Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Really Need Help - PC Very Slow, Error Message


  • This topic is locked This topic is locked
17 replies to this topic

#1 Joe242

Joe242

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:58 PM

Posted 01 July 2012 - 12:39 PM

Hello
Really need some help here. Im using HP Mini 210 Notebook and Windows 7 OS.
Intel Atom processor with 1g RAM.

Lately my notebook crawl very slow on startup..take 5 to 10 min to load Windows and fully functional.
Even "refresh" windows can take to 5 seconds to response.
Very slow to open any program or file folder.
Always receive an error message "Windows Explorer has stop working"..and notebook also hang.
CPU using up to 100% and memory 80 to 100%.

I'm using kapersky AV..try scan again and again but nothing found.
I've try to using spybot..as my friend suggested..and find lot problem including trojans, adware etc.
Try to fix problem using Spybot..and ran scan again..and no problem found after that..but my notebook still have the same problem.

Please help me immediately..dont know what else to do.
THANKS..

BC AdBot (Login to Remove)

 


#2 Joe242

Joe242
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:58 PM

Posted 01 July 2012 - 04:08 PM

Hi again..
I've run MBAM and here's the log file before and after i remove the problem.
Really hope someone can help me..
THANKS

'Before remove' log :

Attached File  mbam-log-2012-07-02 (04-06-14).txt   4.79KB   2 downloads


'After remove' log :

Attached File  mbam-log-2012-07-02 (02-11-47).txt   5.33KB   2 downloads

#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:58 AM

Posted 05 July 2012 - 09:16 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===
Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.
===

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please let me know what problem persists.

#4 Joe242

Joe242
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:58 PM

Posted 05 July 2012 - 01:16 PM

Thank you for your concern..and really hope you can help me to solve the problem.

I've run DDS..and while scan an error msg popup.."PEV.DAT has stopped working".
I really dont know what is that..and also another error msg appear, but i dont get it because it just flash for second..
it say something about "Window Explorer cannot run...."

I also get an error msg "Windows Explorer has stopped working" all the time..and my notebook been hang.


Here is DDS.text log :

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by CMCPRO at 1:41:22 on 2012-07-06
Microsoft Windows 7 Starter 6.1.7601.1.1252.60.1033.18.1012.434 [GMT 8:00]
.
AV: Kaspersky Anti-Virus *Enabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky Anti-Virus *Enabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
FW: Kaspersky Anti-Virus *Enabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5576240ee6baaa25\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5576240ee6baaa25\aestsrv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\SPLASH.SYS\config\DVMExportService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hewlett-Packard\HP QuickSync\QuickSync.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Hewlett-Packard\HP QuickSync\jre\bin\javaw.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.my/
uInternet Settings,ProxyOverride = local
uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: : {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - c:\progra~1\crawler\ctbr.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~4\office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~4\office14\URLREDIR.DLL
BHO: BywifiBHO Class: {c4743d3e-20d7-4b52-84f2-5e4e277b2d82} - c:\program files\bywifi\bywifiie.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: &Crawler Toolbar: {4b3803ea-5230-4dc3-a7fc-33638f3d3542} - c:\progra~1\crawler\ctbr.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations mp4\avp.exe"
mRun: [WirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [HP] c:\program files\hewlett-packard\hp quicksync\QuickSync.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [<NO NAME>]
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRunOnce: [<NO NAME>]
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations mp4\ie_banner_deny.htm
IE: Crawler Search - tbr:iemenu
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {09E90109-A9AA-4980-BCEF-76F8D924E902} - c:\program files\bywifi\bywifici.exe
IE: {3B54DEAB-C6D4-48a8-8C32-A70558643400} - c:\program files\finalvideodownloader\fvdRunner.html
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations mp4\scieplgn.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{517DF27A-A7D2-4475-8F22-2F68C7FD9C24} : NameServer = 58.71.136.10 58.71.132.10
TCP: Interfaces\{5B4B9D87-545F-4D31-8CFF-C1FCC0A2F8AC} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{5B4B9D87-545F-4D31-8CFF-C1FCC0A2F8AC}\35B4B4B4330275966496 : DhcpNameServer = 161.142.212.17 161.142.2.17
TCP: Interfaces\{5B4B9D87-545F-4D31-8CFF-C1FCC0A2F8AC}\44242473138383 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{5B4B9D87-545F-4D31-8CFF-C1FCC0A2F8AC}\471627D696A7960277966696 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{5B4B9D87-545F-4D31-8CFF-C1FCC0A2F8AC}\5453833323D203136673 : DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{5B4B9D87-545F-4D31-8CFF-C1FCC0A2F8AC}\742716E646F5259667562767965677F513 : DhcpNameServer = 202.188.0.133 202.188.1.5
TCP: Interfaces\{5B4B9D87-545F-4D31-8CFF-C1FCC0A2F8AC}\752425D263030313 : DhcpNameServer = 192.168.1.1 192.168.0.1
TCP: Interfaces\{5B4B9D87-545F-4D31-8CFF-C1FCC0A2F8AC}\C696E6B6379737 : DhcpNameServer = 202.188.0.133 202.188.1.5
TCP: Interfaces\{C114E5D9-4E3C-4ABC-BD8F-48112CDEDDF7} : DhcpNameServer = 203.82.64.129 203.82.64.145
TCP: Interfaces\{E1484EC9-182E-4299-BD2C-0E1E11B096D6} : NameServer = 58.71.136.10 58.71.132.10
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\crawler\ctbr.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1.0fo\adialhk.dll, c:\progra~1\kasper~1\kasper~1.0fo\kloehk.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~4\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\cmcpro\appdata\roaming\mozilla\firefox\profiles\ozqhtvlp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.my/
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZNman000&ptb=SMwLhbZP0SduqvKY1iAC7w&psa=&ind=2010081205&ptnrS=ZNman000&si=&st=kwd&n=77cf67b5&searchfor=
FF - prefs.js: network.proxy.type - 2
FF - component: c:\program files\crawler\firefox\components\xcomm.dll
FF - component: c:\program files\crawler\firefox\components\xshared.dll
FF - component: c:\program files\crawler\firefox\components\xsupport.dll
FF - component: c:\program files\crawler\firefox\components\xwsg.dll
FF - component: c:\users\cmcpro\appdata\roaming\mozilla\firefox\profiles\ozqhtvlp.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\users\cmcpro\appdata\roaming\mozilla\firefox\profiles\ozqhtvlp.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\microsoft silverlight\3.0.40624.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\cmcpro\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\users\cmcpro\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\cmcpro\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
.
============= SERVICES / DRIVERS ===============
.
R1 DVMIO;DVMIO;c:\splash.sys\config\dvmio.sys [2009-9-30 17624]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2009-9-14 22104]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_5576240ee6baaa25\AEstSrv.exe [2010-4-28 81920]
R2 AVP;Kaspersky Anti-Virus 6.0;c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations mp4\avp.exe [2010-3-12 311680]
R2 DvmMDES;DeviceVM Meta Data Export Service;c:\splash.sys\config\DVMExportService.exe [2009-7-9 323584]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-4-14 45736]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-4-28 29472]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-11-18 228408]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2012-5-21 73216]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2009-9-3 24848]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-7-2 22344]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-4 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2012-5-21 102784]
S3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\drivers\ewusbwwan.sys [2012-5-21 353280]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-11-24 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2008-11-12 7680]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-11 4231168]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-4-28 174592]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-4-28 204288]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-17 52224]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-14 17920]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-14 311296]
S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [2010-6-9 110080]
S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\zteusbvoice.sys [2010-6-9 104960]
.
=============== Created Last 30 ================
.
2012-07-02 10:39:29 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{5e826280-a5c1-40ea-8c35-cf0cf2bb7790}\offreg.dll
2012-07-01 18:08:19 -------- d-----w- c:\users\cmcpro\appdata\roaming\Malwarebytes
2012-07-01 18:07:52 -------- d-----w- c:\programdata\Malwarebytes
2012-07-01 18:07:49 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-01 18:07:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-29 06:54:49 -------- d-----w- c:\users\cmcpro\appdata\local\Apps
2012-06-28 21:47:04 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-06-28 21:47:04 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-06-25 06:39:45 -------- d-----w- c:\program files\Oracle
2012-06-25 06:38:25 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-06-24 13:11:51 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-24 13:11:16 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-24 13:10:41 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-24 13:10:41 171904 ----a-w- c:\windows\system32\wuwebv.dll
.
==================== Find3M ====================
.
2012-06-25 05:53:18 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-25 05:53:18 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-04 11:29:16 687504 ----a-w- c:\windows\system32\deployJava1.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601 Disk: ST925041 rev.0006 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: >>UNKNOWN [0x8204B000]<< >>UNKNOWN [0x8702B000]<< >>UNKNOWN [0x87D9F000]<< >>UNKNOWN [0x86EBB000]<< >>UNKNOWN [0x82014000]<< >>UNKNOWN [0x8722F000]<<
_asm { DEC EBP; POP EDX; NOP ; ADD [EBX], AL; ADD [EAX], AL; ADD [EAX+EAX], AL; ADD [EAX], AL; }
1 ntkrnlpa!IofCallDriver[0x8208252A] -> \Device\Harddisk0\DR0[0x858A5110]
\Driver\Disk[0x858A5CB0] -> IRP_MJ_CREATE -> 0x8702F39F
3 [0x8702F59E] -> ntkrnlpa!IofCallDriver[0x8208252A] -> [0x84E61888]
\Driver\ACPI[0x841221D8] -> IRP_MJ_CREATE -> 0x86EC44CC
5 [0x86EC43D4] -> ntkrnlpa!IofCallDriver[0x8208252A] -> \Device\Ide\IAAStorageDevice-0[0x84E39028]
\Driver\iaStor[0x84E53688] -> IRP_MJ_CREATE -> 0x8727392E
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; MOV ES, AX; MOV DS, AX; MOV SI, SP; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; JMP FAR 0x0:0x660; }
user & kernel MBR OK
copy of MBR has been found in sector 2 !
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 1:44:37.07 ===============


There is another log call "attach"..and i dont know u need it or not.
If you want to see it..tell me and i will post it here.


