Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

fake adobe flash update pop up and continuous redirection of websites


  • This topic is locked This topic is locked
40 replies to this topic

#1 danny20051

danny20051

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:08 AM

Posted 10 June 2012 - 11:30 PM

Hi i have installed a virus of some sort and just cannot get rid of it. i hve used various removes like norton,malewarebytes,sas, i even tried combofix, i know i am not supposed to with out being advised but i i had nothing else to try. Combofix however did not run, it extracts, then the screen icons flash but then nothing happens. i tried rkill before running it, im out of ideas. The symptoms are a continuous adobe update pop up, redirecting of site, common site like youtube and facebook have certificate warnings. I am pretty positive i know where the virus came from, it was when i downloaded a pdf password remover keygen, very dumb mistake. Any way please help i am at the verge of reinstalling which is going to be a very big problem as i have soooo much installed and valuable data, that would just take for ever to back up. Any help greatly appreciated. Norton alerted me at the end of a scan that i have a zero acces trojan and a trojan.gen2.


Also i am confident combofix can remove it, if i can get it to run

Thanks in advance, Danny


DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by danny at 14:26:43 on 2012-06-11
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8117.5709 [GMT 10:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\FBAgent.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Windows\Explorer.EXE
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Tunngle\TnglCtrl.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Intel\TurboBoost\TurboBoost.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
C:\Windows\system32\DllHost.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Microsoft\BingBar\BingBar.exe
C:\Program Files (x86)\Microsoft\BingBar\BingApp.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?babsrc=HP_Prot
uDefault_Page_URL = hxxp://asus.msn.com
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1066\TmIEPlg32.dll
BHO: Updater For Spam Free Search Bar: {20a0be68-8fd9-4539-8712-ce3d1c1fdfc6} - C:\Program Files (x86)\blekkotb\auxi\blekkoAu.dll
BHO: Spam Free Search Bar: {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files (x86)\blekkotb\blekkoDx.dll
BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.31.2\bh\BabylonToolbar.dll
BHO: PlayBryte BHO: {61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd} - mscoree.dll
BHO: PodcastBHO Class: {65134fdf-f8a5-4b3d-91d9-cdf273cfd578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\TmBpIe32.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.31.2\BabylonToolbarTlbr.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: {b278d9f8-0fa9-465e-9938-0c392605d8e3} - No File
TB: Spam Free Search Bar: {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files (x86)\blekkotb\blekkoDx.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - No File
uRun: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
uRun: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
uRun: [AdobeBridge]
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [VolPanel] "C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\danny\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\CLIENT~1.LNK - C:\Program Files (x86)\Samurize\Client.exe
StartupFolder: C:\Users\danny\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\INTEL(~1.LNK - C:\Program Files (x86)\Intel\TurboBoost\SignalIslandUi.exe
StartupFolder: C:\Users\danny\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Winamp.lnk - C:\Program Files (x86)\Winamp\winamp.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\iSyncr.lnk - C:\Windows\Installer\{26E59CFF-F4A8-4807-BFFA-5AADA69B588C}\_57F033E91E19B5B881876A.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: %SystemRoot%\system32\WTFastDrv.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 211.29.152.116 198.142.0.51 211.29.132.12
TCP: Interfaces\{10C54A82-FFDC-43F9-BBEF-7CBB93A219EC} : DhcpNameServer = 10.176.66.71 10.188.66.103
TCP: Interfaces\{4BE64B72-414E-45BD-A57F-CBC406A49557} : DhcpNameServer = 211.29.152.116 198.142.0.51 211.29.132.12
TCP: Interfaces\{4BE64B72-414E-45BD-A57F-CBC406A49557}\259716E602845716E6762E08993702960586F6E656 : DhcpNameServer = 211.29.132.12 61.88.88.88
TCP: Interfaces\{4BE64B72-414E-45BD-A57F-CBC406A49557}\4616E6E697 : DhcpNameServer = 10.176.66.71 10.188.66.103
TCP: Interfaces\{4BE64B72-414E-45BD-A57F-CBC406A49557}\E416478616E62E08993702960586F6E656 : DhcpNameServer = 10.176.66.71 10.188.66.103
TCP: Interfaces\{4BE64B72-414E-45BD-A57F-CBC406A49557}\F6074786F6D656 : DhcpNameServer = 211.29.152.116 198.142.0.51 211.29.132.12
TCP: Interfaces\{FEE14AFF-EAB1-4568-84FB-8C600EDF4093} : DhcpNameServer = 7.254.254.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} -
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1066\TmIEPlg32.dll
BHO-X64: Trend Micro NSC BHO - No File
BHO-X64: Updater For Spam Free Search Bar: {20a0be68-8fd9-4539-8712-ce3d1c1fdfc6} - C:\Program Files (x86)\blekkotb\auxi\blekkoAu.dll
BHO-X64: Updater For Spam Free Search Bar - No File
BHO-X64: Spam Free Search Bar: {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files (x86)\blekkotb\blekkoDx.dll
BHO-X64: Spam Free Search Bar - No File
BHO-X64: Babylon toolbar helper: {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.31.2\bh\BabylonToolbar.dll
BHO-X64: Babylon toolbar helper - No File
BHO-X64: PlayBryte BHO: {61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd} - mscoree.dll
BHO-X64: PodcastBHO Class: {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll
BHO-X64: dTPodcastBHO - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\TmBpIe32.dll
BHO-X64: TmBpIeBHO - No File
BHO-X64: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
BHO-X64: Google Dictionary Compression sdch - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Yontoo Layers: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
BHO-X64: Yontoo Layers - No File
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: Babylon Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.31.2\BabylonToolbarTlbr.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: {b278d9f8-0fa9-465e-9938-0c392605d8e3} - No File
TB-X64: Spam Free Search Bar: {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files (x86)\blekkotb\blekkoDx.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - No File
mRun-x64: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun-x64: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun-x64: [VolPanel] "C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe" /r
mRun-x64: [UpdReg] C:\Windows\UpdReg.EXE
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-3 15416]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-2-28 2343816]
R2 iPodDrv;iPodDrv;\??\C:\Windows\system32\drivers\iPodDrv.sys --> C:\Windows\system32\drivers\iPodDrv.sys [?]
R2 TunngleService;TunngleService;C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2011-9-14 741224]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-5-13 2314240]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AmdTools64;AMD Special Tools Driver;C:\Windows\system32\DRIVERS\AmdTools64.sys --> C:\Windows\system32\DRIVERS\AmdTools64.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys --> C:\Windows\system32\DRIVERS\ssudmdm.sys [?]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\system32\DRIVERS\tap0901t.sys --> C:\Windows\system32\DRIVERS\tap0901t.sys [?]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-13 135664]
S2 PEVSystemStart;PEVSystemStart;C:\32788R22FWJFW\pev.3XE [2011-6-26 256000]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\system32\drivers\AmUStor.SYS --> C:\Windows\system32\drivers\AmUStor.SYS [?]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-5-13 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-5-13 79360]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-13 135664]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S4 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-4-1 183560]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys --> C:\Windows\system32\DRIVERS\RsFx0103.sys [?]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-06-11 03:23:01 -------- d-----w- C:\Users\danny\AppData\Local\Temporary Projects
2012-06-05 06:56:36 -------- d-----w- C:\Users\danny\AppData\Local\{ADD13871-FA59-4E34-B99E-2FDC7B14FB03}
2012-06-05 06:56:25 -------- d-----w- C:\Users\danny\AppData\Local\{2F86FFAC-C83F-4800-B291-3C9AE6F75535}
2012-06-04 07:42:05 -------- d-----w- C:\Users\danny\AppData\Local\{931BE300-5217-42A0-A49B-616AD09B7FEF}
2012-06-04 07:41:54 -------- d-----w- C:\Users\danny\AppData\Local\{A0AF6736-69E1-4604-BB37-26036456996F}
2012-06-04 06:46:39 -------- d-----w- C:\Users\danny\AppData\Local\{FA6FEBE7-9E4E-40EC-A54D-B46EAD02731A}
2012-06-04 06:46:25 -------- d-----w- C:\Users\danny\AppData\Local\{2E98EBD2-EA16-4866-8895-F4A013F7350B}
2012-06-04 05:56:29 -------- d-----w- C:\Windows\Microsoft Antimalware
2012-06-03 21:07:10 -------- d-----w- C:\Users\danny\AppData\Local\{BA51C7DF-CAD6-4226-8E07-0FA9EC888211}
2012-06-03 21:06:58 -------- d-----w- C:\Users\danny\AppData\Local\{FA3B33D6-09C0-49FB-85A5-A163C02F765E}
2012-06-03 07:06:02 -------- d-----w- C:\Program Files\iTunes
2012-06-03 07:06:02 -------- d-----w- C:\Program Files\iPod
2012-06-03 07:06:02 -------- d-----w- C:\Program Files (x86)\iTunes
2012-06-03 07:04:25 -------- d-----w- C:\Program Files\Bonjour
2012-06-03 07:04:25 -------- d-----w- C:\Program Files (x86)\Bonjour
2012-06-03 06:44:37 -------- d-----w- C:\Users\danny\AppData\Roaming\Microsoft Corporation
2012-06-03 02:23:52 -------- d-----w- C:\Users\danny\AppData\Local\{326A92C6-BB76-4667-B971-C27F79E4FCB6}
2012-05-26 12:40:55 -------- d-----w- C:\Users\danny\AppData\Local\{FFC0F8E0-267A-42DB-AFE8-ABF2E02FBDF1}
2012-05-26 12:40:31 -------- d-----w- C:\Users\danny\AppData\Local\{F26CBE9B-7860-44D6-A44D-24FD9039F72B}
2012-05-26 03:41:01 -------- d-----w- C:\Users\danny\AppData\Local\{40880C7C-CB3B-4EBC-B8BB-7A74742985BE}
2012-05-26 03:40:30 -------- d-----w- C:\Users\danny\AppData\Local\{B8BE0795-5217-46E5-8FFD-6C6008BF4485}
2012-05-25 14:26:47 -------- d-----w- C:\Windows\SysWow64\wbem\Performance
2012-05-25 14:26:02 303616 ----a-w- C:\SetACL.exe
2012-05-25 14:04:30 290304 ----a-w- C:\subinacl.exe
2012-05-25 14:02:31 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2012-05-25 13:15:10 -------- d-----w- C:\Users\danny\AppData\Local\{49742E4E-88CA-4573-9A05-C9173FEE14C3}
2012-05-25 13:14:56 -------- d-----w- C:\Users\danny\AppData\Local\{FE758B51-D252-45AB-96B7-2F2A80C48D63}
2012-05-25 12:51:50 -------- d-----w- C:\MGtools
2012-05-25 12:50:17 1666978 ----a-w- C:\MGtools.exe
2012-05-25 12:44:19 -------- d-----w- C:\Users\danny\AppData\Local\{2DDBAAD5-E1AE-4371-8BF7-DFD912A7A165}
