Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

web redirect malware


  • This topic is locked This topic is locked
22 replies to this topic

#1 billdonovan

billdonovan

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Atlanta, GA
  • Local time:05:03 PM

Posted 05 July 2012 - 07:15 AM

I seem to be hit by some kind of redirect malware. I've tried to fix it by running malwarebytes, MS Security Essentials as well as Superantispyware. My computer seems to run normally other than when using the web. And when I do a Google search I am usually - but not always - misdirected.

I ran Combo fix and do have the log (I realize now that I should not have done this until asked .... I was in sort of a panic and only skimmed the directions, mea culpa).

I'd appreciate any help that can be offered. I'll be glad to either attach the log file I already have from Combo fix, or to run the thing again and attach the new log file. I apologize for failing to read and correctly follow the instructions.

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:03 PM

Posted 05 July 2012 - 08:29 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 billdonovan

billdonovan
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Atlanta, GA
  • Local time:05:03 PM

Posted 05 July 2012 - 09:13 AM

Thanks so much for the help. I'm pasting in the logs below. Your help is appreciated.

Bill

First the checkup log:


Results of screen317's Security Check version 0.99.42
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
Java™ 6 Update 29
Java version out of Date!
Adobe Reader X (10.1.3)
Google Chrome 19.0.1084.56
Google Chrome 20.0.1132.47
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

Now the log from DDS:


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Bill at 10:01:31 on 2012-07-05
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8055.5077 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Genie-Soft\Genie Timeline\GenieTimelineService.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Genie-Soft\Genie Timeline\x86\WebServer\PHP\php-cgi.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\Genie-Soft\Genie Timeline\GSTimeLineAgent.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Bill\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bill\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Bill\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Bill\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bill\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
C:\Users\Bill\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bill\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer, optimized for Bing and MSN
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: Developer Tools: {1a6fe369-f28c-4ad9-a3e6-2bcb50807cf1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
uRun: [Adobe Reader Synchronizer] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe"
mRun: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Genie TimeLine Tray] C:\Program Files\Genie-Soft\Genie Timeline\GSTimeLineAgent.exe -auto
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
StartupFolder: C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{14C1998C-9E64-4B31-9388-6BECB77D6A0A} : DhcpNameServer = 192.168.1.254
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB-X64: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - No File
mRun-x64: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun-x64: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Genie TimeLine Tray] C:\Program Files\Genie-Soft\Genie Timeline\GSTimeLineAgent.exe -auto
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 MpKsl58f343aa;MpKsl58f343aa;C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{91E40863-CDE4-4791-9CB1-264E903188B7}\MpKsl58f343aa.sys [2012-7-5 35664]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-2-17 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-2-17 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2010-6-29 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 GenieTimelineService;Genie Timeline Service;C:\Program Files\Genie-Soft\Genie Timeline\GenieTimelineService.exe [2011-1-11 468096]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-2-23 1692480]
R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-1-23 92592]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-10 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-7 250056]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-10 136176]
S3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
S3 lvpepf64;Volume Adapter;C:\Windows\system32\DRIVERS\lv302a64.sys --> C:\Windows\system32\DRIVERS\lv302a64.sys [?]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
S3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\drivers\LVUSBS64.sys --> C:\Windows\system32\drivers\LVUSBS64.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-07-05 12:03:54 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{91E40863-CDE4-4791-9CB1-264E903188B7}\offreg.dll
2012-07-05 12:03:53 35664 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{91E40863-CDE4-4791-9CB1-264E903188B7}\MpKsl58f343aa.sys
2012-07-05 11:52:25 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DB0E84FF-7680-471B-93E1-C0B981CD1F07}\gapaengine.dll
2012-07-05 11:52:22 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{91E40863-CDE4-4791-9CB1-264E903188B7}\mpengine.dll
2012-07-05 11:50:49 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-07-05 11:50:47 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-07-05 11:21:07 -------- d-----w- C:\$RECYCLE.BIN
2012-07-05 11:17:12 0 ----a-w- C:\Windows\SysWow64\sho589C.tmp
2012-07-05 10:35:54 98816 ----a-w- C:\Windows\sed.exe
2012-07-05 10:35:54 518144 ----a-w- C:\Windows\SWREG.exe
2012-07-05 10:35:54 256000 ----a-w- C:\Windows\PEV.exe
2012-07-05 10:35:54 208896 ----a-w- C:\Windows\MBR.exe
2012-07-05 10:34:50 -------- d-----w- C:\ComboFix
2012-07-04 15:25:05 -------- d-----w- C:\Users\Bill\AppData\Roaming\Malwarebytes
2012-07-04 15:24:52 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-04 15:24:51 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-02 00:34:51 0 ----a-w- C:\Windows\SysWow64\sho6E0E.tmp
2012-07-01 02:18:32 0 ----a-w- C:\Windows\SysWow64\shoB59B.tmp
2012-06-25 00:36:04 0 ----a-w- C:\Windows\SysWow64\shoBCAB.tmp
2012-06-22 09:42:13 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-22 09:41:53 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-22 09:41:17 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-22 09:41:16 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-18 00:50:34 0 ----a-w- C:\Windows\SysWow64\sho99B0.tmp
2012-06-13 09:42:37 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-06-13 09:42:36 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-06-13 09:42:36 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-06-13 09:42:11 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-06-13 09:42:06 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-06-13 09:42:05 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-06-13 09:42:04 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-06-13 09:41:58 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-06-13 09:41:55 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-06-13 09:41:52 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-06-13 09:41:51 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-06-13 09:41:31 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-06-13 09:41:30 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-06-13 09:41:29 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-06-13 09:41:29 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-06-13 09:41:29 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-06-13 09:41:28 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-06-13 01:02:41 0 ----a-w- C:\Windows\SysWow64\sho8EB8.tmp
2012-06-08 01:18:34 0 ----a-w- C:\Windows\SysWow64\sho78A9.tmp
2012-06-07 01:13:26 0 ----a-w- C:\Windows\SysWow64\sho6D4.tmp
.
==================== Find3M ====================
.
2012-06-23 23:34:58 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-23 23:34:58 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-31 01:05:16 0 ----a-w- C:\Windows\SysWow64\sho255C.tmp
2012-05-30 01:15:28 0 ----a-w- C:\Windows\SysWow64\shoAFFE.tmp
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-10 00:50:33 0 ----a-w- C:\Windows\SysWow64\sho7E16.tmp
2012-05-08 00:59:35 0 ----a-w- C:\Windows\SysWow64\sho4CD8.tmp
2012-05-06 00:51:20 0 ----a-w- C:\Windows\SysWow64\sho536E.tmp
2012-04-26 01:10:28 0 ----a-w- C:\Windows\SysWow64\sho2F59.tmp
2012-04-11 00:39:46 0 ----a-w- C:\Windows\SysWow64\sho86AB.tmp
.
============= FINISH: 10:08:53.08 ===============

#4 billdonovan

billdonovan
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Atlanta, GA
  • Local time:05:03 PM

Posted 05 July 2012 - 10:03 AM

One thing that I forgot to mention - I'm also getting "message from web page" pop-ups. At the moment my security consists of MS Security Essentials, Superantispyware and Malwarebytes.

Also I should mention that the computer seems to work fine and at normal speeds on all programs other than Web browsers. The Web browsers are slow - even to the point of letters slowly appearing as i attempt to type. I've tried 3 browsers. Opera is the slowest, IE next and Chrome seems to work best. Chrome is also slow but not as slow as the other two.

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:03 PM

Posted 05 July 2012 - 07:21 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 billdonovan

billdonovan
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Atlanta, GA
  • Local time:05:03 PM

Posted 05 July 2012 - 07:35 PM

Thanks, I will run Combofix tomorrow morning. I did mention to you in an earlier note that I did that before my first post here. But I will run it again and post the logs. When I ran it the first time it didn't seem to make any difference at all. But I will gladly run it again and post the logs tomorrow.