Please help me..thanks again.

Edited by Joe242, 05 July 2012 - 01:52 PM.


#5 Joe242

Joe242
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:58 PM

Posted 05 July 2012 - 01:33 PM

Hi..
I have run Security Check as instructed..
Here is the checkup log :

==========

Results of screen317's Security Check version 0.99.42
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Kaspersky Anti-Virus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
CCleaner
JavaFX 2.1.1
Java™ 6 Update 31
Java™ 7 Update 5
Adobe Flash Player 11.0.1.152
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (7.0.1)
Google Chrome 19.0.1084.56
Google Chrome 20.0.1132.47
Google Chrome plugins...
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Kaspersky Lab Kaspersky Anti-Virus 6.0 for Windows Workstations MP4 avp.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 4%
````````````````````End of Log``````````````````````

==========

Thank you.

#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:58 AM

Posted 06 July 2012 - 08:02 AM

Lets try to clean the Rootkit infection.
Run these tool in the order listed.

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#7 Joe242

Joe242
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:58 PM

Posted 06 July 2012 - 10:44 AM

Hi..
I've run TDSSKiller..and the result is "no threats found".
Here is the report :

=========================

23:17:55.0892 5824 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08
23:17:57.0502 5824 ============================================================
23:17:57.0502 5824 Current date / time: 2012/07/06 23:17:57.0502
23:17:57.0502 5824 SystemInfo:
23:17:57.0502 5824
23:17:57.0502 5824 OS Version: 6.1.7601 ServicePack: 1.0
23:17:57.0502 5824 Product type: Workstation
23:17:57.0503 5824 ComputerName: CMCPRO-PC
23:17:57.0504 5824 UserName: CMCPRO
23:17:57.0504 5824 Windows directory: C:\Windows
23:17:57.0504 5824 System windows directory: C:\Windows
23:17:57.0504 5824 Processor architecture: Intel x86
23:17:57.0504 5824 Number of processors: 2
23:17:57.0504 5824 Page size: 0x1000
23:17:57.0504 5824 Boot type: Normal boot
23:17:57.0504 5824 ============================================================
23:18:00.0595 5824 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:18:00.0651 5824 ============================================================
23:18:00.0651 5824 \Device\Harddisk0\DR0:
23:18:00.0651 5824 MBR partitions:
23:18:00.0652 5824 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
23:18:00.0652 5824 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x1B97C000
23:18:00.0652 5824 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1B9E0000, BlocksNum 0x17B1800
23:18:00.0653 5824 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x1D191800, BlocksNum 0x33970
23:18:00.0653 5824 ============================================================
23:18:00.0734 5824 C: <-> \Device\Harddisk0\DR0\Partition1
23:18:00.0782 5824 D: <-> \Device\Harddisk0\DR0\Partition2
23:18:00.0795 5824 E: <-> \Device\Harddisk0\DR0\Partition3
23:18:00.0796 5824 ============================================================
23:18:00.0796 5824 Initialize success
23:18:00.0796 5824 ============================================================
23:24:12.0611 5296 ============================================================
23:24:12.0611 5296 Scan started
23:24:12.0611 5296 Mode: Manual;
23:24:12.0611 5296 ============================================================
23:24:14.0904 5296 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
23:24:14.0931 5296 1394ohci - ok
23:24:15.0003 5296 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
23:24:15.0020 5296 ACDaemon - ok
23:24:15.0065 5296 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
23:24:15.0073 5296 ACPI - ok
23:24:15.0098 5296 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
23:24:15.0104 5296 AcpiPmi - ok
23:24:15.0155 5296 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
23:24:15.0176 5296 adp94xx - ok
23:24:15.0221 5296 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
23:24:15.0254 5296 adpahci - ok
23:24:15.0277 5296 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
23:24:15.0292 5296 adpu320 - ok
23:24:15.0343 5296 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
23:24:15.0356 5296 AeLookupSvc - ok
23:24:15.0435 5296 AESTFilters (827dbc22c96eecf6d36a13162fabafd3) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5576240ee6baaa25\aestsrv.exe
23:24:15.0448 5296 AESTFilters - ok
23:24:15.0487 5296 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
23:24:15.0519 5296 AFD - ok
23:24:15.0550 5296 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
23:24:15.0550 5296 agp440 - ok
23:24:15.0597 5296 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
23:24:15.0612 5296 aic78xx - ok
23:24:15.0643 5296 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
23:24:15.0659 5296 ALG - ok
23:24:15.0690 5296 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
23:24:15.0690 5296 aliide - ok
23:24:15.0721 5296 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
23:24:15.0721 5296 amdagp - ok
23:24:15.0737 5296 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
23:24:15.0753 5296 amdide - ok
23:24:15.0799 5296 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
23:24:15.0815 5296 AmdK8 - ok
23:24:15.0831 5296 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
23:24:15.0831 5296 AmdPPM - ok
23:24:15.0877 5296 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
23:24:15.0877 5296 amdsata - ok
23:24:15.0909 5296 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
23:24:15.0924 5296 amdsbs - ok
23:24:15.0955 5296 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
23:24:15.0955 5296 amdxata - ok
23:24:15.0987 5296 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
23:24:16.0002 5296 AppID - ok
23:24:16.0033 5296 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
23:24:16.0049 5296 AppIDSvc - ok
23:24:16.0080 5296 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
23:24:16.0080 5296 Appinfo - ok
23:24:16.0096 5296 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
23:24:16.0111 5296 arc - ok
23:24:16.0127 5296 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
23:24:16.0127 5296 arcsas - ok
23:24:16.0174 5296 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
23:24:16.0189 5296 AsyncMac - ok
23:24:16.0221 5296 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
23:24:16.0236 5296 atapi - ok
23:24:16.0314 5296 athr (76bab0c824e2d05b940c4dd40a9b08bf) C:\Windows\system32\DRIVERS\athr.sys
23:24:16.0345 5296 athr - ok
23:24:16.0408 5296 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
23:24:16.0439 5296 AudioEndpointBuilder - ok
23:24:16.0455 5296 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
23:24:16.0470 5296 Audiosrv - ok
23:24:16.0564 5296 AVP (5e3f0aaea4642bf184deea311c7201de) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe
23:24:16.0595 5296 AVP - ok
23:24:16.0626 5296 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
23:24:16.0626 5296 AxInstSV - ok
23:24:16.0704 5296 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
23:24:16.0720 5296 b06bdrv - ok
23:24:16.0767 5296 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
23:24:16.0782 5296 b57nd60x - ok
23:24:16.0985 5296 BCM43XX (36a47e6ab1f0967c97722183e21adb1a) C:\Windows\system32\DRIVERS\bcmwl6.sys
23:24:17.0063 5296 BCM43XX - ok
23:24:17.0141 5296 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
23:24:17.0157 5296 BDESVC - ok
23:24:17.0188 5296 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
23:24:17.0188 5296 Beep - ok
23:24:17.0250 5296 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
23:24:17.0297 5296 BFE - ok
23:24:17.0344 5296 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
23:24:17.0422 5296 BITS - ok
23:24:17.0437 5296 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
23:24:17.0453 5296 blbdrive - ok
23:24:17.0484 5296 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
23:24:17.0484 5296 bowser - ok
23:24:17.0515 5296 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:24:17.0515 5296 BrFiltLo - ok
23:24:17.0531 5296 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:24:17.0547 5296 BrFiltUp - ok
23:24:17.0578 5296 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
23:24:17.0578 5296 Browser - ok
23:24:17.0609 5296 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
23:24:17.0625 5296 Brserid - ok
23:24:17.0656 5296 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
23:24:17.0656 5296 BrSerWdm - ok
23:24:17.0671 5296 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:24:17.0687 5296 BrUsbMdm - ok
23:24:17.0703 5296 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
23:24:17.0703 5296 BrUsbSer - ok
23:24:17.0749 5296 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
23:24:17.0765 5296 BthEnum - ok
23:24:17.0796 5296 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
23:24:17.0812 5296 BTHMODEM - ok
23:24:17.0843 5296 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
23:24:17.0874 5296 BthPan - ok
23:24:17.0905 5296 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys
23:24:17.0921 5296 BTHPORT - ok
23:24:17.0968 5296 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
23:24:17.0968 5296 bthserv - ok
23:24:17.0999 5296 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys
23:24:17.0999 5296 BTHUSB - ok
23:24:18.0046 5296 btusbflt (f549c3fb145a4928e40bb1518b2034dc) C:\Windows\system32\drivers\btusbflt.sys
23:24:18.0077 5296 btusbflt - ok
23:24:18.0124 5296 btwaudio (ce5833c144ca6623bcbde93b188aa850) C:\Windows\system32\drivers\btwaudio.sys
23:24:18.0139 5296 btwaudio - ok
23:24:18.0171 5296 btwavdt (af9148c3e844131ac954cb53ff43d971) C:\Windows\system32\DRIVERS\btwavdt.sys
23:24:18.0171 5296 btwavdt - ok
23:24:18.0264 5296 btwdins (f55c99818fd1eacfc7784958a8592536) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
23:24:18.0295 5296 btwdins - ok
23:24:18.0311 5296 btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\Windows\system32\DRIVERS\btwl2cap.sys
23:24:18.0311 5296 btwl2cap - ok
23:24:18.0327 5296 btwrchid (480b3d195854b2e55299cddddc50bcf9) C:\Windows\system32\DRIVERS\btwrchid.sys
23:24:18.0342 5296 btwrchid - ok