2012-05-25 12:43:56 -------- d-----w- C:\Users\danny\AppData\Local\{8AA03BEC-0F07-48F4-82DD-70A27EE9463F}
2012-05-25 11:13:05 -------- d-----w- C:\Users\danny\AppData\Local\{1759F0CD-3963-40DB-84E7-F9026EF40E46}
2012-05-25 11:12:52 -------- d-----w- C:\Users\danny\AppData\Local\{2C376FDE-C54D-49B2-A342-BE896CBF2715}
2012-05-25 11:07:30 -------- d-----w- C:\Users\danny\AppData\Local\{5BBE2FAB-CE19-4620-850A-0B107AF51A46}
2012-05-25 11:07:10 -------- d-----w- C:\Users\danny\AppData\Local\{99C52389-F3AC-43C3-B55C-782822ED03C3}
2012-05-25 10:49:07 -------- d-----w- C:\Users\danny\AppData\Local\{E856A035-C6CD-4823-ACB7-A09E6F8DE11D}
2012-05-25 10:48:18 -------- d-----w- C:\Users\danny\AppData\Local\{33307B1D-7883-4112-9402-EB7896531EAE}
2012-05-25 10:03:34 -------- d-----w- C:\Users\danny\AppData\Local\{6E42668A-5B0A-46C7-8CF4-8DB7C19C86B9}
2012-05-25 10:02:53 -------- d-----w- C:\Users\danny\AppData\Local\{13DD285E-C340-4E70-A92B-D4B6D0BD4821}
2012-05-25 09:56:20 -------- d-sh--w- C:\found.001
2012-05-25 07:58:28 -------- d-----w- C:\Users\danny\AppData\Local\{24BD708F-0D4C-4A3D-9BB0-A53413FC929E}
2012-05-25 07:57:56 -------- d-----w- C:\Users\danny\AppData\Local\{CC0AAD9A-CA14-4297-99BE-C1416138CD33}
2012-05-25 07:49:38 -------- d-----w- C:\Users\danny\AppData\Local\{105EBC15-7C8A-445E-95F9-BACF3F90DDDD}
2012-05-25 07:48:51 -------- d-----w- C:\Users\danny\AppData\Local\{61729211-55EA-4A6A-A707-41FA22178BBE}
2012-05-25 07:41:47 -------- d-----w- C:\Users\danny\AppData\Roaming\Malwarebytes
2012-05-25 07:41:44 -------- d-----w- C:\ProgramData\Malwarebytes
2012-05-25 07:21:50 -------- d-----w- C:\Program Files (x86)\PC Tools
2012-05-25 07:20:17 251528 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys
2012-05-25 07:20:17 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2012-05-25 07:20:05 -------- d-----w- C:\Users\danny\AppData\Roaming\TestApp
2012-05-25 07:20:05 -------- d-----w- C:\ProgramData\PC Tools
2012-05-25 06:59:07 -------- d-----w- C:\Users\danny\AppData\Local\{E1F74CBF-619E-4FAB-A57E-96F319CBACA9}
2012-05-25 06:58:22 -------- d-----w- C:\Users\danny\AppData\Local\{B7A9395F-AC25-40AA-8F1F-85F680EF1C3A}
2012-05-24 07:04:19 -------- d-----w- C:\Users\danny\AppData\Local\{4230897F-BD67-46CE-AE76-C9379CDFB8F8}
2012-05-24 07:03:55 -------- d-----w- C:\Users\danny\AppData\Local\{8A73AEB4-CD2F-490A-AC89-BB137C8F09D5}
2012-05-22 11:58:42 -------- d-----w- C:\Users\danny\AppData\Local\{0CA1EEC5-E776-41A5-946C-B0F4AAD0F374}
2012-05-22 11:38:14 -------- d-----w- C:\Users\danny\AppData\Local\{6F4A89A5-824F-432B-814A-E3754A086147}
2012-05-22 11:37:26 -------- d-----w- C:\Users\danny\AppData\Local\{BCC05B58-B3C2-4CD5-AA22-0BE95472C524}
2012-05-22 11:10:46 -------- d-----w- C:\Users\danny\AppData\Local\{07F786A9-DA12-427E-8B3B-D92EEC8D77BA}
2012-05-22 11:10:30 -------- d-----w- C:\Users\danny\AppData\Local\{99B305FF-52DC-44AD-8655-E4007B19227D}
2012-05-22 10:55:43 -------- d-----w- C:\Users\danny\AppData\Local\{0E5A2114-5C1C-4C84-A40C-D1D6B0628FA5}
2012-05-22 10:55:30 -------- d-----w- C:\Users\danny\AppData\Local\{646BCDF7-4DFE-4E37-9DA4-EB12A153516F}
2012-05-22 10:45:48 -------- d-----w- C:\Users\danny\AppData\Local\{30821520-CE1E-4069-8CC6-F212BA11377B}
2012-05-22 10:45:01 -------- d-----w- C:\Users\danny\AppData\Local\{1F330543-B73F-4113-B9B3-D83CA086C1C8}
2012-05-22 10:37:32 -------- d-----w- C:\Users\danny\AppData\Local\NPE
2012-05-22 10:32:20 -------- d-----w- C:\Users\danny\AppData\Local\CrashDumps
2012-05-22 10:31:35 -------- d-----w- C:\Users\danny\AppData\Local\{AAE1152A-E231-4301-B8F0-8734CCC2A32B}
2012-05-22 10:31:21 -------- d-----w- C:\Users\danny\AppData\Local\{50557506-AF3D-46B0-8768-7B64060F00A0}
2012-05-22 07:16:22 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2012-05-22 07:14:50 -------- d-----w- C:\ProgramData\Norton
2012-05-22 07:14:45 -------- d-----w- C:\ProgramData\NortonInstaller
2012-05-22 06:48:44 -------- d-----w- C:\Users\danny\AppData\Local\{963E2341-5B03-4511-83E4-10B8865FDE20}
2012-05-22 06:48:29 -------- d-----w- C:\Users\danny\AppData\Local\{86A7F6DD-24E8-4C03-9229-7E048E3EFD19}
2012-05-21 08:48:45 -------- d-----w- C:\Users\danny\AppData\Local\blekkotb
2012-05-21 06:57:25 -------- d-----w- C:\Users\danny\AppData\Local\{4E0FCA88-85D4-476F-B3D1-741381308763}
2012-05-21 06:57:12 -------- d-----w- C:\Users\danny\AppData\Local\{0AE2DD45-7C3A-45A2-B63B-3EF90067E9BE}
2012-05-20 10:24:19 -------- d-----w- C:\Users\danny\AppData\Local\{CE5CFE3D-E7A3-4720-AC7A-CC90E8117FBB}
2012-05-20 10:24:06 -------- d-----w- C:\Users\danny\AppData\Local\{9F7E4CF7-452F-4383-85C9-67B986FA359D}
2012-05-20 01:59:11 105744 ----a-w- C:\Windows\System32\drivers\tmtdi.sys
2012-05-20 01:58:42 -------- d-----w- C:\ProgramData\Trend Micro
2012-05-20 01:58:40 56 ----a-w- C:\Windows\System32\SupportTool.exe.bat
2012-05-20 01:58:22 -------- d-----w- C:\Program Files\Trend Micro
2012-05-20 01:57:11 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-05-20 01:48:29 -------- d-----w- C:\Users\danny\AppData\Local\{9CA644AC-0775-4125-9C9D-FAF5C0A4C732}
2012-05-20 01:48:17 -------- d-----w- C:\Users\danny\AppData\Local\{28A1EA0B-9467-48C0-B63C-81CCE33E3EEC}
2012-05-19 12:47:06 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-05-19 07:23:26 -------- d-----w- C:\Users\danny\AppData\Local\{8237D17D-F401-4B54-898B-C2BDA4469097}
2012-05-19 07:23:11 -------- d-----w- C:\Users\danny\AppData\Local\{E04DF851-0F34-4DDB-9619-95604EE3C5F1}
2012-05-18 07:20:00 -------- d-----w- C:\Users\danny\AppData\Local\{86DEFBA4-F94C-4622-8746-C22598AB5BA4}
2012-05-18 07:19:38 -------- d-----w- C:\Users\danny\AppData\Local\{A40CB9D5-82BA-4F3E-89BE-76310FFE1BBF}
2012-05-17 08:37:33 -------- d-----w- C:\Users\danny\AppData\Local\{CE19694C-8570-470B-B252-A0E3C5B82F1D}
2012-05-17 08:37:03 -------- d-----w- C:\Users\danny\AppData\Local\{CDD7DCA2-69AA-430C-8F24-B527954C5306}
2012-05-16 07:00:15 -------- d-----w- C:\Users\danny\AppData\Local\{2E4CFE9F-06D3-4E78-A044-631983BC3693}
2012-05-16 06:59:56 -------- d-----w- C:\Users\danny\AppData\Local\{25FD22A8-C999-45BB-A899-3F3D45DD4E79}
2012-05-14 06:40:23 -------- d-----w- C:\Users\danny\AppData\Local\{87194654-CDD3-4A8F-BE52-747BC39A4FC5}
2012-05-14 06:39:10 -------- d-----w- C:\Users\danny\AppData\Local\{A129388E-DEE1-41F5-BD4B-39C42ACDC0E7}
2012-05-13 01:49:39 -------- d-----w- C:\Users\danny\AppData\Local\{3A691733-06FE-42C6-AD88-2C78D5254A9C}
2012-05-13 01:49:27 -------- d-----w- C:\Users\danny\AppData\Local\{91BCD945-A8DF-4B38-9D8F-644CB21887A9}
2012-05-12 12:35:12 -------- d-----w- C:\Program Files (x86)\DEET
.
==================== Find3M ====================
.
2012-04-27 13:00:51 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-04-27 13:00:51 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-04-27 12:56:44 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-04-06 05:22:40 11174400 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2012-04-06 02:22:00 159744 ----a-w- C:\Windows\System32\atiapfxx.exe
2012-04-06 02:21:52 909312 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2012-04-06 02:20:04 1067520 ----a-w- C:\Windows\System32\aticfx64.dll
2012-04-06 02:16:52 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2012-04-06 02:16:46 503808 ----a-w- C:\Windows\System32\atieclxx.exe
2012-04-06 02:16:02 236544 ----a-w- C:\Windows\System32\atiesrxx.exe
2012-04-06 02:14:44 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2012-04-06 02:14:30 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2012-04-06 02:14:26 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2012-04-06 02:14:20 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2012-04-06 02:13:42 6800896 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2012-04-06 02:10:50 26181632 ----a-w- C:\Windows\System32\atio6axx.dll
2012-04-06 02:00:10 64000 ----a-w- C:\Windows\System32\coinst.dll
2012-04-06 01:54:46 7479296 ----a-w- C:\Windows\System32\atidxx64.dll
2012-04-06 01:50:56 19753984 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2012-04-06 01:35:24 1120768 ----a-w- C:\Windows\System32\atiumd6v.dll
2012-04-06 01:34:50 1831424 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2012-04-06 01:34:34 4731904 ----a-w- C:\Windows\System32\atiumd6a.dll
2012-04-06 01:34:04 6203392 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2012-04-06 01:30:16 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2012-04-06 01:30:14 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2012-04-06 01:30:08 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2012-04-06 01:30:06 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2012-04-06 01:29:54 16090624 ----a-w- C:\Windows\System32\aticaldd64.dll
2012-04-06 01:25:30 13764096 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2012-04-06 01:23:24 7431680 ----a-w- C:\Windows\System32\atiumd64.dll
2012-04-06 01:22:54 4795904 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2012-04-06 01:11:28 514560 ----a-w- C:\Windows\System32\atiadlxx.dll
2012-04-06 01:11:20 360448 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2012-04-06 01:11:06 17408 ----a-w- C:\Windows\System32\atig6pxx.dll
2012-04-06 01:11:04 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2012-04-06 01:11:04 14848 ----a-w- C:\Windows\System32\atiglpxx.dll
2012-04-06 01:11:00 41984 ----a-w- C:\Windows\System32\atig6txx.dll
2012-04-06 01:10:52 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2012-04-06 01:10:44 343040 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2012-04-06 01:09:56 54784 ----a-w- C:\Windows\System32\atiuxp64.dll
2012-04-06 01:09:48 41984 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2012-04-06 01:09:42 44544 ----a-w- C:\Windows\System32\atiu9p64.dll
2012-04-06 01:09:34 32256 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2012-04-06 01:09:02 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2012-04-06 01:06:08 54784 ----a-w- C:\Windows\System32\atimpc64.dll
2012-04-06 01:06:08 54784 ----a-w- C:\Windows\System32\amdpcom64.dll
2012-04-06 01:06:04 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2012-04-06 01:06:04 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2012-04-05 12:34:26 187392 ----a-w- C:\Windows\System32\clinfo.exe
2012-04-05 12:34:10 74752 ----a-w- C:\Windows\System32\OpenVideo64.dll
2012-04-05 12:34:04 64512 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2012-04-05 12:33:56 63488 ----a-w- C:\Windows\System32\OVDecode64.dll
2012-04-05 12:33:52 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2012-04-05 12:33:44 16457216 ----a-w- C:\Windows\System32\amdocl64.dll
2012-04-05 12:32:56 13007872 ----a-w- C:\Windows\SysWow64\amdocl.dll
2012-04-03 08:39:18 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-03-19 07:44:56 77040 ----a-w- C:\Windows\System32\WTFastDrv.dll
2012-03-19 07:44:56 69360 ----a-w- C:\Windows\SysWow64\WTFastDrv.dll
.
============= FINISH: 14:27:01.02 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:08 PM