Bill

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:03 PM

Posted 05 July 2012 - 08:46 PM

Yes I would like to see a fresh report and if it asks to update do allow it



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 billdonovan

billdonovan
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Atlanta, GA
  • Local time:05:03 PM

Posted 06 July 2012 - 05:40 AM

OK. I ran Combofix again this morning and will paste in the log. The computer is behaving this way - some websites load as fast as they once did, others are still slow. For instance, my own site loads very fast but as I move off fro there some sites still load slowly. The other functions of the computer are normal - and have been from the start, even at the worst of this. I haven't had a web pop-up message this morning, but the computer hasn't been on very long so I can't say for sure if that will continue. My guess is that it will but that's a guess. Here's the paste of the log from this morning's run:


ComboFix 12-07-06.01 - Bill 07/06/2012 5:35.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8055.6362 [GMT -4:00]
Running from: c:\users\Bill\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-06-06 to 2012-07-06 )))))))))))))))))))))))))))))))
.
.
2012-07-06 10:02 . 2012-07-06 10:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-06 00:39 . 2012-07-06 00:39 0 ----a-w- c:\windows\SysWow64\sho31F2.tmp
2012-07-05 16:11 . 2012-07-05 16:11 -------- d-----w- c:\programdata\Sophos
2012-07-05 16:11 . 2012-07-05 16:11 73728 ----a-r- c:\users\Bill\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-07-05 16:11 . 2012-07-05 16:11 73728 ----a-r- c:\users\Bill\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-07-05 16:11 . 2012-07-05 16:11 73728 ----a-r- c:\users\Bill\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2012-07-05 16:10 . 2012-07-05 16:10 -------- d-----w- c:\program files (x86)\Sophos
2012-07-05 15:13 . 2012-07-05 15:13 -------- d-----w- c:\users\Bill\AppData\Roaming\AVG2012
2012-07-05 15:12 . 2012-07-05 15:12 -------- d-----w- c:\users\Bill\AppData\Local\AVG Secure Search
2012-07-05 15:12 . 2012-07-05 15:13 -------- d-----w- c:\programdata\AVG Secure Search
2012-07-05 15:12 . 2012-07-05 15:12 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-07-05 15:12 . 2012-07-05 15:12 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-07-05 15:11 . 2012-07-05 15:11 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-07-05 15:10 . 2012-07-06 08:46 -------- d-----w- c:\programdata\AVG2012
2012-07-05 15:10 . 2012-07-05 22:57 -------- d-----w- c:\windows\system32\drivers\AVG
2012-07-05 15:10 . 2012-07-05 15:10 -------- d-----w- C:\$AVG
2012-07-05 15:09 . 2012-07-05 15:09 -------- d-----w- c:\program files (x86)\AVG
2012-07-05 15:07 . 2012-07-05 15:15 -------- d-----w- c:\programdata\MFAData
2012-07-05 15:07 . 2012-07-05 15:07 -------- d--h--w- c:\programdata\Common Files
2012-07-05 11:17 . 2012-07-05 11:17 0 ----a-w- c:\windows\SysWow64\sho589C.tmp
2012-07-04 15:25 . 2012-07-04 15:25 -------- d-----w- c:\users\Bill\AppData\Roaming\Malwarebytes
2012-07-04 15:24 . 2012-07-04 15:24 -------- d-----w- c:\programdata\Malwarebytes
2012-07-04 15:24 . 2012-07-04 15:24 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-02 00:34 . 2012-07-02 00:34 0 ----a-w- c:\windows\SysWow64\sho6E0E.tmp
2012-07-01 02:18 . 2012-07-01 02:18 0 ----a-w- c:\windows\SysWow64\shoB59B.tmp
2012-06-25 00:36 . 2012-06-25 00:36 0 ----a-w- c:\windows\SysWow64\shoBCAB.tmp
2012-06-22 09:42 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 09:42 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 09:42 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 09:42 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 09:41 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-22 09:41 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 09:41 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 09:41 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 09:41 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-18 00:50 . 2012-06-18 00:50 0 ----a-w- c:\windows\SysWow64\sho99B0.tmp
2012-06-13 09:42 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 09:42 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 09:42 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 09:42 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-13 09:42 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-13 09:42 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-13 09:42 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-13 09:41 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 09:41 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 09:41 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-13 09:41 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-13 09:41 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 09:41 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-13 09:41 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 09:41 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 09:41 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-13 09:41 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-13 01:02 . 2012-06-13 01:02 0 ----a-w- c:\windows\SysWow64\sho8EB8.tmp
2012-06-08 01:18 . 2012-06-08 01:18 0 ----a-w- c:\windows\SysWow64\sho78A9.tmp
2012-06-07 01:13 . 2012-06-07 01:13 0 ----a-w- c:\windows\SysWow64\sho6D4.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 23:34 . 2012-04-07 10:21 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-23 23:34 . 2011-05-16 10:58 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-31 01:05 . 2012-05-31 01:05 0 ----a-w- c:\windows\SysWow64\sho255C.tmp
2012-05-30 01:15 . 2012-05-30 01:15 0 ----a-w- c:\windows\SysWow64\shoAFFE.tmp
2012-05-10 00:50 . 2012-05-10 00:50 0 ----a-w- c:\windows\SysWow64\sho7E16.tmp
2012-05-08 00:59 . 2012-05-08 00:59 0 ----a-w- c:\windows\SysWow64\sho4CD8.tmp
2012-05-06 00:51 . 2012-05-06 00:51 0 ----a-w- c:\windows\SysWow64\sho536E.tmp
2012-04-26 01:10 . 2012-04-26 01:10 0 ----a-w- c:\windows\SysWow64\sho2F59.tmp
2012-04-19 08:50 . 2012-04-19 08:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2012-04-11 00:39 . 2012-04-11 00:39 0 ----a-w- c:\windows\SysWow64\sho86AB.tmp
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-05_11.22.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-07-06 10:04 . 2012-07-06 10:04 13306 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2012-07-05 00:47 . 2012-07-05 00:47 13306 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2011-02-26 23:57 . 2012-07-06 10:07 52454 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-06 10:07 32592 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-02-27 01:03 . 2012-07-06 10:07 19880 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1428253779-3949699242-2007108050-1001_UserData.bin
+ 2012-01-31 08:46 . 2012-01-31 08:46 36944 c:\windows\system32\drivers\avgrkx64.sys
+ 2011-12-23 17:32 . 2011-12-23 17:32 47696 c:\windows\system32\drivers\avgmfx64.sys
+ 2011-12-23 17:32 . 2011-12-23 17:32 29776 c:\windows\system32\drivers\avgidsfiltera.sys
- 2011-02-27 00:54 . 2012-07-05 09:37 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-02-27 00:54 . 2012-07-05 12:15 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-02-27 00:54 . 2012-07-05 09:37 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-02-27 00:54 . 2012-07-05 12:15 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-05 09:37 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-05 12:15 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-07-06 08:55 91888 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-07-06 10:05 . 2012-07-06 10:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-05 11:18 . 2012-07-05 11:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-06 10:05 . 2012-07-06 10:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-05 11:18 . 2012-07-05 11:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2012-07-05 15:06 627518 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-07-05 10:34 627518 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-05 15:06 107576 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-07-05 10:34 107576 c:\windows\system32\perfc009.dat
+ 2009-07-14 04:45 . 2012-07-05 12:11 413312 c:\windows\system32\FNTCACHE.DAT
- 2009-07-14 04:45 . 2012-06-14 09:30 413312 c:\windows\system32\FNTCACHE.DAT
+ 2012-03-19 09:17 . 2012-03-19 09:17 383808 c:\windows\system32\drivers\avgtdia.sys
+ 2012-02-22 09:25 . 2012-02-22 09:25 289872 c:\windows\system32\drivers\avgldx64.sys
+ 2011-12-23 17:31 . 2011-12-23 17:31 124496 c:\windows\system32\drivers\avgidsdrivera.sys
+ 2012-07-05 15:08 . 2012-07-05 15:08 223232 c:\windows\Installer\a0f989.msi
+ 2012-05-01 01:18 . 2012-07-05 11:51 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\SCEP.exe
- 2012-05-01 01:18 . 2012-05-01 01:18 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\SCEP.exe
- 2012-05-01 01:18 . 2012-05-01 01:18 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\INTUNE.exe
+ 2012-05-01 01:18 . 2012-07-05 11:51 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\INTUNE.exe
+ 2012-05-01 01:18 . 2012-07-05 11:51 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\FEP.exe
- 2012-05-01 01:18 . 2012-05-01 01:18 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\FEP.exe
+ 2012-05-01 01:18 . 2012-07-05 11:51 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\EPP.exe
- 2012-05-01 01:18 . 2012-05-01 01:18 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\EPP.exe
+ 2009-07-14 04:45 . 2012-07-05 16:01 7114300 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2012-06-23 09:31 7114300 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2011-02-27 02:20 . 2012-07-05 00:47 2370304 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-02-27 02:20 . 2012-07-06 00:39 2370304 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-07-05 15:07 . 2012-07-05 15:07 8451584 c:\windows\Installer\a0f998.msi
+ 2012-07-05 15:08 . 2012-07-05 15:08 2871808 c:\windows\Installer\a0f994.msi
+ 2012-07-05 15:08 . 2012-07-05 15:08 8544256 c:\windows\Installer\a0f990.msi
+ 2012-05-16 11:28 . 2012-05-16 11:28 73078272 c:\windows\Installer\ec15e.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-05 15:12 2074208 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-05 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2011-03-04 00:52 762000 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2011-03-04 00:52 762000 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2011-03-04 00:52 762000 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-06-21 4786048]
"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2012-01-23 247728]
"Adobe Reader Synchronizer"="c:\program files (x86)\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe" [2012-04-04 1261472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2010-01-27 237568]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2011-03-04 948880]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Genie TimeLine Tray"="c:\program files\Genie-Soft\Genie Timeline\GSTimeLineAgent.exe" [2011-01-11 874624]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2012-03-01 232616]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-07-05 1107552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-08 559616]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2011-08-01 165184]
.
c:\users\Bill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2011-12-7 0]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-10 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-10 136176]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]
R3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys [2008-07-26 15768]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2008-07-26 790424]
R3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [2008-07-26 50072]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-27 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-08-04 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-08-04 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-17 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-01-27 203776]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-06-13 5161080]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 GenieTimelineService;Genie Timeline Service;c:\program files\Genie-Soft\Genie Timeline\GenieTimelineService.exe [2011-01-11 468096]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-01-23 92592]
S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-07-05 935008]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-01-27 9085952]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-01-27 299520]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-04 271872]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-10-16 321064]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 23:34]
.
2012-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-10 14:05]
.
2012-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-10 14:05]
.
2012-07-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1428253779-3949699242-2007108050-1001Core.job
- c:\users\Bill\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-23 19:21]
.
2012-07-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1428253779-3949699242-2007108050-1001UA.job
- c:\users\Bill\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-23 19:21]
.
2012-07-04 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-07-25 17:44]
.
2012-06-25 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task ea48728c-1f09-4b3e-9fe9-1629e24a0cb1.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-08-04 10:06]
.
2012-07-05 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task f51691c1-ed42-48fa-83f1-f65ee8a6b74e.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-08-04 10:06]
.
2012-07-06 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-07-25 17:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2011-03-04 00:36 1174672 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2011-03-04 00:36 1174672 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2011-03-04 00:36 1174672 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-09 10060832]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.254
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files\Genie-Soft\Genie Timeline\x86\WebServer\PHP\php-cgi.exe
c:\program files (x86)\AVG\AVG2012\avgcfgex.exe
.
**************************************************************************
.
Completion time: 2012-07-06 06:28:35 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-06 10:28
ComboFix2.txt 2012-07-05 11:43
.
Pre-Run: 850,262,446,080 bytes free
Post-Run: 850,158,137,344 bytes free
.
- - End Of File - - 1E6A2790AF174444E273EE5B65416F79

