Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow PC and Internet


  • This topic is locked This topic is locked
25 replies to this topic

#1 JHerts

JHerts

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:58 AM

Posted 05 June 2012 - 04:56 AM

Hi my PC is running windows 7 it sometimes runs slowly and there is something interfering with my Internet connection
My ISP helped confirm its not the connection when the PC runs in safe mode I get full consistent 100Mg, as do other computers connecting through the same lan cable. My PC can get anything from 25-60Mg through my connection somthing seems to limit it during tests

I have tried my virus checker, spybot and advanced system care without much luck

Thanks J

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:58 AM

Posted 09 June 2012 - 07:20 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.
===

Third party programs if not up to date can be an open door for an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please post the logs for my review.
Do not attach the logs.

#3 JHerts

JHerts
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:58 AM

Posted 10 June 2012 - 12:59 AM

Hi thanks for your help here is the first scan

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.0
Run by Steve at 6:51:57 on 2012-06-10
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3062.931 [GMT 1:00]
.
AV: Kaspersky PURE *Enabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky PURE *Enabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
FW: Kaspersky PURE *Enabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Virgin Media\Digital Home Support\HsdService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe
C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe
C:\Program Files\DVD43\DVD43_Tray.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Eraser\Eraser.exe
C:\Program Files\MillieSoft\TunerFreeMCE\TunerFreeMCEService.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Users\Steve\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\taskhost.exe
C:\Users\Steve\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\Windows\ehome\ehRecvr.exe
C:\Windows\ehome\mcGlidHost.exe
C:\Users\Steve\Desktop\S8onPC.exe
C:\Users\Steve\Desktop\S8onPC.exe
C:\Windows\Explorer.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Steve\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky pure\ievkbd.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky pure\klwtbbho.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
uRun: [FileHippo.com] "c:\program files\filehippo.com\UpdateChecker.exe" /background
uRun: [googletalk] c:\users\steve\appdata\roaming\google\google talk\googletalk.exe /autostart
uRun: [Advanced SystemCare 5] "c:\program files\iobit\advanced systemcare 5\ASCTray.exe" /AutoStart
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky pure\avp.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [dvd43] c:\program files\dvd43\dvd43_tray.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Eraser] "c:\progra~1\eraser\Eraser.exe" --atRestart
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
StartupFolder: c:\users\steve\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\steve\appdata\roaming\dropbox\bin\Dropbox.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky pure\ie_banner_deny.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky pure\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky pure\klwtbbho.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/E/3/9/E39C664F-A8E3-4F69-A109-1AE9849204EE/OGAControl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{1B6CE6A9-DD0C-41E5-9552-518C8FB674B7} : DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{1B6CE6A9-DD0C-41E5-9552-518C8FB674B7}\244584F6D65684572623D2754353B4 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{EDD0FA5F-5FCC-4687-90BE-EA9F73B2477F} : DhcpNameServer = 194.168.4.100 194.168.8.100
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\steve\appdata\roaming\mozilla\firefox\profiles\hjhcpnlh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\picasa2\npPicasa2.dll
FF - plugin: c:\program files\picasa2\npPicasa3.dll
FF - plugin: c:\program files\virgin media\service manager\nprpspa.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\steve\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\users\steve\appdata\roaming\mozilla\plugins\npcoolirisplugin.dll
FF - plugin: c:\users\steve\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\steve\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
============= SERVICES / DRIVERS ===============
.
R0 AiCharger;ASUS Charger Driver;c:\windows\system32\drivers\AiCharger.sys [2012-1-2 13224]
R0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\drivers\CSCrySec.sys [2012-1-22 88632]
R0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2012-5-21 65720]
R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\drivers\CSVirtualDiskDrv.sys [2012-1-22 39352]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2009-9-14 21520]
R1 RapportCerberus_34302;RapportCerberus_34302;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\34302\RapportCerberus32_34302.sys [2011-12-7 228208]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2012-5-21 71480]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2012-5-21 166840]
R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\drivers\tmlwf.sys [2011-11-21 143952]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/05/31 17:41:33];c:\program files\cyberlink\powerdvd8\000.fcl [2010-1-12 87536]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2012-6-5 913792]
R2 AVP;Kaspersky PURE;c:\program files\kaspersky lab\kaspersky pure\avp.exe [2010-10-1 348760]
R2 CSObjectsSrv;CryptoStorage control service;c:\program files\common files\infowatch\cryptostorage\ProtectedObjectsSrv.exe [2009-12-21 743992]
R2 HsdService;HsdService;c:\program files\virgin media\digital home support\HsdService.exe [2012-2-11 1406264]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2012-5-21 976728]
R2 RosettaStoneDaemon;RosettaStoneDaemon;c:\program files\rosettastoneltdservices\RosettaStoneDaemon.exe [2011-3-31 1646056]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-2-16 1153368]
R2 ServicepointService;ServicepointService;c:\program files\virgin media\service manager\ServicepointService.exe [2012-2-11 689464]
R2 TunerFreeMCEService;TunerFreeMCEService;c:\program files\milliesoft\tunerfreemce\TunerFreeMCEService.exe [2011-4-26 13824]
R2 WDDMService;WDDMService;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2011-3-9 238592]
R2 WDFME;WD File Management Engine;c:\program files\western digital\wd smartware\front parlor\wdfme\WDFME.exe [2011-3-9 1060864]
R2 WDSC;WD File Management Shadow Engine;c:\program files\western digital\wd smartware\front parlor\WDSC.exe [2011-3-9 484352]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472]
R3 Ph3xIB32;Philips 713x VU PCI TV Card;c:\windows\system32\drivers\Ph3xIB32.sys [2009-6-10 1311232]
R3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportms\39624\RapportIaso.sys [2012-5-20 21520]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-14 17920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-6 135664]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; [x]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-29 257696]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2009-1-29 6016]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2012-5-26 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-6 135664]
S3 HCW713x;Hauppauge 713x VU PCI TV Card;c:\windows\system32\drivers\HCW713x.sys [2007-9-20 976256]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [2010-3-10 25112]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-8-6 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-8-6 40552]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2009-6-19 19712]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2009-1-29 8320]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-3 129976]
S3 rt61x86;RT61 Extensible Wireless Driver;c:\windows\system32\drivers\netr61.sys [2010-4-7 376160]
S3 SGCameraUVC;SGCamera Video Capture;c:\windows\system32\drivers\SGCameraUVC.sys [2008-10-22 66560]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-3-7 52224]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-1-11 1343400]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2009-2-13 11520]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2074-05-18 16:44:52 607296 ----a-w- c:\program files\microsoft games\age of empires iii\deformerdllyD.dll
2012-06-09 03:15:58 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{bd1ecfcf-3cd1-4263-bd63-a6782d6f406f}\offreg.dll
2012-06-09 01:46:27 6737808 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{bd1ecfcf-3cd1-4263-bd63-a6782d6f406f}\mpengine.dll
2012-06-05 08:23:34 388096 ----a-r- c:\users\steve\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-06-05 08:11:11 -------- d-sh--w- C:\$RECYCLE.BIN
2012-06-05 08:11:05 -------- d-----w- c:\users\steve\appdata\local\temp
2012-06-05 07:37:28 98816 ----a-w- c:\windows\sed.exe
2012-06-05 07:37:28 518144 ----a-w- c:\windows\SWREG.exe
2012-06-05 07:37:28 256000 ----a-w- c:\windows\PEV.exe
2012-06-05 07:37:28 208896 ----a-w- c:\windows\MBR.exe
2012-06-05 07:37:18 -------- d-----w- C:\ComboFix
2012-05-27 12:05:02 -------- d-----w- c:\users\steve\appdata\local\Eraser 6
2012-05-26 12:41:47 -------- d-----w- c:\windows\en
2012-05-26 12:39:48 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2012-05-26 12:27:18 15712 ----a-w- c:\program files\common files\windows live\.cache\e3213c581cd3b3a02\MeshBetaRemover.exe
2012-05-26 12:27:14 89944 ----a-w- c:\program files\common files\windows live\.cache\df935a531cd3b3a01\DSETUP.dll
2012-05-26 12:27:14 537432 ----a-w- c:\program files\common files\windows live\.cache\df935a531cd3b3a01\DXSETUP.exe
2012-05-26 12:27:14 1801048 ----a-w- c:\program files\common files\windows live\.cache\df935a531cd3b3a01\dsetup32.dll
2012-05-26 10:54:33 772552 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-26 10:18:56 -------- d-----w- c:\program files\FileHippo.com
2012-05-22 16:20:48 -------- d-----w- c:\program files\Cambridge University Press
2012-05-21 06:19:14 65720 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2012-05-14 09:01:51 -------- d-----w- c:\users\steve\appdata\roaming\redsn0w
2012-05-11 22:29:31 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-11 22:29:27 989184 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2012-05-11 22:29:27 969216 ----a-w- c:\program files\windows journal\JNWDRV.dll
2012-05-11 22:29:27 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2012-05-11 22:29:27 1221632 ----a-w- c:\program files\windows journal\NBDoc.DLL
2012-05-11 22:29:17 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-11 22:29:17 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-11 22:29:17 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 22:29:08 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-11 22:29:05 1077248 ----a-w- c:\windows\system32\DWrite.dll
.
==================== Find3M ====================
.
2012-05-26 10:54:49 231760 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2012-05-26 10:52:52 687560 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-24 09:47:58 21888 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-05-05 17:05:13 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-05 17:05:13 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-02 00:46:28 4472832 ----a-w- c:\windows\system32\GPhotos.scr
2012-04-18 19:56:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-18 19:56:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-03-29 13:47:26 18816 ----a-w- c:\windows\system32\drivers\dvd43llh.sys
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601 Disk: WDC_WD2500JS-00NCB1 rev.10.02E02 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll dvd43llh.sys ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
c:\windows\system32\drivers\dvd43llh.sys RIF DVD For Free
1 ntkrnlpa!IofCallDriver[0x8307455A] -> \Device\Harddisk0\DR0[0x86627880]
3 CLASSPNP[0x8B7D959E] -> ntkrnlpa!IofCallDriver[0x8307455A] -> [0x8579B918]
5 ACPI[0x8B2B03D4] -> ntkrnlpa!IofCallDriver[0x8307455A] -> \Device\Ide\IdeDeviceP0T0L0-0[0x857D1908]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
user != kernel MBR !!!
.
============= FINISH: 6:55:13.05 ===============