23:24:18.0373 5296 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
23:24:18.0373 5296 cdfs - ok
23:24:18.0420 5296 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
23:24:18.0420 5296 cdrom - ok
23:24:18.0451 5296 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
23:24:18.0451 5296 CertPropSvc - ok
23:24:18.0483 5296 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
23:24:18.0483 5296 circlass - ok
23:24:18.0529 5296 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
23:24:18.0545 5296 CLFS - ok
23:24:18.0623 5296 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:24:18.0654 5296 clr_optimization_v2.0.50727_32 - ok
23:24:18.0717 5296 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:24:18.0763 5296 clr_optimization_v4.0.30319_32 - ok
23:24:18.0795 5296 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
23:24:18.0795 5296 CmBatt - ok
23:24:18.0826 5296 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
23:24:18.0826 5296 cmdide - ok
23:24:18.0873 5296 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
23:24:18.0888 5296 CNG - ok
23:24:18.0982 5296 Com4QLBEx (f9a79c5b27037821112c50a9c8fb367a) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
23:24:19.0013 5296 Com4QLBEx - ok
23:24:19.0044 5296 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
23:24:19.0060 5296 Compbatt - ok
23:24:19.0138 5296 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
23:24:19.0153 5296 CompositeBus - ok
23:24:19.0169 5296 COMSysApp - ok
23:24:19.0200 5296 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
23:24:19.0231 5296 crcdisk - ok
23:24:19.0294 5296 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
23:24:19.0294 5296 CryptSvc - ok
23:24:19.0341 5296 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
23:24:19.0372 5296 DcomLaunch - ok
23:24:19.0403 5296 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
23:24:19.0434 5296 defragsvc - ok
23:24:19.0465 5296 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
23:24:19.0465 5296 DfsC - ok
23:24:19.0497 5296 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
23:24:19.0512 5296 Dhcp - ok
23:24:19.0543 5296 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
23:24:19.0543 5296 discache - ok
23:24:19.0590 5296 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
23:24:19.0606 5296 Disk - ok
23:24:19.0637 5296 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
23:24:19.0668 5296 Dnscache - ok
23:24:19.0699 5296 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
23:24:19.0731 5296 dot3svc - ok
23:24:19.0793 5296 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
23:24:19.0809 5296 Dot4 - ok
23:24:19.0840 5296 Dot4Print (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows\system32\drivers\Dot4Prt.sys
23:24:19.0840 5296 Dot4Print - ok
23:24:19.0871 5296 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
23:24:19.0871 5296 dot4usb - ok
23:24:19.0902 5296 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
23:24:19.0918 5296 DPS - ok
23:24:19.0949 5296 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
23:24:19.0965 5296 drmkaud - ok
23:24:20.0043 5296 DVMIO (8cf55015b2a443ee869c90cab31fd435) C:\SPLASH.SYS\config\dvmio.sys
23:24:20.0043 5296 DVMIO - ok
23:24:20.0105 5296 DvmMDES (577582d57d90fb64276acfee958dbfd3) C:\SPLASH.SYS\config\DVMExportService.exe
23:24:20.0121 5296 DvmMDES - ok
23:24:20.0199 5296 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
23:24:20.0261 5296 DXGKrnl - ok
23:24:20.0292 5296 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
23:24:20.0292 5296 EapHost - ok
23:24:20.0511 5296 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
23:24:20.0620 5296 ebdrv - ok
23:24:20.0713 5296 EFS (f42309c4191c506b71db5d1126d26318) C:\Windows\System32\lsass.exe
23:24:20.0713 5296 EFS - ok
23:24:20.0776 5296 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
23:24:20.0838 5296 elxstor - ok
23:24:20.0869 5296 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
23:24:20.0869 5296 ErrDev - ok
23:24:20.0932 5296 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
23:24:20.0963 5296 EventSystem - ok
23:24:21.0025 5296 ewusbmbb (026f6d48cc5293c7b8a696376618b9d2) C:\Windows\system32\DRIVERS\ewusbwwan.sys
23:24:21.0041 5296 ewusbmbb - ok
23:24:21.0072 5296 ewusbnet - ok
23:24:21.0150 5296 ew_hwusbdev (57c171ea22f0a7f068fcb0caedd1e8e7) C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
23:24:21.0166 5296 ew_hwusbdev - ok
23:24:21.0213 5296 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
23:24:21.0244 5296 exfat - ok
23:24:21.0275 5296 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
23:24:21.0306 5296 fastfat - ok
23:24:21.0369 5296 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
23:24:21.0415 5296 Fax - ok
23:24:21.0447 5296 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
23:24:21.0447 5296 fdc - ok
23:24:21.0478 5296 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
23:24:21.0478 5296 fdPHost - ok
23:24:21.0493 5296 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
23:24:21.0509 5296 FDResPub - ok
23:24:21.0525 5296 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
23:24:21.0540 5296 FileInfo - ok
23:24:21.0556 5296 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
23:24:21.0571 5296 Filetrace - ok
23:24:21.0587 5296 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
23:24:21.0587 5296 flpydisk - ok
23:24:21.0618 5296 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
23:24:21.0649 5296 FltMgr - ok
23:24:21.0712 5296 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
23:24:21.0759 5296 FontCache - ok
23:24:21.0837 5296 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
23:24:21.0852 5296 FontCache3.0.0.0 - ok
23:24:21.0883 5296 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
23:24:21.0883 5296 FsDepends - ok
23:24:21.0930 5296 fssfltr (bfaaa92861526bb0adcd01e964ab6609) C:\Windows\system32\DRIVERS\fssfltr.sys
23:24:21.0946 5296 fssfltr - ok
23:24:22.0086 5296 fsssvc (40cdfad174b3d5e80f95dda003c0b97f) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
23:24:22.0133 5296 fsssvc - ok
23:24:22.0242 5296 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
23:24:22.0242 5296 Fs_Rec - ok
23:24:22.0289 5296 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
23:24:22.0305 5296 fvevol - ok
23:24:22.0336 5296 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
23:24:22.0351 5296 gagp30kx - ok
23:24:22.0429 5296 GameConsoleService (551d463e4cceb5240234da6718c93a44) C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe
23:24:22.0461 5296 GameConsoleService - ok
23:24:22.0523 5296 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
23:24:22.0554 5296 gpsvc - ok
23:24:22.0617 5296 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
23:24:22.0632 5296 gupdate - ok
23:24:22.0663 5296 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
23:24:22.0663 5296 gupdatem - ok
23:24:22.0695 5296 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
23:24:22.0710 5296 hcw85cir - ok
23:24:22.0757 5296 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
23:24:22.0773 5296 HdAudAddService - ok
23:24:22.0819 5296 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
23:24:22.0819 5296 HDAudBus - ok
23:24:22.0835 5296 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
23:24:22.0851 5296 HidBatt - ok
23:24:22.0882 5296 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
23:24:22.0897 5296 HidBth - ok
23:24:22.0944 5296 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
23:24:22.0944 5296 HidIr - ok
23:24:22.0991 5296 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
23:24:23.0007 5296 hidserv - ok
23:24:23.0038 5296 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
23:24:23.0053 5296 HidUsb - ok
23:24:23.0085 5296 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
23:24:23.0116 5296 hkmsvc - ok
23:24:23.0147 5296 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
23:24:23.0163 5296 HomeGroupListener - ok
23:24:23.0256 5296 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
23:24:23.0272 5296 HomeGroupProvider - ok
23:24:23.0350 5296 HP Support Assistant Service (170233b8d743efe35f462a5d516b93e3) C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
23:24:23.0397 5296 HP Support Assistant Service - ok
23:24:23.0459 5296 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
23:24:23.0490 5296 HPDrvMntSvc.exe - ok
23:24:23.0521 5296 HpqKbFiltr (1210960ff8928950d2a786895b0c424a) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
23:24:23.0521 5296 HpqKbFiltr - ok
23:24:23.0615 5296 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
23:24:23.0646 5296 hpqwmiex - ok
23:24:23.0693 5296 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
23:24:23.0693 5296 HpSAMD - ok
23:24:23.0740 5296 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
23:24:23.0802 5296 HTTP - ok
23:24:23.0849 5296 huawei_enumerator (f44461e66f1b7dd267957fe9baa63ed0) C:\Windows\system32\DRIVERS\ew_jubusenum.sys
23:24:23.0865 5296 huawei_enumerator - ok
23:24:23.0927 5296 hwdatacard (f547f862b8907f1bcbd9b72a72a6449e) C:\Windows\system32\DRIVERS\ewusbmdm.sys
23:24:23.0943 5296 hwdatacard - ok
23:24:24.0036 5296 HWDeviceService.exe (5ef3427ae503b5c03a48f7c9ff458b69) C:\ProgramData\DatacardService\HWDeviceService.exe
23:24:24.0083 5296 HWDeviceService.exe - ok
23:24:24.0114 5296 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
23:24:24.0130 5296 hwpolicy - ok
23:24:24.0145 5296 hwusbdev - ok
23:24:24.0223 5296 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
23:24:24.0239 5296 i8042prt - ok
23:24:24.0348 5296 IAANTMON (7548066df68a8a1a56b043359f915f37) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
23:24:24.0379 5296 IAANTMON - ok
23:24:24.0426 5296 iaStor (d483687eace0c065ee772481a96e05f5) C:\Windows\system32\DRIVERS\iaStor.sys
23:24:24.0426 5296 iaStor - ok
23:24:24.0473 5296 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
23:24:24.0489 5296 iaStorV - ok
23:24:24.0613 5296 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:24:24.0660 5296 idsvc - ok
23:24:25.0066 5296 igfx (81f7c715528ab621c6af58869d4b07b9) C:\Windows\system32\DRIVERS\igdkmd32.sys
23:24:25.0175 5296 igfx - ok
23:24:25.0331 5296 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
23:24:25.0331 5296 iirsp - ok