#9 billdonovan

billdonovan
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Atlanta, GA
  • Local time:05:03 PM

Posted 06 July 2012 - 06:04 AM

I pasted in the Combofix earlier this morning - but I wanted to add one more thought. When I look at the log under the Supplementary Scan section I see this:


Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com

That doesn't sound right to me (although I can't even pretend to know what I'm doing, I'm mostly just flagging it for your attention). Those aren't sites that I've somehow flagged as trusted and - just from the names of them - they don't seem right.

It may be nothing at all but you'll know and I wanted to at least flag that. You would have probably noticed but it just seemed odd to me.

Bill

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:03 PM

Posted 06 July 2012 - 06:21 AM

Greetings

That has to do with a game that when you install the game it does that

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 billdonovan

billdonovan
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Atlanta, GA
  • Local time:05:03 PM

Posted 06 July 2012 - 07:13 AM

Ok. I've run the two programs. It's too early - I'm sending this immediately after doing all that - to tell if it's made any difference in how the websites load. But I will send a separate note if I notice any difference. I need to say again how much all this is appreciated. You've worked very hard and responded quickly and that's sure been noted by me. Here are the logs:


07:35:39.0956 3656 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08
07:35:40.0240 3656 ============================================================
07:35:40.0240 3656 Current date / time: 2012/07/06 07:35:40.0240
07:35:40.0240 3656 SystemInfo:
07:35:40.0240 3656
07:35:40.0240 3656 OS Version: 6.1.7601 ServicePack: 1.0
07:35:40.0240 3656 Product type: Workstation
07:35:40.0240 3656 ComputerName: BILL-PC2
07:35:40.0241 3656 UserName: Bill
07:35:40.0241 3656 Windows directory: C:\Windows
07:35:40.0241 3656 System windows directory: C:\Windows
07:35:40.0241 3656 Running under WOW64
07:35:40.0241 3656 Processor architecture: Intel x64
07:35:40.0241 3656 Number of processors: 4
07:35:40.0241 3656 Page size: 0x1000
07:35:40.0241 3656 Boot type: Normal boot
07:35:40.0241 3656 ============================================================
07:35:42.0214 3656 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
07:35:42.0227 3656 Drive \Device\Harddisk5\DR5 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
07:35:42.0558 3656 ============================================================
07:35:42.0558 3656 \Device\Harddisk0\DR0:
07:35:42.0572 3656 MBR partitions:
07:35:42.0572 3656 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1909000
07:35:42.0572 3656 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x191D000, BlocksNum 0x72DE4DB0
07:35:42.0572 3656 \Device\Harddisk5\DR5:
07:35:42.0578 3656 MBR partitions:
07:35:42.0578 3656 \Device\Harddisk5\DR5\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1D1C4800
07:35:42.0578 3656 ============================================================
07:35:42.0592 3656 C: <-> \Device\Harddisk0\DR0\Partition1
07:35:42.0616 3656 I: <-> \Device\Harddisk5\DR5\Partition0
07:35:42.0616 3656 ============================================================
07:35:42.0617 3656 Initialize success
07:35:42.0617 3656 ============================================================
07:35:48.0032 5020 ============================================================
07:35:48.0032 5020 Scan started
07:35:48.0032 5020 Mode: Manual;
07:35:48.0032 5020 ============================================================
07:35:48.0686 5020 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
07:35:48.0687 5020 !SASCORE - ok
07:35:48.0775 5020 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
07:35:48.0777 5020 1394ohci - ok
07:35:48.0799 5020 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
07:35:48.0801 5020 ACPI - ok
07:35:48.0813 5020 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
07:35:48.0814 5020 AcpiPmi - ok
07:35:48.0863 5020 Adobe LM Service (8b46d5a1d3ef08232c04d0eafb871fb2) C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
07:35:48.0865 5020 Adobe LM Service - ok
07:35:48.0916 5020 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
07:35:48.0916 5020 AdobeARMservice - ok
07:35:48.0987 5020 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
07:35:48.0988 5020 AdobeFlashPlayerUpdateSvc - ok
07:35:49.0025 5020 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
07:35:49.0032 5020 adp94xx - ok
07:35:49.0043 5020 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
07:35:49.0047 5020 adpahci - ok
07:35:49.0053 5020 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
07:35:49.0055 5020 adpu320 - ok
07:35:49.0071 5020 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
07:35:49.0071 5020 AeLookupSvc - ok
07:35:49.0109 5020 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
07:35:49.0113 5020 AFD - ok
07:35:49.0129 5020 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
07:35:49.0131 5020 agp440 - ok
07:35:49.0139 5020 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
07:35:49.0140 5020 ALG - ok
07:35:49.0150 5020 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
07:35:49.0151 5020 aliide - ok
07:35:49.0179 5020 AMD External Events Utility (5eba5e837d6635aea999bae47e186c6f) C:\Windows\system32\atiesrxx.exe
07:35:49.0180 5020 AMD External Events Utility - ok
07:35:49.0187 5020 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
07:35:49.0188 5020 amdide - ok
07:35:49.0199 5020 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
07:35:49.0200 5020 AmdK8 - ok
07:35:49.0396 5020 amdkmdag (dcc8177244fe79c61c4e73c65e63922a) C:\Windows\system32\DRIVERS\atikmdag.sys
07:35:49.0506 5020 amdkmdag - ok
07:35:49.0647 5020 amdkmdap (7fe67d107329dc2cf89136a8e19bceb7) C:\Windows\system32\DRIVERS\atikmpag.sys
07:35:49.0648 5020 amdkmdap - ok
07:35:49.0653 5020 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
07:35:49.0654 5020 AmdPPM - ok
07:35:49.0680 5020 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
07:35:49.0682 5020 amdsata - ok
07:35:49.0693 5020 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
07:35:49.0695 5020 amdsbs - ok
07:35:49.0712 5020 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
07:35:49.0713 5020 amdxata - ok
07:35:49.0745 5020 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
07:35:49.0746 5020 AppID - ok
07:35:49.0761 5020 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
07:35:49.0763 5020 AppIDSvc - ok
07:35:49.0801 5020 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
07:35:49.0801 5020 Appinfo - ok
07:35:49.0895 5020 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
07:35:49.0895 5020 Apple Mobile Device - ok
07:35:49.0923 5020 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
07:35:49.0925 5020 arc - ok
07:35:49.0929 5020 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
07:35:49.0931 5020 arcsas - ok
07:35:49.0946 5020 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
07:35:49.0947 5020 AsyncMac - ok
07:35:49.0955 5020 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
07:35:49.0956 5020 atapi - ok
07:35:49.0989 5020 AtiHdmiService (fb7602c5c508be281368aae0b61b51c6) C:\Windows\system32\drivers\AtiHdmi.sys
07:35:49.0989 5020 AtiHdmiService - ok
07:35:50.0037 5020 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
07:35:50.0040 5020 AudioEndpointBuilder - ok
07:35:50.0046 5020 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
07:35:50.0049 5020 AudioSrv - ok
07:35:50.0471 5020 AVGIDSAgent (55893fff154ffd7c29919d2b9218210c) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
07:35:50.0490 5020 AVGIDSAgent - ok
07:35:50.0617 5020 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys
07:35:50.0618 5020 AVGIDSDriver - ok
07:35:50.0645 5020 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys
07:35:50.0645 5020 AVGIDSFilter - ok
07:35:50.0684 5020 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys
07:35:50.0684 5020 AVGIDSHA - ok
07:35:50.0743 5020 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
07:35:50.0744 5020 Avgldx64 - ok
07:35:50.0762 5020 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
07:35:50.0763 5020 Avgmfx64 - ok
07:35:50.0787 5020 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
07:35:50.0787 5020 Avgrkx64 - ok
07:35:50.0818 5020 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS\avgtdia.sys
07:35:50.0818 5020 Avgtdia - ok
07:35:50.0873 5020 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
07:35:50.0874 5020 avgwd - ok
07:35:50.0936 5020 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
07:35:50.0938 5020 AxInstSV - ok
07:35:50.0977 5020 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
07:35:50.0982 5020 b06bdrv - ok
07:35:51.0007 5020 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
07:35:51.0010 5020 b57nd60a - ok
07:35:51.0029 5020 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
07:35:51.0030 5020 BDESVC - ok
07:35:51.0044 5020 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
07:35:51.0045 5020 Beep - ok
07:35:51.0088 5020 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
07:35:51.0091 5020 BFE - ok
07:35:51.0142 5020 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
07:35:51.0146 5020 BITS - ok
07:35:51.0186 5020 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
07:35:51.0187 5020 blbdrive - ok
07:35:51.0247 5020 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
07:35:51.0249 5020 Bonjour Service - ok
07:35:51.0277 5020 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
07:35:51.0277 5020 bowser - ok
07:35:51.0281 5020 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
07:35:51.0282 5020 BrFiltLo - ok
07:35:51.0285 5020 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
07:35:51.0286 5020 BrFiltUp - ok
07:35:51.0292 5020 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
07:35:51.0293 5020 BridgeMP - ok
07:35:51.0330 5020 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
07:35:51.0331 5020 Browser - ok
07:35:51.0345 5020 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
07:35:51.0348 5020 Brserid - ok
07:35:51.0356 5020 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
07:35:51.0357 5020 BrSerWdm - ok
07:35:51.0362 5020 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
07:35:51.0363 5020 BrUsbMdm - ok
07:35:51.0367 5020 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
07:35:51.0368 5020 BrUsbSer - ok
07:35:51.0373 5020 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