#4 JHerts

JHerts
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:58 AM

Posted 10 June 2012 - 01:07 AM

Second log thanks for your help

Results of screen317's Security Check version 0.99.41
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Kaspersky PURE
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Spybot - Search & Destroy
CCleaner
Java™ 6 Update 31
Java™ 7 Update 4
Adobe Flash Player 11.2.202.235
Adobe Reader 9 Adobe Reader out of date!
Adobe Reader X (10.1.3)
Mozilla Firefox (12.0)
Google Chrome 19.0.1084.46
Google Chrome 19.0.1084.52
````````Process Check: objlist.exe by Laurent````````
Kaspersky Lab Kaspersky PURE avp.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:58 AM

Posted 10 June 2012 - 09:11 AM

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#6 JHerts

JHerts
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:58 AM

Posted 10 June 2012 - 11:41 AM

Thanks

17:20:52.0859 3240 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
17:20:53.0029 3240 ============================================================
17:20:53.0029 3240 Current date / time: 2012/06/10 17:20:53.0029
17:20:53.0029 3240 SystemInfo:
17:20:53.0029 3240
17:20:53.0029 3240 OS Version: 6.1.7601 ServicePack: 1.0
17:20:53.0029 3240 Product type: Workstation
17:20:53.0029 3240 ComputerName: STEVE-PC
17:20:53.0029 3240 UserName: Steve
17:20:53.0029 3240 Windows directory: C:\Windows
17:20:53.0029 3240 System windows directory: C:\Windows
17:20:53.0029 3240 Processor architecture: Intel x86
17:20:53.0029 3240 Number of processors: 4
17:20:53.0029 3240 Page size: 0x1000
17:20:53.0029 3240 Boot type: Normal boot
17:20:53.0029 3240 ============================================================
17:20:55.0281 3240 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x1D1C597, SectorsPerTrack: 0x8, TracksPerCylinder: 0x2, Type 'K0', Flags 0x00000050
17:20:55.0281 3240 Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:20:55.0377 3240 ============================================================
17:20:55.0377 3240 \Device\Harddisk0\DR0:
17:20:55.0378 3240 MBR partitions:
17:20:55.0378 3240 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xABE800, BlocksNum 0x2EE000
17:20:55.0378 3240 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xDAC800, BlocksNum 0x1C418800
17:20:55.0378 3240 \Device\Harddisk1\DR1:
17:20:55.0378 3240 MBR partitions:
17:20:55.0378 3240 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C5131
17:20:55.0378 3240 ============================================================
17:20:55.0521 3240 C: <-> \Device\Harddisk0\DR0\Partition1
17:20:55.0545 3240 S: <-> \Device\Harddisk0\DR0\Partition0
17:20:55.0554 3240 D: <-> \Device\Harddisk1\DR1\Partition0
17:20:55.0555 3240 ============================================================
17:20:55.0555 3240 Initialize success
17:20:55.0555 3240 ============================================================
17:20:59.0751 5020 ============================================================
17:20:59.0751 5020 Scan started
17:20:59.0751 5020 Mode: Manual;
17:20:59.0751 5020 ============================================================
17:21:04.0444 5020 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
17:21:04.0474 5020 1394ohci - ok
17:21:04.0903 5020 ACDaemon (419c06524dc5a79baad9a67339c1c65c) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
17:21:04.0930 5020 ACDaemon - ok
17:21:05.0347 5020 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
17:21:05.0366 5020 ACPI - ok
17:21:05.0423 5020 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
17:21:05.0433 5020 AcpiPmi - ok
17:21:05.0689 5020 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
17:21:05.0707 5020 AdobeARMservice - ok
17:21:06.0059 5020 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:21:06.0133 5020 AdobeFlashPlayerUpdateSvc - ok
17:21:06.0636 5020 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
17:21:06.0657 5020 adp94xx - ok
17:21:06.0894 5020 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
17:21:06.0910 5020 adpahci - ok
17:21:06.0992 5020 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
17:21:06.0999 5020 adpu320 - ok
17:21:08.0023 5020 AdvancedSystemCareService5 (96d6cdd0b32846e8cfbe592f4f32e608) C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
17:21:08.0045 5020 AdvancedSystemCareService5 - ok
17:21:09.0276 5020 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
17:21:09.0334 5020 AeLookupSvc - ok
17:21:09.0505 5020 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\Windows\system32\drivers\Afc.sys
17:21:09.0552 5020 Afc - ok
17:21:09.0967 5020 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
17:21:10.0002 5020 AFD - ok
17:21:10.0126 5020 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
17:21:10.0138 5020 agp440 - ok
17:21:10.0300 5020 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
17:21:10.0305 5020 aic78xx - ok
17:21:10.0322 5020 AiCharger (e4054edd909d378465f578f770fb9a94) C:\Windows\system32\DRIVERS\AiCharger.sys
17:21:10.0348 5020 AiCharger - ok
17:21:10.0518 5020 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
17:21:10.0547 5020 ALG - ok
17:21:10.0608 5020 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
17:21:10.0630 5020 aliide - ok
17:21:10.0685 5020 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
17:21:10.0695 5020 amdagp - ok
17:21:10.0721 5020 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
17:21:10.0733 5020 amdide - ok
17:21:10.0815 5020 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
17:21:10.0829 5020 AmdK8 - ok
17:21:10.0863 5020 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
17:21:10.0870 5020 AmdPPM - ok
17:21:10.0949 5020 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
17:21:11.0015 5020 amdsata - ok
17:21:11.0231 5020 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
17:21:11.0256 5020 amdsbs - ok
17:21:11.0274 5020 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
17:21:11.0323 5020 amdxata - ok
17:21:11.0467 5020 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
17:21:11.0495 5020 AppID - ok
17:21:11.0611 5020 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
17:21:11.0641 5020 AppIDSvc - ok
17:21:11.0738 5020 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
17:21:11.0762 5020 Appinfo - ok
17:21:12.0153 5020 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:21:12.0178 5020 Apple Mobile Device - ok
17:21:12.0339 5020 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
17:21:12.0344 5020 arc - ok
17:21:12.0416 5020 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
17:21:12.0427 5020 arcsas - ok
17:21:12.0604 5020 aspnet_state (39cdcb109bf200cc8a05b9c7e6272d11) C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:21:12.0622 5020 aspnet_state - ok
17:21:12.0650 5020 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
17:21:12.0654 5020 AsyncMac - ok
17:21:12.0758 5020 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
17:21:12.0769 5020 atapi - ok
17:21:12.0992 5020 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
17:21:13.0022 5020 AudioEndpointBuilder - ok
17:21:13.0028 5020 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
17:21:13.0034 5020 Audiosrv - ok
17:21:13.0290 5020 AVP (a2b790f9a751f24f17967f9a5574186d) C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe
17:21:13.0332 5020 AVP - ok
17:21:13.0470 5020 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
17:21:13.0501 5020 AxInstSV - ok
17:21:13.0832 5020 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
17:21:13.0867 5020 b06bdrv - ok
17:21:14.0129 5020 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
17:21:14.0161 5020 b57nd60x - ok
17:21:14.0218 5020 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
17:21:14.0246 5020 BDESVC - ok
17:21:14.0271 5020 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
17:21:14.0283 5020 Beep - ok
17:21:14.0644 5020 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
17:21:14.0721 5020 BFE - ok
17:21:15.0026 5020 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\system32\qmgr.dll
17:21:15.0128 5020 BITS - ok
17:21:15.0235 5020 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
17:21:15.0247 5020 blbdrive - ok
17:21:15.0775 5020 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
17:21:15.0794 5020 Bonjour Service - ok
17:21:15.0873 5020 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
17:21:15.0923 5020 bowser - ok
17:21:15.0942 5020 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:21:15.0947 5020 BrFiltLo - ok
17:21:15.0983 5020 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:21:16.0001 5020 BrFiltUp - ok
