Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Trojan horse Dropper.Generic_c.MMI


  • This topic is locked This topic is locked
23 replies to this topic

#1 Eric M

Eric M

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:19 AM

Posted 10 July 2012 - 09:54 AM

Hello,

I have been infected with Trojan horse Dropper.Generic_c.MMI, file name: c:\Windows\System32\services.exe

My computer has SEVERELY slowed down. Could you please assist me.

I have downloaded MalWare Bytes but it seems it is unable to resolve the issue.

Thank you.

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:19 AM

Posted 11 July 2012 - 12:28 AM

Greetings And Welcome To The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flash-drive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Eric M

Eric M
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:19 AM

Posted 11 July 2012 - 09:21 AM

I have downloaded the program onto a flash drive, restarted my computer, hit the f8 and I get the menu with Repair your Computer. I select that option and it just goes to a blank screen and does not do anything else. I have let it sit there about 15 minutes, no response.

I do not have a Windows installation disc.

Edited by Eric M, 11 July 2012 - 09:22 AM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:19 AM

Posted 11 July 2012 - 11:55 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Eric M

Eric M
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:19 AM

Posted 11 July 2012 - 12:12 PM

Downloaded and installed ComboFix. Disabled AntiVirus. Ran ComboFix from desktop, seemed to run ok (no errors) but then did not produce any type of reports.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:19 AM

Posted 11 July 2012 - 12:44 PM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Eric M

Eric M
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:19 AM

Posted 11 July 2012 - 12:53 PM

??? Logged in successfully to safe mode, ran combofix, and it did the same motions as before (no errors), but also no log at the end.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:19 AM

Posted 11 July 2012 - 08:36 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Eric M

Eric M
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:19 AM

Posted 12 July 2012 - 09:15 AM

I downloaded both files but am unable to open either one. I double click on them, it comes up with a security warning asking if I want to run this file, and I click 'run' but nothing happens. I also tried to right click on them and run as administrator, but that did not do anything different.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:19 AM

Posted 12 July 2012 - 12:04 PM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun TDSSKiller for me and send me the report

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Eric M

Eric M
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:19 AM

Posted 12 July 2012 - 02:32 PM

Ran fixTDSS, it came back with ***Infected MBR detected, -Repair Succeeded. Restarted computer, was able to run the TDSSKiller sucessfully this time, came back with the following results:

15:19:05.0846 2644 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
15:19:06.0548 2644 ============================================================
15:19:06.0548 2644 Current date / time: 2012/07/12 15:19:06.0548
15:19:06.0548 2644 SystemInfo:
15:19:06.0548 2644
15:19:06.0548 2644 OS Version: 6.1.7601 ServicePack: 1.0
15:19:06.0548 2644 Product type: Workstation
15:19:06.0548 2644 ComputerName: POINTOFSALE2
15:19:06.0548 2644 UserName: Robert
15:19:06.0548 2644 Windows directory: C:\Windows
15:19:06.0548 2644 System windows directory: C:\Windows
15:19:06.0548 2644 Running under WOW64
15:19:06.0548 2644 Processor architecture: Intel x64
15:19:06.0548 2644 Number of processors: 1
15:19:06.0548 2644 Page size: 0x1000
15:19:06.0548 2644 Boot type: Normal boot
15:19:06.0548 2644 ============================================================
15:19:09.0450 2644 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:19:09.0465 2644 ============================================================
15:19:09.0465 2644 \Device\Harddisk0\DR0:
15:19:09.0465 2644 MBR partitions:
15:19:09.0465 2644 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
15:19:09.0465 2644 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x1B0F0000
15:19:09.0465 2644 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1B154000, BlocksNum 0x203D800
15:19:09.0465 2644 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x1D191800, BlocksNum 0x33970
15:19:09.0465 2644 ============================================================
15:19:09.0543 2644 C: <-> \Device\Harddisk0\DR0\Partition1
15:19:09.0653 2644 D: <-> \Device\Harddisk0\DR0\Partition2
15:19:09.0653 2644 ============================================================
15:19:09.0653 2644 Initialize success
15:19:09.0653 2644 ============================================================
15:19:28.0544 1016 ============================================================
15:19:28.0544 1016 Scan started
15:19:28.0544 1016 Mode: Manual;
15:19:28.0544 1016 ============================================================
15:19:29.0933 1016 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
15:19:30.0026 1016 1394ohci - ok
15:19:30.0213 1016 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:19:30.0213 1016 ACPI - ok
15:19:30.0369 1016 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:19:30.0416 1016 AcpiPmi - ok
15:19:30.0666 1016 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:19:30.0713 1016 AdobeFlashPlayerUpdateSvc - ok
15:19:30.0838 1016 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:19:30.0931 1016 adp94xx - ok
15:19:31.0025 1016 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:19:31.0072 1016 adpahci - ok
15:19:31.0134 1016 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:19:31.0181 1016 adpu320 - ok
15:19:31.0228 1016 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
15:19:31.0228 1016 AeLookupSvc - ok
15:19:31.0430 1016 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
15:19:31.0446 1016 AERTFilters - ok
15:19:31.0696 1016 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
15:19:31.0742 1016 AFD - ok
15:19:31.0805 1016 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:19:31.0898 1016 agp440 - ok
15:19:32.0008 1016 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
15:19:32.0101 1016 ALG - ok
15:19:32.0179 1016 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:19:32.0210 1016 aliide - ok
15:19:32.0273 1016 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:19:32.0320 1016 amdide - ok
15:19:32.0398 1016 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:19:32.0444 1016 AmdK8 - ok
15:19:32.0476 1016 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:19:32.0491 1016 AmdPPM - ok
15:19:32.0585 1016 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
15:19:32.0663 1016 amdsata - ok
15:19:32.0756 1016 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:19:32.0928 1016 amdsbs - ok
15:19:33.0006 1016 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
15:19:33.0006 1016 amdxata - ok
15:19:33.0068 1016 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:19:33.0162 1016 AppID - ok
15:19:33.0193 1016 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
15:19:33.0193 1016 AppIDSvc - ok
15:19:33.0287 1016 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
15:19:33.0349 1016 Appinfo - ok
15:19:33.0474 1016 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:19:33.0505 1016 arc - ok
15:19:33.0568 1016 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:19:33.0630 1016 arcsas - ok
15:19:33.0692 1016 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:19:33.0708 1016 AsyncMac - ok
15:19:33.0802 1016 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:19:33.0802 1016 atapi - ok
15:19:33.0989 1016 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:19:33.0989 1016 AudioEndpointBuilder - ok
15:19:34.0004 1016 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:19:34.0004 1016 AudioSrv - ok
15:19:35.0096 1016 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
15:19:35.0143 1016 AVGIDSAgent - ok
15:19:35.0377 1016 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys
15:19:35.0377 1016 AVGIDSDriver - ok
15:19:35.0424 1016 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys
15:19:35.0424 1016 AVGIDSFilter - ok
15:19:35.0533 1016 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys
15:19:35.0533 1016 AVGIDSHA - ok
15:19:35.0611 1016 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
15:19:35.0705 1016 Avgldx64 - ok
15:19:35.0830 1016 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
15:19:35.0861 1016 Avgmfx64 - ok
15:19:35.0954 1016 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
15:19:35.0954 1016 Avgrkx64 - ok
15:19:36.0064 1016 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS\avgtdia.sys
15:19:36.0079 1016 Avgtdia - ok
15:19:36.0594 1016 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
15:19:36.0594 1016 avgwd - ok
15:19:36.0688 1016 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
15:19:36.0812 1016 AxInstSV - ok
15:19:36.0906 1016 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:19:37.0015 1016 b06bdrv - ok
15:19:37.0140 1016 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:19:37.0218 1016 b57nd60a - ok
15:19:37.0374 1016 bcm (eb015cba77a30e97c28abaad98da19d8) C:\Windows\system32\DRIVERS\drxvi314_64.sys
15:19:37.0405 1016 bcm - ok
15:19:37.0483 1016 bcmbusctr (c0a0264cc38a17455d398452551231f8) C:\Windows\system32\DRIVERS\BcmBusCtr_64.sys
15:19:37.0577 1016 bcmbusctr - ok
15:19:37.0655 1016 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
15:19:37.0733 1016 BDESVC - ok
15:19:37.0858 1016 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:19:37.0936 1016 Beep - ok
15:19:38.0045 1016 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
15:19:38.0092 1016 BITS - ok
15:19:38.0310 1016 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:19:38.0372 1016 blbdrive - ok
15:19:38.0435 1016 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:19:38.0435 1016 bowser - ok
15:19:38.0482 1016 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:19:38.0560 1016 BrFiltLo - ok
15:19:38.0622 1016 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:19:38.0638 1016 BrFiltUp - ok
15:19:38.0716 1016 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
15:19:38.0794 1016 BridgeMP - ok
15:19:38.0840 1016 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
15:19:38.0840 1016 Browser - ok
15:19:38.0965 1016 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:19:39.0106 1016 Brserid - ok
15:19:39.0137 1016 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:19:39.0199 1016 BrSerWdm - ok
15:19:39.0230 1016 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:19:39.0230 1016 BrUsbMdm - ok
15:19:39.0262 1016 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:19:39.0262 1016 BrUsbSer - ok
15:19:39.0293 1016 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:19:39.0293 1016 BTHMODEM - ok