Posted 10 June 2012 - 11:49 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:08 PM

Posted 14 June 2012 - 01:23 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 danny20051

danny20051
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:08 AM

Posted 15 June 2012 - 03:19 AM

yes i still need help, thanks :) here are my security check results


Results of screen317's Security Check version 0.99.41
Windows 7 x64 (UAC is disabled!)
Out of date service pack!!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Java™ 6 Update 31
Java version out of date!
Adobe Reader 9 Adobe Reader out of date!
Google Chrome 19.0.1084.52
Google Chrome 19.0.1084.56
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:08 PM

Posted 15 June 2012 - 03:48 AM

ok let me have the combofix report when it is ready



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 danny20051

danny20051
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:08 AM

Posted 15 June 2012 - 04:25 AM

Hi i have tried combo fix and it wont run, it will start up, ask me to agree then a loading bar will appear and load as it is extraction, then the window closes and nothing happens. I tried clicking it a few time and it would send my computer into some oldschool mode where there is no transparent bars and its all solid white, but give the sort of blue command prompt.

any ideas?

thanks Danny

#7 danny20051

danny20051
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:08 AM

Posted 15 June 2012 - 04:27 AM

wow sorry didnt look over what i typed, that didnt really make sense, so it closed and didnt show the blue command prompt is what i meant to say

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:08 PM

Posted 15 June 2012 - 07:21 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:08 PM

Posted 17 June 2012 - 11:45 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 danny20051

danny20051
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:08 AM

Posted 18 June 2012 - 03:14 AM

Hi sorry for that late reply, after trying to run TDSS and aswMBR i have had several hangs and a blue screen of death(which occurred during the aswMBR scan), after a few reboots i manged to get the TDSS log, still need to try and get the aswMBR one.

TDSS log:


18:10:02.0219 5304 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
18:10:03.0233 5304 ============================================================
18:10:03.0233 5304 Current date / time: 2012/06/18 18:10:03.0233
18:10:03.0233 5304 SystemInfo:
18:10:03.0233 5304
18:10:03.0233 5304 OS Version: 6.1.7600 ServicePack: 0.0
18:10:03.0233 5304 Product type: Workstation
18:10:03.0233 5304 ComputerName: DANNY-PC
18:10:03.0233 5304 UserName: danny
18:10:03.0233 5304 Windows directory: C:\Windows
18:10:03.0233 5304 System windows directory: C:\Windows
18:10:03.0233 5304 Running under WOW64
18:10:03.0233 5304 Processor architecture: Intel x64
18:10:03.0233 5304 Number of processors: 8
18:10:03.0233 5304 Page size: 0x1000
18:10:03.0233 5304 Boot type: Normal boot
18:10:03.0233 5304 ============================================================
18:10:05.0245 5304 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:10:05.0261 5304 ============================================================
18:10:05.0261 5304 \Device\Harddisk0\DR0:
18:10:05.0261 5304 MBR partitions:
18:10:05.0261 5304 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2711800, BlocksNum 0x37C74000
18:10:05.0261 5304 ============================================================
18:10:05.0276 5304 C: <-> \Device\Harddisk0\DR0\Partition0
18:10:05.0276 5304 ============================================================
18:10:05.0276 5304 Initialize success
18:10:05.0276 5304 ============================================================
18:10:08.0802 2072 ============================================================
18:10:08.0802 2072 Scan started
18:10:08.0802 2072 Mode: Manual;
18:10:08.0802 2072 ============================================================
18:10:10.0393 2072 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
18:10:10.0393 2072 1394ohci - ok
18:10:10.0424 2072 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
18:10:10.0440 2072 ACPI - ok
18:10:10.0455 2072 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
18:10:10.0471 2072 AcpiPmi - ok
18:10:10.0518 2072 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
18:10:10.0533 2072 adp94xx - ok
18:10:10.0580 2072 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
18:10:10.0596 2072 adpahci - ok
18:10:10.0611 2072 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
18:10:10.0627 2072 adpu320 - ok
18:10:10.0643 2072 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
18:10:10.0658 2072 AeLookupSvc - ok
18:10:10.0705 2072 AFBAgent (2d00d3dadc1d3326ba788eb071f2726e) C:\Windows\system32\FBAgent.exe
18:10:10.0721 2072 AFBAgent - ok
18:10:10.0783 2072 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
18:10:10.0799 2072 AFD - ok
18:10:10.0830 2072 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
18:10:10.0830 2072 agp440 - ok
18:10:10.0845 2072 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
18:10:10.0845 2072 ALG - ok
18:10:10.0877 2072 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
18:10:10.0877 2072 aliide - ok
18:10:10.0986 2072 ALSysIO - ok
18:10:11.0033 2072 AMD External Events Utility (20c8a3e435a47f0408a1ea674afa6194) C:\Windows\system32\atiesrxx.exe
18:10:11.0048 2072 AMD External Events Utility - ok
18:10:11.0064 2072 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
18:10:11.0064 2072 amdide - ok
18:10:11.0079 2072 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
18:10:11.0095 2072 AmdK8 - ok
18:10:14.0808 2072 amdkmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
18:10:14.0995 2072 amdkmdag - ok
18:10:15.0775 2072 amdkmdap (0e57258e5cc4cc7a9a9a877afdf0cec6) C:\Windows\system32\DRIVERS\atikmpag.sys
18:10:15.0775 2072 amdkmdap - ok
18:10:15.0884 2072 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
18:10:15.0884 2072 AmdPPM - ok
18:10:15.0915 2072 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
18:10:15.0915 2072 amdsata - ok
18:10:15.0947 2072 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
18:10:15.0962 2072 amdsbs - ok
18:10:16.0009 2072 AmdTools64 (deda72a4ab5416ad0a09faecfa6056c2) C:\Windows\system32\DRIVERS\AmdTools64.sys
18:10:16.0009 2072 AmdTools64 - ok
18:10:16.0009 2072 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
18:10:16.0025 2072 amdxata - ok
18:10:16.0103 2072 AmUStor (9c7f164b49cadc658d1b3c575782f346) C:\Windows\system32\drivers\AmUStor.SYS
18:10:16.0103 2072 AmUStor - ok
18:10:16.0149 2072 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
18:10:16.0149 2072 AppID - ok
18:10:16.0181 2072 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
18:10:16.0181 2072 AppIDSvc - ok
18:10:16.0196 2072 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
18:10:16.0196 2072 Appinfo - ok
18:10:16.0368 2072 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:10:16.0368 2072 Apple Mobile Device - ok
18:10:16.0415 2072 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
18:10:16.0430 2072 arc - ok
18:10:16.0446 2072 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
18:10:16.0446 2072 arcsas - ok
18:10:16.0493 2072 ASLDRService (18e5c2f937f9deb8c282df66a3761925) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
18:10:16.0508 2072 ASLDRService - ok
18:10:16.0524 2072 ASMMAP64 (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
18:10:16.0524 2072 ASMMAP64 - ok
18:10:16.0836 2072 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:10:16.0898 2072 aspnet_state - ok
18:10:16.0914 2072 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:10:16.0914 2072 AsyncMac - ok
18:10:16.0961 2072 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
18:10:16.0961 2072 atapi - ok
18:10:17.0304 2072 athr (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys
18:10:17.0335 2072 athr - ok
18:10:17.0819 2072 AtiHDAudioService (24464b908e143d2561e9e452fee97309) C:\Windows\system32\drivers\AtihdW76.sys
18:10:17.0819 2072 AtiHDAudioService - ok
18:10:17.0897 2072 AtiHdmiService (d481083348138b4933acfe95812db71c) C:\Windows\system32\drivers\AtiHdmi.sys
18:10:17.0897 2072 AtiHdmiService - ok
18:10:25.0057 2072 atikmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
18:10:25.0119 2072 atikmdag - ok
18:10:25.0213 2072 atillk64 - ok
18:10:25.0260 2072 ATKGFNEXSrv (63f1212ffe13e62ca1e8d8ee19abd9a7) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
18:10:25.0260 2072 ATKGFNEXSrv - ok
18:10:25.0556 2072 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
18:10:25.0572 2072 AudioEndpointBuilder - ok
18:10:25.0572 2072 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
18:10:25.0587 2072 AudioSrv - ok
18:10:25.0619 2072 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
18:10:25.0619 2072 AxInstSV - ok
18:10:25.0697 2072 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
18:10:25.0759 2072 b06bdrv - ok
18:10:25.0806 2072 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:10:25.0821 2072 b57nd60a - ok
18:10:25.0915 2072 BBSvc (0d1ea7509f394d8b705b239ee71f5118) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
18:10:25.0931 2072 BBSvc - ok
18:10:25.0977 2072 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
18:10:25.0977 2072 BDESVC - ok
18:10:25.0993 2072 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:10:25.0993 2072 Beep - ok
18:10:26.0227 2072 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
18:10:26.0258 2072 BFE - ok
18:10:26.0336 2072 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll
18:10:26.0352 2072 BITS - ok
18:10:26.0399 2072 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:10:26.0399 2072 blbdrive - ok
18:10:26.0492 2072 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
18:10:26.0508 2072 Bonjour Service - ok
18:10:26.0539 2072 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
18:10:26.0539 2072 bowser - ok
18:10:26.0570 2072 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:10:26.0570 2072 BrFiltLo - ok
18:10:26.0586 2072 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:10:26.0586 2072 BrFiltUp - ok
18:10:26.0617 2072 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
18:10:26.0633 2072 BridgeMP - ok
18:10:26.0648 2072 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
18:10:26.0664 2072 Browser - ok
18:10:26.0695 2072 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:10:26.0711 2072 Brserid - ok
18:10:26.0726 2072 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:10:26.0726 2072 BrSerWdm - ok
18:10:26.0742 2072 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:10:26.0742 2072 BrUsbMdm - ok
18:10:26.0757 2072 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:10:26.0757 2072 BrUsbSer - ok
18:10:26.0773 2072 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
18:10:26.0789 2072 BthEnum - ok
18:10:26.0789 2072 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
18:10:26.0804 2072 BTHMODEM - ok
18:10:26.0820 2072 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
18:10:26.0835 2072 BthPan - ok
18:10:26.0898 2072 BTHPORT (a51fa9d0e85d5adabef72e67f386309c) C:\Windows\system32\Drivers\BTHport.sys
18:10:26.0913 2072 BTHPORT - ok
18:10:26.0929 2072 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
18:10:26.0929 2072 bthserv - ok
18:10:26.0945 2072 BTHUSB (f740b9a16b2c06700f2130e19986bf3b) C:\Windows\system32\Drivers\BTHUSB.sys
18:10:26.0960 2072 BTHUSB - ok
18:10:26.0976 2072 btusbflt (6e04458e98daf28826482e41a7a62df5) C:\Windows\system32\drivers\btusbflt.sys
18:10:26.0976 2072 btusbflt - ok
18:10:27.0007 2072 btwaudio (6bcfdc2b5b7f66d484486d4bd4b39a6b) C:\Windows\system32\drivers\btwaudio.sys
18:10:27.0007 2072 btwaudio - ok
18:10:27.0023 2072 btwavdt (82dc8b7c626e526681c1bebed2bc3ff9) C:\Windows\system32\drivers\btwavdt.sys
18:10:27.0023 2072 btwavdt - ok
18:10:27.0241 2072 btwdins (1e08dc82525282e34ad66ffba0782565) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
18:10:27.0257 2072 btwdins - ok
18:10:27.0288 2072 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
18:10:27.0288 2072 btwl2cap - ok
18:10:27.0303 2072 btwrchid (28e105ad3b79f440bf94780f507bf66a) C:\Windows\system32\DRIVERS\btwrchid.sys
18:10:27.0303 2072 btwrchid - ok
18:10:27.0335 2072 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:10:27.0350 2072 cdfs - ok
18:10:27.0381 2072 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
18:10:27.0397 2072 cdrom - ok
18:10:27.0428 2072 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
18:10:27.0428 2072 CertPropSvc - ok
18:10:27.0444 2072 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
18:10:27.0444 2072 circlass - ok
18:10:27.0491 2072 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:10:27.0506 2072 CLFS - ok
18:10:27.0584 2072 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:10:27.0600 2072 clr_optimization_v2.0.50727_32 - ok
18:10:27.0615 2072 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:10:27.0631 2072 clr_optimization_v2.0.50727_64 - ok
18:10:27.0865 2072 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:10:27.0974 2072 clr_optimization_v4.0.30319_32 - ok
18:10:28.0021 2072 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:10:28.0099 2072 clr_optimization_v4.0.30319_64 - ok
18:10:28.0130 2072 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
18:10:28.0130 2072 CmBatt - ok
18:10:28.0146 2072 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
18:10:28.0146 2072 cmdide - ok
18:10:28.0208 2072 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
18:10:28.0224 2072 CNG - ok
18:10:28.0255 2072 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
18:10:28.0255 2072 Compbatt - ok
18:10:28.0286 2072 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
18:10:28.0286 2072 CompositeBus - ok
18:10:28.0286 2072 COMSysApp - ok
18:10:28.0317 2072 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
18:10:28.0317 2072 crcdisk - ok
18:10:28.0380 2072 Creative ALchemy AL6 Licensing Service (c8bd651e13895b93ed9ec5b4f1df42bc) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
18:10:28.0380 2072 Creative ALchemy AL6 Licensing Service - ok
18:10:28.0411 2072 Creative Audio Engine Licensing Service (c0ead9f8ab83d41ff07303c75589c2b8) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
18:10:28.0411 2072 Creative Audio Engine Licensing Service - ok
18:10:28.0442 2072 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
18:10:28.0458 2072 CryptSvc - ok
18:10:28.0520 2072 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
18:10:28.0536 2072 DcomLaunch - ok
18:10:28.0583 2072 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
18:10:28.0614 2072 defragsvc - ok
18:10:28.0629 2072 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
18:10:28.0629 2072 DfsC - ok
18:10:28.0692 2072 dg_ssudbus (bf4e72d6fa78fedc4b8577116eface7e) C:\Windows\system32\DRIVERS\ssudbus.sys
18:10:28.0692 2072 dg_ssudbus - ok
18:10:28.0739 2072 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
18:10:28.0754 2072 Dhcp - ok
18:10:28.0770 2072 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:10:28.0770 2072 discache - ok
18:10:28.0817 2072 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