23:24:25.0393 5296 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
23:24:25.0456 5296 IKEEXT - ok
23:24:25.0487 5296 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
23:24:25.0487 5296 intelide - ok
23:24:25.0534 5296 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
23:24:25.0534 5296 intelppm - ok
23:24:25.0565 5296 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
23:24:25.0581 5296 IPBusEnum - ok
23:24:25.0612 5296 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:24:25.0612 5296 IpFilterDriver - ok
23:24:25.0674 5296 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
23:24:25.0690 5296 iphlpsvc - ok
23:24:25.0737 5296 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
23:24:25.0737 5296 IPMIDRV - ok
23:24:25.0768 5296 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
23:24:25.0768 5296 IPNAT - ok
23:24:25.0815 5296 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
23:24:25.0815 5296 IRENUM - ok
23:24:25.0830 5296 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
23:24:25.0846 5296 isapnp - ok
23:24:25.0877 5296 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
23:24:25.0893 5296 iScsiPrt - ok
23:24:25.0924 5296 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
23:24:25.0924 5296 kbdclass - ok
23:24:25.0955 5296 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
23:24:25.0955 5296 kbdhid - ok
23:24:25.0986 5296 KeyIso (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
23:24:26.0002 5296 KeyIso - ok
23:24:26.0049 5296 kl1 (a884729b0e98cd93d6511de6d58cdc98) C:\Windows\system32\DRIVERS\kl1.sys
23:24:26.0080 5296 kl1 - ok
23:24:26.0095 5296 KLFLTDEV (adda474c9b18fd829a6c8351485c4842) C:\Windows\system32\DRIVERS\klfltdev.sys
23:24:26.0111 5296 KLFLTDEV - ok
23:24:26.0173 5296 KLIF (9d51d6f7845f0248c67a8a36cd7cdf05) C:\Windows\system32\DRIVERS\klif.sys
23:24:26.0189 5296 KLIF - ok
23:24:26.0205 5296 KLIM6 (00dc8637480a8a26df1407d8207781c8) C:\Windows\system32\DRIVERS\klim6.sys
23:24:26.0205 5296 KLIM6 - ok
23:24:26.0236 5296 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
23:24:26.0236 5296 KSecDD - ok
23:24:26.0267 5296 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
23:24:26.0298 5296 KSecPkg - ok
23:24:26.0345 5296 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
23:24:26.0361 5296 KtmRm - ok
23:24:26.0423 5296 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
23:24:26.0439 5296 LanmanServer - ok
23:24:26.0470 5296 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
23:24:26.0501 5296 LanmanWorkstation - ok
23:24:26.0532 5296 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
23:24:26.0548 5296 lltdio - ok
23:24:26.0579 5296 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
23:24:26.0595 5296 lltdsvc - ok
23:24:26.0626 5296 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
23:24:26.0626 5296 lmhosts - ok
23:24:26.0673 5296 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
23:24:26.0688 5296 LSI_FC - ok
23:24:26.0704 5296 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
23:24:26.0704 5296 LSI_SAS - ok
23:24:26.0735 5296 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:24:26.0735 5296 LSI_SAS2 - ok
23:24:26.0766 5296 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:24:26.0782 5296 LSI_SCSI - ok
23:24:26.0813 5296 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
23:24:26.0813 5296 luafv - ok
23:24:26.0860 5296 massfilter (f0435fe3c1ec2659d2bbf073ca0752ee) C:\Windows\system32\DRIVERS\massfilter.sys
23:24:26.0875 5296 massfilter - ok
23:24:26.0922 5296 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
23:24:26.0938 5296 MBAMProtector - ok
23:24:27.0047 5296 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
23:24:27.0063 5296 MBAMService - ok
23:24:27.0094 5296 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
23:24:27.0094 5296 megasas - ok
23:24:27.0219 5296 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
23:24:27.0234 5296 MegaSR - ok
23:24:27.0281 5296 Microsoft SharePoint Workspace Audit Service - ok
23:24:27.0328 5296 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
23:24:27.0343 5296 MMCSS - ok
23:24:27.0375 5296 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
23:24:27.0390 5296 Modem - ok
23:24:27.0421 5296 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
23:24:27.0421 5296 monitor - ok
23:24:27.0453 5296 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
23:24:27.0453 5296 mouclass - ok
23:24:27.0468 5296 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
23:24:27.0468 5296 mouhid - ok
23:24:27.0515 5296 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
23:24:27.0515 5296 mountmgr - ok
23:24:27.0562 5296 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
23:24:27.0562 5296 mpio - ok
23:24:27.0593 5296 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
23:24:27.0593 5296 mpsdrv - ok
23:24:27.0655 5296 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
23:24:27.0702 5296 MpsSvc - ok
23:24:27.0780 5296 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
23:24:27.0780 5296 MRxDAV - ok
23:24:27.0827 5296 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:24:27.0843 5296 mrxsmb - ok
23:24:27.0858 5296 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:24:27.0889 5296 mrxsmb10 - ok
23:24:27.0905 5296 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:24:27.0921 5296 mrxsmb20 - ok
23:24:27.0952 5296 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
23:24:27.0952 5296 msahci - ok
23:24:27.0983 5296 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
23:24:27.0983 5296 msdsm - ok
23:24:28.0014 5296 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
23:24:28.0045 5296 MSDTC - ok
23:24:28.0092 5296 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
23:24:28.0092 5296 Msfs - ok
23:24:28.0108 5296 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
23:24:28.0108 5296 mshidkmdf - ok
23:24:28.0139 5296 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
23:24:28.0139 5296 msisadrv - ok
23:24:28.0186 5296 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
23:24:28.0201 5296 MSiSCSI - ok
23:24:28.0217 5296 msiserver - ok
23:24:28.0264 5296 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
23:24:28.0264 5296 MSKSSRV - ok
23:24:28.0295 5296 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
23:24:28.0295 5296 MSPCLOCK - ok
23:24:28.0326 5296 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
23:24:28.0326 5296 MSPQM - ok
23:24:28.0357 5296 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
23:24:28.0373 5296 MsRPC - ok
23:24:28.0389 5296 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
23:24:28.0404 5296 mssmbios - ok
23:24:28.0420 5296 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
23:24:28.0420 5296 MSTEE - ok
23:24:28.0451 5296 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
23:24:28.0467 5296 MTConfig - ok
23:24:28.0498 5296 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
23:24:28.0498 5296 Mup - ok
23:24:28.0545 5296 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
23:24:28.0560 5296 napagent - ok
23:24:28.0607 5296 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
23:24:28.0638 5296 NativeWifiP - ok
23:24:28.0701 5296 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
23:24:28.0732 5296 NDIS - ok
23:24:28.0779 5296 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
23:24:28.0779 5296 NdisCap - ok
23:24:28.0794 5296 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
23:24:28.0810 5296 NdisTapi - ok
23:24:28.0841 5296 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
23:24:28.0841 5296 Ndisuio - ok
23:24:28.0872 5296 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
23:24:28.0888 5296 NdisWan - ok
23:24:28.0919 5296 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
23:24:28.0919 5296 NDProxy - ok
23:24:28.0966 5296 Net Driver HPZ12 (69c503c004f49aee8b8e3067cc047ba7) C:\Windows\system32\HPZinw12.dll
23:24:28.0997 5296 Net Driver HPZ12 - ok
23:24:29.0028 5296 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
23:24:29.0028 5296 NetBIOS - ok
23:24:29.0059 5296 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
23:24:29.0075 5296 NetBT - ok
23:24:29.0091 5296 Netlogon (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
23:24:29.0106 5296 Netlogon - ok
23:24:29.0153 5296 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
23:24:29.0169 5296 Netman - ok
23:24:29.0215 5296 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
23:24:29.0231 5296 netprofm - ok
23:24:29.0293 5296 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:24:29.0309 5296 NetTcpPortSharing - ok
23:24:29.0574 5296 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
23:24:29.0683 5296 netw5v32 - ok
23:24:29.0824 5296 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
23:24:29.0824 5296 nfrd960 - ok
23:24:29.0871 5296 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
23:24:29.0902 5296 NlaSvc - ok
23:24:29.0917 5296 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
23:24:29.0917 5296 Npfs - ok
23:24:29.0949 5296 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
23:24:29.0964 5296 nsi - ok
23:24:29.0980 5296 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
23:24:29.0980 5296 nsiproxy - ok
23:24:30.0073 5296 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
23:24:30.0136 5296 Ntfs - ok
23:24:30.0167 5296 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
23:24:30.0167 5296 Null - ok
23:24:30.0214 5296 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
23:24:30.0214 5296 nvraid - ok
23:24:30.0245 5296 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
23:24:30.0261 5296 nvstor - ok
23:24:30.0292 5296 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
23:24:30.0307 5296 nv_agp - ok
23:24:30.0339 5296 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
23:24:30.0339 5296 ohci1394 - ok
23:24:30.0401 5296 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:24:30.0432 5296 ose - ok
23:24:30.0729 5296 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
23:24:30.0869 5296 osppsvc - ok
23:24:30.0978 5296 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
23:24:31.0009 5296 p2pimsvc - ok
23:24:31.0041 5296 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
23:24:31.0072 5296 p2psvc - ok
23:24:31.0119 5296 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