17:21:16.0156 5020 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
17:21:16.0201 5020 BridgeMP - ok
17:21:16.0295 5020 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
17:21:16.0346 5020 Browser - ok
17:21:16.0508 5020 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
17:21:16.0529 5020 Brserid - ok
17:21:16.0597 5020 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
17:21:16.0612 5020 BrSerWdm - ok
17:21:16.0622 5020 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:21:16.0627 5020 BrUsbMdm - ok
17:21:16.0677 5020 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
17:21:16.0689 5020 BrUsbSer - ok
17:21:16.0771 5020 BTCFilterService (4813df77ede536a52e3737971f910baa) C:\Windows\system32\DRIVERS\motfilt.sys
17:21:16.0793 5020 BTCFilterService - ok
17:21:16.0870 5020 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
17:21:16.0886 5020 BTHMODEM - ok
17:21:16.0996 5020 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
17:21:17.0002 5020 bthserv - ok
17:21:17.0503 5020 btwdins (e3326f9e91cc32794d95164472754b43) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
17:21:17.0527 5020 btwdins - ok
17:21:17.0762 5020 catchme - ok
17:21:18.0007 5020 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
17:21:18.0034 5020 cdfs - ok
17:21:18.0144 5020 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
17:21:18.0199 5020 cdrom - ok
17:21:18.0258 5020 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
17:21:18.0306 5020 CertPropSvc - ok
17:21:18.0335 5020 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
17:21:18.0346 5020 circlass - ok
17:21:18.0500 5020 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
17:21:18.0519 5020 CLFS - ok
17:21:18.0770 5020 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:21:18.0785 5020 clr_optimization_v2.0.50727_32 - ok
17:21:18.0955 5020 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:21:19.0070 5020 clr_optimization_v4.0.30319_32 - ok
17:21:19.0118 5020 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
17:21:19.0123 5020 CmBatt - ok
17:21:19.0181 5020 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
17:21:19.0213 5020 cmdide - ok
17:21:19.0668 5020 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
17:21:19.0708 5020 CNG - ok
17:21:19.0773 5020 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
17:21:19.0787 5020 Compbatt - ok
17:21:19.0841 5020 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
17:21:19.0855 5020 CompositeBus - ok
17:21:19.0859 5020 COMSysApp - ok
17:21:19.0876 5020 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
17:21:19.0880 5020 crcdisk - ok
17:21:20.0065 5020 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
17:21:20.0137 5020 CryptSvc - ok
17:21:20.0299 5020 CSCrySec (5cbf20674be8364febb6a13451a42f0a) C:\Windows\system32\DRIVERS\CSCrySec.sys
17:21:20.0345 5020 CSCrySec - ok
17:21:20.0972 5020 CSObjectsSrv (6e5b42219f1fe4a3d087d9d501e343d5) C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
17:21:20.0996 5020 CSObjectsSrv - ok
17:21:21.0087 5020 CSVirtualDiskDrv (2c3f213eddd231099fb779a45d7680e0) C:\Windows\system32\DRIVERS\CSVirtualDiskDrv.sys
17:21:21.0107 5020 CSVirtualDiskDrv - ok
17:21:21.0167 5020 dc3d (7caaf4af453ef3582fef65dd72caa0aa) C:\Windows\system32\DRIVERS\dc3d.sys
17:21:21.0178 5020 dc3d - ok
17:21:21.0395 5020 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
17:21:21.0467 5020 DcomLaunch - ok
17:21:21.0578 5020 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
17:21:21.0585 5020 defragsvc - ok
17:21:21.0744 5020 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
17:21:21.0807 5020 DfsC - ok
17:21:21.0906 5020 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
17:21:21.0973 5020 Dhcp - ok
17:21:22.0049 5020 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
17:21:22.0071 5020 discache - ok
17:21:22.0121 5020 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
17:21:22.0147 5020 Disk - ok
17:21:22.0207 5020 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
17:21:22.0246 5020 Dnscache - ok
17:21:22.0354 5020 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
17:21:22.0384 5020 dot3svc - ok
17:21:22.0453 5020 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
17:21:22.0519 5020 Dot4 - ok
17:21:22.0577 5020 Dot4Print (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows\system32\drivers\Dot4Prt.sys
17:21:22.0593 5020 Dot4Print - ok
17:21:22.0609 5020 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
17:21:22.0648 5020 dot4usb - ok
17:21:22.0706 5020 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
17:21:22.0757 5020 DPS - ok
17:21:22.0836 5020 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
17:21:22.0876 5020 drmkaud - ok
17:21:22.0930 5020 dvd43llh (1fc1eed3ea0c3a0ecf8a95b97e1b4831) C:\Windows\system32\DRIVERS\dvd43llh.sys
17:21:22.0965 5020 dvd43llh - ok
17:21:23.0223 5020 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
17:21:23.0277 5020 DXGKrnl - ok
17:21:23.0397 5020 e1express (cf0a6015f437161698c5b2a0a12cf052) C:\Windows\system32\DRIVERS\e1e6032.sys
17:21:23.0436 5020 e1express - ok
17:21:23.0550 5020 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
17:21:23.0573 5020 EapHost - ok
17:21:26.0094 5020 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
17:21:26.0209 5020 ebdrv - ok
17:21:27.0454 5020 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
17:21:27.0461 5020 EFS - ok
17:21:28.0268 5020 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
17:21:28.0320 5020 ehRecvr - ok
17:21:28.0391 5020 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
17:21:28.0395 5020 ehSched - ok
17:21:29.0345 5020 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
17:21:29.0379 5020 elxstor - ok
17:21:29.0435 5020 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
17:21:29.0450 5020 ErrDev - ok
17:21:30.0231 5020 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
17:21:30.0250 5020 EventSystem - ok
17:21:30.0498 5020 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
17:21:30.0522 5020 exfat - ok
17:21:30.0884 5020 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
17:21:30.0919 5020 fastfat - ok
17:21:31.0789 5020 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
17:21:31.0841 5020 Fax - ok
17:21:31.0915 5020 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
17:21:31.0930 5020 fdc - ok
17:21:31.0978 5020 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
17:21:32.0014 5020 fdPHost - ok
17:21:32.0115 5020 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
17:21:32.0150 5020 FDResPub - ok
17:21:32.0330 5020 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
17:21:32.0339 5020 FileInfo - ok
17:21:32.0449 5020 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
17:21:32.0464 5020 Filetrace - ok
17:21:34.0320 5020 FLEXnet Licensing Service (8669be94f63944e4f899c3950b520241) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
17:21:34.0429 5020 FLEXnet Licensing Service - ok
17:21:34.0482 5020 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
17:21:34.0497 5020 flpydisk - ok
17:21:35.0009 5020 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
17:21:35.0026 5020 FltMgr - ok
17:21:37.0188 5020 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
17:21:37.0243 5020 FontCache - ok
17:21:37.0693 5020 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:21:37.0708 5020 FontCache3.0.0.0 - ok
17:21:38.0013 5020 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
17:21:38.0023 5020 FsDepends - ok
17:21:38.0158 5020 fssfltr (b0082808a6856a252f7cdd939892ce50) C:\Windows\system32\DRIVERS\fssfltr.sys
17:21:38.0173 5020 fssfltr - ok
17:21:41.0641 5020 fsssvc (28ddeeec44e988657b732cf404d504cb) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
17:21:41.0726 5020 fsssvc - ok
17:21:42.0876 5020 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
17:21:42.0896 5020 Fs_Rec - ok
17:21:43.0151 5020 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
17:21:43.0191 5020 fvevol - ok
17:21:43.0271 5020 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
17:21:43.0286 5020 gagp30kx - ok
17:21:43.0291 5020 GEARAspiWDM - ok
17:21:43.0911 5020 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
17:21:43.0951 5020 gpsvc - ok
17:21:44.0471 5020 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
17:21:44.0471 5020 gupdate - ok
17:21:44.0476 5020 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
17:21:44.0476 5020 gupdatem - ok
17:21:44.0836 5020 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
17:21:44.0926 5020 gusvc - ok
17:21:46.0657 5020 HCW713x (dfa0c624a6c874a35c5eef4b2c9397e0) C:\Windows\system32\DRIVERS\HCW713x.sys
17:21:46.0727 5020 HCW713x - ok