15:19:39.0418 1016 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
15:19:39.0464 1016 bthserv - ok
15:19:39.0917 1016 CASprint (588a3e0cba01abc18a99d438d6370e94) C:\Program Files (x86)\Sprint\Sprint SmartView\ConAppsSvc.exe
15:19:40.0010 1016 CASprint - ok
15:19:40.0057 1016 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:19:40.0073 1016 cdfs - ok
15:19:40.0229 1016 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
15:19:40.0322 1016 cdrom - ok
15:19:40.0400 1016 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:19:40.0463 1016 CertPropSvc - ok
15:19:40.0619 1016 CinemaNow Service (533328a3d9a9c286682525842547540c) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
15:19:40.0619 1016 CinemaNow Service - ok
15:19:40.0697 1016 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:19:40.0775 1016 circlass - ok
15:19:41.0009 1016 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:19:41.0009 1016 CLFS - ok
15:19:41.0227 1016 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:19:41.0368 1016 clr_optimization_v2.0.50727_32 - ok
15:19:41.0539 1016 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:19:41.0602 1016 clr_optimization_v2.0.50727_64 - ok
15:19:41.0851 1016 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:19:41.0929 1016 clr_optimization_v4.0.30319_32 - ok
15:19:42.0085 1016 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:19:42.0210 1016 clr_optimization_v4.0.30319_64 - ok
15:19:42.0288 1016 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:19:42.0382 1016 CmBatt - ok
15:19:42.0413 1016 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:19:42.0475 1016 cmdide - ok
15:19:42.0538 1016 cm_net (f749e9cabb1572649715ec69bd68ca4e) C:\Windows\system32\DRIVERS\cm_net.sys
15:19:42.0631 1016 cm_net - ok
15:19:42.0694 1016 cm_ser (e9e160fed596d6555de17bc7a78aa424) C:\Windows\system32\DRIVERS\cm_ser.sys
15:19:42.0787 1016 cm_ser - ok
15:19:42.0881 1016 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
15:19:42.0881 1016 CNG - ok
15:19:42.0959 1016 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:19:42.0974 1016 Compbatt - ok
15:19:43.0115 1016 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
15:19:43.0224 1016 CompositeBus - ok
15:19:43.0255 1016 COMSysApp - ok
15:19:43.0318 1016 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:19:43.0411 1016 crcdisk - ok
15:19:43.0567 1016 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
15:19:43.0567 1016 CryptSvc - ok
15:19:44.0051 1016 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
15:19:44.0051 1016 cvhsvc - ok
15:19:44.0144 1016 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:19:44.0144 1016 DcomLaunch - ok
15:19:44.0222 1016 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
15:19:44.0300 1016 defragsvc - ok
15:19:44.0456 1016 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:19:44.0550 1016 DfsC - ok
15:19:44.0644 1016 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
15:19:44.0644 1016 Dhcp - ok
15:19:44.0706 1016 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:19:44.0753 1016 discache - ok
15:19:44.0831 1016 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:19:44.0831 1016 Disk - ok
15:19:44.0940 1016 DMService - ok
15:19:45.0127 1016 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
15:19:45.0127 1016 Dnscache - ok
15:19:45.0205 1016 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
15:19:45.0283 1016 dot3svc - ok
15:19:45.0330 1016 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
15:19:45.0346 1016 DPS - ok
15:19:45.0439 1016 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:19:45.0455 1016 drmkaud - ok
15:19:45.0564 1016 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:19:45.0673 1016 DXGKrnl - ok
15:19:45.0736 1016 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
15:19:45.0736 1016 EapHost - ok
15:19:45.0954 1016 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:19:46.0172 1016 ebdrv - ok
15:19:46.0406 1016 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
15:19:46.0406 1016 EFS - ok
15:19:46.0625 1016 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
15:19:46.0703 1016 ehRecvr - ok
15:19:46.0812 1016 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
15:19:46.0843 1016 ehSched - ok
15:19:46.0968 1016 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:19:47.0062 1016 elxstor - ok
15:19:47.0108 1016 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:19:47.0186 1016 ErrDev - ok
15:19:47.0280 1016 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
15:19:47.0280 1016 EventSystem - ok
15:19:47.0342 1016 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:19:47.0420 1016 exfat - ok
15:19:47.0467 1016 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:19:47.0561 1016 fastfat - ok
15:19:47.0654 1016 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
15:19:47.0686 1016 Fax - ok
15:19:47.0732 1016 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:19:47.0873 1016 fdc - ok
15:19:48.0091 1016 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
15:19:48.0169 1016 fdPHost - ok
15:19:48.0232 1016 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
15:19:48.0232 1016 FDResPub - ok
15:19:48.0310 1016 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:19:48.0310 1016 FileInfo - ok
15:19:48.0325 1016 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:19:48.0403 1016 Filetrace - ok
15:19:48.0466 1016 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:19:48.0481 1016 flpydisk - ok
15:19:48.0544 1016 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:19:48.0559 1016 FltMgr - ok
15:19:48.0731 1016 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
15:19:48.0746 1016 FontCache - ok
15:19:48.0871 1016 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:19:48.0949 1016 FontCache3.0.0.0 - ok
15:19:48.0996 1016 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:19:49.0090 1016 FsDepends - ok
15:19:49.0121 1016 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
15:19:49.0121 1016 Fs_Rec - ok
15:19:49.0199 1016 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:19:49.0199 1016 fvevol - ok
15:19:49.0277 1016 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:19:49.0355 1016 gagp30kx - ok
15:19:49.0433 1016 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
15:19:49.0433 1016 gpsvc - ok
15:19:49.0480 1016 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:19:49.0558 1016 hcw85cir - ok
15:19:49.0651 1016 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
15:19:49.0760 1016 HdAudAddService - ok
15:19:49.0838 1016 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
15:19:49.0838 1016 HDAudBus - ok
15:19:49.0932 1016 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:19:49.0979 1016 HidBatt - ok
15:19:50.0010 1016 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:19:50.0010 1016 HidBth - ok
15:19:50.0041 1016 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:19:50.0119 1016 HidIr - ok
15:19:50.0166 1016 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
15:19:50.0166 1016 hidserv - ok
15:19:50.0338 1016 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
15:19:50.0400 1016 HidUsb - ok
15:19:50.0447 1016 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
15:19:50.0556 1016 hkmsvc - ok
15:19:50.0759 1016 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
15:19:50.0852 1016 HomeGroupListener - ok
15:19:50.0899 1016 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
15:19:50.0899 1016 HomeGroupProvider - ok
15:19:51.0196 1016 HP Health Check Service (45a12cacb97b4f15858fcfd59355a1e9) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
15:19:51.0242 1016 HP Health Check Service - ok
15:19:51.0492 1016 HP Wireless Assistant Service (3a09322a8aa8b0c79036686a0ebe7b4c) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
15:19:51.0632 1016 HP Wireless Assistant Service - ok
15:19:51.0773 1016 HPDrvMntSvc.exe (03431817c7236371433d3c860810fe8a) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