23:24:31.0134 5296 Parport - ok
23:24:31.0165 5296 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
23:24:31.0165 5296 partmgr - ok
23:24:31.0197 5296 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
23:24:31.0212 5296 Parvdm - ok
23:24:31.0243 5296 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
23:24:31.0259 5296 PcaSvc - ok
23:24:31.0306 5296 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
23:24:31.0321 5296 pci - ok
23:24:31.0337 5296 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
23:24:31.0353 5296 pciide - ok
23:24:31.0384 5296 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
23:24:31.0399 5296 pcmcia - ok
23:24:31.0431 5296 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
23:24:31.0431 5296 pcw - ok
23:24:31.0493 5296 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
23:24:31.0524 5296 PEAUTH - ok
23:24:31.0665 5296 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
23:24:31.0743 5296 pla - ok
23:24:31.0852 5296 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
23:24:31.0883 5296 PlugPlay - ok
23:24:31.0930 5296 Pml Driver HPZ12 (12b4549d515cb26bb8d375038017ca65) C:\Windows\system32\HPZipm12.dll
23:24:31.0930 5296 Pml Driver HPZ12 - ok
23:24:31.0961 5296 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
23:24:31.0977 5296 PNRPAutoReg - ok
23:24:32.0008 5296 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
23:24:32.0023 5296 PNRPsvc - ok
23:24:32.0055 5296 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
23:24:32.0086 5296 PolicyAgent - ok
23:24:32.0117 5296 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
23:24:32.0133 5296 Power - ok
23:24:32.0195 5296 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
23:24:32.0195 5296 PptpMiniport - ok
23:24:32.0226 5296 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
23:24:32.0242 5296 Processor - ok
23:24:32.0273 5296 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
23:24:32.0304 5296 ProfSvc - ok
23:24:32.0335 5296 ProtectedStorage (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
23:24:32.0335 5296 ProtectedStorage - ok
23:24:32.0351 5296 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
23:24:32.0367 5296 Psched - ok
23:24:32.0476 5296 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
23:24:32.0507 5296 ql2300 - ok
23:24:32.0647 5296 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
23:24:32.0663 5296 ql40xx - ok
23:24:32.0710 5296 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
23:24:32.0725 5296 QWAVE - ok
23:24:32.0757 5296 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
23:24:32.0757 5296 QWAVEdrv - ok
23:24:32.0788 5296 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
23:24:32.0788 5296 RasAcd - ok
23:24:32.0819 5296 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:24:32.0819 5296 RasAgileVpn - ok
23:24:32.0850 5296 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
23:24:32.0866 5296 RasAuto - ok
23:24:32.0897 5296 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:24:32.0897 5296 Rasl2tp - ok
23:24:32.0959 5296 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
23:24:32.0975 5296 RasMan - ok
23:24:33.0006 5296 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
23:24:33.0006 5296 RasPppoe - ok
23:24:33.0022 5296 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
23:24:33.0037 5296 RasSstp - ok
23:24:33.0069 5296 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
23:24:33.0100 5296 rdbss - ok
23:24:33.0115 5296 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
23:24:33.0131 5296 rdpbus - ok
23:24:33.0162 5296 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:24:33.0162 5296 RDPCDD - ok
23:24:33.0209 5296 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
23:24:33.0209 5296 RDPENCDD - ok
23:24:33.0288 5296 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
23:24:33.0288 5296 RDPREFMP - ok
23:24:33.0335 5296 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
23:24:33.0372 5296 RDPWD - ok
23:24:33.0425 5296 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
23:24:33.0441 5296 rdyboost - ok
23:24:33.0482 5296 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
23:24:33.0502 5296 RemoteAccess - ok
23:24:33.0533 5296 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
23:24:33.0554 5296 RemoteRegistry - ok
23:24:33.0591 5296 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
23:24:33.0603 5296 RFCOMM - ok
23:24:33.0628 5296 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
23:24:33.0643 5296 RpcEptMapper - ok
23:24:33.0664 5296 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
23:24:33.0673 5296 RpcLocator - ok
23:24:33.0710 5296 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
23:24:33.0722 5296 RpcSs - ok
23:24:33.0773 5296 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
23:24:33.0773 5296 rspndr - ok
23:24:33.0826 5296 RSUSBSTOR (f9541f3b59da30423f2f76ef443c07fc) C:\Windows\system32\Drivers\RtsUStor.sys
23:24:33.0843 5296 RSUSBSTOR - ok
23:24:33.0889 5296 RTL8167 (c5a68c5ec01fd6f03396dd154b48db56) C:\Windows\system32\DRIVERS\Rt86win7.sys
23:24:33.0906 5296 RTL8167 - ok
23:24:33.0929 5296 SamSs (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
23:24:33.0935 5296 SamSs - ok
23:24:33.0970 5296 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
23:24:33.0973 5296 sbp2port - ok
23:24:34.0015 5296 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
23:24:34.0033 5296 SCardSvr - ok
23:24:34.0069 5296 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
23:24:34.0074 5296 scfilter - ok
23:24:34.0141 5296 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
23:24:34.0170 5296 Schedule - ok
23:24:34.0205 5296 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
23:24:34.0208 5296 SCPolicySvc - ok
23:24:34.0249 5296 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
23:24:34.0261 5296 sdbus - ok
23:24:34.0298 5296 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
23:24:34.0317 5296 SDRSVC - ok
23:24:34.0353 5296 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
23:24:34.0358 5296 secdrv - ok
23:24:34.0373 5296 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
23:24:34.0388 5296 seclogon - ok
23:24:34.0420 5296 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
23:24:34.0451 5296 SENS - ok
23:24:34.0482 5296 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
23:24:34.0482 5296 Serenum - ok
23:24:34.0498 5296 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
23:24:34.0513 5296 Serial - ok
23:24:34.0544 5296 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
23:24:34.0560 5296 sermouse - ok
23:24:34.0607 5296 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
23:24:34.0638 5296 SessionEnv - ok
23:24:34.0654 5296 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
23:24:34.0654 5296 sffdisk - ok
23:24:34.0685 5296 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
23:24:34.0685 5296 sffp_mmc - ok
23:24:34.0700 5296 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
23:24:34.0716 5296 sffp_sd - ok
23:24:34.0747 5296 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
23:24:34.0747 5296 sfloppy - ok
23:24:34.0810 5296 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
23:24:34.0825 5296 SharedAccess - ok
23:24:34.0888 5296 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
23:24:34.0903 5296 ShellHWDetection - ok
23:24:34.0934 5296 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
23:24:34.0950 5296 sisagp - ok
23:24:34.0981 5296 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:24:34.0981 5296 SiSRaid2 - ok
23:24:35.0012 5296 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
23:24:35.0028 5296 SiSRaid4 - ok
23:24:35.0075 5296 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
23:24:35.0075 5296 Smb - ok
23:24:35.0122 5296 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
23:24:35.0137 5296 SNMPTRAP - ok
23:24:35.0168 5296 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
23:24:35.0168 5296 spldr - ok
23:24:35.0293 5296 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
23:24:35.0324 5296 Spooler - ok
23:24:35.0543 5296 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
23:24:35.0621 5296 sppsvc - ok
23:24:35.0730 5296 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
23:24:35.0761 5296 sppuinotify - ok
23:24:35.0824 5296 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
23:24:35.0855 5296 srv - ok
23:24:35.0902 5296 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
23:24:35.0917 5296 srv2 - ok
23:24:35.0964 5296 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
23:24:35.0980 5296 SrvHsfHDA - ok
23:24:36.0058 5296 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
23:24:36.0120 5296 SrvHsfV92 - ok
23:24:36.0167 5296 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
23:24:36.0182 5296 SrvHsfWinac - ok
23:24:36.0214 5296 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
23:24:36.0229 5296 srvnet - ok
23:24:36.0260 5296 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
23:24:36.0276 5296 SSDPSRV - ok
23:24:36.0307 5296 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
23:24:36.0323 5296 SstpSvc - ok
23:24:36.0432 5296 STacSV (1816c34d3dc9a0f1745fb455506c7b58) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5576240ee6baaa25\STacSV.exe
23:24:36.0448 5296 STacSV - ok
23:24:36.0494 5296 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
23:24:36.0494 5296 stexstor - ok
23:24:36.0557 5296 STHDA (96cb9fd21207af4456d37957441f6001) C:\Windows\system32\DRIVERS\stwrt.sys
23:24:36.0572 5296 STHDA - ok
23:24:36.0650 5296 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
23:24:36.0666 5296 StiSvc - ok
23:24:36.0697 5296 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
23:24:36.0713 5296 swenum - ok
23:24:36.0791 5296 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
23:24:36.0822 5296 swprv - ok
23:24:36.0884 5296 SynTP (067cb9d745407a8c1b26e89a6a2ce152) C:\Windows\system32\DRIVERS\SynTP.sys
23:24:36.0900 5296 SynTP - ok
23:24:36.0978 5296 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
23:24:37.0025 5296 SysMain - ok
23:24:37.0056 5296 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
23:24:37.0072 5296 TabletInputService - ok
23:24:37.0118 5296 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