07:35:51.0375 5020 BTHMODEM - ok
07:35:51.0388 5020 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
07:35:51.0389 5020 bthserv - ok
07:35:51.0566 5020 CarboniteService (33e43a31ac6ac6ba95d4772d8cca076f) C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
07:35:51.0589 5020 CarboniteService - ok
07:35:51.0724 5020 catchme - ok
07:35:51.0828 5020 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
07:35:51.0830 5020 cdfs - ok
07:35:51.0870 5020 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
07:35:51.0872 5020 cdrom - ok
07:35:51.0911 5020 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
07:35:51.0912 5020 CertPropSvc - ok
07:35:51.0934 5020 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
07:35:51.0935 5020 circlass - ok
07:35:51.0960 5020 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
07:35:51.0961 5020 CLFS - ok
07:35:52.0008 5020 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:35:52.0010 5020 clr_optimization_v2.0.50727_32 - ok
07:35:52.0035 5020 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
07:35:52.0037 5020 clr_optimization_v2.0.50727_64 - ok
07:35:52.0121 5020 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:35:52.0122 5020 clr_optimization_v4.0.30319_32 - ok
07:35:52.0149 5020 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
07:35:52.0150 5020 clr_optimization_v4.0.30319_64 - ok
07:35:52.0153 5020 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
07:35:52.0154 5020 CmBatt - ok
07:35:52.0191 5020 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
07:35:52.0192 5020 cmdide - ok
07:35:52.0232 5020 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
07:35:52.0234 5020 CNG - ok
07:35:52.0239 5020 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
07:35:52.0240 5020 Compbatt - ok
07:35:52.0257 5020 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
07:35:52.0258 5020 CompositeBus - ok
07:35:52.0267 5020 COMSysApp - ok
07:35:52.0272 5020 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
07:35:52.0273 5020 crcdisk - ok
07:35:52.0311 5020 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
07:35:52.0312 5020 CryptSvc - ok
07:35:52.0415 5020 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
07:35:52.0418 5020 cvhsvc - ok
07:35:52.0475 5020 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
07:35:52.0478 5020 DcomLaunch - ok
07:35:52.0503 5020 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
07:35:52.0506 5020 defragsvc - ok
07:35:52.0561 5020 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
07:35:52.0563 5020 DfsC - ok
07:35:52.0592 5020 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
07:35:52.0594 5020 Dhcp - ok
07:35:52.0602 5020 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
07:35:52.0604 5020 discache - ok
07:35:52.0627 5020 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
07:35:52.0628 5020 Disk - ok
07:35:52.0662 5020 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
07:35:52.0663 5020 Dnscache - ok
07:35:52.0711 5020 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe
07:35:52.0712 5020 DockLoginService - ok
07:35:52.0741 5020 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
07:35:52.0744 5020 dot3svc - ok
07:35:52.0784 5020 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
07:35:52.0785 5020 DPS - ok
07:35:52.0813 5020 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
07:35:52.0814 5020 drmkaud - ok
07:35:52.0846 5020 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
07:35:52.0850 5020 DXGKrnl - ok
07:35:52.0876 5020 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
07:35:52.0877 5020 EapHost - ok
07:35:52.0953 5020 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
07:35:53.0000 5020 ebdrv - ok
07:35:53.0117 5020 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
07:35:53.0118 5020 EFS - ok
07:35:53.0165 5020 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
07:35:53.0172 5020 ehRecvr - ok
07:35:53.0193 5020 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
07:35:53.0195 5020 ehSched - ok
07:35:53.0227 5020 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
07:35:53.0232 5020 elxstor - ok
07:35:53.0258 5020 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
07:35:53.0260 5020 ErrDev - ok
07:35:53.0300 5020 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
07:35:53.0302 5020 EventSystem - ok
07:35:53.0313 5020 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
07:35:53.0315 5020 exfat - ok
07:35:53.0334 5020 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
07:35:53.0336 5020 fastfat - ok
07:35:53.0386 5020 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
07:35:53.0392 5020 Fax - ok
07:35:53.0398 5020 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
07:35:53.0399 5020 fdc - ok
07:35:53.0414 5020 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
07:35:53.0414 5020 fdPHost - ok
07:35:53.0418 5020 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
07:35:53.0419 5020 FDResPub - ok
07:35:53.0427 5020 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
07:35:53.0427 5020 FileInfo - ok
07:35:53.0439 5020 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
07:35:53.0440 5020 Filetrace - ok
07:35:53.0443 5020 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
07:35:53.0444 5020 flpydisk - ok
07:35:53.0475 5020 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
07:35:53.0477 5020 FltMgr - ok
07:35:53.0525 5020 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
07:35:53.0530 5020 FontCache - ok
07:35:53.0570 5020 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
07:35:53.0571 5020 FontCache3.0.0.0 - ok
07:35:53.0601 5020 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
07:35:53.0602 5020 FsDepends - ok
07:35:53.0616 5020 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
07:35:53.0617 5020 Fs_Rec - ok
07:35:53.0632 5020 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
07:35:53.0634 5020 fvevol - ok
07:35:53.0643 5020 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
07:35:53.0644 5020 gagp30kx - ok
07:35:53.0721 5020 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
07:35:53.0723 5020 GamesAppService - ok
07:35:53.0751 5020 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
07:35:53.0752 5020 GEARAspiWDM - ok
07:35:53.0854 5020 GenieTimelineService (41b1f9e99f6b4a00b1902df13a62b093) C:\Program Files\Genie-Soft\Genie Timeline\GenieTimelineService.exe
07:35:53.0856 5020 GenieTimelineService - ok
07:35:53.0901 5020 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
07:35:53.0901 5020 gpsvc - ok
07:35:53.0974 5020 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
07:35:53.0975 5020 gupdate - ok
07:35:53.0981 5020 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
07:35:53.0982 5020 gupdatem - ok
07:35:53.0999 5020 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
07:35:54.0000 5020 hcw85cir - ok
07:35:54.0034 5020 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
07:35:54.0038 5020 HdAudAddService - ok
07:35:54.0075 5020 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
07:35:54.0076 5020 HDAudBus - ok
07:35:54.0097 5020 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
07:35:54.0110 5020 HECIx64 - ok
07:35:54.0114 5020 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
07:35:54.0115 5020 HidBatt - ok
07:35:54.0121 5020 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
07:35:54.0123 5020 HidBth - ok
07:35:54.0139 5020 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
07:35:54.0140 5020 HidIr - ok
07:35:54.0154 5020 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
07:35:54.0155 5020 hidserv - ok
07:35:54.0177 5020 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
07:35:54.0178 5020 HidUsb - ok
07:35:54.0202 5020 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
07:35:54.0204 5020 hkmsvc - ok
07:35:54.0237 5020 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
07:35:54.0239 5020 HomeGroupListener - ok
07:35:54.0253 5020 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
07:35:54.0255 5020 HomeGroupProvider - ok
07:35:54.0269 5020 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
07:35:54.0271 5020 HpSAMD - ok
07:35:54.0326 5020 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
07:35:54.0329 5020 HTTP - ok
07:35:54.0362 5020 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
07:35:54.0363 5020 hwpolicy - ok
07:35:54.0393 5020 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
07:35:54.0394 5020 i8042prt - ok
07:35:54.0430 5020 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
07:35:54.0434 5020 iaStorV - ok
07:35:54.0495 5020 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
07:35:54.0503 5020 idsvc - ok
07:35:54.0748 5020 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
07:35:54.0878 5020 igfx - ok
07:35:54.0989 5020 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
07:35:54.0991 5020 iirsp - ok
07:35:55.0021 5020 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
07:35:55.0024 5020 IKEEXT - ok
07:35:55.0047 5020 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
07:35:55.0049 5020 Impcd - ok
07:35:55.0119 5020 IntcAzAudAddService (e9befd8c6a1db3b544b61647dda35f62) C:\Windows\system32\drivers\RTKVHD64.sys
07:35:55.0128 5020 IntcAzAudAddService - ok
07:35:55.0175 5020 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\Windows\system32\DRIVERS\IntcDAud.sys
07:35:55.0178 5020 IntcDAud - ok
07:35:55.0201 5020 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
07:35:55.0202 5020 intelide - ok
07:35:55.0221 5020 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
07:35:55.0221 5020 intelppm - ok
07:35:55.0238 5020 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
07:35:55.0240 5020 IPBusEnum - ok
07:35:55.0272 5020 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:35:55.0274 5020 IpFilterDriver - ok
07:35:55.0317 5020 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
07:35:55.0320 5020 iphlpsvc - ok
07:35:55.0334 5020 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
07:35:55.0335 5020 IPMIDRV - ok
07:35:55.0350 5020 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
07:35:55.0352 5020 IPNAT - ok
07:35:55.0693 5020 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
07:35:55.0697 5020 iPod Service - ok
07:35:55.0721 5020 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
07:35:55.0721 5020 IRENUM - ok
07:35:55.0738 5020 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
07:35:55.0739 5020 isapnp - ok
07:35:55.0755 5020 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
07:35:55.0758 5020 iScsiPrt - ok
