Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer slowdown & suspicious catchme output


  • This topic is locked This topic is locked
5 replies to this topic

#1 jan641

jan641

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:17 PM

Posted 16 June 2012 - 03:23 PM

Hello, i've encountered performance drops with cpu usage <2% for few months now(games worked perfectly when installed first time; computer classification shows cpu rank 2.9 now, when i checked it for the first time it was 7.3), since the first problems i've reinstalled it 2 times, first one was about 1-2 months ago, second one was today. Both of them didn't fixed it. From tools i've used for scanning only catchme found something suspicious.
I'm using windows 7(only os with performance problems), Fedora and Arch linux.

Thank You for Your help!


DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Jasiek at 21:14:45 on 2012-06-16
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.48.1045.18.8173.6108 [GMT 2:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\notepad.exe
C:\Windows\system32\taskhost.exe
C:\Users\Jasiek\Desktop\65m63sm0.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: H - No File
BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO: Microsoft Web Test Recorder 10.0 Helper: {dda57003-0068-4ed2-9d32-4d1ec707d94d} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
EB: Web Test Recorder 10.0: {5802d092-1784-4908-8cdb-99b6842d353d} - mscoree.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll
TCP: DhcpNameServer = 208.67.222.220 208.67.220.222 208.67.220.220
TCP: Interfaces\{D1197AC6-AAE2-4E19-81E0-6473F10AFC04} : DhcpNameServer = 208.67.222.220 208.67.220.222 208.67.220.220
BHO-X64: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No File
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
BHO-X64: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No File
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{DDA57003-0068-4ed2-9D32-4D1EC707D94D}
EB-X64: {5802D092-1784-4908-8CDB-99B6842D353D} - No File
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jasiek\AppData\Roaming\Mozilla\Firefox\Profiles\4gefsh5x.default\
FF - prefs.js: network.proxy.ftp - 207.62.217.252:
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.http - 207.62.217.252:
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - 207.62.217.252:
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 207.62.217.252:
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\3.0.40818.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-6-16 1262400]
R2 rimspci;rimspci;C:\Windows\system32\drivers\rimssne64.sys --> C:\Windows\system32\drivers\rimssne64.sys [?]
R2 risdsnpe;risdsnpe;C:\Windows\system32\drivers\risdsne64.sys --> C:\Windows\system32\drivers\risdsne64.sys [?]
R3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\system32\drivers\btwampfl.sys --> C:\Windows\system32\drivers\btwampfl.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\drivers\nusb3hub.sys --> C:\Windows\system32\drivers\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\drivers\nusb3xhc.sys --> C:\Windows\system32\drivers\nusb3xhc.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys --> C:\Windows\system32\DRIVERS\SFEP.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows\system32\drivers\Impcd.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-16 113120]
S3 VSPerfDrv100;Performance Tools Driver 10.0;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-3-17 68440]
S3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S4 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S4 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-10-12 13336]
S4 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2012-6-16 575856]
S4 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update Common\VUAgent.exe [2012-1-13 1256040]
.
=============== Created Last 30 ================
.
2012-06-16 17:49:20 294912 ----a-w- C:\Windows\System32\browserchoice.exe
2012-06-16 17:48:04 98816 ----a-w- C:\Windows\sed.exe
2012-06-16 17:48:04 518144 ----a-w- C:\Windows\SWREG.exe
2012-06-16 17:48:04 256000 ----a-w- C:\Windows\PEV.exe
2012-06-16 17:48:04 208896 ----a-w- C:\Windows\MBR.exe
2012-06-16 17:47:53 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
2012-06-16 17:47:53 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
2012-06-16 17:47:53 182272 ----a-w- C:\Windows\System32\dnsrslvr.dll
2012-06-16 17:24:03 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2012-06-16 17:23:45 889664 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-06-16 17:23:45 63296 ----a-w- C:\Windows\System32\nvshext.dll
2012-06-16 17:23:45 6151488 ----a-w- C:\Windows\System32\nvcpl.dll
2012-06-16 17:23:45 3149632 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-06-16 17:23:45 2561856 ----a-w- C:\Windows\System32\nvsvcr.dll
2012-06-16 17:23:45 118080 ----a-w- C:\Windows\System32\nvmctray.dll
2012-06-16 17:23:21 68928 ----a-w- C:\Windows\System32\OpenCL.dll
2012-06-16 17:23:21 61248 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2012-06-16 17:23:16 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2012-06-16 17:19:48 -------- d-----w- C:\NVIDIA
2012-06-16 16:18:39 -------- d-----w- C:\Users\Jasiek\AppData\Local\Nokia
2012-06-16 15:01:57 -------- d-----w- C:\QtSDK
2012-06-16 14:57:37 -------- d-----w- C:\local
2012-06-16 14:56:29 -------- d-----w- C:\OpenSSL
2012-06-16 14:49:53 9849856 ----a-w- C:\Windows\QtGui4.dll
2012-06-16 14:49:53 566784 ----a-w- C:\Windows\qca-ossl2.dll
2012-06-16 14:49:53 2552320 ----a-w- C:\Windows\QtCore4.dll
2012-06-16 14:49:53 15964 ----a-w- C:\Windows\mingwm10.dll
2012-06-16 14:49:53 1323008 ----a-w- C:\Windows\qca2.dll
2012-06-16 14:49:53 1209344 ----a-w- C:\Windows\QtNetwork4.dll
2012-06-16 14:49:52 43008 ----a-w- C:\Windows\libgcc_s_dw2-1.dll
2012-06-16 14:47:45 -------- d-----w- C:\Program Files (x86)\Oracle
2012-06-16 14:47:41 772504 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-06-16 14:47:41 687504 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-06-16 14:23:54 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2012-06-16 14:23:53 -------- d-----w- C:\Program Files (x86)\Steam
2012-06-16 14:16:13 -------- d-----w- C:\Program Files\Microsoft SQL Server
2012-06-16 14:15:59 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server
2012-06-16 14:15:18 -------- d-----w- C:\Program Files\Microsoft Synchronization Services
2012-06-16 14:15:18 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition
2012-06-16 14:14:41 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2012-06-16 14:14:40 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2012-06-16 14:08:07 -------- d-----w- C:\Program Files (x86)\Microsoft ASP.NET
2012-06-16 14:08:05 -------- d-----w- C:\Program Files\IIS
2012-06-16 14:08:05 -------- d-----w- C:\Program Files (x86)\IIS
2012-06-16 14:07:40 1171520 ----a-w- C:\ProgramData\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-06-16 14:01:25 -------- d-----w- C:\Windows\SysWow64\1033
2012-06-16 14:00:56 -------- d-----w- C:\Program Files (x86)\HTML Help Workshop
2012-06-16 14:00:56 -------- d-----w- C:\Program Files (x86)\Common Files\Merge Modules
2012-06-16 14:00:55 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 10.0
2012-06-16 13:47:18 -------- d-----w- C:\Windows\System32\1033
2012-06-16 13:47:17 -------- d-----w- C:\Program Files\Microsoft Visual Studio 10.0
2012-06-16 13:47:17 -------- d-----w- C:\Program Files\Microsoft Help Viewer
2012-06-16 13:07:52 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2012-06-16 13:07:52 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2012-06-16 13:07:52 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2012-06-16 13:07:52 444752 ----a-w- C:\Windows\System32\mscoree.dll
2012-06-16 13:07:52 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2012-06-16 13:07:52 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2012-06-16 13:07:52 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2012-06-16 13:07:52 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2012-06-16 13:07:52 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2012-06-16 13:07:52 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2012-06-16 13:03:33 -------- d-----w- C:\Windows\SysWow64\Wat
2012-06-16 13:03:33 -------- d-----w- C:\Windows\System32\Wat
2012-06-16 12:56:14 -------- d-----w- C:\Program Files\Sony
2012-06-16 12:45:11 -------- d-----w- C:\Windows\PCHEALTH
2012-06-16 12:36:21 -------- d-----w- C:\Program Files (x86)\Drakensang Online
2012-06-16 12:31:25 -------- d---a-w- C:\res
2012-06-16 12:29:13 -------- d-----w- C:\Program Files\K2T
2012-06-16 12:29:12 -------- d-----w- C:\Users\Jasiek\AppData\Local\TempDIR
2012-06-16 12:19:54 -------- d---a-w- C:\Users\Jasiek\AppData\Roaming\.wtw
2012-06-16 12:19:02 -------- d---a-w- C:\Users\Jasiek\AppData\Roaming\.minecraft
2012-06-16 12:18:51 -------- d---a-w- C:\programy
2012-06-16 12:12:32 80896 ----a-w- C:\Windows\System32\imagehlp.dll
2012-06-16 12:12:32 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-06-16 12:12:32 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-06-16 12:12:32 22896 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-06-16 12:12:32 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-06-16 12:12:32 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-06-16 12:12:32 158720 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-06-16 12:10:09 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2012-06-16 12:10:09 184832 ----a-w- C:\Windows\System32\drivers\usbvideo.sys
2012-06-16 12:09:56 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-06-16 12:09:56 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-06-16 12:09:55 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-06-16 12:09:55 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-06-16 12:09:55 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-06-16 12:09:39 -------- d-----w- C:\Program Files (x86)\Evernote
2012-06-16 12:09:37 -------- d-----w- C:\ProgramData\Evernote
2012-06-16 12:07:56 1739160 ----a-w- C:\Windows\System32\ntdll.dll
2012-06-16 12:06:59 558592 ----a-w- C:\Windows\System32\spoolsv.exe
2012-06-16 12:05:53 -------- d-----w- C:\Windows\Sonysys
2012-06-16 12:04:45 -------- d-----w- C:\Program Files\Common Files\Sony Shared
2012-06-16 12:04:45 -------- d-----w- C:\Program Files (x86)\Common Files\Sony Shared
2012-06-16 12:03:16 213888 ----a-w- C:\Windows\System32\drivers\rdyboost.sys
2012-06-16 12:02:51 -------- d-----w- C:\Program Files\Apoint
2012-06-16 12:02:06 39464 ----a-w- C:\Windows\System32\drivers\btwl2cap.sys
2012-06-16 12:02:06 342056 ----a-w- C:\Windows\System32\drivers\btwampfl.sys
2012-06-16 12:02:06 21544 ----a-w- C:\Windows\System32\drivers\btwrchid.sys
2012-06-16 12:02:06 135720 ----a-w- C:\Windows\System32\drivers\btwavdt.sys
2012-06-16 12:02:06 102952 ----a-w- C:\Windows\System32\drivers\btwaudio.sys
2012-06-16 12:00:59 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2012-06-16 12:00:59 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2012-06-16 11:59:03 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4113A7AC-8D0B-4736-9866-967AD4FA76D8}\mpengine.dll
2012-06-16 11:59:02 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-06-16 11:58:32 5505392 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-06-16 11:58:30 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-06-16 11:58:30 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-06-16 11:57:53 -------- d-----w- C:\Users\Jasiek\AppData\Local\Macromedia
2012-06-16 11:57:36 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-16 11:57:36 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-16 11:57:30 516096 ----a-w- C:\Program Files\Windows Mail\wab.exe
2012-06-16 11:57:30 516096 ----a-w- C:\Program Files (x86)\Windows Mail\wab.exe
2012-06-16 11:57:30 35328 ----a-w- C:\Program Files\Windows Mail\wabfind.dll
2012-06-16 11:54:46 723456 ----a-w- C:\Windows\System32\EncDec.dll
2012-06-16 11:54:46 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2012-06-16 11:49:45 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2012-06-16 11:49:45 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2012-06-16 11:45:01 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe
2012-06-16 11:40:44 -------- d-----w- C:\Users\Jasiek\AppData\Roaming\Process Hacker 2
2012-06-16 11:36:32 -------- d-s---w- C:\Windows\SysWow64\Microsoft
2012-06-16 11:30:12 221184 ------w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2012-06-16 11:30:11 598016 ------w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\ikernel.exe
2012-06-16 11:30:11 53248 ------w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\msihook.dll
2012-06-16 11:30:11 32768 ------w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\objectps.dll
2012-06-16 11:30:11 217088 ------w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\iuser.dll
2012-06-16 11:30:11 126976 ------w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\knlwrap.exe
2012-06-16 11:30:10 114688 ------w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\scpthdlr.dll
2012-06-16 11:30:02 -------- d-----w- C:\Program Files (x86)\McAfee UnInstaller 6.5 Demo English
2012-06-16 11:17:55 -------- d-----w- C:\Update
.
==================== Find3M ====================
.
2012-05-15 10:48:00 8139072 ----a-w- C:\Windows\System32\nvcuda.dll
2012-05-15 01:32:20 3144192 ----a-w- C:\Windows\System32\win32k.sys
2012-05-10 19:11:00 58368 ----a-w- C:\Windows\gost.dll
2012-05-10 19:10:56 23552 ----a-w- C:\Windows\capi.dll
2012-05-10 19:10:56 12288 ----a-w- C:\Windows\padlock.dll
2012-05-10 19:10:54 17408 ----a-w- C:\Windows\sureware.dll
2012-05-10 19:10:54 17408 ----a-w- C:\Windows\chil.dll
2012-05-10 19:10:54 14848 ----a-w- C:\Windows\ubsec.dll
2012-05-10 19:10:54 10752 ----a-w- C:\Windows\nuron.dll
2012-05-10 19:10:52 7168 ----a-w- C:\Windows\gmp.dll
2012-05-10 19:10:52 15872 ----a-w- C:\Windows\cswift.dll
2012-05-10 19:10:52 14336 ----a-w- C:\Windows\4758cca.dll
2012-05-10 19:10:52 12800 ----a-w- C:\Windows\aep.dll
2012-05-10 19:10:52 11776 ----a-w- C:\Windows\atalla.dll
2012-05-02 05:32:43 208896 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:50:40 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-24 05:59:45 182272 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:59:45 1460224 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 05:59:45 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 04:47:04 139264 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:47:04 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-24 04:47:03 1156608 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-18 17:08:08 31040 ----a-w- C:\Windows\System32\nvhdap64.dll
2012-04-18 17:08:03 188736 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2012-04-18 17:08:02 1451840 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
2012-04-07 12:18:36 3213824 ----a-w- C:\Windows\System32\msi.dll
2012-04-07 11:34:37 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-03-30 11:09:53 1895280 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 21:15:09,40 ===============


