68 192.168.1.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/30 15:07:42 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Sarah\Desktop\OTL.exe
[2012/05/30 01:35:43 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/05/29 23:43:46 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/05/29 13:51:59 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/05/29 00:47:53 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Sarah\Desktop\aswMBR.exe
[2012/05/29 00:08:21 | 002,127,448 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Sarah\Desktop\tdsskiller.exe
[2012/05/28 17:14:23 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/05/28 16:22:26 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/05/28 16:17:42 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/05/27 19:42:36 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/05/27 19:42:36 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/05/27 19:42:36 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/05/27 19:41:30 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/05/27 09:48:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/27 09:40:17 | 004,532,218 | R--- | C] (Swearware) -- C:\Users\Sarah\Desktop\ComboFix.exe
[2012/05/27 01:43:22 | 000,000,000 | ---D | C] -- C:\FRST
[2012/05/26 21:52:35 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\Proxure
[2012/05/26 21:47:46 | 000,000,000 | ---D | C] -- C:\ProgramData\ClubSanDisk
[2012/05/25 16:03:02 | 000,000,000 | ---D | C] -- C:\Users\Sarah\Documents\avg_arl_cdi_all_120_120126a4973
[2012/05/25 15:47:36 | 000,000,000 | ---D | C] -- C:\Users\Sarah\Documents\mbrfix
[2012/05/21 12:01:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft XNA
[2012/05/20 23:40:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WB Games
[2012/05/20 23:39:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WB Games
[2012/05/20 22:17:38 | 000,000,000 | ---D | C] -- C:\Users\Sarah\Documents\t-bastio
[2012/05/19 12:01:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/05/19 12:00:28 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/05/19 12:00:27 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/05/19 12:00:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/05/19 11:58:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2012/05/19 11:56:44 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/05/19 11:56:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2012/05/12 22:21:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/05/12 22:21:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/05/10 18:57:50 | 001,541,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/05/10 18:57:49 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2012/05/10 18:57:49 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2012/05/10 18:57:48 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2012/05/10 18:57:48 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2012/05/10 18:52:35 | 005,504,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/05/10 18:52:32 | 003,902,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/05/10 18:52:31 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/30 15:07:45 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Sarah\Desktop\OTL.exe
[2012/05/30 14:10:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/30 01:30:49 | 004,532,218 | R--- | M] (Swearware) -- C:\Users\Sarah\Desktop\ComboFix.exe
[2012/05/30 01:16:57 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/30 01:16:57 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/30 01:07:56 | 1556,291,584 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/29 02:43:49 | 000,000,512 | ---- | M] () -- C:\Users\Sarah\Documents\MBR.dat
[2012/05/29 00:48:29 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Sarah\Desktop\aswMBR.exe
[2012/05/29 00:08:47 | 002,127,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Sarah\Desktop\tdsskiller.exe
[2012/05/28 16:17:37 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/05/26 21:43:29 | 000,739,728 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/26 21:43:29 | 000,633,180 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/26 21:43:29 | 000,110,782 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/26 12:12:37 | 000,000,020 | ---- | M] () -- C:\Users\Sarah\defogger_reenable
[2012/05/21 11:58:47 | 000,001,974 | ---- | M] () -- C:\Users\Public\Desktop\Bastion.lnk
[2012/05/19 12:01:06 | 000,001,743 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/05/14 09:58:15 | 004,998,064 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/29 02:43:49 | 000,000,512 | ---- | C] () -- C:\Users\Sarah\Documents\MBR.dat
[2012/05/27 19:42:36 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/05/27 19:42:36 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/05/27 19:42:36 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/05/27 19:42:36 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/05/27 19:42:36 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/05/26 12:12:37 | 000,000,020 | ---- | C] () -- C:\Users\Sarah\defogger_reenable
[2012/05/20 23:41:08 | 000,001,974 | ---- | C] () -- C:\Users\Public\Desktop\Bastion.lnk
[2012/05/19 12:01:06 | 000,001,743 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/06/22 17:01:58 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2011/06/22 11:46:29 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/04/03 22:33:51 | 000,001,456 | ---- | C] () -- C:\Users\Sarah\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/04/03 20:31:40 | 000,003,584 | ---- | C] () -- C:\Users\Sarah\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/21 22:06:49 | 000,000,093 | ---- | C] () -- C:\Users\Sarah\AppData\Local\fusioncache.dat
[2011/01/21 21:26:04 | 000,756,022 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:242231A9

< End of report >

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:24 AM

Posted 30 May 2012 - 08:45 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    IE:64bit: - HKLM\..\SearchScopes\{349EFA5B-D456-41BD-8A36-60579710C190}: "URL" = <http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql>
    IE - HKLM\..\SearchScopes\{349EFA5B-D456-41BD-8A36-60579710C190}: "URL" = <http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql>
    IE - HKU\S-1-5-21-774465301-4038617442-2456078481-1000\..\SearchScopes\{349EFA5B-D456-41BD-8A36-60579710C190}: "URL" = <http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql>
    @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:242231A9
    :Files
    C:\Windows\system32\consrv.dll
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 sarahelyse

sarahelyse
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:24 AM

Posted 31 May 2012 - 03:49 PM

OTL wasn't able to find it for some reason. The file is still there.

========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{349EFA5B-D456-41BD-8A36-60579710C190}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{349EFA5B-D456-41BD-8A36-60579710C190}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{349EFA5B-D456-41BD-8A36-60579710C190}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{349EFA5B-D456-41BD-8A36-60579710C190}\ not found.
Registry key HKEY_USERS\S-1-5-21-774465301-4038617442-2456078481-1000\Software\Microsoft\Internet Explorer\SearchScopes\{349EFA5B-D456-41BD-8A36-60579710C190}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{349EFA5B-D456-41BD-8A36-60579710C190}\ not found.
ADS C:\ProgramData\Temp:242231A9 deleted successfully.
========== FILES ==========
File\Folder C:\Windows\system32\consrv.dll not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Sarah\Desktop\cmd.bat deleted successfully.
C:\Users\Sarah\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: Sarah
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 41620 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Sarah
->Flash cache emptied: 117133 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.44.0 log created on 05312012_154019




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users