07:35:55.0782 5020 k57nd60a (9d7ea8c7215d8d4ae7be110eee61085d) C:\Windows\system32\DRIVERS\k57nd60a.sys
07:35:55.0784 5020 k57nd60a - ok
07:35:55.0806 5020 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
07:35:55.0807 5020 kbdclass - ok
07:35:55.0819 5020 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
07:35:55.0820 5020 kbdhid - ok
07:35:55.0847 5020 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
07:35:55.0848 5020 KeyIso - ok
07:35:55.0861 5020 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
07:35:55.0861 5020 KSecDD - ok
07:35:55.0870 5020 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
07:35:55.0872 5020 KSecPkg - ok
07:35:55.0875 5020 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
07:35:55.0876 5020 ksthunk - ok
07:35:55.0904 5020 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
07:35:55.0908 5020 KtmRm - ok
07:35:55.0945 5020 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
07:35:55.0947 5020 LanmanServer - ok
07:35:55.0985 5020 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
07:35:55.0987 5020 LanmanWorkstation - ok
07:35:56.0019 5020 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
07:35:56.0019 5020 lltdio - ok
07:35:56.0038 5020 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
07:35:56.0042 5020 lltdsvc - ok
07:35:56.0047 5020 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
07:35:56.0048 5020 lmhosts - ok
07:35:56.0073 5020 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
07:35:56.0075 5020 LSI_FC - ok
07:35:56.0080 5020 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
07:35:56.0081 5020 LSI_SAS - ok
07:35:56.0085 5020 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
07:35:56.0086 5020 LSI_SAS2 - ok
07:35:56.0091 5020 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
07:35:56.0092 5020 LSI_SCSI - ok
07:35:56.0108 5020 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
07:35:56.0109 5020 luafv - ok
07:35:56.0152 5020 lvpepf64 (07389f6925e490d2db7882110e99921c) C:\Windows\system32\DRIVERS\lv302a64.sys
07:35:56.0153 5020 lvpepf64 - ok
07:35:56.0182 5020 LVRS64 (7f0ba3a6e8996f15693c6b7d81da049e) C:\Windows\system32\DRIVERS\lvrs64.sys
07:35:56.0189 5020 LVRS64 - ok
07:35:56.0195 5020 LVUSBS64 (5c3ff68267a5d242ee79ee01b993d6ce) C:\Windows\system32\drivers\LVUSBS64.sys
07:35:56.0195 5020 LVUSBS64 - ok
07:35:56.0223 5020 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
07:35:56.0224 5020 Mcx2Svc - ok
07:35:56.0228 5020 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
07:35:56.0229 5020 megasas - ok
07:35:56.0243 5020 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
07:35:56.0246 5020 MegaSR - ok
07:35:56.0260 5020 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
07:35:56.0261 5020 MMCSS - ok
07:35:56.0268 5020 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
07:35:56.0270 5020 Modem - ok
07:35:56.0274 5020 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
07:35:56.0274 5020 monitor - ok
07:35:56.0302 5020 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
07:35:56.0303 5020 mouclass - ok
07:35:56.0316 5020 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
07:35:56.0317 5020 mouhid - ok
07:35:56.0359 5020 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
07:35:56.0360 5020 mountmgr - ok
07:35:56.0379 5020 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
07:35:56.0381 5020 mpio - ok
07:35:56.0401 5020 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
07:35:56.0402 5020 mpsdrv - ok
07:35:56.0448 5020 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
07:35:56.0452 5020 MpsSvc - ok
07:35:56.0481 5020 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
07:35:56.0483 5020 MRxDAV - ok
07:35:56.0514 5020 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
07:35:56.0515 5020 mrxsmb - ok
07:35:56.0554 5020 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:35:56.0556 5020 mrxsmb10 - ok
07:35:56.0573 5020 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:35:56.0574 5020 mrxsmb20 - ok
07:35:56.0590 5020 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
07:35:56.0591 5020 msahci - ok
07:35:56.0604 5020 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
07:35:56.0605 5020 msdsm - ok
07:35:56.0622 5020 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
07:35:56.0624 5020 MSDTC - ok
07:35:56.0630 5020 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
07:35:56.0631 5020 Msfs - ok
07:35:56.0640 5020 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
07:35:56.0641 5020 mshidkmdf - ok
07:35:56.0651 5020 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
07:35:56.0651 5020 msisadrv - ok
07:35:56.0676 5020 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
07:35:56.0679 5020 MSiSCSI - ok
07:35:56.0680 5020 msiserver - ok
07:35:56.0706 5020 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
07:35:56.0707 5020 MSKSSRV - ok
07:35:56.0721 5020 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
07:35:56.0722 5020 MSPCLOCK - ok
07:35:56.0731 5020 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
07:35:56.0732 5020 MSPQM - ok
07:35:56.0767 5020 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
07:35:56.0769 5020 MsRPC - ok
07:35:56.0779 5020 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
07:35:56.0779 5020 mssmbios - ok
07:35:56.0782 5020 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
07:35:56.0783 5020 MSTEE - ok
07:35:56.0789 5020 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
07:35:56.0790 5020 MTConfig - ok
07:35:56.0804 5020 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
07:35:56.0804 5020 Mup - ok
07:35:56.0843 5020 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
07:35:56.0848 5020 napagent - ok
07:35:56.0870 5020 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
07:35:56.0874 5020 NativeWifiP - ok
07:35:56.0915 5020 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
07:35:56.0919 5020 NDIS - ok
07:35:56.0930 5020 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
07:35:56.0931 5020 NdisCap - ok
07:35:56.0943 5020 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
07:35:56.0944 5020 NdisTapi - ok
07:35:56.0965 5020 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
07:35:56.0966 5020 Ndisuio - ok
07:35:57.0002 5020 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
07:35:57.0006 5020 NdisWan - ok
07:35:57.0029 5020 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
07:35:57.0030 5020 NDProxy - ok
07:35:57.0043 5020 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
07:35:57.0044 5020 NetBIOS - ok
07:35:57.0062 5020 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
07:35:57.0065 5020 NetBT - ok
07:35:57.0096 5020 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
07:35:57.0096 5020 Netlogon - ok
07:35:57.0126 5020 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
07:35:57.0128 5020 Netman - ok
07:35:57.0140 5020 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
07:35:57.0143 5020 netprofm - ok
07:35:57.0185 5020 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
07:35:57.0187 5020 NetTcpPortSharing - ok
07:35:57.0197 5020 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
07:35:57.0198 5020 nfrd960 - ok
07:35:57.0240 5020 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
07:35:57.0242 5020 NlaSvc - ok
07:35:57.0257 5020 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
07:35:57.0258 5020 Npfs - ok
07:35:57.0269 5020 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
07:35:57.0270 5020 nsi - ok
07:35:57.0274 5020 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
07:35:57.0275 5020 nsiproxy - ok
07:35:57.0334 5020 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
07:35:57.0340 5020 Ntfs - ok
07:35:57.0436 5020 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
07:35:57.0437 5020 Null - ok
07:35:57.0479 5020 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
07:35:57.0481 5020 nvraid - ok
07:35:57.0497 5020 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
07:35:57.0499 5020 nvstor - ok
07:35:57.0516 5020 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
07:35:57.0518 5020 nv_agp - ok
07:35:57.0612 5020 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
07:35:57.0616 5020 odserv - ok
07:35:57.0650 5020 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
07:35:57.0652 5020 ohci1394 - ok
07:35:57.0709 5020 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:35:57.0711 5020 ose - ok
07:35:57.0848 5020 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
07:35:57.0912 5020 osppsvc - ok
07:35:57.0964 5020 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
07:35:57.0966 5020 p2pimsvc - ok
07:35:57.0982 5020 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
07:35:57.0984 5020 p2psvc - ok
07:35:58.0005 5020 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
07:35:58.0007 5020 Parport - ok
07:35:58.0030 5020 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
07:35:58.0030 5020 partmgr - ok
07:35:58.0045 5020 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
07:35:58.0047 5020 PcaSvc - ok
07:35:58.0079 5020 PcdrNdisuio - ok
07:35:58.0089 5020 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
07:35:58.0090 5020 pci - ok
07:35:58.0100 5020 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
07:35:58.0101 5020 pciide - ok
07:35:58.0117 5020 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
07:35:58.0119 5020 pcmcia - ok
07:35:58.0131 5020 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
07:35:58.0131 5020 pcw - ok
07:35:58.0152 5020 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
07:35:58.0155 5020 PEAUTH - ok
07:35:58.0212 5020 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
07:35:58.0213 5020 PerfHost - ok
07:35:58.0312 5020 PID_PEPI (087a343dfc337f37723dd7912de6b6cd) C:\Windows\system32\DRIVERS\LV302V64.SYS
07:35:58.0344 5020 PID_PEPI - ok
07:35:58.0475 5020 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
07:35:58.0494 5020 pla - ok
07:35:58.0529 5020 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
07:35:58.0531 5020 PlugPlay - ok
07:35:58.0546 5020 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
07:35:58.0548 5020 PNRPAutoReg - ok
07:35:58.0564 5020 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
07:35:58.0566 5020 PNRPsvc - ok
07:35:58.0587 5020 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
07:35:58.0589 5020 PolicyAgent - ok
07:35:58.0615 5020 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
07:35:58.0617 5020 Power - ok
07:35:58.0662 5020 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
07:35:58.0664 5020 PptpMiniport - ok