Suspicious catchme log:
[code=auto:0]detected NTDLL code modification:
ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != 12, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != 48, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error

Attached Files


Edited by nasdaq, 20 June 2012 - 07:25 AM.


BC AdBot (Login to Remove)

 


#2 jan641

jan641
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:17 PM

Posted 18 June 2012 - 07:00 AM

Hello again, i found out what was the source of performance problems, it was caused by Inter turbo boost technology.It dynamically overclocks processor to save energy, it won't overclock it if it's temperature is >95*C - the part of laptop that failed was cooling system filled with dust after few months of using.
Anyways i still have a question about this suspicious catchme log, is it some sort of malware or just catchme is not supporting win7 x64?

#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:17 AM

Posted 20 June 2012 - 07:32 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===


This is the only suspicious item I found on your DDS log.

Do you know what this process does?

C:\Users\Jasiek\Desktop\65m63sm0.exe
===


Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#4 jan641

jan641
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:17 PM

Posted 20 June 2012 - 09:24 AM

Hello, thanks for reply,
it's gmer, i didn't closed it before starting dds scan.

TDSSKiller log:
15:59:08.0801 2784	TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
15:59:09.0053 2784	============================================================
15:59:09.0053 2784	Current date / time: 2012/06/20 15:59:09.0053
15:59:09.0053 2784	SystemInfo:
15:59:09.0053 2784	
15:59:09.0053 2784	OS Version: 6.1.7600 ServicePack: 0.0
15:59:09.0054 2784	Product type: Workstation
15:59:09.0054 2784	ComputerName: LAPTOP
15:59:09.0054 2784	UserName: Jasiek
15:59:09.0054 2784	Windows directory: C:\Windows
15:59:09.0054 2784	System windows directory: C:\Windows
15:59:09.0054 2784	Running under WOW64
15:59:09.0054 2784	Processor architecture: Intel x64
15:59:09.0054 2784	Number of processors: 8
15:59:09.0054 2784	Page size: 0x1000
15:59:09.0054 2784	Boot type: Normal boot
15:59:09.0054 2784	============================================================
15:59:09.0477 2784	Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:59:09.0492 2784	============================================================
15:59:09.0492 2784	\Device\Harddisk0\DR0:
15:59:09.0492 2784	MBR partitions:
15:59:09.0492 2784	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2003800, BlocksNum 0x32000
15:59:09.0492 2784	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2035800, BlocksNum 0x186A110F
15:59:09.0536 2784	\Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x22F8F92A, BlocksNum 0x11763BFD
15:59:09.0553 2784	\Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x346F3566, BlocksNum 0x1176429A
15:59:09.0582 2784	============================================================
15:59:09.0644 2784	C: <-> \Device\Harddisk0\DR0\Partition1
15:59:09.0662 2784	D: <-> \Device\Harddisk0\DR0\Partition2
15:59:09.0694 2784	E: <-> \Device\Harddisk0\DR0\Partition3
15:59:09.0695 2784	============================================================
15:59:09.0695 2784	Initialize success
15:59:09.0695 2784	============================================================
15:59:21.0915 1628	============================================================
15:59:21.0915 1628	Scan started
15:59:21.0915 1628	Mode: Manual; 
15:59:21.0915 1628	============================================================
15:59:22.0767 1628	1394ohci        (969c91060cbb5d17cb8440b5f78b4c51) C:\Windows\system32\drivers\1394ohci.sys
15:59:22.0771 1628	1394ohci - ok
15:59:22.0866 1628	ACPI            (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\drivers\ACPI.sys
15:59:22.0870 1628	ACPI - ok
15:59:22.0891 1628	AcpiPmi         (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\drivers\acpipmi.sys
15:59:22.0892 1628	AcpiPmi - ok
15:59:22.0956 1628	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
15:59:22.0962 1628	adp94xx - ok
15:59:22.0990 1628	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
15:59:22.0995 1628	adpahci - ok
15:59:23.0071 1628	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
15:59:23.0074 1628	adpu320 - ok
15:59:23.0118 1628	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
15:59:23.0119 1628	AeLookupSvc - ok
15:59:23.0184 1628	AFD             (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
15:59:23.0191 1628	AFD - ok
15:59:23.0224 1628	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:59:23.0225 1628	agp440 - ok
15:59:23.0234 1628	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
15:59:23.0236 1628	ALG - ok
15:59:23.0241 1628	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:59:23.0242 1628	aliide - ok
15:59:23.0248 1628	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:59:23.0249 1628	amdide - ok
15:59:23.0258 1628	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
15:59:23.0259 1628	AmdK8 - ok
15:59:23.0266 1628	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
15:59:23.0268 1628	AmdPPM - ok
15:59:23.0295 1628	amdsata         (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\DRIVERS\amdsata.sys
15:59:23.0297 1628	amdsata - ok
15:59:23.0322 1628	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
15:59:23.0324 1628	amdsbs - ok
15:59:23.0337 1628	amdxata         (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\DRIVERS\amdxata.sys
15:59:23.0339 1628	amdxata - ok
15:59:23.0395 1628	ApfiltrService  (2d45f2dfbc3d8f53df7ebeffa8c9bc38) C:\Windows\system32\DRIVERS\Apfiltr.sys
15:59:23.0399 1628	ApfiltrService - ok
15:59:23.0421 1628	AppID           (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
15:59:23.0423 1628	AppID - ok
15:59:23.0445 1628	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
15:59:23.0446 1628	AppIDSvc - ok
15:59:23.0454 1628	Appinfo         (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
15:59:23.0456 1628	Appinfo - ok
15:59:23.0485 1628	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
15:59:23.0487 1628	arc - ok
15:59:23.0503 1628	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
15:59:23.0505 1628	arcsas - ok
15:59:23.0724 1628	aspnet_state    (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:59:23.0750 1628	aspnet_state - ok
15:59:23.0776 1628	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:59:23.0778 1628	AsyncMac - ok
15:59:23.0809 1628	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:59:23.0810 1628	atapi - ok
15:59:24.0016 1628	athr            (08baaa2432e81031a6c3b11ad5a67e2b) C:\Windows\system32\DRIVERS\athrx.sys
15:59:24.0038 1628	athr - ok
15:59:24.0339 1628	AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
15:59:24.0350 1628	AudioEndpointBuilder - ok
15:59:24.0363 1628	AudioSrv        (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
15:59:24.0372 1628	AudioSrv - ok
15:59:24.0404 1628	AxInstSV        (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
15:59:24.0406 1628	AxInstSV - ok
15:59:24.0521 1628	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
15:59:24.0529 1628	b06bdrv - ok
15:59:24.0588 1628	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:59:24.0593 1628	b57nd60a - ok
15:59:24.0632 1628	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
15:59:24.0635 1628	BDESVC - ok
15:59:24.0640 1628	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:59:24.0641 1628	Beep - ok
15:59:24.0710 1628	BFE             (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
15:59:24.0722 1628	BFE - ok
15:59:24.0795 1628	BITS            (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll
15:59:24.0811 1628	BITS - ok
15:59:24.0894 1628	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
15:59:24.0896 1628	blbdrive - ok
15:59:24.0933 1628	bowser          (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
15:59:24.0936 1628	bowser - ok
15:59:24.0951 1628	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
15:59:24.0952 1628	BrFiltLo - ok
15:59:24.0958 1628	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
15:59:24.0959 1628	BrFiltUp - ok
15:59:24.0975 1628	BridgeMP        (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
15:59:24.0978 1628	BridgeMP - ok
15:59:25.0021 1628	Browser         (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
15:59:25.0024 1628	Browser - ok
15:59:25.0047 1628	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:59:25.0052 1628	Brserid - ok
15:59:25.0061 1628	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:59:25.0063 1628	BrSerWdm - ok