18:10:28.0817 2072 Disk - ok
18:10:28.0832 2072 Dnscache (676108c4e3aa6f6b34633748bd0bebd9) C:\Windows\System32\dnsrslvr.dll
18:10:28.0848 2072 Dnscache - ok
18:10:28.0879 2072 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
18:10:28.0895 2072 dot3svc - ok
18:10:28.0910 2072 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
18:10:28.0926 2072 DPS - ok
18:10:28.0941 2072 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:10:28.0941 2072 drmkaud - ok
18:10:29.0051 2072 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
18:10:29.0051 2072 DXGKrnl - ok
18:10:29.0160 2072 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
18:10:29.0175 2072 EapHost - ok
18:10:29.0940 2072 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
18:10:30.0018 2072 ebdrv - ok
18:10:30.0174 2072 EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe
18:10:30.0174 2072 EFS - ok
18:10:30.0408 2072 ehRecvr (b91d81b3b54a54ccafc03733dbc2e29e) C:\Windows\ehome\ehRecvr.exe
18:10:30.0423 2072 ehRecvr - ok
18:10:30.0439 2072 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
18:10:30.0455 2072 ehSched - ok
18:10:30.0533 2072 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
18:10:30.0564 2072 elxstor - ok
18:10:30.0642 2072 EraserUtilDrv11120 - ok
18:10:30.0689 2072 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
18:10:30.0689 2072 ErrDev - ok
18:10:30.0735 2072 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
18:10:30.0751 2072 EventSystem - ok
18:10:30.0782 2072 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:10:30.0798 2072 exfat - ok
18:10:30.0829 2072 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:10:30.0845 2072 fastfat - ok
18:10:30.0907 2072 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
18:10:30.0923 2072 Fax - ok
18:10:30.0938 2072 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
18:10:30.0938 2072 fdc - ok
18:10:30.0969 2072 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
18:10:30.0969 2072 fdPHost - ok
18:10:30.0969 2072 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
18:10:30.0985 2072 FDResPub - ok
18:10:31.0001 2072 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:10:31.0001 2072 FileInfo - ok
18:10:31.0016 2072 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:10:31.0016 2072 Filetrace - ok
18:10:31.0032 2072 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
18:10:31.0032 2072 flpydisk - ok
18:10:31.0063 2072 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
18:10:31.0079 2072 FltMgr - ok
18:10:31.0313 2072 FontCache (8ac4cb4ea61e41009fae9ae7b2b5da3a) C:\Windows\system32\FntCache.dll
18:10:31.0328 2072 FontCache - ok
18:10:31.0391 2072 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:10:31.0391 2072 FontCache3.0.0.0 - ok
18:10:31.0437 2072 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:10:31.0437 2072 FsDepends - ok
18:10:31.0469 2072 fssfltr (dc0dce4ec2c5d2cf6472f9fd6aa9a7dc) C:\Windows\system32\DRIVERS\fssfltr.sys
18:10:31.0469 2072 fssfltr - ok
18:10:31.0796 2072 fsssvc (40cdfad174b3d5e80f95dda003c0b97f) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
18:10:31.0812 2072 fsssvc - ok
18:10:32.0139 2072 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
18:10:32.0139 2072 Fs_Rec - ok
18:10:32.0186 2072 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
18:10:32.0186 2072 fvevol - ok
18:10:32.0202 2072 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:10:32.0202 2072 gagp30kx - ok
18:10:32.0233 2072 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:10:32.0233 2072 GEARAspiWDM - ok
18:10:32.0311 2072 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
18:10:32.0327 2072 gpsvc - ok
18:10:32.0436 2072 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:10:32.0436 2072 gupdate - ok
18:10:32.0467 2072 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:10:32.0467 2072 gupdatem - ok
18:10:32.0483 2072 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
18:10:32.0498 2072 gusvc - ok
18:10:32.0529 2072 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
18:10:32.0529 2072 hamachi - ok
18:10:32.0935 2072 Hamachi2Svc (d483dbaef409e8ab7477c28615fcd853) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
18:10:32.0966 2072 Hamachi2Svc - ok
18:10:33.0122 2072 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:10:33.0138 2072 hcw85cir - ok
18:10:33.0185 2072 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
18:10:33.0185 2072 HdAudAddService - ok
18:10:33.0231 2072 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:10:33.0231 2072 HDAudBus - ok
18:10:33.0247 2072 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
18:10:33.0247 2072 HECIx64 - ok
18:10:33.0263 2072 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
18:10:33.0263 2072 HidBatt - ok
18:10:33.0278 2072 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
18:10:33.0278 2072 HidBth - ok
18:10:33.0309 2072 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
18:10:33.0309 2072 HidIr - ok
18:10:33.0309 2072 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
18:10:33.0325 2072 hidserv - ok
18:10:33.0341 2072 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
18:10:33.0341 2072 HidUsb - ok
18:10:33.0356 2072 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
18:10:33.0372 2072 hkmsvc - ok
18:10:33.0387 2072 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
18:10:33.0403 2072 HomeGroupListener - ok
18:10:33.0434 2072 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
18:10:33.0450 2072 HomeGroupProvider - ok
18:10:33.0465 2072 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
18:10:33.0465 2072 HpSAMD - ok
18:10:33.0512 2072 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
18:10:33.0543 2072 HTTP - ok
18:10:33.0559 2072 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
18:10:33.0559 2072 hwpolicy - ok
18:10:33.0606 2072 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
18:10:33.0606 2072 i8042prt - ok
18:10:33.0668 2072 iaStor (bbb3b6df1abb0fe35802ede85cc1c011) C:\Windows\system32\DRIVERS\iaStor.sys
18:10:33.0668 2072 iaStor - ok
18:10:33.0715 2072 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
18:10:33.0731 2072 iaStorV - ok
18:10:33.0918 2072 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:10:33.0933 2072 idsvc - ok
18:10:33.0965 2072 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
18:10:33.0980 2072 iirsp - ok
18:10:34.0105 2072 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
18:10:34.0121 2072 IKEEXT - ok
18:10:34.0339 2072 IntcAzAudAddService (045555f0d572bb48498d040c31e9dc6a) C:\Windows\system32\drivers\RTKVHD64.sys
18:10:34.0355 2072 IntcAzAudAddService - ok
18:10:34.0542 2072 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
18:10:34.0542 2072 intelide - ok
18:10:34.0573 2072 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:10:34.0573 2072 intelppm - ok
18:10:34.0604 2072 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
18:10:34.0620 2072 IPBusEnum - ok
18:10:34.0635 2072 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:10:34.0635 2072 IpFilterDriver - ok
18:10:34.0713 2072 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
18:10:34.0776 2072 iphlpsvc - ok
18:10:34.0791 2072 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
18:10:34.0791 2072 IPMIDRV - ok
18:10:34.0807 2072 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:10:34.0823 2072 IPNAT - ok
18:10:34.0932 2072 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
18:10:34.0994 2072 iPod Service - ok
18:10:35.0025 2072 iPodDrv (02def37ab75e0032c50724646f708de8) C:\Windows\system32\drivers\iPodDrv.sys
18:10:35.0025 2072 iPodDrv - ok
18:10:35.0072 2072 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:10:35.0072 2072 IRENUM - ok
18:10:35.0088 2072 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
18:10:35.0088 2072 isapnp - ok
18:10:35.0119 2072 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
18:10:35.0135 2072 iScsiPrt - ok
18:10:35.0150 2072 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
18:10:35.0150 2072 kbdclass - ok
18:10:35.0181 2072 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
18:10:35.0181 2072 kbdhid - ok
18:10:35.0213 2072 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
18:10:35.0213 2072 kbfiltr - ok
18:10:35.0228 2072 KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
18:10:35.0228 2072 KeyIso - ok
18:10:35.0244 2072 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
18:10:35.0244 2072 KSecDD - ok
18:10:35.0275 2072 KSecPkg (bbe1bf6d9b661c354d4857d5fadb943b) C:\Windows\system32\Drivers\ksecpkg.sys
18:10:35.0275 2072 KSecPkg - ok
18:10:35.0291 2072 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:10:35.0291 2072 ksthunk - ok
18:10:35.0369 2072 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
18:10:35.0384 2072 KtmRm - ok
18:10:35.0400 2072 L1C (b4a3a05b0f9c81d098b96ab6aa915042) C:\Windows\system32\DRIVERS\L1C62x64.sys
18:10:35.0400 2072 L1C - ok
18:10:35.0447 2072 LanmanServer (c926920b8978de6acfe9e15c709e9b57) C:\Windows\System32\srvsvc.dll
18:10:35.0462 2072 LanmanServer - ok
18:10:35.0478 2072 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
18:10:35.0493 2072 LanmanWorkstation - ok
18:10:35.0509 2072 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:10:35.0509 2072 lltdio - ok
18:10:35.0556 2072 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
18:10:35.0571 2072 lltdsvc - ok
18:10:35.0587 2072 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
18:10:35.0587 2072 lmhosts - ok
18:10:35.0712 2072 LMS (a1c148801b4af64847aeb9f3ad9594ef) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
18:10:35.0727 2072 LMS - ok
18:10:35.0774 2072 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:10:35.0774 2072 LSI_FC - ok
18:10:35.0790 2072 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:10:35.0790 2072 LSI_SAS - ok
18:10:35.0805 2072 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:10:35.0805 2072 LSI_SAS2 - ok
18:10:35.0837 2072 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:10:35.0837 2072 LSI_SCSI - ok
18:10:35.0868 2072 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:10:35.0868 2072 luafv - ok
18:10:35.0899 2072 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
18:10:35.0899 2072 Mcx2Svc - ok
18:10:35.0915 2072 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
18:10:35.0915 2072 megasas - ok
18:10:35.0977 2072 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
18:10:35.0977 2072 MegaSR - ok
18:10:36.0039 2072 Microsoft SharePoint Workspace Audit Service - ok
18:10:36.0039 2072 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:10:36.0039 2072 MMCSS - ok
18:10:36.0055 2072 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:10:36.0055 2072 Modem - ok
18:10:36.0086 2072 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:10:36.0086 2072 monitor - ok
18:10:36.0117 2072 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
18:10:36.0117 2072 mouclass - ok
18:10:36.0149 2072 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:10:36.0149 2072 mouhid - ok
18:10:36.0180 2072 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
18:10:36.0180 2072 mountmgr - ok
18:10:36.0195 2072 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
18:10:36.0211 2072 mpio - ok
18:10:36.0227 2072 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:10:36.0227 2072 mpsdrv - ok
18:10:36.0320 2072 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
18:10:36.0336 2072 MpsSvc - ok
18:10:36.0351 2072 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
18:10:36.0367 2072 MRxDAV - ok
18:10:36.0398 2072 mrxsmb (ab5892797c4114640ba333949568de8c) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:10:36.0398 2072 mrxsmb - ok
18:10:36.0429 2072 mrxsmb10 (81a38f7aeeb265634b05ae5f3f29fbc4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:10:36.0445 2072 mrxsmb10 - ok
18:10:36.0461 2072 mrxsmb20 (6b2d5fef385828b6e485c1c90afb8195) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:10:36.0461 2072 mrxsmb20 - ok
18:10:36.0476 2072 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
18:10:36.0476 2072 msahci - ok
18:10:36.0492 2072 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
18:10:36.0492 2072 msdsm - ok
18:10:36.0523 2072 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
18:10:36.0539 2072 MSDTC - ok
18:10:36.0570 2072 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:10:36.0570 2072 Msfs - ok
18:10:36.0585 2072 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:10:36.0585 2072 mshidkmdf - ok
18:10:36.0601 2072 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
18:10:36.0601 2072 msisadrv - ok
18:10:36.0632 2072 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
18:10:36.0648 2072 MSiSCSI - ok
18:10:36.0648 2072 msiserver - ok
18:10:36.0679 2072 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:10:36.0679 2072 MSKSSRV - ok
18:10:36.0695 2072 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:10:36.0710 2072 MSPCLOCK - ok