15:19:51.0773 1016 HPDrvMntSvc.exe - ok
15:19:51.0929 1016 hpqwmiex (cc518f83732860997c3faf56d15627a7) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
15:19:51.0929 1016 hpqwmiex - ok
15:19:52.0256 1016 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:19:52.0319 1016 HpSAMD - ok
15:19:52.0459 1016 HPWMISVC (f630dd7564ebb7248a13b1cc774d9ea6) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
15:19:52.0459 1016 HPWMISVC - ok
15:19:52.0584 1016 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:19:52.0584 1016 HTTP - ok
15:19:52.0662 1016 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:19:52.0662 1016 hwpolicy - ok
15:19:52.0834 1016 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
15:19:52.0927 1016 i8042prt - ok
15:19:53.0036 1016 iaStor (1384872112e8e7fd5786eceb8bddf4c9) C:\Windows\system32\DRIVERS\iaStor.sys
15:19:53.0036 1016 iaStor - ok
15:19:53.0177 1016 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
15:19:53.0270 1016 iaStorV - ok
15:19:53.0473 1016 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:19:53.0660 1016 idsvc - ok
15:19:54.0737 1016 igfx (898ab5bfed7040d7ab07af01885eb944) C:\Windows\system32\DRIVERS\igdkmd64.sys
15:19:55.0189 1016 igfx - ok
15:19:55.0470 1016 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:19:55.0548 1016 iirsp - ok
15:19:55.0720 1016 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
15:19:55.0829 1016 IKEEXT - ok
15:19:56.0016 1016 IntcAzAudAddService (d311e2dd59a34079d89c249b2a4d9fdb) C:\Windows\system32\drivers\RTKVHD64.sys
15:19:56.0141 1016 IntcAzAudAddService - ok
15:19:56.0593 1016 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:19:56.0702 1016 intelide - ok
15:19:56.0796 1016 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:19:56.0796 1016 intelppm - ok
15:19:56.0858 1016 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
15:19:56.0921 1016 IPBusEnum - ok
15:19:56.0968 1016 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:19:57.0030 1016 IpFilterDriver - ok
15:19:57.0124 1016 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
15:19:57.0139 1016 iphlpsvc - ok
15:19:57.0186 1016 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:19:57.0295 1016 IPMIDRV - ok
15:19:57.0404 1016 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:19:57.0451 1016 IPNAT - ok
15:19:57.0498 1016 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:19:57.0576 1016 IRENUM - ok
15:19:57.0654 1016 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:19:57.0748 1016 isapnp - ok
15:19:57.0857 1016 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:19:57.0950 1016 iScsiPrt - ok
15:19:58.0075 1016 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
15:19:58.0122 1016 kbdclass - ok
15:19:58.0200 1016 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
15:19:58.0262 1016 kbdhid - ok
15:19:58.0294 1016 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:19:58.0294 1016 KeyIso - ok
15:19:58.0340 1016 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
15:19:58.0340 1016 KSecDD - ok
15:19:58.0403 1016 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
15:19:58.0403 1016 KSecPkg - ok
15:19:58.0481 1016 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:19:58.0574 1016 ksthunk - ok
15:19:58.0668 1016 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
15:19:58.0746 1016 KtmRm - ok
15:19:58.0949 1016 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
15:19:58.0964 1016 LanmanServer - ok
15:19:59.0042 1016 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
15:19:59.0058 1016 LanmanWorkstation - ok
15:19:59.0183 1016 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:19:59.0183 1016 lltdio - ok
15:19:59.0354 1016 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
15:19:59.0479 1016 lltdsvc - ok
15:19:59.0510 1016 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
15:19:59.0510 1016 lmhosts - ok
15:19:59.0620 1016 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:19:59.0698 1016 LSI_FC - ok
15:19:59.0776 1016 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:19:59.0854 1016 LSI_SAS - ok
15:19:59.0900 1016 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:19:59.0978 1016 LSI_SAS2 - ok
15:20:00.0119 1016 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:20:00.0197 1016 LSI_SCSI - ok
15:20:00.0228 1016 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:20:00.0228 1016 luafv - ok
15:20:00.0415 1016 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
15:20:00.0493 1016 Mcx2Svc - ok
15:20:00.0540 1016 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:20:00.0602 1016 megasas - ok
15:20:00.0665 1016 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:20:00.0774 1016 MegaSR - ok
15:20:00.0899 1016 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:20:00.0899 1016 MMCSS - ok
15:20:01.0039 1016 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:20:01.0070 1016 Modem - ok
15:20:01.0148 1016 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:20:01.0148 1016 monitor - ok
15:20:01.0351 1016 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:20:01.0429 1016 mouclass - ok
15:20:01.0554 1016 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:20:01.0601 1016 mouhid - ok
15:20:01.0710 1016 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:20:01.0710 1016 mountmgr - ok
15:20:01.0804 1016 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:20:01.0835 1016 mpio - ok
15:20:01.0897 1016 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:20:01.0991 1016 mpsdrv - ok
15:20:02.0131 1016 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:20:02.0225 1016 MRxDAV - ok
15:20:02.0537 1016 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:20:02.0537 1016 mrxsmb - ok
15:20:02.0662 1016 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:20:02.0662 1016 mrxsmb10 - ok
15:20:02.0833 1016 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:20:02.0833 1016 mrxsmb20 - ok
15:20:03.0644 1016 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:20:03.0644 1016 msahci - ok
15:20:03.0832 1016 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:20:04.0362 1016 msdsm - ok
15:20:04.0549 1016 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
15:20:04.0565 1016 MSDTC - ok
15:20:04.0721 1016 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:20:04.0939 1016 Msfs - ok
15:20:05.0220 1016 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:20:05.0267 1016 mshidkmdf - ok
15:20:05.0345 1016 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:20:05.0345 1016 msisadrv - ok
15:20:05.0548 1016 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
15:20:05.0610 1016 MSiSCSI - ok
15:20:05.0610 1016 msiserver - ok
15:20:05.0672 1016 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:20:05.0844 1016 MSKSSRV - ok
15:20:05.0922 1016 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:20:06.0016 1016 MSPCLOCK - ok
15:20:06.0203 1016 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:20:06.0281 1016 MSPQM - ok
15:20:06.0390 1016 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:20:06.0406 1016 MsRPC - ok
15:20:06.0468 1016 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
15:20:06.0468 1016 mssmbios - ok
15:20:06.0593 1016 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:20:06.0702 1016 MSTEE - ok
15:20:06.0811 1016 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:20:06.0889 1016 MTConfig - ok
15:20:06.0998 1016 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:20:06.0998 1016 Mup - ok
15:20:07.0061 1016 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
15:20:07.0108 1016 napagent - ok
15:20:07.0264 1016 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:20:07.0264 1016 NativeWifiP - ok
15:20:07.0373 1016 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
15:20:07.0388 1016 NDIS - ok
15:20:07.0466 1016 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:20:07.0560 1016 NdisCap - ok
15:20:07.0622 1016 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:20:07.0763 1016 NdisTapi - ok