15:59:25.0076 1628	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:59:25.0077 1628	BrUsbMdm - ok
15:59:25.0084 1628	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:59:25.0085 1628	BrUsbSer - ok
15:59:25.0136 1628	BthEnum         (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
15:59:25.0138 1628	BthEnum - ok
15:59:25.0162 1628	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
15:59:25.0164 1628	BTHMODEM - ok
15:59:25.0187 1628	BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
15:59:25.0190 1628	BthPan - ok
15:59:25.0250 1628	BTHPORT         (21084ceb85280468c9aca3c805c0f8cf) C:\Windows\System32\Drivers\BTHport.sys
15:59:25.0260 1628	BTHPORT - ok
15:59:25.0302 1628	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
15:59:25.0304 1628	bthserv - ok
15:59:25.0324 1628	BTHUSB          (8504842634dd144c075b6b0c982ccec4) C:\Windows\System32\Drivers\BTHUSB.sys
15:59:25.0326 1628	BTHUSB - ok
15:59:25.0390 1628	btwampfl        (59e3510784548c6939c1b3b985c232e3) C:\Windows\system32\drivers\btwampfl.sys
15:59:25.0396 1628	btwampfl - ok
15:59:25.0430 1628	btwaudio        (1872074ed0a3fb22e3f1e3197b984bfa) C:\Windows\system32\drivers\btwaudio.sys
15:59:25.0432 1628	btwaudio - ok
15:59:25.0465 1628	btwavdt         (691cf076c33ab1c3a5b2fd5450300733) C:\Windows\system32\drivers\btwavdt.sys
15:59:25.0468 1628	btwavdt - ok
15:59:25.0672 1628	btwdins         (8ba6e93a182126781952a7895ec1e4b2) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
15:59:25.0689 1628	btwdins - ok
15:59:25.0728 1628	btwl2cap        (07096d2bc22ccb6cea5a532df0be8a75) C:\Windows\system32\DRIVERS\btwl2cap.sys
15:59:25.0730 1628	btwl2cap - ok
15:59:25.0746 1628	btwrchid        (c9273b20dec8ce38dbce5d29de63c907) C:\Windows\system32\DRIVERS\btwrchid.sys
15:59:25.0747 1628	btwrchid - ok
15:59:25.0787 1628	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:59:25.0789 1628	cdfs - ok
15:59:25.0817 1628	cdrom           (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
15:59:25.0821 1628	cdrom - ok
15:59:25.0859 1628	CertPropSvc     (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
15:59:25.0861 1628	CertPropSvc - ok
15:59:25.0870 1628	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
15:59:25.0872 1628	circlass - ok
15:59:25.0908 1628	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:59:25.0915 1628	CLFS - ok
15:59:26.0062 1628	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:59:26.0065 1628	clr_optimization_v2.0.50727_32 - ok
15:59:26.0157 1628	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:59:26.0163 1628	clr_optimization_v2.0.50727_64 - ok
15:59:26.0383 1628	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:59:26.0386 1628	clr_optimization_v4.0.30319_32 - ok
15:59:26.0516 1628	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:59:26.0549 1628	clr_optimization_v4.0.30319_64 - ok
15:59:26.0588 1628	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
15:59:26.0589 1628	CmBatt - ok
15:59:26.0593 1628	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:59:26.0594 1628	cmdide - ok
15:59:26.0656 1628	CNG             (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
15:59:26.0664 1628	CNG - ok
15:59:26.0698 1628	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
15:59:26.0699 1628	Compbatt - ok
15:59:26.0719 1628	CompositeBus    (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\drivers\CompositeBus.sys
15:59:26.0721 1628	CompositeBus - ok
15:59:26.0732 1628	COMSysApp - ok
15:59:26.0741 1628	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
15:59:26.0742 1628	crcdisk - ok
15:59:26.0778 1628	CryptSvc        (f02786b66375292e58c8777082d4396d) C:\Windows\system32\cryptsvc.dll
15:59:26.0781 1628	CryptSvc - ok
15:59:26.0838 1628	DcomLaunch      (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
15:59:26.0846 1628	DcomLaunch - ok
15:59:26.0891 1628	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
15:59:26.0896 1628	defragsvc - ok
15:59:26.0924 1628	DfsC            (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
15:59:26.0926 1628	DfsC - ok
15:59:26.0966 1628	Dhcp            (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
15:59:26.0969 1628	Dhcp - ok
15:59:26.0993 1628	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:59:26.0993 1628	discache - ok
15:59:27.0014 1628	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
15:59:27.0015 1628	Disk - ok
15:59:27.0056 1628	Dnscache        (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
15:59:27.0060 1628	Dnscache - ok
15:59:27.0104 1628	dot3svc         (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
15:59:27.0110 1628	dot3svc - ok
15:59:27.0133 1628	DPS             (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
15:59:27.0137 1628	DPS - ok
15:59:27.0152 1628	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:59:27.0153 1628	drmkaud - ok
15:59:27.0237 1628	DXGKrnl         (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
15:59:27.0252 1628	DXGKrnl - ok
15:59:27.0277 1628	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
15:59:27.0278 1628	EapHost - ok
15:59:27.0488 1628	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
15:59:27.0530 1628	ebdrv - ok
15:59:27.0786 1628	EFS             (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
15:59:27.0789 1628	EFS - ok
15:59:27.0932 1628	ehRecvr         (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
15:59:27.0943 1628	ehRecvr - ok
15:59:27.0976 1628	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
15:59:27.0979 1628	ehSched - ok
15:59:28.0101 1628	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
15:59:28.0109 1628	elxstor - ok
15:59:28.0115 1628	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:59:28.0116 1628	ErrDev - ok
15:59:28.0171 1628	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
15:59:28.0177 1628	EventSystem - ok
15:59:28.0217 1628	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:59:28.0220 1628	exfat - ok
15:59:28.0236 1628	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:59:28.0240 1628	fastfat - ok
15:59:28.0251 1628	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
15:59:28.0252 1628	fdc - ok
15:59:28.0263 1628	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
15:59:28.0265 1628	fdPHost - ok
15:59:28.0272 1628	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
15:59:28.0273 1628	FDResPub - ok
15:59:28.0281 1628	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:59:28.0283 1628	FileInfo - ok
15:59:28.0286 1628	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:59:28.0287 1628	Filetrace - ok
15:59:28.0308 1628	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
15:59:28.0309 1628	flpydisk - ok
15:59:28.0327 1628	FltMgr          (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
15:59:28.0330 1628	FltMgr - ok
15:59:28.0422 1628	FontCache       (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
15:59:28.0441 1628	FontCache - ok
15:59:28.0519 1628	FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:59:28.0520 1628	FontCache3.0.0.0 - ok
15:59:28.0604 1628	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:59:28.0606 1628	FsDepends - ok
15:59:28.0641 1628	Fs_Rec          (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
15:59:28.0642 1628	Fs_Rec - ok
15:59:28.0691 1628	fvevol          (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:59:28.0694 1628	fvevol - ok
15:59:28.0711 1628	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
15:59:28.0712 1628	gagp30kx - ok
15:59:28.0774 1628	gpsvc           (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
15:59:28.0784 1628	gpsvc - ok
15:59:29.0409 1628	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:59:29.0411 1628	hcw85cir - ok
15:59:29.0447 1628	HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
15:59:29.0453 1628	HdAudAddService - ok
15:59:29.0474 1628	HDAudBus        (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\drivers\HDAudBus.sys
15:59:29.0476 1628	HDAudBus - ok
15:59:29.0482 1628	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
15:59:29.0483 1628	HidBatt - ok
15:59:29.0505 1628	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
15:59:29.0508 1628	HidBth - ok
15:59:29.0516 1628	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
15:59:29.0517 1628	HidIr - ok
15:59:29.0544 1628	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
15:59:29.0545 1628	hidserv - ok
15:59:29.0550 1628	HidUsb          (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
15:59:29.0551 1628	HidUsb - ok
15:59:29.0582 1628	hkmsvc          (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
15:59:29.0584 1628	hkmsvc - ok
15:59:29.0618 1628	HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