18:10:36.0726 2072 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:10:36.0726 2072 MSPQM - ok
18:10:36.0757 2072 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
18:10:36.0773 2072 MsRPC - ok
18:10:36.0788 2072 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
18:10:36.0788 2072 mssmbios - ok
18:10:36.0851 2072 MSSQL$SQLEXPRESS - ok
18:10:36.0975 2072 MSSQLServerADHelper100 (7a2a8c975356858eb38466a6b1592e8d) c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
18:10:36.0975 2072 MSSQLServerADHelper100 - ok
18:10:36.0975 2072 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:10:36.0975 2072 MSTEE - ok
18:10:36.0991 2072 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
18:10:36.0991 2072 MTConfig - ok
18:10:37.0022 2072 MTsensor (032d35c996f21d19a205a7c8f0b76f3c) C:\Windows\system32\DRIVERS\ATK64AMD.sys
18:10:37.0022 2072 MTsensor - ok
18:10:37.0038 2072 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:10:37.0038 2072 Mup - ok
18:10:37.0100 2072 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
18:10:37.0116 2072 napagent - ok
18:10:37.0163 2072 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:10:37.0178 2072 NativeWifiP - ok
18:10:37.0256 2072 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
18:10:37.0287 2072 NDIS - ok
18:10:37.0319 2072 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:10:37.0319 2072 NdisCap - ok
18:10:37.0334 2072 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:10:37.0334 2072 NdisTapi - ok
18:10:37.0350 2072 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
18:10:37.0350 2072 Ndisuio - ok
18:10:37.0381 2072 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
18:10:37.0381 2072 NdisWan - ok
18:10:37.0397 2072 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
18:10:37.0397 2072 NDProxy - ok
18:10:37.0428 2072 Netaapl (6f4607e2333fe21e9e3ff8133a88b35b) C:\Windows\system32\DRIVERS\netaapl64.sys
18:10:37.0428 2072 Netaapl - ok
18:10:37.0459 2072 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:10:37.0459 2072 NetBIOS - ok
18:10:37.0490 2072 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
18:10:37.0506 2072 NetBT - ok
18:10:37.0537 2072 Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
18:10:37.0537 2072 Netlogon - ok
18:10:37.0584 2072 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
18:10:37.0599 2072 Netman - ok
18:10:37.0755 2072 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:10:37.0802 2072 NetMsmqActivator - ok
18:10:37.0833 2072 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:10:37.0833 2072 NetPipeActivator - ok
18:10:37.0865 2072 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
18:10:37.0896 2072 netprofm - ok
18:10:37.0911 2072 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:10:37.0911 2072 NetTcpActivator - ok
18:10:37.0911 2072 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:10:37.0927 2072 NetTcpPortSharing - ok
18:10:37.0974 2072 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
18:10:37.0974 2072 nfrd960 - ok
18:10:38.0021 2072 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
18:10:38.0036 2072 NlaSvc - ok
18:10:38.0052 2072 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:10:38.0052 2072 Npfs - ok
18:10:38.0052 2072 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
18:10:38.0052 2072 nsi - ok
18:10:38.0067 2072 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:10:38.0067 2072 nsiproxy - ok
18:10:38.0270 2072 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
18:10:38.0317 2072 Ntfs - ok
18:10:38.0457 2072 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:10:38.0473 2072 Null - ok
18:10:38.0504 2072 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
18:10:38.0504 2072 nvraid - ok
18:10:38.0520 2072 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
18:10:38.0535 2072 nvstor - ok
18:10:38.0551 2072 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
18:10:38.0551 2072 nv_agp - ok
18:10:38.0567 2072 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
18:10:38.0582 2072 ohci1394 - ok
18:10:38.0645 2072 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:10:38.0660 2072 ose - ok
18:10:39.0331 2072 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:10:39.0409 2072 osppsvc - ok
18:10:39.0596 2072 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:10:39.0596 2072 p2pimsvc - ok
18:10:39.0659 2072 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
18:10:39.0674 2072 p2psvc - ok
18:10:39.0737 2072 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
18:10:39.0737 2072 Parport - ok
18:10:39.0768 2072 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
18:10:39.0768 2072 partmgr - ok
18:10:39.0799 2072 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
18:10:39.0815 2072 PcaSvc - ok
18:10:39.0830 2072 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
18:10:39.0846 2072 pci - ok
18:10:39.0861 2072 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
18:10:39.0861 2072 pciide - ok
18:10:39.0893 2072 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
18:10:39.0893 2072 pcmcia - ok
18:10:39.0908 2072 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:10:39.0908 2072 pcw - ok
18:10:39.0971 2072 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:10:39.0986 2072 PEAUTH - ok
18:10:40.0080 2072 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
18:10:40.0080 2072 PerfHost - ok
18:10:40.0595 2072 PEVSystemStart (f042ee4c8d66248d9b86dcf52abae416) C:\32788R22FWJFW\pev.3XE
18:10:40.0641 2072 PEVSystemStart - ok
18:10:41.0016 2072 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
18:10:41.0078 2072 pla - ok
18:10:41.0141 2072 PlugPlay (23157d583244400e1d7fbaee2e4b31b7) C:\Windows\system32\umpnpmgr.dll
18:10:41.0203 2072 PlugPlay - ok
18:10:41.0219 2072 PnkBstrA - ok
18:10:41.0234 2072 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
18:10:41.0234 2072 PNRPAutoReg - ok
18:10:41.0265 2072 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:10:41.0265 2072 PNRPsvc - ok
18:10:41.0328 2072 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
18:10:41.0343 2072 PolicyAgent - ok
18:10:41.0390 2072 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
18:10:41.0390 2072 Power - ok
18:10:41.0468 2072 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
18:10:41.0468 2072 PptpMiniport - ok
18:10:41.0499 2072 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
18:10:41.0499 2072 Processor - ok
18:10:41.0515 2072 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
18:10:41.0531 2072 ProfSvc - ok
18:10:41.0546 2072 ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
18:10:41.0546 2072 ProtectedStorage - ok
18:10:41.0577 2072 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
18:10:41.0577 2072 Psched - ok
18:10:41.0702 2072 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
18:10:41.0718 2072 ql2300 - ok
18:10:41.0889 2072 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
18:10:41.0905 2072 ql40xx - ok
18:10:41.0936 2072 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
18:10:41.0952 2072 QWAVE - ok
18:10:41.0967 2072 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:10:41.0967 2072 QWAVEdrv - ok
18:10:41.0983 2072 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:10:41.0983 2072 RasAcd - ok
18:10:42.0014 2072 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:10:42.0014 2072 RasAgileVpn - ok
18:10:42.0045 2072 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
18:10:42.0061 2072 RasAuto - ok
18:10:42.0077 2072 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:10:42.0092 2072 Rasl2tp - ok
18:10:42.0123 2072 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
18:10:42.0139 2072 RasMan - ok
18:10:42.0155 2072 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:10:42.0155 2072 RasPppoe - ok
18:10:42.0170 2072 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:10:42.0170 2072 RasSstp - ok
18:10:42.0201 2072 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
18:10:42.0217 2072 rdbss - ok
18:10:42.0233 2072 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
18:10:42.0248 2072 rdpbus - ok
18:10:42.0264 2072 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:10:42.0264 2072 RDPCDD - ok
18:10:42.0279 2072 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:10:42.0279 2072 RDPENCDD - ok
18:10:42.0279 2072 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:10:42.0295 2072 RDPREFMP - ok
18:10:42.0326 2072 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
18:10:42.0342 2072 RDPWD - ok
18:10:42.0357 2072 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
18:10:42.0373 2072 rdyboost - ok
18:10:42.0404 2072 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
18:10:42.0420 2072 RemoteAccess - ok
18:10:42.0435 2072 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
18:10:42.0451 2072 RemoteRegistry - ok
18:10:42.0467 2072 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
18:10:42.0482 2072 RFCOMM - ok
18:10:42.0498 2072 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
18:10:42.0498 2072 RpcEptMapper - ok
18:10:42.0498 2072 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
18:10:42.0513 2072 RpcLocator - ok
18:10:42.0545 2072 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
18:10:42.0545 2072 RpcSs - ok
18:10:42.0638 2072 RsFx0103 (cd553b8633466a6d1c115812f2619f1f) C:\Windows\system32\DRIVERS\RsFx0103.sys
18:10:42.0654 2072 RsFx0103 - ok
18:10:42.0701 2072 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:10:42.0701 2072 rspndr - ok
18:10:42.0732 2072 RTHDMIAzAudService (483c537e69fa97c77f7fe0e2e1c1f102) C:\Windows\system32\drivers\RtHDMIVX.sys
18:10:42.0747 2072 RTHDMIAzAudService - ok
18:10:42.0763 2072 SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
18:10:42.0763 2072 SamSs - ok
18:10:42.0794 2072 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
18:10:42.0794 2072 sbp2port - ok
18:10:42.0825 2072 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
18:10:42.0841 2072 SCardSvr - ok
18:10:42.0857 2072 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
18:10:42.0857 2072 scfilter - ok
18:10:42.0966 2072 Schedule (ec56b171f85c7e855e7b0588ac503eea) C:\Windows\system32\schedsvc.dll
18:10:43.0013 2072 Schedule - ok
18:10:43.0044 2072 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
18:10:43.0044 2072 SCPolicySvc - ok
18:10:43.0075 2072 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
18:10:43.0075 2072 SDRSVC - ok
18:10:43.0184 2072 SeaPort (78779ee07231c658b483b1f38b5088df) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
18:10:43.0200 2072 SeaPort - ok
18:10:43.0247 2072 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:10:43.0247 2072 secdrv - ok
18:10:43.0278 2072 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
18:10:43.0278 2072 seclogon - ok
18:10:43.0309 2072 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
18:10:43.0309 2072 SENS - ok
18:10:43.0325 2072 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
18:10:43.0325 2072 SensrSvc - ok
18:10:43.0340 2072 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
18:10:43.0340 2072 Serenum - ok
18:10:43.0371 2072 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
18:10:43.0371 2072 Serial - ok
18:10:43.0387 2072 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
18:10:43.0403 2072 sermouse - ok
18:10:43.0418 2072 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
18:10:43.0418 2072 SessionEnv - ok
18:10:43.0434 2072 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
18:10:43.0434 2072 sffdisk - ok
18:10:43.0449 2072 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
18:10:43.0449 2072 sffp_mmc - ok
18:10:43.0465 2072 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
18:10:43.0465 2072 sffp_sd - ok
18:10:43.0481 2072 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
18:10:43.0481 2072 sfloppy - ok
18:10:43.0527 2072 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
18:10:43.0543 2072 SharedAccess - ok
18:10:43.0574 2072 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
18:10:43.0590 2072 ShellHWDetection - ok
18:10:43.0621 2072 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
18:10:43.0621 2072 SiSGbeLH - ok
18:10:43.0652 2072 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:10:43.0652 2072 SiSRaid2 - ok
18:10:43.0668 2072 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
18:10:43.0668 2072 SiSRaid4 - ok
18:10:43.0683 2072 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:10:43.0683 2072 Smb - ok
18:10:43.0715 2072 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
18:10:43.0715 2072 SNMPTRAP - ok
18:10:43.0995 2072 SNP2UVC (7aec460dbdd193680f0e77724e40e7b6) C:\Windows\system32\DRIVERS\snp2uvc.sys
18:10:44.0011 2072 SNP2UVC - ok
18:10:44.0354 2072 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:10:44.0354 2072 spldr - ok
18:10:44.0432 2072 Spooler (89e8550c5862999fcf482ea562b0e98e) C:\Windows\System32\spoolsv.exe
18:10:44.0479 2072 Spooler - ok