07:35:58.0679 5020 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
07:35:58.0681 5020 Processor - ok
07:35:58.0715 5020 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
07:35:58.0716 5020 ProfSvc - ok
07:35:58.0743 5020 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
07:35:58.0744 5020 ProtectedStorage - ok
07:35:58.0783 5020 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
07:35:58.0784 5020 Psched - ok
07:35:58.0826 5020 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
07:35:58.0849 5020 ql2300 - ok
07:35:58.0922 5020 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
07:35:58.0924 5020 ql40xx - ok
07:35:58.0952 5020 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
07:35:58.0955 5020 QWAVE - ok
07:35:58.0965 5020 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
07:35:58.0966 5020 QWAVEdrv - ok
07:35:58.0969 5020 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
07:35:58.0970 5020 RasAcd - ok
07:35:58.0985 5020 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
07:35:58.0986 5020 RasAgileVpn - ok
07:35:58.0997 5020 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
07:35:58.0999 5020 RasAuto - ok
07:35:59.0016 5020 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
07:35:59.0018 5020 Rasl2tp - ok
07:35:59.0046 5020 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
07:35:59.0049 5020 RasMan - ok
07:35:59.0062 5020 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
07:35:59.0062 5020 RasPppoe - ok
07:35:59.0077 5020 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
07:35:59.0078 5020 RasSstp - ok
07:35:59.0097 5020 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
07:35:59.0100 5020 rdbss - ok
07:35:59.0109 5020 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
07:35:59.0110 5020 rdpbus - ok
07:35:59.0117 5020 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
07:35:59.0117 5020 RDPCDD - ok
07:35:59.0125 5020 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
07:35:59.0125 5020 RDPENCDD - ok
07:35:59.0142 5020 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
07:35:59.0143 5020 RDPREFMP - ok
07:35:59.0170 5020 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
07:35:59.0173 5020 RDPWD - ok
07:35:59.0203 5020 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
07:35:59.0205 5020 rdyboost - ok
07:35:59.0218 5020 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
07:35:59.0220 5020 RemoteAccess - ok
07:35:59.0237 5020 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
07:35:59.0239 5020 RemoteRegistry - ok
07:35:59.0258 5020 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
07:35:59.0259 5020 RpcEptMapper - ok
07:35:59.0270 5020 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
07:35:59.0272 5020 RpcLocator - ok
07:35:59.0317 5020 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
07:35:59.0319 5020 RpcSs - ok
07:35:59.0327 5020 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
07:35:59.0328 5020 rspndr - ok
07:35:59.0360 5020 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
07:35:59.0361 5020 SamSs - ok
07:35:59.0447 5020 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
07:35:59.0448 5020 SASDIFSV - ok
07:35:59.0458 5020 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
07:35:59.0459 5020 SASKUTIL - ok
07:35:59.0482 5020 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
07:35:59.0484 5020 sbp2port - ok
07:35:59.0500 5020 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
07:35:59.0503 5020 SCardSvr - ok
07:35:59.0534 5020 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
07:35:59.0535 5020 scfilter - ok
07:35:59.0597 5020 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
07:35:59.0602 5020 Schedule - ok
07:35:59.0661 5020 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
07:35:59.0662 5020 SCPolicySvc - ok
07:35:59.0680 5020 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
07:35:59.0683 5020 SDRSVC - ok
07:35:59.0723 5020 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
07:35:59.0724 5020 secdrv - ok
07:35:59.0733 5020 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
07:35:59.0734 5020 seclogon - ok
07:35:59.0747 5020 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
07:35:59.0749 5020 SENS - ok
07:35:59.0770 5020 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
07:35:59.0772 5020 SensrSvc - ok
07:35:59.0812 5020 Ser2pl (749502a6c51116a6229cf7536181907f) C:\Windows\system32\DRIVERS\ser2pl64.sys
07:35:59.0813 5020 Ser2pl - ok
07:35:59.0820 5020 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
07:35:59.0821 5020 Serenum - ok
07:35:59.0831 5020 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
07:35:59.0833 5020 Serial - ok
07:35:59.0846 5020 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
07:35:59.0846 5020 sermouse - ok
07:35:59.0876 5020 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
07:35:59.0878 5020 SessionEnv - ok
07:35:59.0907 5020 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
07:35:59.0908 5020 sffdisk - ok
07:35:59.0918 5020 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
07:35:59.0919 5020 sffp_mmc - ok
07:35:59.0927 5020 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
07:35:59.0928 5020 sffp_sd - ok
07:35:59.0931 5020 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
07:35:59.0932 5020 sfloppy - ok
07:35:59.0977 5020 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
07:35:59.0980 5020 Sftfs - ok
07:36:00.0057 5020 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
07:36:00.0059 5020 sftlist - ok
07:36:00.0071 5020 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
07:36:00.0072 5020 Sftplay - ok
07:36:00.0085 5020 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
07:36:00.0085 5020 Sftredir - ok
07:36:00.0196 5020 SftService (74ec60e20516aaa573be74f31175270f) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
07:36:00.0202 5020 SftService - ok
07:36:00.0302 5020 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
07:36:00.0302 5020 Sftvol - ok
07:36:00.0321 5020 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
07:36:00.0322 5020 sftvsa - ok
07:36:00.0366 5020 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
07:36:00.0369 5020 SharedAccess - ok
07:36:00.0406 5020 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
07:36:00.0409 5020 ShellHWDetection - ok
07:36:00.0432 5020 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
07:36:00.0434 5020 SiSRaid2 - ok
07:36:00.0437 5020 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
07:36:00.0439 5020 SiSRaid4 - ok
07:36:00.0450 5020 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
07:36:00.0451 5020 Smb - ok
07:36:00.0480 5020 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
07:36:00.0481 5020 SNMPTRAP - ok
07:36:00.0487 5020 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
07:36:00.0488 5020 spldr - ok
07:36:00.0510 5020 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
07:36:00.0513 5020 Spooler - ok
07:36:00.0644 5020 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
07:36:00.0657 5020 sppsvc - ok
07:36:01.0003 5020 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
07:36:01.0009 5020 sppuinotify - ok
07:36:01.0060 5020 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
07:36:01.0065 5020 srv - ok
07:36:01.0083 5020 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
07:36:01.0087 5020 srv2 - ok
07:36:01.0103 5020 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
07:36:01.0105 5020 srvnet - ok
07:36:01.0124 5020 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
07:36:01.0126 5020 SSDPSRV - ok
07:36:01.0139 5020 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
07:36:01.0141 5020 SstpSvc - ok
07:36:01.0151 5020 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
07:36:01.0152 5020 stexstor - ok
07:36:01.0219 5020 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
07:36:01.0222 5020 stisvc - ok
07:36:01.0252 5020 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
07:36:01.0253 5020 swenum - ok
07:36:01.0271 5020 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
07:36:01.0274 5020 swprv - ok
07:36:01.0339 5020 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
07:36:01.0347 5020 SysMain - ok
07:36:01.0402 5020 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
07:36:01.0404 5020 TabletInputService - ok
07:36:01.0422 5020 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
07:36:01.0424 5020 TapiSrv - ok
07:36:01.0440 5020 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
07:36:01.0441 5020 TBS - ok
07:36:01.0515 5020 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
07:36:01.0545 5020 Tcpip - ok
07:36:01.0665 5020 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
07:36:01.0672 5020 TCPIP6 - ok
07:36:01.0738 5020 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
07:36:01.0739 5020 tcpipreg - ok
07:36:01.0759 5020 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
07:36:01.0760 5020 TDPIPE - ok
07:36:01.0806 5020 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
07:36:01.0808 5020 TDTCP - ok
07:36:01.0825 5020 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
07:36:01.0827 5020 tdx - ok
07:36:01.0842 5020 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
07:36:01.0843 5020 TermDD - ok
07:36:01.0867 5020 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
07:36:01.0873 5020 TermService - ok
07:36:01.0888 5020 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
07:36:01.0889 5020 Themes - ok
07:36:01.0911 5020 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
07:36:01.0912 5020 THREADORDER - ok
07:36:01.0997 5020 TomTomHOMEService (3199a477f0f06eede41bd55179f8eb05) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
07:36:01.0998 5020 TomTomHOMEService - ok
07:36:02.0007 5020 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
07:36:02.0008 5020 TrkWks - ok
07:36:02.0021 5020 truecrypt (370a6907ddf79532a39319492b1fa38a) C:\Windows\system32\drivers\truecrypt.sys
07:36:02.0022 5020 truecrypt - ok
07:36:02.0063 5020 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
07:36:02.0064 5020 TrustedInstaller - ok
07:36:02.0095 5020 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
07:36:02.0096 5020 tssecsrv - ok
07:36:02.0131 5020 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
07:36:02.0132 5020 TsUsbFlt - ok
07:36:02.0178 5020 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
07:36:02.0179 5020 tunnel - ok
07:36:02.0189 5020 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
07:36:02.0191 5020 uagp35 - ok
07:36:02.0243 5020 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
07:36:02.0246 5020 udfs - ok