15:59:29.0621 1628	HomeGroupListener - ok
15:59:29.0651 1628	HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
15:59:29.0655 1628	HomeGroupProvider - ok
15:59:29.0663 1628	HpSAMD          (0886d440058f203eba0e1825e4355914) C:\Windows\system32\drivers\HpSAMD.sys
15:59:29.0664 1628	HpSAMD - ok
15:59:29.0717 1628	HTTP            (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
15:59:29.0726 1628	HTTP - ok
15:59:29.0745 1628	hwpolicy        (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
15:59:29.0746 1628	hwpolicy - ok
15:59:29.0762 1628	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
15:59:29.0764 1628	i8042prt - ok
15:59:29.0807 1628	iaStor          (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\drivers\iaStor.sys
15:59:29.0812 1628	iaStor - ok
15:59:29.0888 1628	IAStorDataMgrSvc (31a0e93cdf29007d6c6fffb632f375ed) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
15:59:29.0889 1628	IAStorDataMgrSvc - ok
15:59:29.0979 1628	iaStorV         (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\DRIVERS\iaStorV.sys
15:59:29.0986 1628	iaStorV - ok
15:59:30.0139 1628	idsvc           (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:59:30.0152 1628	idsvc - ok
15:59:30.0190 1628	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
15:59:30.0192 1628	iirsp - ok
15:59:30.0274 1628	IKEEXT          (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
15:59:30.0288 1628	IKEEXT - ok
15:59:30.0334 1628	Impcd           (4b6363cd4610bb848531bb260b15dfcc) C:\Windows\system32\drivers\Impcd.sys
15:59:30.0337 1628	Impcd - ok
15:59:30.0507 1628	IntcAzAudAddService (526e482afb586cb1cdd687869decf686) C:\Windows\system32\drivers\RTKVHD64.sys
15:59:30.0530 1628	IntcAzAudAddService - ok
15:59:30.0817 1628	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:59:30.0817 1628	intelide - ok
15:59:30.0835 1628	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
15:59:30.0836 1628	intelppm - ok
15:59:30.0875 1628	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
15:59:30.0877 1628	IPBusEnum - ok
15:59:30.0894 1628	IpFilterDriver  (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:59:30.0895 1628	IpFilterDriver - ok
15:59:30.0903 1628	IPMIDRV         (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\drivers\IPMIDrv.sys
15:59:30.0904 1628	IPMIDRV - ok
15:59:30.0930 1628	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:59:30.0943 1628	IPNAT - ok
15:59:30.0947 1628	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:59:30.0948 1628	IRENUM - ok
15:59:30.0962 1628	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:59:30.0963 1628	isapnp - ok
15:59:31.0033 1628	iScsiPrt        (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\drivers\msiscsi.sys
15:59:31.0043 1628	iScsiPrt - ok
15:59:31.0061 1628	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
15:59:31.0064 1628	kbdclass - ok
15:59:31.0071 1628	kbdhid          (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
15:59:31.0072 1628	kbdhid - ok
15:59:31.0103 1628	KeyIso          (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
15:59:31.0104 1628	KeyIso - ok
15:59:31.0125 1628	KSecDD          (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
15:59:31.0126 1628	KSecDD - ok
15:59:31.0152 1628	KSecPkg         (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
15:59:31.0155 1628	KSecPkg - ok
15:59:31.0180 1628	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:59:31.0181 1628	ksthunk - ok
15:59:31.0231 1628	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
15:59:31.0237 1628	KtmRm - ok
15:59:31.0291 1628	LanmanServer    (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
15:59:31.0296 1628	LanmanServer - ok
15:59:31.0322 1628	LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
15:59:31.0326 1628	LanmanWorkstation - ok
15:59:31.0368 1628	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:59:31.0369 1628	lltdio - ok
15:59:31.0425 1628	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
15:59:31.0430 1628	lltdsvc - ok
15:59:31.0435 1628	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
15:59:31.0437 1628	lmhosts - ok
15:59:31.0489 1628	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
15:59:31.0491 1628	LSI_FC - ok
15:59:31.0501 1628	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
15:59:31.0504 1628	LSI_SAS - ok
15:59:31.0511 1628	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
15:59:31.0513 1628	LSI_SAS2 - ok
15:59:31.0524 1628	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
15:59:31.0526 1628	LSI_SCSI - ok
15:59:31.0537 1628	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:59:31.0540 1628	luafv - ok
15:59:31.0556 1628	Mcx2Svc         (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
15:59:31.0558 1628	Mcx2Svc - ok
15:59:31.0565 1628	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
15:59:31.0566 1628	megasas - ok
15:59:31.0587 1628	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
15:59:31.0591 1628	MegaSR - ok
15:59:31.0607 1628	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:59:31.0609 1628	MMCSS - ok
15:59:31.0617 1628	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:59:31.0618 1628	Modem - ok
15:59:31.0623 1628	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:59:31.0624 1628	monitor - ok
15:59:31.0649 1628	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:59:31.0651 1628	mouclass - ok
15:59:31.0656 1628	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:59:31.0657 1628	mouhid - ok
15:59:31.0678 1628	mountmgr        (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
15:59:31.0679 1628	mountmgr - ok
15:59:31.0781 1628	MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:59:31.0784 1628	MozillaMaintenance - ok
15:59:31.0800 1628	mpio            (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\drivers\mpio.sys
15:59:31.0804 1628	mpio - ok
15:59:31.0822 1628	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:59:31.0824 1628	mpsdrv - ok
15:59:31.0920 1628	MpsSvc          (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
15:59:31.0935 1628	MpsSvc - ok
15:59:31.0949 1628	MRxDAV          (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
15:59:31.0951 1628	MRxDAV - ok
15:59:32.0000 1628	mrxsmb          (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:59:32.0004 1628	mrxsmb - ok
15:59:32.0049 1628	mrxsmb10        (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:59:32.0053 1628	mrxsmb10 - ok
15:59:32.0081 1628	mrxsmb20        (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:59:32.0083 1628	mrxsmb20 - ok
15:59:32.0103 1628	msahci          (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\drivers\msahci.sys
15:59:32.0105 1628	msahci - ok
15:59:32.0121 1628	msdsm           (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\drivers\msdsm.sys
15:59:32.0124 1628	msdsm - ok
15:59:32.0153 1628	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
15:59:32.0157 1628	MSDTC - ok
15:59:32.0190 1628	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:59:32.0191 1628	Msfs - ok
15:59:32.0216 1628	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:59:32.0217 1628	mshidkmdf - ok
15:59:32.0224 1628	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:59:32.0225 1628	msisadrv - ok
15:59:32.0257 1628	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
15:59:32.0261 1628	MSiSCSI - ok
15:59:32.0265 1628	msiserver - ok
15:59:32.0283 1628	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:59:32.0284 1628	MSKSSRV - ok
15:59:32.0289 1628	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:59:32.0291 1628	MSPCLOCK - ok
15:59:32.0296 1628	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:59:32.0297 1628	MSPQM - ok
15:59:32.0324 1628	MsRPC           (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
15:59:32.0330 1628	MsRPC - ok
15:59:32.0340 1628	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
15:59:32.0341 1628	mssmbios - ok
15:59:32.0346 1628	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:59:32.0347 1628	MSTEE - ok
15:59:32.0353 1628	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
15:59:32.0355 1628	MTConfig - ok
15:59:32.0363 1628	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:59:32.0365 1628	Mup - ok
15:59:32.0411 1628	napagent        (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
15:59:32.0420 1628	napagent - ok
15:59:32.0464 1628	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:59:32.0470 1628	NativeWifiP - ok
15:59:32.0547 1628	NDIS            (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
15:59:32.0561 1628	NDIS - ok
15:59:32.0576 1628	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:59:32.0577 1628	NdisCap - ok