23:24:37.0134 5296 TapiSrv - ok
23:24:37.0165 5296 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
23:24:37.0196 5296 TBS - ok
23:24:37.0306 5296 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
23:24:37.0368 5296 Tcpip - ok
23:24:37.0399 5296 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
23:24:37.0415 5296 TCPIP6 - ok
23:24:37.0477 5296 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
23:24:37.0477 5296 tcpipreg - ok
23:24:37.0540 5296 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
23:24:37.0555 5296 TDPIPE - ok
23:24:37.0571 5296 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
23:24:37.0586 5296 TDTCP - ok
23:24:37.0618 5296 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
23:24:37.0618 5296 tdx - ok
23:24:37.0649 5296 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
23:24:37.0664 5296 TermDD - ok
23:24:37.0727 5296 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
23:24:37.0758 5296 TermService - ok
23:24:37.0789 5296 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
23:24:37.0805 5296 Themes - ok
23:24:37.0836 5296 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
23:24:37.0836 5296 THREADORDER - ok
23:24:37.0852 5296 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
23:24:37.0883 5296 TrkWks - ok
23:24:37.0930 5296 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
23:24:37.0976 5296 TrustedInstaller - ok
23:24:38.0008 5296 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:24:38.0008 5296 tssecsrv - ok
23:24:38.0054 5296 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
23:24:38.0086 5296 TsUsbFlt - ok
23:24:38.0132 5296 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
23:24:38.0148 5296 tunnel - ok
23:24:38.0179 5296 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
23:24:38.0179 5296 uagp35 - ok
23:24:38.0242 5296 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
23:24:38.0257 5296 udfs - ok
23:24:38.0304 5296 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
23:24:38.0320 5296 UI0Detect - ok
23:24:38.0351 5296 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
23:24:38.0366 5296 uliagpkx - ok
23:24:38.0398 5296 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
23:24:38.0398 5296 umbus - ok
23:24:38.0429 5296 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
23:24:38.0444 5296 UmPass - ok
23:24:38.0476 5296 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
23:24:38.0507 5296 upnphost - ok
23:24:38.0554 5296 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
23:24:38.0569 5296 usbccgp - ok
23:24:38.0600 5296 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
23:24:38.0616 5296 usbcir - ok
23:24:38.0632 5296 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys
23:24:38.0632 5296 usbehci - ok
23:24:38.0678 5296 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
23:24:38.0678 5296 usbhub - ok
23:24:38.0725 5296 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
23:24:38.0725 5296 usbohci - ok
23:24:38.0756 5296 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
23:24:38.0772 5296 usbprint - ok
23:24:38.0803 5296 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
23:24:38.0803 5296 usbscan - ok
23:24:38.0834 5296 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:24:38.0834 5296 USBSTOR - ok
23:24:38.0850 5296 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
23:24:38.0866 5296 usbuhci - ok
23:24:38.0897 5296 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
23:24:38.0912 5296 usbvideo - ok
23:24:38.0944 5296 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
23:24:38.0959 5296 UxSms - ok
23:24:38.0990 5296 VaultSvc (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
23:24:39.0006 5296 VaultSvc - ok
23:24:39.0037 5296 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
23:24:39.0053 5296 vdrvroot - ok
23:24:39.0100 5296 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
23:24:39.0131 5296 vds - ok
23:24:39.0162 5296 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
23:24:39.0178 5296 vga - ok
23:24:39.0193 5296 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
23:24:39.0209 5296 VgaSave - ok
23:24:39.0240 5296 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
23:24:39.0240 5296 vhdmp - ok
23:24:39.0271 5296 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
23:24:39.0271 5296 viaagp - ok
23:24:39.0318 5296 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
23:24:39.0318 5296 ViaC7 - ok
23:24:39.0365 5296 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
23:24:39.0365 5296 viaide - ok
23:24:39.0396 5296 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
23:24:39.0396 5296 volmgr - ok
23:24:39.0443 5296 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
23:24:39.0458 5296 volmgrx - ok
23:24:39.0490 5296 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
23:24:39.0505 5296 volsnap - ok
23:24:39.0552 5296 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
23:24:39.0568 5296 vsmraid - ok
23:24:39.0646 5296 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
23:24:39.0724 5296 VSS - ok
23:24:39.0739 5296 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
23:24:39.0755 5296 vwifibus - ok
23:24:39.0770 5296 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
23:24:39.0786 5296 vwififlt - ok
23:24:39.0833 5296 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
23:24:39.0833 5296 vwifimp - ok
23:24:39.0880 5296 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
23:24:39.0895 5296 W32Time - ok
23:24:39.0942 5296 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
23:24:39.0942 5296 WacomPen - ok
23:24:39.0989 5296 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
23:24:40.0004 5296 WANARP - ok
23:24:40.0004 5296 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
23:24:40.0020 5296 Wanarpv6 - ok
23:24:40.0114 5296 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
23:24:40.0160 5296 wbengine - ok
23:24:40.0223 5296 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
23:24:40.0238 5296 WbioSrvc - ok
23:24:40.0285 5296 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
23:24:40.0301 5296 wcncsvc - ok
23:24:40.0332 5296 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
23:24:40.0348 5296 WcsPlugInService - ok
23:24:40.0394 5296 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
23:24:40.0410 5296 Wd - ok
23:24:40.0457 5296 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
23:24:40.0504 5296 Wdf01000 - ok
23:24:40.0519 5296 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
23:24:40.0550 5296 WdiServiceHost - ok
23:24:40.0550 5296 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
23:24:40.0566 5296 WdiSystemHost - ok
23:24:40.0597 5296 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
23:24:40.0628 5296 WebClient - ok
23:24:40.0660 5296 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
23:24:40.0675 5296 Wecsvc - ok
23:24:40.0691 5296 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
23:24:40.0722 5296 wercplsupport - ok
23:24:40.0753 5296 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
23:24:40.0753 5296 WerSvc - ok
23:24:40.0784 5296 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
23:24:40.0800 5296 WfpLwf - ok
23:24:40.0816 5296 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
23:24:40.0831 5296 WIMMount - ok
23:24:40.0925 5296 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
23:24:40.0956 5296 WinDefend - ok
23:24:40.0972 5296 WinHttpAutoProxySvc - ok
23:24:41.0034 5296 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
23:24:41.0081 5296 Winmgmt - ok
23:24:41.0174 5296 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
23:24:41.0221 5296 WinRM - ok
23:24:41.0362 5296 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
23:24:41.0362 5296 WinUsb - ok
23:24:41.0455 5296 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
23:24:41.0486 5296 Wlansvc - ok
23:24:41.0580 5296 wlcrasvc (6067acef367e79914af628fa1e9b5330) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
23:24:41.0596 5296 wlcrasvc - ok
23:24:41.0736 5296 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:24:41.0783 5296 wlidsvc - ok
23:24:41.0908 5296 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
23:24:41.0908 5296 WmiAcpi - ok
23:24:41.0986 5296 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
23:24:42.0001 5296 wmiApSrv - ok
23:24:42.0126 5296 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
23:24:42.0173 5296 WMPNetworkSvc - ok
23:24:42.0204 5296 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
23:24:42.0220 5296 WPCSvc - ok
23:24:42.0266 5296 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
23:24:42.0282 5296 WPDBusEnum - ok
23:24:42.0329 5296 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
23:24:42.0344 5296 ws2ifsl - ok
23:24:42.0360 5296 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll
23:24:42.0391 5296 wscsvc - ok
23:24:42.0422 5296 WSDPrintDevice (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys
23:24:42.0438 5296 WSDPrintDevice - ok
23:24:42.0454 5296 WSearch - ok
23:24:42.0594 5296 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
23:24:42.0656 5296 wuauserv - ok
23:24:42.0750 5296 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
23:24:42.0750 5296 WudfPf - ok
23:24:42.0797 5296 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:24:42.0812 5296 WUDFRd - ok
23:24:42.0844 5296 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
23:24:42.0875 5296 wudfsvc - ok
23:24:42.0922 5296 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
23:24:42.0968 5296 WwanSvc - ok
23:24:43.0031 5296 yukonw7 (b07c5b7efdf936ff93d4f540938725be) C:\Windows\system32\DRIVERS\yk62x86.sys
23:24:43.0062 5296 yukonw7 - ok
23:24:43.0109 5296 ZTEusbmdm6k (b8b466103280e45e391e876f05122607) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
23:24:43.0124 5296 ZTEusbmdm6k - ok
23:24:43.0140 5296 ZTEusbnet (911ba85906bc7602c73441502abfb565) C:\Windows\system32\DRIVERS\ZTEusbnet.sys
23:24:43.0156 5296 ZTEusbnet - ok
23:24:43.0187 5296 ZTEusbnmea (69774b89725ddc4781e0eeb9809f3b20) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
23:24:43.0187 5296 ZTEusbnmea - ok
23:24:43.0234 5296 ZTEusbser6k (b8b466103280e45e391e876f05122607) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