07:36:02.0264 5020 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
07:36:02.0266 5020 UI0Detect - ok
07:36:02.0283 5020 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
07:36:02.0285 5020 uliagpkx - ok
07:36:02.0301 5020 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
07:36:02.0302 5020 umbus - ok
07:36:02.0305 5020 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
07:36:02.0306 5020 UmPass - ok
07:36:02.0323 5020 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
07:36:02.0326 5020 upnphost - ok
07:36:02.0342 5020 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
07:36:02.0343 5020 USBAAPL64 - ok
07:36:02.0363 5020 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
07:36:02.0365 5020 usbaudio - ok
07:36:02.0379 5020 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
07:36:02.0381 5020 usbccgp - ok
07:36:02.0402 5020 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
07:36:02.0404 5020 usbcir - ok
07:36:02.0422 5020 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
07:36:02.0423 5020 usbehci - ok
07:36:02.0441 5020 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
07:36:02.0445 5020 usbhub - ok
07:36:02.0459 5020 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
07:36:02.0460 5020 usbohci - ok
07:36:02.0471 5020 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
07:36:02.0472 5020 usbprint - ok
07:36:02.0485 5020 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
07:36:02.0486 5020 USBSTOR - ok
07:36:02.0503 5020 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
07:36:02.0504 5020 usbuhci - ok
07:36:02.0522 5020 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
07:36:02.0523 5020 UxSms - ok
07:36:02.0565 5020 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
07:36:02.0566 5020 VaultSvc - ok
07:36:02.0579 5020 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
07:36:02.0579 5020 vdrvroot - ok
07:36:02.0621 5020 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
07:36:02.0627 5020 vds - ok
07:36:02.0651 5020 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
07:36:02.0652 5020 vga - ok
07:36:02.0656 5020 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
07:36:02.0657 5020 VgaSave - ok
07:36:02.0674 5020 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
07:36:02.0677 5020 vhdmp - ok
07:36:02.0689 5020 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
07:36:02.0690 5020 viaide - ok
07:36:02.0710 5020 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
07:36:02.0711 5020 volmgr - ok
07:36:02.0743 5020 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
07:36:02.0744 5020 volmgrx - ok
07:36:02.0778 5020 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
07:36:02.0781 5020 volsnap - ok
07:36:02.0800 5020 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
07:36:02.0802 5020 vsmraid - ok
07:36:02.0862 5020 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
07:36:02.0869 5020 VSS - ok
07:36:02.0964 5020 vToolbarUpdater11.2.0 (8ed347bad8d1fb7c40b593bfb01786d2) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
07:36:02.0967 5020 vToolbarUpdater11.2.0 - ok
07:36:03.0063 5020 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
07:36:03.0064 5020 vwifibus - ok
07:36:03.0097 5020 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
07:36:03.0101 5020 W32Time - ok
07:36:03.0106 5020 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
07:36:03.0107 5020 WacomPen - ok
07:36:03.0133 5020 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
07:36:03.0135 5020 WANARP - ok
07:36:03.0137 5020 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
07:36:03.0137 5020 Wanarpv6 - ok
07:36:03.0201 5020 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
07:36:03.0216 5020 WatAdminSvc - ok
07:36:03.0285 5020 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
07:36:03.0304 5020 wbengine - ok
07:36:03.0353 5020 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
07:36:03.0356 5020 WbioSrvc - ok
07:36:03.0393 5020 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
07:36:03.0395 5020 wcncsvc - ok
07:36:03.0407 5020 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
07:36:03.0409 5020 WcsPlugInService - ok
07:36:03.0428 5020 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
07:36:03.0429 5020 Wd - ok
07:36:03.0451 5020 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
07:36:03.0454 5020 Wdf01000 - ok
07:36:03.0466 5020 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
07:36:03.0468 5020 WdiServiceHost - ok
07:36:03.0470 5020 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
07:36:03.0472 5020 WdiSystemHost - ok
07:36:03.0492 5020 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
07:36:03.0496 5020 WebClient - ok
07:36:03.0508 5020 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
07:36:03.0511 5020 Wecsvc - ok
07:36:03.0522 5020 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
07:36:03.0523 5020 wercplsupport - ok
07:36:03.0547 5020 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
07:36:03.0549 5020 WerSvc - ok
07:36:03.0574 5020 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
07:36:03.0576 5020 WfpLwf - ok
07:36:03.0631 5020 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
07:36:03.0633 5020 WimFltr - ok
07:36:03.0649 5020 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
07:36:03.0650 5020 WIMMount - ok
07:36:03.0673 5020 WinDefend - ok
07:36:03.0677 5020 WinHttpAutoProxySvc - ok
07:36:03.0735 5020 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
07:36:03.0737 5020 Winmgmt - ok
07:36:03.0794 5020 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
07:36:03.0826 5020 WinRM - ok
07:36:03.0958 5020 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
07:36:03.0959 5020 WinUsb - ok
07:36:03.0996 5020 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
07:36:04.0005 5020 Wlansvc - ok
07:36:04.0062 5020 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
07:36:04.0063 5020 wlcrasvc - ok
07:36:04.0134 5020 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
07:36:04.0143 5020 wlidsvc - ok
07:36:04.0197 5020 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
07:36:04.0199 5020 WmiAcpi - ok
07:36:04.0216 5020 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
07:36:04.0218 5020 wmiApSrv - ok
07:36:04.0240 5020 WMPNetworkSvc - ok
07:36:04.0259 5020 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
07:36:04.0260 5020 WPCSvc - ok
07:36:04.0297 5020 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
07:36:04.0299 5020 WPDBusEnum - ok
07:36:04.0330 5020 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
07:36:04.0330 5020 ws2ifsl - ok
07:36:04.0344 5020 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
07:36:04.0345 5020 wscsvc - ok
07:36:04.0347 5020 WSearch - ok
07:36:04.0425 5020 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
07:36:04.0435 5020 wuauserv - ok
07:36:04.0496 5020 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
07:36:04.0497 5020 WudfPf - ok
07:36:04.0506 5020 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
07:36:04.0508 5020 WUDFRd - ok
07:36:04.0516 5020 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
07:36:04.0517 5020 wudfsvc - ok
07:36:04.0536 5020 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
07:36:04.0539 5020 WwanSvc - ok
07:36:04.0565 5020 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
07:36:04.0601 5020 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
07:36:04.0601 5020 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
07:36:04.0931 5020 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk5\DR5
07:36:04.0936 5020 \Device\Harddisk5\DR5 - ok
07:36:04.0954 5020 Boot (0x1200) (82103273e43786798af42d05ba9e87d8) \Device\Harddisk0\DR0\Partition0
07:36:04.0956 5020 \Device\Harddisk0\DR0\Partition0 - ok
07:36:04.0971 5020 Boot (0x1200) (237dd51f26b7f1701532a9cc2c7fd84a) \Device\Harddisk0\DR0\Partition1
07:36:04.0972 5020 \Device\Harddisk0\DR0\Partition1 - ok
07:36:04.0975 5020 Boot (0x1200) (cf784bf57b21ae6edea2181c0c9d4b32) \Device\Harddisk5\DR5\Partition0
07:36:04.0978 5020 \Device\Harddisk5\DR5\Partition0 - ok
07:36:04.0978 5020 ============================================================
07:36:04.0978 5020 Scan finished
07:36:04.0978 5020 ============================================================
07:36:04.0984 4808 Detected object count: 1
07:36:04.0984 4808 Actual detected object count: 1
07:36:19.0290 4808 \Device\Harddisk0\DR0\# - copied to quarantine
07:36:19.0290 4808 \Device\Harddisk0\DR0 - copied to quarantine
07:36:19.0353 4808 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
07:36:19.0354 4808 \Device\Harddisk0\DR0\TDLFS\vbr - copied to quarantine
07:36:19.0355 4808 \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine
07:36:19.0356 4808 \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine
07:36:19.0357 4808 \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine
07:36:19.0358 4808 \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine
07:36:19.0359 4808 \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine
07:36:19.0361 4808 \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine
07:36:19.0362 4808 \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine
07:36:19.0363 4808 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
07:36:19.0365 4808 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
07:36:19.0365 4808 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
07:36:19.0367 4808 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
07:36:19.0367 4808 \Device\Harddisk0\DR0\TDLFS\main - copied to quarantine
07:36:19.0368 4808 \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine
07:36:19.0371 4808 \Device\Harddisk0\DR0\TDLFS\info - copied to quarantine
07:36:19.0372 4808 \Device\Harddisk0\DR0\TDLFS\mainfb.script - copied to quarantine
07:36:19.0377 4808 \Device\Harddisk0\DR0\TDLFS\com64 - copied to quarantine
07:36:19.0411 4808 \Device\Harddisk0\DR0\TDLFS\bbr232 - copied to quarantine
07:36:19.0415 4808 \Device\Harddisk0\DR0\TDLFS\serf332 - copied to quarantine
07:36:19.0419 4808 \Device\Harddisk0\DR0\TDLFS\serf364 - copied to quarantine
07:36:19.0422 4808 \Device\Harddisk0\DR0\TDLFS\bbr264 - copied to quarantine
07:36:19.0587 4808 \Device\Harddisk0\DR0\TDLFS\bbr_conf - copied to quarantine
07:36:19.0654 4808 \Device\Harddisk0\DR0\TDLFS\serf_conf - copied to quarantine
07:36:19.0691 4808 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
07:36:19.0718 4808 \Device\Harddisk0\DR0 - ok
07:36:20.0075 4808 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure
07:36:27.0704 4636 Deinitialize success