15:59:32.0587 1628	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:59:32.0588 1628	NdisTapi - ok
15:59:32.0597 1628	Ndisuio         (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
15:59:32.0598 1628	Ndisuio - ok
15:59:32.0609 1628	NdisWan         (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
15:59:32.0612 1628	NdisWan - ok
15:59:32.0624 1628	NDProxy         (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
15:59:32.0625 1628	NDProxy - ok
15:59:32.0630 1628	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:59:32.0631 1628	NetBIOS - ok
15:59:32.0657 1628	NetBT           (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
15:59:32.0659 1628	NetBT - ok
15:59:32.0686 1628	Netlogon        (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
15:59:32.0687 1628	Netlogon - ok
15:59:32.0725 1628	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
15:59:32.0729 1628	Netman - ok
15:59:32.0967 1628	NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:59:32.0970 1628	NetMsmqActivator - ok
15:59:32.0976 1628	NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:59:32.0978 1628	NetPipeActivator - ok
15:59:33.0035 1628	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
15:59:33.0043 1628	netprofm - ok
15:59:33.0050 1628	NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:59:33.0052 1628	NetTcpActivator - ok
15:59:33.0057 1628	NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:59:33.0058 1628	NetTcpPortSharing - ok
15:59:33.0152 1628	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
15:59:33.0154 1628	nfrd960 - ok
15:59:33.0197 1628	NlaSvc          (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
15:59:33.0203 1628	NlaSvc - ok
15:59:33.0211 1628	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:59:33.0212 1628	Npfs - ok
15:59:33.0226 1628	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
15:59:33.0228 1628	nsi - ok
15:59:33.0233 1628	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:59:33.0234 1628	nsiproxy - ok
15:59:33.0352 1628	Ntfs            (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
15:59:33.0373 1628	Ntfs - ok
15:59:33.0669 1628	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:59:33.0670 1628	Null - ok
15:59:33.0711 1628	nusb3hub        (285acec1b13a15ba520aae06bacb9cff) C:\Windows\system32\drivers\nusb3hub.sys
15:59:33.0714 1628	nusb3hub - ok
15:59:33.0752 1628	nusb3xhc        (f6d625ff7b56bb6ea063f0d3a5bbc996) C:\Windows\system32\drivers\nusb3xhc.sys
15:59:33.0756 1628	nusb3xhc - ok
15:59:33.0810 1628	NVHDA           (102806b360d0e6bc6e55bf47ef655d43) C:\Windows\system32\drivers\nvhda64v.sys
15:59:33.0814 1628	NVHDA - ok
15:59:34.0758 1628	nvlddmkm        (ba0b4889c40380a01ecdf84c227a89c9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:59:34.0964 1628	nvlddmkm - ok
15:59:35.0310 1628	nvraid          (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\DRIVERS\nvraid.sys
15:59:35.0313 1628	nvraid - ok
15:59:35.0361 1628	nvstor          (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\DRIVERS\nvstor.sys
15:59:35.0365 1628	nvstor - ok
15:59:35.0462 1628	nvsvc           (06633cf95bea62164c3bfca24bce6b11) C:\Windows\system32\nvvsvc.exe
15:59:35.0477 1628	nvsvc - ok
15:59:35.0639 1628	nvUpdatusService (53b629ce436b110c5689c2f6439e567b) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
15:59:35.0659 1628	nvUpdatusService - ok
15:59:36.0013 1628	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:59:36.0016 1628	nv_agp - ok
15:59:36.0046 1628	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:59:36.0048 1628	ohci1394 - ok
15:59:36.0100 1628	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:59:36.0108 1628	p2pimsvc - ok
15:59:36.0146 1628	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
15:59:36.0155 1628	p2psvc - ok
15:59:36.0168 1628	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
15:59:36.0170 1628	Parport - ok
15:59:36.0199 1628	partmgr         (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys
15:59:36.0201 1628	partmgr - ok
15:59:36.0216 1628	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
15:59:36.0220 1628	PcaSvc - ok
15:59:36.0235 1628	pci             (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\drivers\pci.sys
15:59:36.0238 1628	pci - ok
15:59:36.0242 1628	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:59:36.0243 1628	pciide - ok
15:59:36.0274 1628	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
15:59:36.0278 1628	pcmcia - ok
15:59:36.0285 1628	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:59:36.0287 1628	pcw - ok
15:59:36.0325 1628	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:59:36.0334 1628	PEAUTH - ok
15:59:36.0567 1628	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
15:59:36.0570 1628	PerfHost - ok
15:59:36.0689 1628	pla             (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
15:59:36.0711 1628	pla - ok
15:59:36.0773 1628	PlugPlay        (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
15:59:36.0782 1628	PlugPlay - ok
15:59:36.0798 1628	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
15:59:36.0801 1628	PNRPAutoReg - ok
15:59:36.0825 1628	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:59:36.0830 1628	PNRPsvc - ok
15:59:36.0878 1628	PolicyAgent     (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
15:59:36.0887 1628	PolicyAgent - ok
15:59:36.0925 1628	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
15:59:36.0930 1628	Power - ok
15:59:37.0041 1628	PptpMiniport    (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
15:59:37.0044 1628	PptpMiniport - ok
15:59:37.0060 1628	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
15:59:37.0062 1628	Processor - ok
15:59:37.0105 1628	ProfSvc         (97293447431311c06703368ad0f6c4be) C:\Windows\system32\profsvc.dll
15:59:37.0110 1628	ProfSvc - ok
15:59:37.0136 1628	ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
15:59:37.0138 1628	ProtectedStorage - ok
15:59:37.0168 1628	Psched          (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
15:59:37.0171 1628	Psched - ok
15:59:37.0292 1628	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
15:59:37.0312 1628	ql2300 - ok
15:59:37.0627 1628	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
15:59:37.0630 1628	ql40xx - ok
15:59:37.0666 1628	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
15:59:37.0672 1628	QWAVE - ok
15:59:37.0681 1628	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:59:37.0683 1628	QWAVEdrv - ok
15:59:37.0689 1628	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:59:37.0690 1628	RasAcd - ok
15:59:37.0730 1628	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:59:37.0732 1628	RasAgileVpn - ok
15:59:37.0764 1628	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
15:59:37.0768 1628	RasAuto - ok
15:59:37.0782 1628	Rasl2tp         (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:59:37.0785 1628	Rasl2tp - ok
15:59:37.0816 1628	RasMan          (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
15:59:37.0824 1628	RasMan - ok
15:59:37.0837 1628	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:59:37.0839 1628	RasPppoe - ok
15:59:37.0850 1628	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:59:37.0852 1628	RasSstp - ok
15:59:37.0889 1628	rdbss           (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
15:59:37.0895 1628	rdbss - ok
15:59:37.0901 1628	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
15:59:37.0903 1628	rdpbus - ok
15:59:37.0908 1628	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:59:37.0909 1628	RDPCDD - ok
15:59:37.0920 1628	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:59:37.0921 1628	RDPENCDD - ok
15:59:37.0931 1628	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:59:37.0931 1628	RDPREFMP - ok
15:59:37.0970 1628	RDPWD           (447de7e3dea39d422c1504f245b668b1) C:\Windows\system32\drivers\RDPWD.sys
15:59:37.0973 1628	RDPWD - ok
15:59:38.0016 1628	rdyboost        (e5dc9ba9e439d6dbdd79f8caacb5bf01) C:\Windows\system32\drivers\rdyboost.sys
15:59:38.0019 1628	rdyboost - ok
15:59:38.0029 1628	regi - ok
15:59:38.0064 1628	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
15:59:38.0068 1628	RemoteAccess - ok
15:59:38.0098 1628	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
15:59:38.0102 1628	RemoteRegistry - ok
15:59:38.0147 1628	RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
15:59:38.0150 1628	RFCOMM - ok
15:59:38.0193 1628	rimspci         (fa6abc06b629da29634d31f1fe0347bd) C:\Windows\system32\drivers\rimssne64.sys
15:59:38.0196 1628	rimspci - ok
15:59:38.0207 1628	risdsnpe        (8f8539a7f5c117d4407b2985995671f2) C:\Windows\system32\drivers\risdsne64.sys