23:24:43.0249 5296 ZTEusbser6k - ok
23:24:43.0358 5296 ZTEusbvoice (b8b466103280e45e391e876f05122607) C:\Windows\system32\DRIVERS\ZTEusbvoice.sys
23:24:43.0358 5296 ZTEusbvoice - ok
23:24:43.0483 5296 MBR (0x1B8) (04797173f86960b5428336f0198ae425) \Device\Harddisk0\DR0
23:24:43.0748 5296 \Device\Harddisk0\DR0 - ok
23:24:43.0748 5296 Boot (0x1200) (97bb05c94ea86d2a3d0991a53cf392c9) \Device\Harddisk0\DR0\Partition0
23:24:43.0748 5296 \Device\Harddisk0\DR0\Partition0 - ok
23:24:43.0780 5296 Boot (0x1200) (bb1c96dd128eb218e8e20a683e159891) \Device\Harddisk0\DR0\Partition1
23:24:43.0795 5296 \Device\Harddisk0\DR0\Partition1 - ok
23:24:43.0826 5296 Boot (0x1200) (542fd0007089453568d9b015d3903836) \Device\Harddisk0\DR0\Partition2
23:24:43.0842 5296 \Device\Harddisk0\DR0\Partition2 - ok
23:24:43.0858 5296 Boot (0x1200) (1b63c999841499b2c6e02a61e21c6218) \Device\Harddisk0\DR0\Partition3
23:24:43.0858 5296 \Device\Harddisk0\DR0\Partition3 - ok
23:24:43.0858 5296 ============================================================
23:24:43.0858 5296 Scan finished
23:24:43.0858 5296 ============================================================
23:24:43.0889 4088 Detected object count: 0
23:24:43.0889 4088 Actual detected object count: 0


==========================================

#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:58 AM

Posted 06 July 2012 - 12:09 PM

Can you now run the aswMBR.exe tool as requested in my previous post?

#9 Joe242

Joe242
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:58 PM

Posted 06 July 2012 - 12:14 PM

I have run aswMBR.exe. Before scan it says that I have to download Avast virus defination..and I downloaded it before scan (dont know if this neccessary).

Here is the log :

===========


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-06 23:48:48
-----------------------------
23:48:48.354 OS Version: Windows 6.1.7601 Service Pack 1
23:48:48.370 Number of processors: 2 586 0x1C0A
23:48:48.370 ComputerName: CMCPRO-PC UserName: CMCPRO
23:49:25.736 Initialize success
00:00:29.868 AVAST engine defs: 12070600
00:25:51.103 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
00:25:51.103 Disk 0 Vendor: ST925041 0006 Size: 238475MB BusType: 3
00:25:51.134 Disk 0 MBR read successfully
00:25:51.150 Disk 0 MBR scan
00:25:52.476 Disk 0 unknown MBR code
00:25:52.491 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
00:25:52.678 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 226040 MB offset 409600
00:25:52.741 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12131 MB offset 463339520
00:25:52.788 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 488183808
00:25:53.240 Disk 0 scanning sectors +488395120
00:25:53.380 Disk 0 scanning C:\Windows\system32\drivers
00:26:34.215 Service scanning
00:27:33.224 Modules scanning
00:27:47.990 Disk 0 trace - called modules:
00:27:48.021 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys
00:27:48.036 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x858a12d0]
00:27:48.068 3 CLASSPNP.SYS[8703459e] -> nt!IofCallDriver -> [0x84e5f958]
00:27:48.083 5 ACPI.sys[86ea53d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84e37028]
00:27:52.623 AVAST engine scan C:\Windows
00:27:57.031 AVAST engine scan C:\Windows\system32
00:34:09.936 AVAST engine scan C:\Windows\system32\drivers
00:34:44.913 AVAST engine scan C:\Users\CMCPRO
00:39:06.666 AVAST engine scan C:\ProgramData
00:47:00.218 Scan finished successfully
00:51:21.473 Disk 0 MBR has been saved successfully to "C:\Users\CMCPRO\Desktop\MBR.dat"
00:51:21.488 The log file has been saved successfully to "C:\Users\CMCPRO\Desktop\aswMBR.txt"

=========================




here is the MBR.dat zip file :


Attached File  MBR.zip   531bytes   0 downloads

==========


Thank you..

#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:58 AM

Posted 06 July 2012 - 12:20 PM

The previous logs are clean.

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
==============

#11 Joe242

Joe242
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:58 PM

Posted 08 July 2012 - 02:38 AM

I have run combofix as u ask to.
here is the log :



========================



ComboFix 12-07-07.04 - CMCPRO 08/07/2012 14:57:12.1.2 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1252.60.1033.18.1012.267 [GMT 8:00]
Running from: c:\users\CMCPRO\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
FW: Kaspersky Anti-Virus *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
SP: Kaspersky Anti-Virus *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-06-08 to 2012-07-08 )))))))))))))))))))))))))))))))
.
.
2012-07-08 07:18 . 2012-07-08 07:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-02 10:39 . 2012-07-08 06:42 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5E826280-A5C1-40EA-8C35-CF0CF2BB7790}\offreg.dll
2012-07-01 18:08 . 2012-07-01 18:08 -------- d-----w- c:\users\CMCPRO\AppData\Roaming\Malwarebytes
2012-07-01 18:07 . 2012-07-01 18:07 -------- d-----w- c:\programdata\Malwarebytes
2012-07-01 18:07 . 2012-07-01 18:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-01 18:07 . 2012-04-04 07:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-29 06:54 . 2012-06-29 06:54 -------- d-----w- c:\users\CMCPRO\AppData\Local\Apps
2012-06-28 21:47 . 2012-07-02 10:28 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-06-28 21:47 . 2012-07-02 10:25 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-06-25 06:41 . 2012-06-25 06:41 -------- d-----w- c:\program files\Common Files\Java
2012-06-25 06:39 . 2012-06-25 06:39 -------- d-----w- c:\program files\Oracle
2012-06-25 06:38 . 2012-05-04 11:29 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-06-24 13:11 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-24 13:11 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-24 13:11 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-24 13:11 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-24 13:11 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-24 13:11 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-24 13:11 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-24 13:10 . 2012-06-02 07:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-24 13:10 . 2012-06-02 07:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-08 12:54 . 2012-06-08 12:54 -------- d-----w- c:\users\Public\CyberLink
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-25 05:53 . 2012-06-04 01:58 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-25 05:53 . 2011-06-04 11:10 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-04 11:29 . 2010-07-07 10:59 687504 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-07 16:18 . 2011-06-13 23:31 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn1\yt.dll" [2012-01-12 1517368]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2009-10-29 01:18 661504 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2009-10-29 01:18 661504 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2009-10-29 01:18 661504 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2009-10-29 01:18 661504 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2009-10-29 01:18 661504 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe" [2010-03-12 311680]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-09-01 499768]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-10-12 495708]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-27 1721640]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-08-20 322104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-16 150552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-16 141848]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-16 173592]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-5 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-28 01:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 06:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-03-21 18:56 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-06-09 13:00 136176 ----atw- c:\users\CMCPRO\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2011-05-09 18:41 49208 ----a-w- c:\program files\Hp\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HW_OPENEYE_OUC_Celcom Broadband Manager]
2009-07-27 08:54 110592 ----a-w- c:\program files\Celcom Broadband Manager\UpdateDog\ouc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeSyncProcess]
2011-07-21 15:07 718720 ----a-w- c:\program files\Microsoft Office\Office14\MSOSYNC.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZumoDrive]
2010-06-08 09:27 2042 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\DRIVERS\massfilter.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [x]
R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [x]
R4 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\DatacardService\HWDeviceService.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 DVMIO;DVMIO;c:\splash.sys\config\dvmio.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5576240ee6baaa25\aestsrv.exe [x]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\splash.sys\config\DVMExportService.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
S3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-03 18:44]
.
2012-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-03 18:44]
.
2012-07-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3753072318-3713065928-2266387906-1000Core.job
- c:\users\CMCPRO\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-09 13:00]
.
2012-07-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3753072318-3713065928-2266387906-1000UA.job
- c:\users\CMCPRO\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-09 13:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.my/
uInternet Settings,ProxyOverride = local
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\ie_banner_deny.htm
IE: Crawler Search - tbr:iemenu
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{09E90109-A9AA-4980-BCEF-76F8D924E902} - c:\program files\Bywifi\bywifici.exe
IE: {{3B54DEAB-C6D4-48a8-8C32-A70558643400} - c:\program files\FinalVideoDownloader\fvdRunner.html
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{517DF27A-A7D2-4475-8F22-2F68C7FD9C24}: NameServer = 58.71.136.10 58.71.132.10