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-06 07:45:36
-----------------------------
07:45:36.097 OS Version: Windows x64 6.1.7601 Service Pack 1
07:45:36.097 Number of processors: 4 586 0x2505
07:45:36.097 ComputerName: BILL-PC2 UserName: Bill
07:45:39.366 Initialize success
07:46:45.546 AVAST engine defs: 12070600
07:47:13.660 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
07:47:13.675 Disk 0 Vendor: ST31000528AS CC46 Size: 953869MB BusType: 3
07:47:13.691 Disk 0 MBR read successfully
07:47:13.691 Disk 0 MBR scan
07:47:13.691 Disk 0 Windows VISTA default MBR code
07:47:13.691 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
07:47:13.691 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 12818 MB offset 81920
07:47:13.707 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 941001 MB offset 26333184
07:47:13.738 Disk 0 scanning C:\Windows\system32\drivers
07:47:22.255 Service scanning
07:47:40.227 Modules scanning
07:47:40.242 Disk 0 trace - called modules:
07:47:40.242 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
07:47:40.242 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007cd1060]
07:47:40.570 3 CLASSPNP.SYS[fffff8800195d43f] -> nt!IofCallDriver -> [0xfffffa80079ce580]
07:47:40.570 5 ACPI.sys[fffff88000f2e7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80079d0060]
07:47:46.170 AVAST engine scan C:\Windows
07:47:48.807 AVAST engine scan C:\Windows\system32
07:50:44.159 AVAST engine scan C:\Windows\system32\drivers
07:51:28.869 AVAST engine scan C:\Users\Bill
08:04:27.163 AVAST engine scan C:\ProgramData
08:06:53.584 Scan finished successfully
08:07:17.024 Disk 0 MBR has been saved successfully to "C:\Users\Bill\Documents\caspio\MBR.dat"
08:07:17.029 The log file has been saved successfully to "C:\Users\Bill\Documents\caspio\aswMBR.txt"

#12 billdonovan

billdonovan
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Atlanta, GA
  • Local time:05:03 PM

Posted 06 July 2012 - 07:19 AM

The computer now seems to be working perfectly. I've just tried it for a few minutes so I'll know more as the day goes along. But it's my guess that it is fixed - or at least markedly better.

Bill

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:03 PM

Posted 06 July 2012 - 07:38 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 billdonovan

billdonovan
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Atlanta, GA
  • Local time:05:03 PM

Posted 06 July 2012 - 07:38 AM

The only glitch remaining seems to be this. At times when I do a Google search I get this message:
302 Moved
The document has moved here.

But if I type in the address for Google it works fine. The computer - otherwise - seems back to normal and your efforts are much appreciated.

Bill

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:03 PM

Posted 06 July 2012 - 07:44 AM

Greetings


run me this below and then complete post 13 for me and send me the report


flush the DNS:

Can you please flush the DNS:

  • click on Start
  • select run
  • enter cmd and hit enter
  • a black window will open.
  • please enter the following text into that window and hit enter:


    ipconfig /flushdns

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users