15:20:07.0919 1016 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:20:07.0919 1016 Ndisuio - ok
15:20:07.0966 1016 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:20:08.0106 1016 NdisWan - ok
15:20:08.0293 1016 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:20:08.0418 1016 NDProxy - ok
15:20:08.0558 1016 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:20:08.0605 1016 NetBIOS - ok
15:20:08.0668 1016 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:20:08.0746 1016 NetBT - ok
15:20:08.0792 1016 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:20:08.0792 1016 Netlogon - ok
15:20:08.0902 1016 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
15:20:08.0917 1016 Netman - ok
15:20:08.0964 1016 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
15:20:08.0964 1016 netprofm - ok
15:20:09.0541 1016 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:20:09.0650 1016 NetTcpPortSharing - ok
15:20:10.0134 1016 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
15:20:10.0352 1016 netw5v64 - ok
15:20:10.0633 1016 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:20:10.0758 1016 nfrd960 - ok
15:20:10.0930 1016 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
15:20:10.0945 1016 NlaSvc - ok
15:20:11.0008 1016 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:20:11.0148 1016 Npfs - ok
15:20:11.0210 1016 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
15:20:11.0210 1016 nsi - ok
15:20:11.0242 1016 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:20:11.0242 1016 nsiproxy - ok
15:20:11.0491 1016 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
15:20:11.0538 1016 Ntfs - ok
15:20:11.0803 1016 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:20:11.0897 1016 Null - ok
15:20:11.0975 1016 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
15:20:12.0037 1016 nvraid - ok
15:20:12.0287 1016 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
15:20:12.0458 1016 nvstor - ok
15:20:12.0692 1016 NvtlService (789ca049fa22b55949d8f0a7018b1e45) C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
15:20:12.0692 1016 NvtlService - ok
15:20:12.0833 1016 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:20:12.0895 1016 nv_agp - ok
15:20:13.0036 1016 NWADI (78c1a05c2e460adf3661bc60d115cc8d) C:\Windows\system32\DRIVERS\NWADIenum.sys
15:20:13.0036 1016 NWADI - ok
15:20:13.0301 1016 NWHelper (cfd6c86499ddcfa795a5f312102d05aa) C:\Program Files (x86)\Novatel Wireless\Drivers\NWHelper.exe
15:20:13.0301 1016 NWHelper - ok
15:20:13.0332 1016 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:20:13.0426 1016 ohci1394 - ok
15:20:13.0504 1016 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:20:13.0582 1016 ose - ok
15:20:14.0190 1016 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:20:14.0783 1016 osppsvc - ok
15:20:15.0064 1016 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:20:15.0079 1016 p2pimsvc - ok
15:20:15.0157 1016 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
15:20:15.0298 1016 p2psvc - ok
15:20:15.0454 1016 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:20:15.0547 1016 Parport - ok
15:20:15.0594 1016 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
15:20:15.0594 1016 partmgr - ok
15:20:15.0641 1016 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
15:20:15.0641 1016 PcaSvc - ok
15:20:15.0828 1016 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:20:15.0828 1016 pci - ok
15:20:15.0875 1016 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:20:15.0984 1016 pciide - ok
15:20:16.0124 1016 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:20:16.0280 1016 pcmcia - ok
15:20:16.0358 1016 PCTINDIS5X64 (b5d3c24e4ea8e6d4850e83dad8c510d4) C:\Windows\system32\PCTINDIS5X64.SYS
15:20:16.0436 1016 PCTINDIS5X64 - ok
15:20:16.0483 1016 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:20:16.0483 1016 pcw - ok
15:20:16.0561 1016 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:20:16.0577 1016 PEAUTH - ok
15:20:16.0717 1016 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
15:20:16.0748 1016 PerfHost - ok
15:20:16.0920 1016 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
15:20:17.0076 1016 pla - ok
15:20:17.0170 1016 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
15:20:17.0170 1016 PlugPlay - ok
15:20:17.0232 1016 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
15:20:17.0310 1016 PNRPAutoReg - ok
15:20:17.0372 1016 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:20:17.0372 1016 PNRPsvc - ok
15:20:17.0435 1016 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
15:20:17.0560 1016 PolicyAgent - ok
15:20:17.0606 1016 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
15:20:17.0606 1016 Power - ok
15:20:17.0747 1016 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:20:17.0856 1016 PptpMiniport - ok
15:20:17.0903 1016 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:20:18.0012 1016 Processor - ok
15:20:18.0074 1016 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
15:20:18.0074 1016 ProfSvc - ok
15:20:18.0168 1016 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:20:18.0168 1016 ProtectedStorage - ok
15:20:18.0308 1016 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:20:18.0308 1016 Psched - ok
15:20:18.0449 1016 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:20:18.0589 1016 ql2300 - ok
15:20:18.0854 1016 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:20:18.0948 1016 ql40xx - ok
15:20:19.0010 1016 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
15:20:19.0088 1016 QWAVE - ok
15:20:19.0120 1016 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:20:19.0213 1016 QWAVEdrv - ok
15:20:19.0229 1016 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:20:19.0244 1016 RasAcd - ok
15:20:19.0307 1016 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:20:19.0400 1016 RasAgileVpn - ok
15:20:19.0525 1016 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
15:20:19.0634 1016 RasAuto - ok
15:20:19.0744 1016 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:20:19.0837 1016 Rasl2tp - ok
15:20:19.0931 1016 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
15:20:19.0931 1016 RasMan - ok
15:20:20.0024 1016 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:20:20.0102 1016 RasPppoe - ok
15:20:20.0196 1016 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:20:20.0212 1016 RasSstp - ok
15:20:20.0274 1016 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:20:20.0742 1016 rdbss - ok
15:20:20.0773 1016 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:20:20.0914 1016 rdpbus - ok
15:20:20.0976 1016 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:20:21.0023 1016 RDPCDD - ok
15:20:21.0085 1016 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:20:21.0132 1016 RDPENCDD - ok
15:20:21.0163 1016 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:20:21.0257 1016 RDPREFMP - ok
15:20:21.0319 1016 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
15:20:21.0366 1016 RDPWD - ok
15:20:21.0444 1016 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:20:21.0460 1016 rdyboost - ok
15:20:21.0538 1016 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
15:20:21.0584 1016 RemoteAccess - ok
15:20:21.0631 1016 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
15:20:21.0709 1016 RemoteRegistry - ok
15:20:21.0740 1016 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
15:20:21.0740 1016 RpcEptMapper - ok
15:20:21.0818 1016 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
15:20:21.0881 1016 RpcLocator - ok
15:20:21.0974 1016 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:20:21.0974 1016 RpcSs - ok
15:20:22.0068 1016 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:20:22.0068 1016 rspndr - ok
15:20:22.0177 1016 RTL8167 (4fbda07ef0a3097ce14c5cabf723b278) C:\Windows\system32\DRIVERS\Rt64win7.sys
15:20:22.0208 1016 RTL8167 - ok
15:20:22.0349 1016 rtl8192se (cd8f32bb993b98e6705f11504a7f7250) C:\Windows\system32\DRIVERS\rtl8192se.sys