TCP: Interfaces\{E1484EC9-182E-4299-BD2C-0E1E11B096D6}: NameServer = 58.71.136.10 58.71.132.10
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\ctbr.dll
FF - ProfilePath - c:\users\CMCPRO\AppData\Roaming\Mozilla\Firefox\Profiles\ozqhtvlp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.my/
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZNman000&ptb=SMwLhbZP0SduqvKY1iAC7w&psa=&ind=2010081205&ptnrS=ZNman000&si=&st=kwd&n=77cf67b5&searchfor=
FF - prefs.js: network.proxy.type - 2
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-Wdf01000.sys
MSConfigStartUp-Facebook Update - c:\users\CMCPRO\AppData\Local\Facebook\Update\FacebookUpdate.exe
MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
MSConfigStartUp-SpywareTerminatorShield - c:\program files\Spyware Terminator\SpywareTerminatorShield.exe
MSConfigStartUp-SpywareTerminatorUpdater - c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe
AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3753072318-3713065928-2266387906-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3753072318-3713065928-2266387906-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5756)
c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
c:\program files\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFTaskbar.dll
.
Completion time: 2012-07-08 15:25:19
ComboFix-quarantined-files.txt 2012-07-08 07:25
.
Pre-Run: 169,656,426,496 bytes free
Post-Run: 169,671,917,568 bytes free
.
- - End Of File - - 79BC7852C04670F81EA4A926FF361F28

============================



hope u can help me..Thank you

#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:58 AM

Posted 08 July 2012 - 10:21 AM

Please try to execute the Last Known good configuration on this Windows 7 computer.

http://windows.microsoft.com/en-us/windows-vista/Using-Last-Known-Good-Configuration

Let me know what problem persists.

#13 Joe242

Joe242
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:58 PM

Posted 10 July 2012 - 06:22 AM

Sorry for the delay.
I did what u ask me to..and this ntbook run more responsive.

But still have to wait to load windows, or opening any folder or program...and sometimes my browser open a new window when surfing internet(ad or something like that).

Hope you can do something about this..

Thank you..

#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:58 AM

Posted 10 July 2012 - 08:33 AM

Now that you have a good configuration please run ComboFix and post the log for my review.

#15 Joe242

Joe242
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:58 PM

Posted 15 July 2012 - 02:45 AM

I'm sorry for the delay. Got jobs to do last few days.
Still have few problems..but first I ran combofix again as you ask me to..
and here is the log :


=========================


ComboFix 12-07-14.01 - CMCPRO 15/07/2012 15:08:16.2.2 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1252.60.1033.18.1012.407 [GMT 8:00]
Running from: c:\users\CMCPRO\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
FW: Kaspersky Anti-Virus *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
SP: Kaspersky Anti-Virus *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-06-15 to 2012-07-15 )))))))))))))))))))))))))))))))
.
.
2012-07-15 07:28 . 2012-07-15 07:28 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-07-15 07:28 . 2012-07-15 07:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-09 11:44 . 2012-07-12 07:08 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{017B05A2-0A55-4AB9-A358-5CE89447F27F}\offreg.dll
2012-07-09 11:34 . 2012-06-17 19:14 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{017B05A2-0A55-4AB9-A358-5CE89447F27F}\mpengine.dll
2012-07-01 18:08 . 2012-07-01 18:08 -------- d-----w- c:\users\CMCPRO\AppData\Roaming\Malwarebytes
2012-07-01 18:07 . 2012-07-01 18:07 -------- d-----w- c:\programdata\Malwarebytes
2012-07-01 18:07 . 2012-07-01 18:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-01 18:07 . 2012-04-04 07:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-29 06:54 . 2012-06-29 06:54 -------- d-----w- c:\users\CMCPRO\AppData\Local\Apps
2012-06-28 21:47 . 2012-07-02 10:28 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-06-28 21:47 . 2012-07-02 10:25 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-06-25 06:41 . 2012-06-25 06:41 -------- d-----w- c:\program files\Common Files\Java
2012-06-25 06:39 . 2012-06-25 06:39 -------- d-----w- c:\program files\Oracle
2012-06-25 06:38 . 2012-05-04 11:29 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-06-24 13:11 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-24 13:11 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-24 13:11 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-24 13:11 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-24 13:11 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-24 13:11 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-24 13:11 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-24 13:10 . 2012-06-02 07:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-24 13:10 . 2012-06-02 07:12 33792 ----a-w- c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-25 05:53 . 2012-06-04 01:58 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-25 05:53 . 2011-06-04 11:10 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-31 04:25 . 2010-08-07 14:47 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-04 11:29 . 2010-07-07 10:59 687504 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-07 16:18 . 2011-06-13 23:31 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn1\yt.dll" [2012-01-12 1517368]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2009-10-29 01:18 661504 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2009-10-29 01:18 661504 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2009-10-29 01:18 661504 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2009-10-29 01:18 661504 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2009-10-29 01:18 661504 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe" [2010-03-12 311680]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-09-01 499768]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-10-12 495708]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-27 1721640]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-08-20 322104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-16 150552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-16 141848]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-16 173592]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-5 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-28 01:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 06:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-03-21 18:56 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-06-09 13:00 136176 ----atw- c:\users\CMCPRO\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2011-05-09 18:41 49208 ----a-w- c:\program files\Hp\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HW_OPENEYE_OUC_Celcom Broadband Manager]
2009-07-27 08:54 110592 ----a-w- c:\program files\Celcom Broadband Manager\UpdateDog\ouc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeSyncProcess]
2011-07-21 15:07 718720 ----a-w- c:\program files\Microsoft Office\Office14\MSOSYNC.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZumoDrive]
2010-06-08 09:27 2042 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\DRIVERS\massfilter.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [x]
R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [x]
R4 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\DatacardService\HWDeviceService.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 DVMIO;DVMIO;c:\splash.sys\config\dvmio.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5576240ee6baaa25\aestsrv.exe [x]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\splash.sys\config\DVMExportService.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
S3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-03 18:44]
.
2012-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-03 18:44]
.
2012-07-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3753072318-3713065928-2266387906-1000Core.job
- c:\users\CMCPRO\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-09 13:00]
.
2012-07-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3753072318-3713065928-2266387906-1000UA.job
- c:\users\CMCPRO\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-09 13:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.my/
uInternet Settings,ProxyOverride = local
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\ie_banner_deny.htm
IE: Crawler Search - tbr:iemenu
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{09E90109-A9AA-4980-BCEF-76F8D924E902} - c:\program files\Bywifi\bywifici.exe
IE: {{3B54DEAB-C6D4-48a8-8C32-A70558643400} - c:\program files\FinalVideoDownloader\fvdRunner.html
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{517DF27A-A7D2-4475-8F22-2F68C7FD9C24}: NameServer = 58.71.136.10 58.71.132.10
TCP: Interfaces\{E1484EC9-182E-4299-BD2C-0E1E11B096D6}: NameServer = 58.71.136.10 58.71.132.10
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\ctbr.dll
FF - ProfilePath - c:\users\CMCPRO\AppData\Roaming\Mozilla\Firefox\Profiles\ozqhtvlp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.my/
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZNman000&ptb=SMwLhbZP0SduqvKY1iAC7w&psa=&ind=2010081205&ptnrS=ZNman000&si=&st=kwd&n=77cf67b5&searchfor=
FF - prefs.js: network.proxy.type - 2
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3753072318-3713065928-2266387906-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3753072318-3713065928-2266387906-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4708)
c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
c:\program files\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFTaskbar.dll
.
Completion time: 2012-07-15 15:34:16
ComboFix-quarantined-files.txt 2012-07-15 07:34
ComboFix2.txt 2012-07-08 07:25
.
Pre-Run: 166,889,332,736 bytes free
Post-Run: 166,814,138,368 bytes free
.
- - End Of File - - 1DD211675F9156C631AD99DECC816482


==================================

Edited by Joe242, 15 July 2012 - 02:46 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users