15:59:38.0209 1628	risdsnpe - ok
15:59:38.0227 1628	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
15:59:38.0230 1628	RpcEptMapper - ok
15:59:38.0259 1628	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
15:59:38.0261 1628	RpcLocator - ok
15:59:38.0307 1628	RpcSs           (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
15:59:38.0315 1628	RpcSs - ok
15:59:38.0327 1628	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:59:38.0329 1628	rspndr - ok
15:59:38.0353 1628	SamSs           (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
15:59:38.0354 1628	SamSs - ok
15:59:38.0373 1628	sbp2port        (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\drivers\sbp2port.sys
15:59:38.0375 1628	sbp2port - ok
15:59:38.0407 1628	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
15:59:38.0410 1628	SCardSvr - ok
15:59:38.0428 1628	scfilter        (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
15:59:38.0429 1628	scfilter - ok
15:59:38.0504 1628	Schedule        (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
15:59:38.0519 1628	Schedule - ok
15:59:38.0548 1628	SCPolicySvc     (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
15:59:38.0550 1628	SCPolicySvc - ok
15:59:38.0576 1628	sdbus           (2c8d162efaf73abd36d8bcbb6340cae7) C:\Windows\system32\DRIVERS\sdbus.sys
15:59:38.0578 1628	sdbus - ok
15:59:38.0598 1628	SDRSVC          (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
15:59:38.0602 1628	SDRSVC - ok
15:59:38.0634 1628	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:59:38.0635 1628	secdrv - ok
15:59:38.0662 1628	seclogon        (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
15:59:38.0664 1628	seclogon - ok
15:59:38.0692 1628	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
15:59:38.0694 1628	SENS - ok
15:59:38.0704 1628	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
15:59:38.0707 1628	SensrSvc - ok
15:59:38.0720 1628	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
15:59:38.0722 1628	Serenum - ok
15:59:38.0742 1628	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
15:59:38.0744 1628	Serial - ok
15:59:38.0750 1628	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
15:59:38.0751 1628	sermouse - ok
15:59:38.0777 1628	SessionEnv      (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
15:59:38.0780 1628	SessionEnv - ok
15:59:38.0806 1628	SFEP            (286d3889e6ab5589646ff8a63cb928ae) C:\Windows\system32\DRIVERS\SFEP.sys
15:59:38.0808 1628	SFEP - ok
15:59:38.0819 1628	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:59:38.0820 1628	sffdisk - ok
15:59:38.0825 1628	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:59:38.0826 1628	sffp_mmc - ok
15:59:38.0831 1628	sffp_sd         (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\drivers\sffp_sd.sys
15:59:38.0832 1628	sffp_sd - ok
15:59:38.0837 1628	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
15:59:38.0838 1628	sfloppy - ok
15:59:38.0883 1628	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
15:59:38.0887 1628	SharedAccess - ok
15:59:38.0925 1628	ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
15:59:38.0929 1628	ShellHWDetection - ok
15:59:38.0943 1628	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
15:59:38.0944 1628	SiSRaid2 - ok
15:59:38.0966 1628	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
15:59:38.0968 1628	SiSRaid4 - ok
15:59:38.0984 1628	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:59:38.0985 1628	Smb - ok
15:59:39.0022 1628	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
15:59:39.0025 1628	SNMPTRAP - ok
15:59:39.0670 1628	speedfan        (12583af6cbe0050651eaf2723b3ad7b3) C:\Windows\syswow64\speedfan.sys
15:59:39.0673 1628	speedfan - ok
15:59:39.0708 1628	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:59:39.0710 1628	spldr - ok
15:59:39.0767 1628	Spooler         (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
15:59:39.0778 1628	Spooler - ok
15:59:40.0037 1628	sppsvc          (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
15:59:40.0071 1628	sppsvc - ok
15:59:40.0337 1628	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
15:59:40.0341 1628	sppuinotify - ok
15:59:40.0461 1628	srv             (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
15:59:40.0469 1628	srv - ok
15:59:40.0519 1628	srv2            (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
15:59:40.0526 1628	srv2 - ok
15:59:40.0548 1628	srvnet          (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
15:59:40.0552 1628	srvnet - ok
15:59:40.0596 1628	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
15:59:40.0602 1628	SSDPSRV - ok
15:59:40.0612 1628	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
15:59:40.0616 1628	SstpSvc - ok
15:59:40.0678 1628	Steam Client Service - ok
15:59:40.0786 1628	Stereo Service  (c354621b6b94e10ae7f5cdbe745feb86) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
15:59:40.0793 1628	Stereo Service - ok
15:59:40.0824 1628	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
15:59:40.0825 1628	stexstor - ok
15:59:40.0889 1628	stisvc          (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
15:59:40.0899 1628	stisvc - ok
15:59:40.0906 1628	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
15:59:40.0907 1628	swenum - ok
15:59:40.0958 1628	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
15:59:40.0968 1628	swprv - ok
15:59:41.0083 1628	SysMain         (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
15:59:41.0102 1628	SysMain - ok
15:59:41.0359 1628	TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
15:59:41.0363 1628	TabletInputService - ok
15:59:41.0392 1628	TapiSrv         (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
15:59:41.0399 1628	TapiSrv - ok
15:59:41.0412 1628	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
15:59:41.0415 1628	TBS - ok
15:59:41.0639 1628	Tcpip           (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys
15:59:41.0664 1628	Tcpip - ok
15:59:42.0177 1628	TCPIP6          (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys
15:59:42.0199 1628	TCPIP6 - ok
15:59:42.0526 1628	tcpipreg        (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
15:59:42.0527 1628	tcpipreg - ok
15:59:42.0537 1628	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:59:42.0538 1628	TDPIPE - ok
15:59:42.0559 1628	TDTCP           (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
15:59:42.0561 1628	TDTCP - ok
15:59:42.0574 1628	tdx             (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
15:59:42.0576 1628	tdx - ok
15:59:42.0586 1628	TermDD          (c448651339196c0e869a355171875522) C:\Windows\system32\drivers\termdd.sys
15:59:42.0588 1628	TermDD - ok
15:59:42.0662 1628	TermService     (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
15:59:42.0674 1628	TermService - ok
15:59:42.0692 1628	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
15:59:42.0695 1628	Themes - ok
15:59:42.0715 1628	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:59:42.0717 1628	THREADORDER - ok
15:59:42.0739 1628	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
15:59:42.0743 1628	TrkWks - ok
15:59:42.0800 1628	truecrypt       (370a6907ddf79532a39319492b1fa38a) C:\Windows\system32\drivers\truecrypt.sys
15:59:42.0803 1628	truecrypt - ok
15:59:42.0850 1628	TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
15:59:42.0853 1628	TrustedInstaller - ok
15:59:42.0879 1628	tssecsrv        (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:59:42.0881 1628	tssecsrv - ok
15:59:42.0900 1628	tunnel          (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
15:59:42.0903 1628	tunnel - ok
15:59:42.0948 1628	TurboB          (42350e49da754d2d77362fdae3491651) C:\Windows\system32\DRIVERS\TurboB.sys
15:59:42.0949 1628	TurboB - ok
15:59:43.0036 1628	TurboBoost      (4f4b0ab2fb69c414ccbcef7cf2e1c8d8) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
15:59:43.0039 1628	TurboBoost - ok
15:59:43.0050 1628	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
15:59:43.0052 1628	uagp35 - ok
15:59:43.0090 1628	udfs            (0e5e962b5649d544be54e8c90761ea2b) C:\Windows\system32\DRIVERS\udfs.sys
15:59:43.0107 1628	udfs - ok
15:59:43.0134 1628	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
15:59:43.0138 1628	UI0Detect - ok
15:59:43.0156 1628	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:59:43.0158 1628	uliagpkx - ok
15:59:43.0165 1628	umbus           (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
15:59:43.0166 1628	umbus - ok
15:59:43.0171 1628	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
15:59:43.0172 1628	UmPass - ok