15:20:22.0427 1016 rtl8192se - ok
15:20:23.0129 1016 RtVOsdService (4ea7e5df0cb237156176fa0349e6e87f) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
15:20:23.0285 1016 RtVOsdService - ok
15:20:23.0425 1016 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:20:23.0425 1016 SamSs - ok
15:20:23.0488 1016 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:20:23.0534 1016 sbp2port - ok
15:20:23.0597 1016 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
15:20:23.0612 1016 SCardSvr - ok
15:20:23.0690 1016 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:20:23.0768 1016 scfilter - ok
15:20:23.0878 1016 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
15:20:23.0893 1016 Schedule - ok
15:20:23.0971 1016 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:20:23.0971 1016 SCPolicySvc - ok
15:20:24.0065 1016 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
15:20:24.0143 1016 sdbus - ok
15:20:24.0205 1016 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
15:20:24.0236 1016 SDRSVC - ok
15:20:24.0299 1016 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:20:24.0299 1016 secdrv - ok
15:20:24.0346 1016 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
15:20:24.0346 1016 seclogon - ok
15:20:24.0439 1016 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
15:20:24.0439 1016 SENS - ok
15:20:24.0533 1016 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
15:20:24.0611 1016 SensrSvc - ok
15:20:24.0658 1016 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:20:24.0736 1016 Serenum - ok
15:20:24.0751 1016 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:20:24.0829 1016 Serial - ok
15:20:24.0876 1016 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:20:24.0938 1016 sermouse - ok
15:20:25.0001 1016 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
15:20:25.0110 1016 SessionEnv - ok
15:20:25.0157 1016 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:20:25.0297 1016 sffdisk - ok
15:20:25.0344 1016 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:20:25.0422 1016 sffp_mmc - ok
15:20:25.0453 1016 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:20:25.0469 1016 sffp_sd - ok
15:20:25.0500 1016 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:20:25.0531 1016 sfloppy - ok
15:20:25.0640 1016 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
15:20:25.0640 1016 Sftfs - ok
15:20:25.0906 1016 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
15:20:25.0921 1016 sftlist - ok
15:20:25.0968 1016 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
15:20:25.0968 1016 Sftplay - ok
15:20:25.0984 1016 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
15:20:25.0984 1016 Sftredir - ok
15:20:25.0999 1016 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
15:20:25.0999 1016 Sftvol - ok
15:20:26.0093 1016 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
15:20:26.0108 1016 sftvsa - ok
15:20:26.0171 1016 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
15:20:26.0171 1016 ShellHWDetection - ok
15:20:26.0249 1016 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:20:26.0264 1016 SiSRaid2 - ok
15:20:26.0342 1016 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:20:26.0420 1016 SiSRaid4 - ok
15:20:26.0810 1016 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:20:26.0951 1016 Smb - ok
15:20:27.0185 1016 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
15:20:27.0278 1016 SNMPTRAP - ok
15:20:27.0356 1016 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:20:27.0356 1016 spldr - ok
15:20:27.0481 1016 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
15:20:27.0481 1016 Spooler - ok
15:20:27.0762 1016 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
15:20:27.0949 1016 sppsvc - ok
15:20:28.0214 1016 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
15:20:28.0292 1016 sppuinotify - ok
15:20:28.0838 1016 SprintRcAppSvc (53b1a7cc3cd0daa03222ae1aeb654162) C:\Program Files (x86)\Sprint\Sprint SmartView\RcAppSvc.exe
15:20:28.0838 1016 SprintRcAppSvc - ok
15:20:28.0963 1016 SPService - ok
15:20:29.0104 1016 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:20:29.0104 1016 srv - ok
15:20:29.0228 1016 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:20:29.0228 1016 srv2 - ok
15:20:29.0291 1016 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
15:20:29.0384 1016 SrvHsfHDA - ok
15:20:29.0494 1016 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
15:20:29.0634 1016 SrvHsfV92 - ok
15:20:30.0086 1016 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
15:20:30.0196 1016 SrvHsfWinac - ok
15:20:30.0242 1016 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:20:30.0242 1016 srvnet - ok
15:20:30.0352 1016 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
15:20:30.0367 1016 SSDPSRV - ok
15:20:30.0820 1016 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
15:20:30.0866 1016 SstpSvc - ok
15:20:30.0960 1016 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:20:30.0991 1016 stexstor - ok
15:20:31.0054 1016 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
15:20:31.0085 1016 stisvc - ok
15:20:31.0194 1016 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
15:20:31.0288 1016 swenum - ok
15:20:31.0943 1016 SwiCardDetectSvc (19bb7eed330f5736064cc84f6b45037a) C:\Program Files (x86)\Sprint\Sprint SmartView\SwiCardDetect64.exe
15:20:31.0943 1016 SwiCardDetectSvc - ok
15:20:32.0224 1016 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
15:20:32.0348 1016 swprv - ok
15:20:32.0567 1016 SynTP (868dfb220a18312a12cef01ba9ac069b) C:\Windows\system32\DRIVERS\SynTP.sys
15:20:32.0582 1016 SynTP - ok
15:20:32.0770 1016 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
15:20:32.0832 1016 SysMain - ok
15:20:33.0035 1016 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
15:20:33.0097 1016 TabletInputService - ok
15:20:33.0160 1016 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
15:20:33.0175 1016 TapiSrv - ok
15:20:33.0253 1016 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
15:20:33.0253 1016 TBS - ok
15:20:33.0472 1016 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
15:20:33.0503 1016 Tcpip - ok
15:20:34.0002 1016 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
15:20:34.0018 1016 TCPIP6 - ok
15:20:34.0392 1016 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:20:34.0408 1016 tcpipreg - ok
15:20:34.0532 1016 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:20:34.0642 1016 TDPIPE - ok
15:20:34.0704 1016 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
15:20:34.0751 1016 TDTCP - ok
15:20:34.0813 1016 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:20:34.0891 1016 tdx - ok
15:20:34.0922 1016 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
15:20:34.0954 1016 TermDD - ok
15:20:35.0047 1016 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
15:20:35.0141 1016 TermService - ok
15:20:35.0156 1016 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
15:20:35.0172 1016 Themes - ok
15:20:35.0656 1016 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:20:35.0656 1016 THREADORDER - ok
15:20:35.0952 1016 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
15:20:35.0968 1016 TrkWks - ok
15:20:36.0904 1016 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
15:20:37.0044 1016 TrustedInstaller - ok
15:20:37.0075 1016 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:20:37.0138 1016 tssecsrv - ok
15:20:37.0278 1016 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:20:37.0325 1016 TsUsbFlt - ok
15:20:37.0481 1016 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:20:37.0528 1016 tunnel - ok
15:20:37.0559 1016 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:20:37.0621 1016 uagp35 - ok
15:20:37.0902 1016 uagqecsvc (d9818db1a56e787b58b5eafe44e1a497) C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe
15:20:37.0918 1016 uagqecsvc - ok
15:20:37.0996 1016 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:20:38.0058 1016 udfs - ok
15:20:38.0105 1016 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