18:10:44.0697 2072 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
18:10:44.0775 2072 sppsvc - ok
18:10:44.0885 2072 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
18:10:44.0885 2072 sppuinotify - ok
18:10:45.0587 2072 SQLAgent$SQLEXPRESS (12e6d95cde974b131defaa44bab8b056) c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
18:10:45.0618 2072 SQLAgent$SQLEXPRESS - ok
18:10:46.0398 2072 SQLBrowser (b54b48f6d92423440c264e91225c5ff1) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
18:10:46.0445 2072 SQLBrowser - ok
18:10:46.0882 2072 SQLWriter (6d65985945b03ca59b67d0b73702fc7b) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
18:10:46.0882 2072 SQLWriter - ok
18:10:47.0053 2072 srv (37c3abc2338010e110d2a6a3930f3149) C:\Windows\system32\DRIVERS\srv.sys
18:10:47.0069 2072 srv - ok
18:10:47.0100 2072 srv2 (f773d2ed090b7baa1c1a034f3ca476c8) C:\Windows\system32\DRIVERS\srv2.sys
18:10:47.0116 2072 srv2 - ok
18:10:47.0131 2072 srvnet (cce32bb223e9ff55d241099a858fa889) C:\Windows\system32\DRIVERS\srvnet.sys
18:10:47.0147 2072 srvnet - ok
18:10:47.0178 2072 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
18:10:47.0194 2072 SSDPSRV - ok
18:10:47.0209 2072 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
18:10:47.0209 2072 SstpSvc - ok
18:10:47.0287 2072 ssudmdm (daa02a6e84a4f99b5b9cd3ef8d59d652) C:\Windows\system32\DRIVERS\ssudmdm.sys
18:10:47.0303 2072 ssudmdm - ok
18:10:47.0365 2072 Steam Client Service - ok
18:10:47.0412 2072 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
18:10:47.0412 2072 stexstor - ok
18:10:47.0521 2072 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
18:10:47.0537 2072 stisvc - ok
18:10:47.0552 2072 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
18:10:47.0552 2072 swenum - ok
18:10:47.0662 2072 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
18:10:47.0693 2072 SwitchBoard - ok
18:10:47.0771 2072 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
18:10:47.0786 2072 swprv - ok
18:10:47.0818 2072 SynTP (2f827bb08cc7f1a17df2ead7b424d731) C:\Windows\system32\DRIVERS\SynTP.sys
18:10:47.0818 2072 SynTP - ok
18:10:48.0098 2072 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
18:10:48.0145 2072 SysMain - ok
18:10:48.0364 2072 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
18:10:48.0379 2072 TabletInputService - ok
18:10:48.0426 2072 tap0901t (b08740047145b9bce15bf75ca0f9718a) C:\Windows\system32\DRIVERS\tap0901t.sys
18:10:48.0426 2072 tap0901t - ok
18:10:48.0457 2072 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
18:10:48.0473 2072 TapiSrv - ok
18:10:48.0488 2072 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
18:10:48.0488 2072 TBS - ok
18:10:48.0847 2072 Tcpip (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\drivers\tcpip.sys
18:10:48.0894 2072 Tcpip - ok
18:10:49.0331 2072 TCPIP6 (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\DRIVERS\tcpip.sys
18:10:49.0331 2072 TCPIP6 - ok
18:10:49.0471 2072 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
18:10:49.0471 2072 tcpipreg - ok
18:10:49.0502 2072 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:10:49.0502 2072 TDPIPE - ok
18:10:49.0518 2072 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
18:10:49.0518 2072 TDTCP - ok
18:10:49.0534 2072 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
18:10:49.0534 2072 tdx - ok
18:10:49.0565 2072 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
18:10:49.0565 2072 TermDD - ok
18:10:49.0643 2072 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
18:10:49.0658 2072 TermService - ok
18:10:49.0674 2072 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
18:10:49.0674 2072 Themes - ok
18:10:49.0705 2072 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:10:49.0705 2072 THREADORDER - ok
18:10:49.0783 2072 tmtdi (065cb7d9278d778fb9ef62cead01433f) C:\Windows\system32\DRIVERS\tmtdi.sys
18:10:49.0783 2072 tmtdi - ok
18:10:49.0799 2072 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
18:10:49.0814 2072 TrkWks - ok
18:10:49.0861 2072 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
18:10:49.0877 2072 TrustedInstaller - ok
18:10:49.0908 2072 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:10:49.0908 2072 tssecsrv - ok
18:10:49.0939 2072 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
18:10:49.0955 2072 tunnel - ok
18:10:50.0080 2072 TunngleService (4a531079746d39026d975d3b02f7e452) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
18:10:50.0111 2072 TunngleService - ok
18:10:50.0126 2072 TurboB (fd24f98d2898be093fe926604be7db99) C:\Windows\system32\DRIVERS\TurboB.sys
18:10:50.0126 2072 TurboB - ok
18:10:50.0220 2072 TurboBoost (600b406a04d90f577fea8a88d7379f08) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
18:10:50.0220 2072 TurboBoost - ok
18:10:50.0251 2072 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
18:10:50.0251 2072 uagp35 - ok
18:10:50.0298 2072 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
18:10:50.0314 2072 udfs - ok
18:10:50.0345 2072 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
18:10:50.0345 2072 UI0Detect - ok
18:10:50.0360 2072 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
18:10:50.0360 2072 uliagpkx - ok
18:10:50.0392 2072 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
18:10:50.0392 2072 umbus - ok
18:10:50.0423 2072 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
18:10:50.0423 2072 UmPass - ok
18:10:50.0922 2072 UNS (41118d920b2b268c0adc36421248cdcf) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
18:10:50.0969 2072 UNS - ok
18:10:51.0172 2072 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
18:10:51.0187 2072 upnphost - ok
18:10:51.0281 2072 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
18:10:51.0296 2072 USBAAPL64 - ok
18:10:51.0312 2072 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
18:10:51.0328 2072 usbccgp - ok
18:10:51.0343 2072 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
18:10:51.0343 2072 usbcir - ok
18:10:51.0359 2072 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
18:10:51.0359 2072 usbehci - ok
18:10:51.0390 2072 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
18:10:51.0406 2072 usbhub - ok
18:10:51.0421 2072 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
18:10:51.0421 2072 usbohci - ok
18:10:51.0452 2072 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:10:51.0452 2072 usbprint - ok
18:10:51.0499 2072 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
18:10:51.0515 2072 usbscan - ok
18:10:51.0530 2072 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:10:51.0530 2072 USBSTOR - ok
18:10:51.0546 2072 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
18:10:51.0546 2072 usbuhci - ok
18:10:51.0577 2072 usbvideo (d501e12614b00a3252073101d6a1a74b) C:\Windows\system32\Drivers\usbvideo.sys
18:10:51.0593 2072 usbvideo - ok
18:10:51.0624 2072 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
18:10:51.0624 2072 UxSms - ok
18:10:51.0640 2072 VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
18:10:51.0640 2072 VaultSvc - ok
18:10:51.0671 2072 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
18:10:51.0671 2072 vdrvroot - ok
18:10:51.0733 2072 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
18:10:51.0749 2072 vds - ok
18:10:51.0764 2072 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:10:51.0764 2072 vga - ok
18:10:51.0780 2072 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:10:51.0780 2072 VgaSave - ok
18:10:51.0827 2072 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
18:10:51.0827 2072 vhdmp - ok
18:10:51.0858 2072 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
18:10:51.0858 2072 viaide - ok
18:10:51.0874 2072 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
18:10:51.0874 2072 volmgr - ok
18:10:51.0905 2072 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
18:10:51.0920 2072 volmgrx - ok
18:10:51.0952 2072 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
18:10:51.0967 2072 volsnap - ok
18:10:51.0983 2072 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
18:10:51.0998 2072 vsmraid - ok
18:10:52.0154 2072 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
18:10:52.0186 2072 VSS - ok
18:10:52.0498 2072 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
18:10:52.0498 2072 vwifibus - ok
18:10:52.0513 2072 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
18:10:52.0513 2072 vwififlt - ok
18:10:52.0560 2072 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
18:10:52.0576 2072 W32Time - ok
18:10:52.0607 2072 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
18:10:52.0607 2072 WacomPen - ok
18:10:52.0638 2072 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
18:10:52.0638 2072 WANARP - ok
18:10:52.0638 2072 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
18:10:52.0638 2072 Wanarpv6 - ok
18:10:52.0794 2072 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
18:10:52.0825 2072 wbengine - ok
18:10:52.0981 2072 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
18:10:52.0997 2072 WbioSrvc - ok
18:10:53.0028 2072 wcncsvc (8321c2ca3b62b61b293cda3451984468) C:\Windows\System32\wcncsvc.dll
18:10:53.0044 2072 wcncsvc - ok
18:10:53.0059 2072 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
18:10:53.0059 2072 WcsPlugInService - ok
18:10:53.0090 2072 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
18:10:53.0090 2072 Wd - ok
18:10:53.0153 2072 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:10:53.0168 2072 Wdf01000 - ok
18:10:53.0184 2072 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:10:53.0184 2072 WdiServiceHost - ok
18:10:53.0184 2072 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:10:53.0184 2072 WdiSystemHost - ok
18:10:53.0215 2072 WebClient (8a438cbb8c032a0c798b0c642ffbe572) C:\Windows\System32\webclnt.dll
18:10:53.0215 2072 WebClient - ok
18:10:53.0246 2072 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
18:10:53.0262 2072 Wecsvc - ok
18:10:53.0278 2072 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
18:10:53.0278 2072 wercplsupport - ok
18:10:53.0309 2072 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
18:10:53.0309 2072 WerSvc - ok
18:10:53.0340 2072 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:10:53.0340 2072 WfpLwf - ok
18:10:53.0371 2072 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
18:10:53.0387 2072 WimFltr - ok
18:10:53.0402 2072 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:10:53.0402 2072 WIMMount - ok
18:10:53.0449 2072 WinDefend - ok
18:10:53.0465 2072 WinHttpAutoProxySvc - ok
18:10:53.0543 2072 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
18:10:53.0543 2072 Winmgmt - ok
18:10:53.0917 2072 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
18:10:53.0964 2072 WinRM - ok
18:10:54.0307 2072 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
18:10:54.0307 2072 WinUsb - ok
18:10:54.0479 2072 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
18:10:54.0494 2072 Wlansvc - ok
18:10:54.0572 2072 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
18:10:54.0572 2072 wlcrasvc - ok
18:10:55.0103 2072 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:10:55.0150 2072 wlidsvc - ok
18:10:55.0321 2072 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
18:10:55.0321 2072 WmiAcpi - ok
18:10:55.0368 2072 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
18:10:55.0384 2072 wmiApSrv - ok
18:10:55.0430 2072 WMPNetworkSvc - ok
18:10:55.0462 2072 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
18:10:55.0462 2072 WPCSvc - ok
18:10:55.0477 2072 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
18:10:55.0493 2072 WPDBusEnum - ok
18:10:55.0508 2072 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:10:55.0508 2072 ws2ifsl - ok
18:10:55.0524 2072 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
18:10:55.0524 2072 wscsvc - ok
18:10:55.0540 2072 WSearch - ok
18:10:55.0852 2072 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
18:10:55.0898 2072 wuauserv - ok
18:10:56.0023 2072 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
18:10:56.0023 2072 WudfPf - ok
18:10:56.0070 2072 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:10:56.0070 2072 WUDFRd - ok
18:10:56.0101 2072 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
18:10:56.0101 2072 wudfsvc - ok
18:10:56.0132 2072 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
18:10:56.0148 2072 WwanSvc - ok
18:10:56.0179 2072 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
18:10:56.0881 2072 \Device\Harddisk0\DR0 - ok
18:10:56.0881 2072 Boot (0x1200) (2b9b056e20134d83a467210f7184adf4) \Device\Harddisk0\DR0\Partition0
18:10:56.0881 2072 \Device\Harddisk0\DR0\Partition0 - ok
18:10:56.0881 2072 ============================================================
18:10:56.0881 2072 Scan finished
18:10:56.0881 2072 ============================================================
18:10:56.0897 2240 Detected object count: 0
18:10:56.0897 2240 Actual detected object count: 0