15:59:43.0212 1628	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
15:59:43.0220 1628	upnphost - ok
15:59:43.0253 1628	usbccgp         (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
15:59:43.0256 1628	usbccgp - ok
15:59:43.0281 1628	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:59:43.0283 1628	usbcir - ok
15:59:43.0309 1628	usbehci         (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
15:59:43.0311 1628	usbehci - ok
15:59:43.0358 1628	usbhub          (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
15:59:43.0364 1628	usbhub - ok
15:59:43.0387 1628	usbohci         (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\DRIVERS\usbohci.sys
15:59:43.0388 1628	usbohci - ok
15:59:43.0412 1628	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
15:59:43.0413 1628	usbprint - ok
15:59:43.0447 1628	USBSTOR         (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:59:43.0450 1628	USBSTOR - ok
15:59:43.0481 1628	usbuhci         (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\DRIVERS\usbuhci.sys
15:59:43.0482 1628	usbuhci - ok
15:59:43.0528 1628	usbvideo        (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
15:59:43.0531 1628	usbvideo - ok
15:59:43.0558 1628	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
15:59:43.0561 1628	UxSms - ok
15:59:43.0691 1628	VAIO Event Service (a60605fc66552b421ee1f3d4ebb9a4e0) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
15:59:43.0697 1628	VAIO Event Service - ok
15:59:43.0842 1628	VAIO Power Management (d469be2723f79cf4b384680b1fdc577d) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
15:59:43.0868 1628	VAIO Power Management - ok
15:59:43.0904 1628	VaultSvc        (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
15:59:43.0906 1628	VaultSvc - ok
15:59:43.0952 1628	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:59:43.0954 1628	vdrvroot - ok
15:59:44.0014 1628	vds             (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
15:59:44.0024 1628	vds - ok
15:59:44.0030 1628	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:59:44.0032 1628	vga - ok
15:59:44.0036 1628	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:59:44.0037 1628	VgaSave - ok
15:59:44.0053 1628	vhdmp           (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\drivers\vhdmp.sys
15:59:44.0056 1628	vhdmp - ok
15:59:44.0060 1628	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:59:44.0061 1628	viaide - ok
15:59:44.0068 1628	volmgr          (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\drivers\volmgr.sys
15:59:44.0070 1628	volmgr - ok
15:59:44.0100 1628	volmgrx         (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
15:59:44.0104 1628	volmgrx - ok
15:59:44.0124 1628	volsnap         (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\drivers\volsnap.sys
15:59:44.0128 1628	volsnap - ok
15:59:44.0149 1628	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
15:59:44.0152 1628	vsmraid - ok
15:59:44.0314 1628	VSPerfDrv100    (1928b9ca20f51bfbbad54d2c2c447b13) C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys
15:59:44.0319 1628	VSPerfDrv100 - ok
15:59:44.0449 1628	VSS             (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
15:59:44.0478 1628	VSS - ok
15:59:44.0621 1628	VUAgent         (fb4a1695d2d74f9c92ca5e84795cdbe1) C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
15:59:44.0636 1628	VUAgent - ok
15:59:44.0948 1628	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
15:59:44.0949 1628	vwifibus - ok
15:59:44.0957 1628	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
15:59:44.0958 1628	vwififlt - ok
15:59:45.0002 1628	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
15:59:45.0009 1628	W32Time - ok
15:59:45.0019 1628	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
15:59:45.0020 1628	WacomPen - ok
15:59:45.0040 1628	WANARP          (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
15:59:45.0041 1628	WANARP - ok
15:59:45.0045 1628	Wanarpv6        (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
15:59:45.0046 1628	Wanarpv6 - ok
15:59:45.0157 1628	WatAdminSvc     (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
15:59:45.0172 1628	WatAdminSvc - ok
15:59:45.0274 1628	wbengine        (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
15:59:45.0293 1628	wbengine - ok
15:59:45.0546 1628	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
15:59:45.0552 1628	WbioSrvc - ok
15:59:45.0606 1628	wcncsvc         (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
15:59:45.0615 1628	wcncsvc - ok
15:59:45.0634 1628	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
15:59:45.0636 1628	WcsPlugInService - ok
15:59:45.0743 1628	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
15:59:45.0745 1628	Wd - ok
15:59:45.0789 1628	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:59:45.0800 1628	Wdf01000 - ok
15:59:45.0814 1628	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:59:45.0817 1628	WdiServiceHost - ok
15:59:45.0820 1628	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:59:45.0823 1628	WdiSystemHost - ok
15:59:45.0864 1628	WebClient       (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
15:59:45.0871 1628	WebClient - ok
15:59:45.0916 1628	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
15:59:45.0922 1628	Wecsvc - ok
15:59:45.0937 1628	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
15:59:45.0941 1628	wercplsupport - ok
15:59:45.0959 1628	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
15:59:45.0962 1628	WerSvc - ok
15:59:46.0054 1628	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:59:46.0056 1628	WfpLwf - ok
15:59:46.0063 1628	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:59:46.0065 1628	WIMMount - ok
15:59:46.0111 1628	WinDefend - ok
15:59:46.0131 1628	WinHttpAutoProxySvc - ok
15:59:46.0252 1628	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
15:59:46.0257 1628	Winmgmt - ok
15:59:46.0404 1628	WinRM           (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
15:59:46.0432 1628	WinRM - ok
15:59:46.0763 1628	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
15:59:46.0780 1628	Wlansvc - ok
15:59:46.0881 1628	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
15:59:46.0882 1628	WmiAcpi - ok
15:59:46.0998 1628	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
15:59:47.0002 1628	wmiApSrv - ok
15:59:47.0057 1628	WMPNetworkSvc - ok
15:59:47.0090 1628	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
15:59:47.0093 1628	WPCSvc - ok
15:59:47.0106 1628	WPDBusEnum      (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
15:59:47.0110 1628	WPDBusEnum - ok
15:59:47.0141 1628	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:59:47.0142 1628	ws2ifsl - ok
15:59:47.0173 1628	wscsvc          (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll
15:59:47.0178 1628	wscsvc - ok
15:59:47.0183 1628	WSearch - ok
15:59:47.0340 1628	wuauserv        (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
15:59:47.0366 1628	wuauserv - ok
15:59:47.0677 1628	WudfPf          (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
15:59:47.0680 1628	WudfPf - ok
15:59:47.0711 1628	WUDFRd          (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:59:47.0715 1628	WUDFRd - ok
15:59:47.0750 1628	wudfsvc         (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
15:59:47.0753 1628	wudfsvc - ok
15:59:47.0782 1628	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
15:59:47.0787 1628	WwanSvc - ok
15:59:47.0839 1628	yukonw7         (5250193ef8e173aa7491250f00eb367f) C:\Windows\system32\DRIVERS\yk62x64.sys
15:59:47.0844 1628	yukonw7 - ok
15:59:47.0878 1628	MBR (0x1B8)     (f38037062fb813b1ac39c8d27026ce9f) \Device\Harddisk0\DR0
15:59:47.0885 1628	\Device\Harddisk0\DR0 - ok
15:59:47.0901 1628	Boot (0x1200)   (4427fa2dabd51397db35eabb7fd3d221) \Device\Harddisk0\DR0\Partition0
15:59:47.0902 1628	\Device\Harddisk0\DR0\Partition0 - ok
15:59:47.0913 1628	Boot (0x1200)   (c998e358ee8d40c95da3639ed7ce1994) \Device\Harddisk0\DR0\Partition1
15:59:47.0914 1628	\Device\Harddisk0\DR0\Partition1 - ok
15:59:47.0937 1628	Boot (0x1200)   (4eb7d51ef9ff301a7daf0a9ca3695211) \Device\Harddisk0\DR0\Partition2
15:59:47.0939 1628	\Device\Harddisk0\DR0\Partition2 - ok
15:59:47.0954 1628	Boot (0x1200)   (21c578693ec16e1b650f92917f4cfd46) \Device\Harddisk0\DR0\Partition3
15:59:47.0956 1628	\Device\Harddisk0\DR0\Partition3 - ok
15:59:47.0956 1628	============================================================
15:59:47.0956 1628	Scan finished
15:59:47.0956 1628	============================================================
15:59:47.0965 2408	Detected object count: 0
15:59:47.0965 2408	Actual detected object count: 0
15:59:56.0748 2440	Deinitialize success