17:21:46.0842 5020 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
17:21:46.0882 5020 hcw85cir - ok
17:21:47.0092 5020 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
17:21:47.0117 5020 HDAudBus - ok
17:21:47.0162 5020 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
17:21:47.0197 5020 HidBatt - ok
17:21:47.0307 5020 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
17:21:47.0332 5020 HidBth - ok
17:21:47.0407 5020 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
17:21:47.0437 5020 HidIr - ok
17:21:47.0527 5020 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
17:21:47.0542 5020 hidserv - ok
17:21:47.0617 5020 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
17:21:47.0627 5020 HidUsb - ok
17:21:47.0747 5020 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
17:21:47.0797 5020 hkmsvc - ok
17:21:48.0067 5020 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
17:21:48.0112 5020 HomeGroupListener - ok
17:21:48.0517 5020 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
17:21:48.0552 5020 HomeGroupProvider - ok
17:21:49.0132 5020 hpqcxs08 (ce0fcec4d4d860f36d972759b11eaf0f) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
17:21:49.0182 5020 hpqcxs08 - ok
17:21:49.0257 5020 hpqddsvc (ee4c7a4cf2316701ffde90f404520265) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
17:21:49.0282 5020 hpqddsvc - ok
17:21:49.0347 5020 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
17:21:49.0357 5020 HpSAMD - ok
17:21:50.0157 5020 HPSLPSVC (6f9cb6539a1b2508bd1c53d29334431a) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
17:21:50.0187 5020 HPSLPSVC - ok
17:21:52.0008 5020 HsdService (eac76a9283e8b2192351e5c0b3820624) C:\Program Files\Virgin Media\Digital Home Support\HsdService.exe
17:21:52.0043 5020 HsdService - ok
17:21:53.0688 5020 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
17:21:53.0723 5020 HTTP - ok
17:21:53.0803 5020 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
17:21:53.0818 5020 hwpolicy - ok
17:21:53.0903 5020 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
17:21:53.0928 5020 i8042prt - ok
17:21:54.0439 5020 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
17:21:54.0469 5020 iaStorV - ok
17:21:54.0814 5020 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
17:21:54.0824 5020 IDriverT - ok
17:21:55.0924 5020 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:21:55.0994 5020 idsvc - ok
17:22:04.0073 5020 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
17:22:04.0208 5020 igfx - ok
17:22:04.0878 5020 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
17:22:04.0913 5020 iirsp - ok
17:22:05.0288 5020 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
17:22:05.0328 5020 IKEEXT - ok
17:22:06.0460 5020 IntcAzAudAddService (90a10b39896040b3154613c11c932aeb) C:\Windows\system32\drivers\RTKVHDA.sys
17:22:06.0515 5020 IntcAzAudAddService - ok
17:22:07.0252 5020 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
17:22:07.0281 5020 intelide - ok
17:22:07.0380 5020 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
17:22:07.0389 5020 intelppm - ok
17:22:07.0521 5020 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
17:22:07.0560 5020 IPBusEnum - ok
17:22:07.0600 5020 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:22:07.0621 5020 IpFilterDriver - ok
17:22:07.0894 5020 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
17:22:07.0921 5020 iphlpsvc - ok
17:22:08.0114 5020 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
17:22:08.0124 5020 IPMIDRV - ok
17:22:08.0174 5020 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
17:22:08.0192 5020 IPNAT - ok
17:22:08.0785 5020 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
17:22:08.0814 5020 iPod Service - ok
17:22:08.0908 5020 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
17:22:08.0926 5020 IRENUM - ok
17:22:09.0021 5020 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
17:22:09.0051 5020 isapnp - ok
17:22:09.0132 5020 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
17:22:09.0154 5020 iScsiPrt - ok
17:22:09.0223 5020 ivusb (37412294ea4b70ed8b4a9338ebaeecaa) C:\Windows\system32\DRIVERS\ivusb.sys
17:22:09.0246 5020 ivusb - ok
17:22:09.0309 5020 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
17:22:09.0319 5020 kbdclass - ok
17:22:09.0389 5020 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
17:22:09.0398 5020 kbdhid - ok
17:22:09.0509 5020 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
17:22:09.0513 5020 KeyIso - ok
17:22:09.0644 5020 kl1 (ce3958f58547454884e97bda78cd7040) C:\Windows\system32\DRIVERS\kl1.sys
17:22:09.0678 5020 kl1 - ok
17:22:09.0788 5020 KLBG (53eedab3f0511321ac3ae8bc968b158c) C:\Windows\system32\DRIVERS\klbg.sys
17:22:09.0810 5020 KLBG - ok
17:22:10.0042 5020 KLIF (723f185c945c0a6d2e21c2bb26a46fe7) C:\Windows\system32\DRIVERS\klif.sys
17:22:10.0075 5020 KLIF - ok
17:22:10.0146 5020 KLIM6 (892cc162dc88ab084c86485879526c59) C:\Windows\system32\DRIVERS\klim6.sys
17:22:10.0171 5020 KLIM6 - ok
17:22:10.0209 5020 klmouflt (aa63a815876a76987b5dbce6af7478e9) C:\Windows\system32\DRIVERS\klmouflt.sys
17:22:10.0234 5020 klmouflt - ok
17:22:10.0395 5020 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
17:22:10.0409 5020 KSecDD - ok
17:22:10.0600 5020 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
17:22:10.0615 5020 KSecPkg - ok
17:22:10.0748 5020 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
17:22:10.0769 5020 KtmRm - ok
17:22:10.0958 5020 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
17:22:10.0990 5020 LanmanServer - ok
17:22:11.0164 5020 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
17:22:11.0201 5020 LanmanWorkstation - ok
17:22:11.0527 5020 LightScribeService (2238b91ac1a12cc6cc4c4fed41258b2a) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
17:22:11.0546 5020 LightScribeService - ok
17:22:11.0662 5020 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
17:22:11.0694 5020 lltdio - ok
17:22:11.0784 5020 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
17:22:11.0807 5020 lltdsvc - ok
17:22:11.0841 5020 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
17:22:11.0863 5020 lmhosts - ok
17:22:11.0957 5020 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
17:22:11.0969 5020 LSI_FC - ok
17:22:12.0037 5020 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
17:22:12.0069 5020 LSI_SAS - ok
17:22:12.0269 5020 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:22:12.0318 5020 LSI_SAS2 - ok
17:22:12.0354 5020 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:22:12.0364 5020 LSI_SCSI - ok
17:22:12.0415 5020 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
17:22:12.0435 5020 luafv - ok
17:22:12.0568 5020 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
17:22:12.0590 5020 Mcx2Svc - ok
17:22:12.0647 5020 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
17:22:12.0657 5020 megasas - ok
17:22:12.0866 5020 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
17:22:12.0886 5020 MegaSR - ok
17:22:12.0958 5020 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\Windows\system32\drivers\mferkdk.sys
17:22:12.0993 5020 mferkdk - ok
17:22:13.0051 5020 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\Windows\system32\drivers\mfesmfk.sys
17:22:13.0092 5020 mfesmfk - ok
17:22:13.0481 5020 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
17:22:13.0512 5020 Microsoft Office Groove Audit Service - ok
17:22:13.0589 5020 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
17:22:13.0615 5020 MMCSS - ok
17:22:13.0643 5020 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
17:22:13.0653 5020 Modem - ok
17:22:13.0700 5020 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
17:22:13.0728 5020 monitor - ok
17:22:13.0760 5020 motccgp (c741717b0a18813dd7d12085937cee72) C:\Windows\system32\DRIVERS\motccgp.sys
17:22:13.0804 5020 motccgp - ok
17:22:13.0850 5020 motccgpfl (b812da6605caf02641312f1f65c75419) C:\Windows\system32\DRIVERS\motccgpfl.sys
17:22:13.0874 5020 motccgpfl - ok
17:22:13.0914 5020 MotoSwitchService (fd8c2cef7ad8b23c6714103d621fac1f) C:\Windows\system32\DRIVERS\motswch.sys
17:22:13.0934 5020 MotoSwitchService - ok
17:22:14.0093 5020 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
17:22:14.0132 5020 mouclass - ok
17:22:14.0240 5020 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
17:22:14.0249 5020 mouhid - ok
17:22:14.0427 5020 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
17:22:14.0471 5020 mountmgr - ok
17:22:14.0581 5020 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
17:22:14.0610 5020 MozillaMaintenance - ok
17:22:14.0788 5020 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
17:22:14.0820 5020 mpio - ok