15:20:38.0230 1016 UI0Detect - ok
15:20:38.0339 1016 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:20:38.0354 1016 uliagpkx - ok
15:20:38.0448 1016 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
15:20:38.0510 1016 umbus - ok
15:20:38.0542 1016 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:20:38.0620 1016 UmPass - ok
15:20:38.0651 1016 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
15:20:38.0729 1016 upnphost - ok
15:20:38.0760 1016 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
15:20:38.0963 1016 usbccgp - ok
15:20:39.0025 1016 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:20:39.0166 1016 usbcir - ok
15:20:39.0212 1016 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
15:20:39.0306 1016 usbehci - ok
15:20:39.0337 1016 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
15:20:39.0353 1016 usbhub - ok
15:20:39.0384 1016 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
15:20:39.0415 1016 usbohci - ok
15:20:39.0462 1016 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:20:39.0556 1016 usbprint - ok
15:20:39.0587 1016 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:20:39.0602 1016 USBSTOR - ok
15:20:39.0696 1016 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
15:20:39.0758 1016 usbuhci - ok
15:20:39.0836 1016 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
15:20:39.0836 1016 UxSms - ok
15:20:39.0883 1016 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:20:39.0883 1016 VaultSvc - ok
15:20:40.0008 1016 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:20:40.0008 1016 vdrvroot - ok
15:20:40.0117 1016 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
15:20:40.0226 1016 vds - ok
15:20:40.0336 1016 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:20:40.0414 1016 vga - ok
15:20:40.0445 1016 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:20:40.0538 1016 VgaSave - ok
15:20:40.0570 1016 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:20:40.0601 1016 vhdmp - ok
15:20:40.0694 1016 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:20:40.0710 1016 viaide - ok
15:20:40.0772 1016 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:20:40.0772 1016 volmgr - ok
15:20:40.0819 1016 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:20:40.0835 1016 volmgrx - ok
15:20:40.0897 1016 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:20:40.0897 1016 volsnap - ok
15:20:41.0022 1016 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:20:41.0147 1016 vsmraid - ok
15:20:41.0318 1016 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
15:20:41.0537 1016 VSS - ok
15:20:41.0916 1016 vToolbarUpdater11.2.0 (8ed347bad8d1fb7c40b593bfb01786d2) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
15:20:41.0923 1016 vToolbarUpdater11.2.0 - ok
15:20:42.0170 1016 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
15:20:42.0322 1016 vwifibus - ok
15:20:42.0389 1016 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
15:20:42.0472 1016 vwififlt - ok
15:20:42.0529 1016 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
15:20:42.0644 1016 W32Time - ok
15:20:42.0811 1016 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:20:42.0944 1016 WacomPen - ok
15:20:43.0020 1016 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:20:43.0204 1016 WANARP - ok
15:20:43.0275 1016 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:20:43.0276 1016 Wanarpv6 - ok
15:20:43.0593 1016 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
15:20:43.0933 1016 WatAdminSvc - ok
15:20:44.0105 1016 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
15:20:44.0448 1016 wbengine - ok
15:20:44.0615 1016 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
15:20:44.0749 1016 WbioSrvc - ok
15:20:44.0829 1016 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
15:20:44.0962 1016 wcncsvc - ok
15:20:45.0002 1016 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
15:20:45.0167 1016 WcsPlugInService - ok
15:20:45.0247 1016 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:20:45.0411 1016 Wd - ok
15:20:45.0485 1016 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:20:45.0493 1016 Wdf01000 - ok
15:20:45.0559 1016 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:20:45.0562 1016 WdiServiceHost - ok
15:20:45.0571 1016 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:20:45.0575 1016 WdiSystemHost - ok
15:20:45.0639 1016 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
15:20:45.0821 1016 WebClient - ok
15:20:45.0868 1016 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
15:20:46.0055 1016 Wecsvc - ok
15:20:46.0089 1016 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
15:20:46.0152 1016 wercplsupport - ok
15:20:46.0212 1016 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
15:20:46.0308 1016 WerSvc - ok
15:20:46.0433 1016 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:20:46.0530 1016 WfpLwf - ok
15:20:46.0552 1016 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:20:46.0565 1016 WIMMount - ok
15:20:46.0725 1016 WinDefend - ok
15:20:46.0741 1016 WinHttpAutoProxySvc - ok
15:20:46.0874 1016 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
15:20:46.0885 1016 Winmgmt - ok
15:20:47.0126 1016 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
15:20:47.0450 1016 WinRM - ok
15:20:47.0813 1016 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
15:20:47.0857 1016 WinUsb - ok
15:20:48.0026 1016 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
15:20:48.0034 1016 Wlansvc - ok
15:20:48.0484 1016 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:20:48.0500 1016 wlidsvc - ok
15:20:48.0749 1016 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
15:20:48.0749 1016 WmiAcpi - ok
15:20:48.0874 1016 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
15:20:48.0983 1016 wmiApSrv - ok
15:20:49.0093 1016 WMPNetworkSvc - ok
15:20:49.0139 1016 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
15:20:49.0295 1016 WPCSvc - ok
15:20:49.0498 1016 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
15:20:49.0529 1016 WPDBusEnum - ok
15:20:49.0779 1016 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:20:49.0873 1016 ws2ifsl - ok
15:20:49.0951 1016 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
15:20:50.0029 1016 wscsvc - ok
15:20:50.0044 1016 WSearch - ok
15:20:50.0278 1016 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
15:20:50.0434 1016 wuauserv - ok
15:20:50.0840 1016 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:20:50.0840 1016 WudfPf - ok
15:20:50.0949 1016 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:20:51.0043 1016 WUDFRd - ok
15:20:51.0089 1016 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
15:20:51.0089 1016 wudfsvc - ok
15:20:51.0214 1016 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
15:20:51.0323 1016 WwanSvc - ok
15:20:51.0401 1016 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
15:20:51.0495 1016 yukonw7 - ok
15:20:51.0573 1016 MBR (0x1B8) (267286b4d3e61023d7cbac898d1ec7fe) \Device\Harddisk0\DR0
15:20:51.0854 1016 \Device\Harddisk0\DR0 - ok
15:20:51.0869 1016 Boot (0x1200) (d14ac80e7e8017b9e2ac438d74e4cb8e) \Device\Harddisk0\DR0\Partition0
15:20:51.0869 1016 \Device\Harddisk0\DR0\Partition0 - ok
15:20:51.0885 1016 Boot (0x1200) (00ebf65158c7609d02be31d589701311) \Device\Harddisk0\DR0\Partition1
15:20:51.0885 1016 \Device\Harddisk0\DR0\Partition1 - ok
15:20:51.0916 1016 Boot (0x1200) (dabd3a5f84ae2c7245a6481b6c54bb1a) \Device\Harddisk0\DR0\Partition2
15:20:51.0916 1016 \Device\Harddisk0\DR0\Partition2 - ok
15:20:51.0994 1016 Boot (0x1200) (7c746c4f271f253f66e634c93b72f34e) \Device\Harddisk0\DR0\Partition3
15:20:51.0994 1016 \Device\Harddisk0\DR0\Partition3 - ok
15:20:52.0010 1016 ============================================================
15:20:52.0010 1016 Scan finished
15:20:52.0010 1016 ============================================================
15:20:52.0025 2060 Detected object count: 0
15:20:52.0025 2060 Actual detected object count: 0