AswMbr log:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-20 16:07:33
-----------------------------
16:07:33.014    OS Version: Windows x64 6.1.7600 
16:07:33.015    Number of processors: 8 586 0x1E05
16:07:33.015    ComputerName: LAPTOP  UserName: Jasiek
16:07:33.738    Initialize success
16:08:48.031    AVAST engine defs: 12062000
16:09:23.907    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:09:23.913    Disk 0 Vendor: TOSHIBA_ MC00 Size: 610480MB BusType: 3
16:09:23.931    Disk 0 MBR read successfully
16:09:23.937    Disk 0 MBR scan
16:09:23.945    Disk 0 unknown MBR code
16:09:23.954    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        16390 MB offset 2048
16:09:23.978    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 33568768
16:09:23.999    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       200002 MB offset 33773568
16:09:24.009    Disk 0 Partition - 00     05     Extended            385021 MB offset 461740230
16:09:24.035    Disk 0 Partition 4 00     82   Linux swap      Sşľ     8581 MB offset 461740293
16:09:24.057    Disk 0 Partition - 00     05     Extended             52454 MB offset 479315340
16:09:24.101    Disk 0 scanning C:\Windows\system32\drivers
16:09:30.427    Service scanning
16:09:52.051    Modules scanning
16:09:52.075    Disk 0 trace - called modules:
16:09:52.115    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
16:09:52.127    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004b0e060]
16:09:52.139    3 CLASSPNP.SYS[fffff88001b6c43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80047f7050]
16:09:52.894    AVAST engine scan C:\Windows
16:09:55.628    AVAST engine scan C:\Windows\system32
16:11:47.421    AVAST engine scan C:\Windows\system32\drivers
16:11:59.082    AVAST engine scan C:\Users\Jasiek
16:14:22.021    AVAST engine scan C:\ProgramData
16:14:29.307    Scan finished successfully
16:15:47.408    Disk 0 MBR has been saved successfully to "C:\Users\Jasiek\Desktop\MBR.dat"
16:15:47.419    The log file has been saved successfully to "C:\Users\Jasiek\Desktop\aswMBR.txt"

Attached Files

  • Attached File  MBR.zip   596bytes   0 downloads


#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:17 AM

Posted 20 June 2012 - 10:14 AM

The logs are clean.

Previously requested.

This is the only suspicious item I found on your DDS log.

Do you know what this process does?

C:\Users\Jasiek\Desktop\65m63sm0.exe


===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.

Please post the logs for my review.

p.s. do not post the logs in a Code box.

#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:17 AM

Posted 26 June 2012 - 10:24 AM

Are you still with me?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users