17:22:14.0826 5020 MpKsl028b757f - ok
17:22:14.0836 5020 MpKsl18e5d592 - ok
17:22:14.0844 5020 MpKsl190fec5b - ok
17:22:14.0852 5020 MpKsl260d6295 - ok
17:22:14.0859 5020 MpKsl2968268c - ok
17:22:14.0869 5020 MpKsl2b1c8a0a - ok
17:22:14.0878 5020 MpKsl2fc52ddc - ok
17:22:14.0886 5020 MpKsl3bc05492 - ok
17:22:14.0898 5020 MpKsl4353b4db - ok
17:22:14.0906 5020 MpKsl4b305a24 - ok
17:22:14.0914 5020 MpKsl51006466 - ok
17:22:14.0922 5020 MpKsl61685cff - ok
17:22:14.0932 5020 MpKsl723840a7 - ok
17:22:14.0939 5020 MpKsl72d23c4f - ok
17:22:14.0947 5020 MpKsl77e1295a - ok
17:22:14.0954 5020 MpKsl801cf64e - ok
17:22:14.0965 5020 MpKsl8ed8d676 - ok
17:22:14.0973 5020 MpKsl99c9d05c - ok
17:22:14.0982 5020 MpKsl9d82a5e1 - ok
17:22:14.0992 5020 MpKsla73ab96f - ok
17:22:15.0001 5020 MpKslb41a7682 - ok
17:22:15.0009 5020 MpKslbce96f8f - ok
17:22:15.0018 5020 MpKslc0a3c6d3 - ok
17:22:15.0027 5020 MpKslcdcde444 - ok
17:22:15.0037 5020 MpKsld2e406cf - ok
17:22:15.0049 5020 MpKsle13085a9 - ok
17:22:15.0057 5020 MpKsle16c90e0 - ok
17:22:15.0067 5020 MpKsle3537b16 - ok
17:22:15.0075 5020 MpKslefca09b0 - ok
17:22:15.0085 5020 MpKslf7f07f41 - ok
17:22:15.0092 5020 MpKslf8a1b12a - ok
17:22:15.0160 5020 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
17:22:15.0187 5020 mpsdrv - ok
17:22:15.0352 5020 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
17:22:15.0380 5020 MpsSvc - ok
17:22:15.0468 5020 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
17:22:15.0497 5020 MRxDAV - ok
17:22:15.0539 5020 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:22:15.0579 5020 mrxsmb - ok
17:22:15.0786 5020 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:22:15.0808 5020 mrxsmb10 - ok
17:22:15.0926 5020 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:22:15.0937 5020 mrxsmb20 - ok
17:22:16.0007 5020 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
17:22:16.0017 5020 msahci - ok
17:22:16.0087 5020 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
17:22:16.0124 5020 msdsm - ok
17:22:16.0260 5020 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
17:22:16.0265 5020 MSDTC - ok
17:22:16.0364 5020 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
17:22:16.0378 5020 Msfs - ok
17:22:16.0392 5020 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
17:22:16.0408 5020 mshidkmdf - ok
17:22:16.0461 5020 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
17:22:16.0480 5020 msisadrv - ok
17:22:16.0610 5020 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
17:22:16.0636 5020 MSiSCSI - ok
17:22:16.0643 5020 msiserver - ok
17:22:16.0665 5020 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
17:22:16.0696 5020 MSKSSRV - ok
17:22:16.0727 5020 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
17:22:16.0736 5020 MSPCLOCK - ok
17:22:16.0748 5020 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
17:22:16.0764 5020 MSPQM - ok
17:22:16.0985 5020 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
17:22:17.0010 5020 MsRPC - ok
17:22:17.0063 5020 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
17:22:17.0102 5020 mssmbios - ok
17:22:17.0135 5020 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
17:22:17.0160 5020 MSTEE - ok
17:22:17.0183 5020 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
17:22:17.0193 5020 MTConfig - ok
17:22:17.0309 5020 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
17:22:17.0351 5020 Mup - ok
17:22:17.0499 5020 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
17:22:17.0527 5020 napagent - ok
17:22:17.0671 5020 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
17:22:17.0683 5020 NativeWifiP - ok
17:22:18.0083 5020 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
17:22:18.0120 5020 NDIS - ok
17:22:18.0182 5020 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
17:22:18.0199 5020 NdisCap - ok
17:22:18.0249 5020 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
17:22:18.0272 5020 NdisTapi - ok
17:22:18.0336 5020 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
17:22:18.0380 5020 Ndisuio - ok
17:22:18.0487 5020 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
17:22:18.0524 5020 NdisWan - ok
17:22:18.0647 5020 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
17:22:18.0686 5020 NDProxy - ok
17:22:18.0724 5020 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
17:22:18.0760 5020 NetBIOS - ok
17:22:18.0874 5020 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
17:22:18.0914 5020 NetBT - ok
17:22:19.0066 5020 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
17:22:19.0068 5020 Netlogon - ok
17:22:19.0464 5020 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
17:22:19.0504 5020 Netman - ok
17:22:19.0837 5020 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
17:22:19.0863 5020 netprofm - ok
17:22:20.0600 5020 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:22:20.0631 5020 NetTcpPortSharing - ok
17:22:20.0745 5020 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
17:22:20.0802 5020 nfrd960 - ok
17:22:21.0175 5020 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
17:22:21.0253 5020 NlaSvc - ok
17:22:21.0326 5020 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
17:22:21.0356 5020 Npfs - ok
17:22:21.0454 5020 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
17:22:21.0480 5020 nsi - ok
17:22:21.0578 5020 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
17:22:21.0612 5020 nsiproxy - ok
17:22:22.0783 5020 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
17:22:22.0857 5020 Ntfs - ok
17:22:23.0504 5020 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
17:22:23.0532 5020 Null - ok
17:22:27.0640 5020 nvlddmkm (66b4bf606fcc7f0622d4a21bb1461089) C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:22:27.0948 5020 nvlddmkm - ok
17:22:28.0786 5020 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
17:22:28.0831 5020 nvraid - ok
17:22:28.0996 5020 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
17:22:29.0041 5020 nvstor - ok
17:22:29.0496 5020 nvsvc (d122f7c5f79c68868f5dc28cefeb2ecf) C:\Windows\system32\nvvsvc.exe
17:22:29.0546 5020 nvsvc - ok
17:22:29.0940 5020 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
17:22:29.0974 5020 nv_agp - ok
17:22:30.0797 5020 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:22:30.0896 5020 odserv - ok
17:22:31.0232 5020 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
17:22:31.0258 5020 ohci1394 - ok
17:22:31.0591 5020 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:22:31.0617 5020 ose - ok
17:22:32.0033 5020 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
17:22:32.0048 5020 p2pimsvc - ok
17:22:32.0634 5020 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
17:22:32.0659 5020 p2psvc - ok
17:22:32.0787 5020 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
17:22:32.0799 5020 Parport - ok
17:22:32.0896 5020 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
17:22:32.0912 5020 partmgr - ok
17:22:32.0942 5020 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
17:22:32.0975 5020 Parvdm - ok
17:22:33.0233 5020 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
17:22:33.0289 5020 PcaSvc - ok
17:22:33.0468 5020 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
17:22:33.0493 5020 pci - ok
17:22:33.0542 5020 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
17:22:33.0560 5020 pciide - ok
17:22:33.0711 5020 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
17:22:33.0764 5020 pcmcia - ok
17:22:33.0819 5020 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
17:22:33.0839 5020 pcw - ok
17:22:34.0282 5020 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
17:22:34.0326 5020 PEAUTH - ok
17:22:34.0600 5020 Ph3xIB32 (8b7aec0aba77de5d2feac1824c15a3fa) C:\Windows\system32\DRIVERS\Ph3xIB32.sys
17:22:34.0707 5020 Ph3xIB32 - ok
17:22:35.0523 5020 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
17:22:35.0658 5020 pla - ok
17:22:36.0314 5020 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
17:22:36.0388 5020 PlugPlay - ok
17:22:36.0449 5020 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
17:22:36.0487 5020 PNRPAutoReg - ok
17:22:36.0560 5020 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
17:22:36.0565 5020 PNRPsvc - ok
17:22:36.0751 5020 Point32 (896d916de06f5502d301e8c4dc442ae8) C:\Windows\system32\DRIVERS\point32.sys
17:22:36.0789 5020 Point32 - ok
17:22:37.0036 5020 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
17:22:37.0092 5020 PolicyAgent - ok
17:22:37.0210 5020 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
17:22:37.0252 5020 Power - ok
17:22:37.0406 5020 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
17:22:37.0448 5020 PptpMiniport - ok