#11 danny20051

danny20051
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:08 AM

Posted 18 June 2012 - 04:11 AM

heres the log for aswMBR:


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-18 18:15:32
-----------------------------
18:15:32.314 OS Version: Windows x64 6.1.7600
18:15:32.314 Number of processors: 8 586 0x1E05
18:15:32.314 ComputerName: DANNY-PC UserName: danny
18:15:34.342 Initialize success
18:15:41.097 AVAST engine defs: 12061800
18:15:46.229 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:15:46.229 Disk 0 Vendor: ST950042 0003 Size: 476940MB BusType: 3
18:15:46.245 Disk 0 MBR read successfully
18:15:46.260 Disk 0 MBR scan
18:15:46.260 Disk 0 Windows VISTA default MBR code
18:15:46.276 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 20001 MB offset 2048
18:15:46.291 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 456936 MB offset 40966144
18:15:46.307 Disk 0 scanning C:\Windows\system32\drivers
18:16:00.207 Service scanning
18:16:23.482 Modules scanning
18:16:23.482 Disk 0 trace - called modules:
18:16:23.513 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
18:16:23.513 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007ea8060]
18:16:23.529 3 CLASSPNP.SYS[fffff880013a443f] -> nt!IofCallDriver -> [0xfffffa8007bcd530]
18:16:23.529 5 ACPI.sys[fffff88000f4a781] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007bd3050]
18:16:25.089 AVAST engine scan C:\Windows
18:16:40.735 AVAST engine scan C:\Windows\system32
18:21:37.963 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
18:21:39.570 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
18:22:50.191 AVAST engine scan C:\Windows\system32\drivers
18:23:01.844 AVAST engine scan C:\Users\danny
18:32:35.410 AVAST engine scan C:\ProgramData
18:33:32.865 Scan finished successfully
18:34:08.043 Disk 0 MBR has been saved successfully to "C:\Users\danny\Desktop\MBR.dat"
18:34:08.059 The log file has been saved successfully to "C:\Users\danny\Desktop\aswMBR.txt"

Edited by danny20051, 18 June 2012 - 04:12 AM.


#12 danny20051

danny20051
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:08 AM

Posted 18 June 2012 - 04:14 AM

It seems to have found 2 threats, should i click fix MBR?

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:08 PM

Posted 18 June 2012 - 07:55 AM

Hello

no that is only part of the infection

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 danny20051

danny20051
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:08 AM

Posted 20 June 2012 - 03:09 AM

Hi, i'm having difficulty following this step, when i get into advance boot options i have no option "repair your computer" and i don't have my windows installation cd, i do believe i have a recovery partition if that helps.
what should i do?

Thanks, Danny

#15 danny20051

danny20051
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:08 AM

Posted 23 June 2012 - 02:59 AM

hey its been 3 days, just wondering if your still able to help or just been busy?

Thanks Danny




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users