17:22:37.0523 5020 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
17:22:37.0558 5020 Processor - ok
17:22:37.0651 5020 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
17:22:37.0719 5020 ProfSvc - ok
17:22:37.0793 5020 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
17:22:37.0797 5020 ProtectedStorage - ok
17:22:37.0959 5020 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
17:22:37.0990 5020 Psched - ok
17:22:38.0058 5020 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
17:22:38.0076 5020 PxHelp20 - ok
17:22:38.0823 5020 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
17:22:38.0849 5020 ql2300 - ok
17:22:39.0570 5020 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
17:22:39.0610 5020 ql40xx - ok
17:22:39.0743 5020 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
17:22:39.0809 5020 QWAVE - ok
17:22:39.0822 5020 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
17:22:39.0849 5020 QWAVEdrv - ok
17:22:40.0191 5020 RapiMgr (8f97d374ad1857e1eed85a79f29a1d3d) C:\Windows\WindowsMobile\rapimgr.dll
17:22:40.0283 5020 RapiMgr - ok
17:22:40.0673 5020 RapportCerberus_34302 (6b6f0a77365667912360ff1d5e984f25) C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys
17:22:40.0694 5020 RapportCerberus_34302 - ok
17:22:41.0110 5020 RapportEI (00fbdaee1164d21126ab00aceb531216) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
17:22:41.0112 5020 RapportEI - ok
17:22:41.0331 5020 RapportIaso (35199ec35edc7dcba71fda711dfb05c0) c:\programdata\trusteer\rapport\store\exts\rapportms\39624\rapportiaso.sys
17:22:41.0365 5020 RapportIaso - ok
17:22:41.0438 5020 RapportKELL (9621d342751a91f23529916d5143ceb7) C:\Windows\system32\Drivers\RapportKELL.sys
17:22:41.0462 5020 RapportKELL - ok
17:22:41.0680 5020 RapportMgmtService (ecc41c2310997a800bebb218aaf1590d) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
17:22:41.0731 5020 RapportMgmtService - ok
17:22:41.0860 5020 RapportPG (56281e3958f774d4f3743604c7b28a8f) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
17:22:41.0863 5020 RapportPG - ok
17:22:42.0602 5020 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
17:22:42.0657 5020 RasAcd - ok
17:22:42.0889 5020 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:22:42.0934 5020 RasAgileVpn - ok
17:22:43.0028 5020 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
17:22:43.0071 5020 RasAuto - ok
17:22:43.0117 5020 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:22:43.0146 5020 Rasl2tp - ok
17:22:43.0333 5020 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
17:22:43.0370 5020 RasMan - ok
17:22:43.0413 5020 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
17:22:43.0445 5020 RasPppoe - ok
17:22:43.0649 5020 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
17:22:43.0699 5020 RasSstp - ok
17:22:44.0148 5020 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
17:22:44.0174 5020 rdbss - ok
17:22:44.0243 5020 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
17:22:44.0284 5020 rdpbus - ok
17:22:44.0355 5020 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:22:44.0374 5020 RDPCDD - ok
17:22:44.0396 5020 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
17:22:44.0405 5020 RDPENCDD - ok
17:22:44.0478 5020 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
17:22:44.0495 5020 RDPREFMP - ok
17:22:44.0609 5020 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
17:22:44.0683 5020 RDPWD - ok
17:22:44.0922 5020 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
17:22:44.0986 5020 rdyboost - ok
17:22:45.0068 5020 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
17:22:45.0134 5020 RemoteAccess - ok
17:22:45.0229 5020 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
17:22:45.0310 5020 RemoteRegistry - ok
17:22:45.0705 5020 RichVideo (f12a68ed55053940cadd59ca5e3468dd) C:\Program Files\CyberLink\Shared Files\RichVideo.exe
17:22:45.0711 5020 RichVideo - ok
17:22:46.0224 5020 RosettaStoneDaemon (e7062dbd907e0c5ceeb5abdaf07e6b32) C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe
17:22:46.0279 5020 RosettaStoneDaemon - ok
17:22:47.0574 5020 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
17:22:47.0609 5020 RpcEptMapper - ok
17:22:47.0784 5020 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
17:22:47.0811 5020 RpcLocator - ok
17:22:48.0650 5020 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
17:22:48.0660 5020 RpcSs - ok
17:22:48.0949 5020 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
17:22:48.0980 5020 rspndr - ok
17:22:49.0786 5020 rt61x86 (e70dab50dc67d4037a612384d649313f) C:\Windows\system32\DRIVERS\netr61.sys
17:22:49.0836 5020 rt61x86 - ok
17:22:49.0992 5020 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
17:22:49.0994 5020 SamSs - ok
17:22:50.0230 5020 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
17:22:50.0282 5020 sbp2port - ok
17:22:51.0405 5020 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
17:22:51.0458 5020 SBSDWSCService - ok
17:22:52.0008 5020 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
17:22:52.0047 5020 SCardSvr - ok
17:22:52.0260 5020 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
17:22:52.0277 5020 scfilter - ok
17:22:52.0358 5020 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
17:22:52.0423 5020 Schedule - ok
17:22:52.0548 5020 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
17:22:52.0549 5020 SCPolicySvc - ok
17:22:52.0713 5020 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
17:22:52.0752 5020 SDRSVC - ok
17:22:52.0827 5020 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
17:22:52.0856 5020 secdrv - ok
17:22:52.0973 5020 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
17:22:52.0991 5020 seclogon - ok
17:22:53.0036 5020 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
17:22:53.0062 5020 SENS - ok
17:22:53.0162 5020 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
17:22:53.0204 5020 SensrSvc - ok
17:22:53.0298 5020 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
17:22:53.0343 5020 Serenum - ok
17:22:53.0365 5020 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
17:22:53.0405 5020 Serial - ok
17:22:53.0503 5020 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
17:22:53.0514 5020 sermouse - ok
17:22:53.0905 5020 ServicepointService (aec6c79f72aa0e86bafcb18d2bd2e74c) C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe
17:22:53.0993 5020 ServicepointService - ok
17:22:54.0188 5020 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
17:22:54.0276 5020 SessionEnv - ok
17:22:54.0483 5020 sfdrv01 (b7018644e132a8dfb12ed90106e06739) C:\Windows\system32\drivers\sfdrv01.sys
17:22:54.0517 5020 sfdrv01 - ok
17:22:54.0591 5020 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
17:22:54.0619 5020 sffdisk - ok
17:22:54.0676 5020 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
17:22:54.0711 5020 sffp_mmc - ok
17:22:54.0734 5020 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
17:22:54.0766 5020 sffp_sd - ok
17:22:54.0848 5020 sfhlp02 (daad4c099ebf5094d32c373ac1ac0f3c) C:\Windows\system32\drivers\sfhlp02.sys
17:22:54.0881 5020 sfhlp02 - ok
17:22:54.0921 5020 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
17:22:54.0941 5020 sfloppy - ok
17:22:54.0961 5020 sfsync02 (6dc03269f4c71e4ab313c3597f42a340) C:\Windows\system32\drivers\sfsync02.sys
17:22:54.0989 5020 sfsync02 - ok
17:22:55.0074 5020 SGCameraUVC (0929b958beaf3a72b0260f0c973767b4) C:\Windows\system32\Drivers\SGCameraUVC.sys
17:22:55.0104 5020 SGCameraUVC - ok
17:22:55.0341 5020 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
17:22:55.0378 5020 SharedAccess - ok
17:22:55.0588 5020 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
17:22:55.0620 5020 ShellHWDetection - ok
17:22:55.0721 5020 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
17:22:55.0726 5020 sisagp - ok
17:22:55.0803 5020 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:22:55.0818 5020 SiSRaid2 - ok
17:22:55.0907 5020 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
17:22:55.0943 5020 SiSRaid4 - ok
17:22:55.0996 5020 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
17:22:56.0025 5020 Smb - ok
17:22:56.0088 5020 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
17:22:56.0117 5020 SNMPTRAP - ok
17:22:56.0140 5020 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
17:22:56.0152 5020 spldr - ok
17:22:56.0280 5020 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
17:22:56.0296 5020 Spooler - ok
17:22:56.0900 5020 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
17:22:56.0964 5020 sppsvc - ok
17:22:57.0302 5020 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
17:22:57.0316 5020 sppuinotify - ok
17:22:57.0513 5020 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
17:22:57.0562 5020 srv - ok
17:22:57.0593 5020 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
17:22:57.0654 5020 srv2 - ok
17:22:57.0683 5020 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
17:22:57.0731 5020 srvnet - ok
17:22:57.0838 5020 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
17:22:57.0857 5020 SSDPSRV - ok
17:22:57.0978 5020 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
17:22:58.0008 5020 SstpSvc - ok
17:22:58.0119 5020 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
17:22:58.0144 5020 stexstor - ok
17:22:58.0194 5020 StillCam (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys
17:22:58.0224 5020 StillCam - ok
17:22:58.0384 5020 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
17:22:58.0434 5020 StiSvc - ok
17:22:58.0519 5020 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
17:22:58.0529 5020 swenum - ok
17:22:58.0569 5020 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
17:22:58.0604 5020 swprv - ok
17:22:59.0024 5020 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
17:22:59.0049 5020 SysMain - ok
17:22:59.0181 5020 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
17:22:59.0196 5020 TabletInputService - ok
17:22:59.0249 5020 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
17:22:59.0287 5020 TapiSrv - ok
17:22:59.0336 5020 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
17:22:59.0351 5020 TBS - ok
17:23:00.0259 5020 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
17:23:00.0319 5020 Tcpip - ok
17:23:04.0226 5020 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
17:23:04.0236 5020 TCPIP6 - ok
17:23:04.0719 5020 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
17:23:04.0729 5020 tcpipreg - ok
17:23:04.0812 5020 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
17:23:04.0829 5020 TDPIPE - ok
17:23:04.0921 5020 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
17:23:04.0956 5020 TDTCP - ok
17:23:05.0041 5020 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
17:23:05.0048 5020 tdx - ok
17:23:05.0106 5020 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
17:23:05.0117 5020 TermDD - ok
17:23:05.0285 5020 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
17:23:05.0301 5020 TermService - ok
17:23:05.0352 5020 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
17:23:05.0385 5020 Themes - ok
17:23:05.0478 5020 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
17:23:05.0498 5020 THREADORDER - ok
17:23:05.0602 5020 tmlwf (9536f0db34ad5cb096a6e819c53a684b) C:\Windows\system32\DRIVERS\tmlwf.sys
17:23:05.0619 5020 tmlwf - ok
17:23:05.0807 5020 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
17:23:05.0848 5020 TrkWks - ok
17:23:05.0999 5020 truecrypt (ed5e4ce36c54f55e7698642e94d32ec7) C:\Windows\system32\drivers\truecrypt.sys
17:23:06.0054 5020 truecrypt - ok
17:23:06.0248 5020 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
17:23:06.0255 5020 TrustedInstaller - ok
17:23:06.0316 5020 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:23:06.0322 5020 tssecsrv - ok
17:23:06.0412 5020 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
17:23:06.0422 5020 TsUsbFlt - ok
17:23:06.0607 5020 TunerFreeMCEService (58b76b02a4e20c7645ccc58d28c006db) C:\Program Files\MillieSoft\TunerFreeMCE\TunerFreeMCEService.exe
17:23:06.0613 5020 TunerFreeMCEService - ok
17:23:06.0728 5020 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
17:23:06.0735 5020 tunnel - ok
17:23:06.0837 5020 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
17:23:06.0874 5020 uagp35 - ok
17:23:07.0026 5020 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
17:23:07.0032 5020 udfs - ok
17:23:07.0121 5020 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
17:23:07.0154 5020 UI0Detect - ok
17:23:07.0247 5020 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
17:23:07.0252 5020 uliagpkx - ok
17:23:07.0395 5020 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
17:23:07.0408 5020 umbus - ok
17:23:07.0433 5020 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
17:23:07.0449 5020 UmPass - ok
17:23:07.0502 5020 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
17:23:07.0556 5020 upnphost - ok
17:23:07.0641 5020 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
17:23:07.0669 5020 USBAAPL - ok
17:23:07.0803 5020 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
17:23:07.0851 5020 usbaudio - ok
17:23:07.0903 5020 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
17:23:07.0924 5020 usbccgp - ok
17:23:07.0985 5020 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
17:23:08.0054 5020 usbcir - ok
17:23:08.0124 5020 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys
17:23:08.0140 5020 usbehci - ok
17:23:08.0597 5020 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
17:23:08.0619 5020 usbhub - ok
17:23:08.0658 5020 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
17:23:08.0677 5020 usbohci - ok
17:23:08.0766 5020 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
17:23:08.0808 5020 usbprint - ok
17:23:08.0863 5020 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
17:23:08.0901 5020 usbscan - ok
17:23:09.0043 5020 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:23:09.0097 5020 USBSTOR - ok
17:23:09.0139 5020 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
17:23:09.0144 5020 usbuhci - ok
17:23:09.0205 5020 usb_rndisx (d82f43d15fdaa666856c0190cb73e7c9) C:\Windows\system32\DRIVERS\usb8023x.sys
17:23:09.0220 5020 usb_rndisx - ok
17:23:09.0281 5020 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
17:23:09.0301 5020 UxSms - ok
17:23:09.0363 5020 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
17:23:09.0366 5020 VaultSvc - ok
17:23:09.0463 5020 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
17:23:09.0492 5020 vdrvroot - ok
17:23:09.0705 5020 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
17:23:09.0722 5020 vds - ok
17:23:09.0787 5020 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
17:23:09.0817 5020 vga - ok
17:23:09.0904 5020 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
17:23:09.0974 5020 VgaSave - ok
17:23:10.0217 5020 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
17:23:10.0229 5020 vhdmp - ok
17:23:10.0293 5020 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
17:23:10.0312 5020 viaagp - ok
17:23:10.0338 5020 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
17:23:10.0384 5020 ViaC7 - ok
17:23:10.0402 5020 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
17:23:10.0413 5020 viaide - ok
17:23:10.0513 5020 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
17:23:10.0552 5020 volmgr - ok
17:23:10.0678 5020 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
17:23:10.0714 5020 volmgrx - ok
17:23:10.0875 5020 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
17:23:10.0951 5020 volsnap - ok
17:23:11.0054 5020 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
17:23:11.0106 5020 vsmraid - ok
17:23:11.0401 5020 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
17:23:11.0428 5020 VSS - ok
17:23:11.0450 5020 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
17:23:11.0465 5020 vwifibus - ok
17:23:11.0485 5020 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
17:23:11.0517 5020 vwififlt - ok
17:23:11.0542 5020 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
17:23:11.0565 5020 vwifimp - ok
17:23:11.0825 5020 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
17:23:11.0870 5020 W32Time - ok
17:23:11.0918 5020 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
17:23:11.0952 5020 WacomPen - ok
17:23:12.0054 5020 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
17:23:12.0085 5020 WANARP - ok
17:23:12.0094 5020 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
17:23:12.0096 5020 Wanarpv6 - ok
17:23:12.0212 5020 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
17:23:12.0298 5020 WatAdminSvc - ok
17:23:12.0956 5020 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
17:23:12.0994 5020 wbengine - ok
17:23:13.0077 5020 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
17:23:13.0117 5020 WbioSrvc - ok
17:23:13.0270 5020 WcesComm (59e19bd13c3bdb857646b9e436ba27f7) C:\Windows\WindowsMobile\wcescomm.dll
17:23:13.0312 5020 WcesComm - ok
17:23:13.0373 5020 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
17:23:13.0419 5020 wcncsvc - ok
17:23:13.0457 5020 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
17:23:13.0497 5020 WcsPlugInService - ok
17:23:13.0633 5020 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
17:23:13.0654 5020 Wd - ok
17:23:13.0720 5020 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys
17:23:13.0735 5020 WDC_SAM - ok
17:23:14.0449 5020 WDDMService (bf847a3972cc6b5ce26e0ea742dd52d9) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
17:23:14.0492 5020 WDDMService - ok
17:23:14.0638 5020 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
17:23:14.0658 5020 Wdf01000 - ok
17:23:15.0026 5020 WDFME (b5966f1dff6e20576f3c8c2d93d129fd) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
17:23:15.0104 5020 WDFME - ok
17:23:15.0421 5020 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
17:23:15.0456 5020 WdiServiceHost - ok
17:23:15.0465 5020 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
17:23:15.0470 5020 WdiSystemHost - ok
17:23:15.0828 5020 WDSC (92f0088ca18bb08bb596ef2608256f8a) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
17:23:15.0886 5020 WDSC - ok
17:23:16.0078 5020 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
17:23:16.0113 5020 WebClient - ok
17:23:16.0187 5020 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
17:23:16.0240 5020 Wecsvc - ok
17:23:16.0368 5020 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
17:23:16.0390 5020 wercplsupport - ok
17:23:16.0551 5020 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
17:23:16.0585 5020 WerSvc - ok
17:23:16.0747 5020 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
17:23:16.0800 5020 WfpLwf - ok
17:23:16.0837 5020 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
17:23:16.0897 5020 WIMMount - ok
17:23:17.0165 5020 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
17:23:17.0222 5020 WinDefend - ok
17:23:17.0240 5020 WinHttpAutoProxySvc - ok
17:23:17.0529 5020 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
17:23:17.0546 5020 Winmgmt - ok
17:23:18.0265 5020 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
17:23:18.0438 5020 WinRM - ok
17:23:18.0623 5020 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
17:23:18.0630 5020 WinUsb - ok
17:23:19.0350 5020 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
17:23:19.0476 5020 Wlansvc - ok
17:23:19.0948 5020 wlcrasvc (6067acef367e79914af628fa1e9b5330) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
17:23:20.0003 5020 wlcrasvc - ok
17:23:21.0363 5020 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:23:21.0414 5020 wlidsvc - ok
17:23:22.0334 5020 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
17:23:22.0343 5020 WmiAcpi - ok
17:23:22.0723 5020 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
17:23:22.0815 5020 wmiApSrv - ok
17:23:26.0494 5020 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
17:23:26.0565 5020 WMPNetworkSvc - ok
17:23:26.0985 5020 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
17:23:27.0010 5020 WPCSvc - ok
17:23:27.0144 5020 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
17:23:27.0186 5020 WPDBusEnum - ok
17:23:27.0324 5020 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
17:23:27.0336 5020 ws2ifsl - ok
17:23:27.0416 5020 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
17:23:27.0439 5020 wscsvc - ok
17:23:27.0537 5020 WSDPrintDevice (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys
17:23:27.0551 5020 WSDPrintDevice - ok
17:23:27.0562 5020 WSearch - ok
17:23:28.0035 5020 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
17:23:28.0100 5020 wuauserv - ok
17:23:28.0524 5020 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
17:23:28.0556 5020 WudfPf - ok
17:23:28.0676 5020 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:23:28.0703 5020 WUDFRd - ok
17:23:28.0775 5020 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
17:23:28.0798 5020 wudfsvc - ok
17:23:29.0000 5020 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
17:23:29.0013 5020 WwanSvc - ok
17:23:29.0459 5020 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} (74ec37b9eaf9fca015b933a526825c7a) C:\Program Files\CyberLink\PowerDVD8\000.fcl
17:23:29.0520 5020 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} - ok
17:23:29.0539 5020 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
17:23:30.0012 5020 \Device\Harddisk0\DR0 - ok
17:23:30.0017 5020 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
17:23:30.0201 5020 \Device\Harddisk1\DR1 - ok
17:23:30.0208 5020 Boot (0x1200) (d0126ec754de24b003fc33ccfe73311b) \Device\Harddisk0\DR0\Partition0
17:23:30.0267 5020 \Device\Harddisk0\DR0\Partition0 - ok
17:23:30.0285 5020 Boot (0x1200) (01d45ba8f68c608a0039b89a93fc254b) \Device\Harddisk0\DR0\Partition1
17:23:30.0299 5020 \Device\Harddisk0\DR0\Partition1 - ok
17:23:30.0305 5020 Boot (0x1200) (7e95e16120a46ee4d394dc1a3495d1d1) \Device\Harddisk1\DR1\Partition0
17:23:30.0306 5020 \Device\Harddisk1\DR1\Partition0 - ok
17:23:30.0310 5020 ============================================================
17:23:30.0310 5020 Scan finished
17:23:30.0310 5020 ============================================================
17:23:30.0396 7864 Detected object count: 0
17:23:30.0396 7864 Actual detected object count: 0

#7 JHerts

JHerts
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:58 AM

Posted 10 June 2012 - 11:43 AM

I tried copying the log file suggested and the forum said it was too big

I have posted the report out the app and it seems ok
Let me know if you want the report from the file zipped up and sent

#8 JHerts

JHerts
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:58 AM

Posted 10 June 2012 - 04:02 PM

Zip file for second scan thanks for your help

Attached Files



#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:58 AM

Posted 11 June 2012 - 09:01 AM

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

#10 JHerts

JHerts
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:58 AM

Posted 12 June 2012 - 02:22 PM

Hi thanks again log file as requested

Attached Files



#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:58 AM

Posted 13 June 2012 - 07:56 AM

Open notepad and copy/paste the text in the quote box below into it:

Driver::
MpKsl028b757f
MpKsl18e5d592
MpKsl190fec5b
MpKsl260d6295
MpKsl2968268c
MpKsl2b1c8a0a
MpKsl2fc52ddc
MpKsl3bc05492
MpKsl4353b4db
MpKsl4b305a24
MpKsl51006466
MpKsl61685cff
MpKsl723840a7
MpKsl72d23c4f
MpKsl77e1295a
MpKsl801cf64e
MpKsl8ed8d676
MpKsl99c9d05c
MpKsl9d82a5e1
MpKsla73ab96f
MpKslb41a7682
MpKslbce96f8f
MpKslc0a3c6d3
MpKslcdcde444
MpKsld2e406cf
MpKsle13085a9
MpKsle16c90e0
MpKsle3537b16
MpKslefca09b0
MpKslf7f07f41
MpKslf8a1b12a


Save this as CFScript.txt on your desktop.

Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.

===


Please download MBRCheck.exe and save it to your desktop - not a folder on the desktop - save it directly to the desktop.


* Be sure to disable your security programs.
* Double-Click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt).
* A window will open on your desktop.
* if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
* If nothing unusual is found just press Enter
* A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
* In your next reply, please include the log from MBRChecker.

Let me know what problem persists.

#12 JHerts

JHerts
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:58 AM

Posted 14 June 2012 - 12:24 AM

Thanks for your help

Here are the log files you requested.

Something still seems to be throttling back my bandwidth, when I go on speed check you can see the connection speed is inconsistent anything from about 30-125M

Attached Files



#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:58 AM

Posted 14 June 2012 - 10:02 AM

Your logs are clean

Something still seems to be throttling back my bandwidth, when I go on speed check you can see the connection speed is inconsistent anything from about 30-125M


This is very subjective. Too many factors are involve to verify.
I'm not equipped to check that.

p.s. make sure that these two programs are not working simultaneously.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky PURE *Enabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}


===

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

Keep me posted.

#14 JHerts

JHerts
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:58 AM

Posted 17 June 2012 - 04:57 AM

Thanks

I did have defender enabled I have disabled and restarted but no joy
I also ran the ESET tool but no threats found

#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:58 AM

Posted 18 June 2012 - 07:41 AM

Tool by Microsoft. All operating system.
Reset your host file.

How do I reset the hosts file back to the default?
http://support.microsoft.com/kb/972034

Use the Fix it button on the page.

Run the DDS tool and post a fresh log.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users