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:19 AM

Posted 12 July 2012 - 02:50 PM

very good now lets try combofix once more



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Eric M

Eric M
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:19 AM

Posted 12 July 2012 - 03:26 PM

Here is the log from ComboFix. As I was running combofix, the computer rebooted twice on its own. Each time when it came back up, I got an error I have not seen before. I got a box that popped up and said "C:\Windows\system32\GfxUI.exe - A device attached to the system is not functioning" Otherwise everything else seemed to run normally in regards to ComboFix:

ComboFix 12-07-11.03 - Robert 07/12/2012 16:03:49.1.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3003.1927 [GMT -4:00]
Running from: c:\users\Robert\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Robert\AppData\Roaming\Ehto
c:\users\Robert\AppData\Roaming\Ehto\ebdua.axt
c:\users\Robert\AppData\Roaming\Ugled
c:\users\Robert\AppData\Roaming\Ugled\ersuu.dio
c:\windows\Installer\{02815385-b3dc-aa2c-a083-2e509dc82d52}\@
c:\windows\Installer\{02815385-b3dc-aa2c-a083-2e509dc82d52}\L\00000004.@
c:\windows\Installer\{02815385-b3dc-aa2c-a083-2e509dc82d52}\L\1afb2d56
c:\windows\Installer\{02815385-b3dc-aa2c-a083-2e509dc82d52}\L\201d3dde
c:\windows\Installer\{02815385-b3dc-aa2c-a083-2e509dc82d52}\U\00000004.@
c:\windows\Installer\{02815385-b3dc-aa2c-a083-2e509dc82d52}\U\00000008.@
c:\windows\Installer\{02815385-b3dc-aa2c-a083-2e509dc82d52}\U\000000cb.@
c:\windows\Installer\{02815385-b3dc-aa2c-a083-2e509dc82d52}\U\80000000.@
c:\windows\Installer\{02815385-b3dc-aa2c-a083-2e509dc82d52}\U\80000032.@
c:\windows\Installer\{02815385-b3dc-aa2c-a083-2e509dc82d52}\U\80000064.@
.
Infected copy of c:\windows\system32\services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SPService
.
.
((((((((((((((((((((((((( Files Created from 2012-06-12 to 2012-07-12 )))))))))))))))))))))))))))))))
.
.
2012-07-12 20:11 . 2012-07-12 20:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-12 20:11 . 2012-07-12 20:11 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-07-09 18:03 . 2012-07-09 18:03 -------- d-----w- c:\program files (x86)\Common Files\EPP
2012-07-09 18:03 . 2012-07-09 18:03 -------- d-----w- c:\program files (x86)\Common Files\PctelEapPeer Authentication
2012-07-09 18:03 . 2012-07-09 18:03 -------- d-----w- c:\program files (x86)\Sierra Wireless
2012-07-09 18:03 . 2012-07-09 18:03 -------- d-----w- c:\program files (x86)\Novatel Wireless
2012-07-09 18:03 . 2012-07-09 18:03 -------- d-----w- c:\programdata\Sprint
2012-07-09 17:19 . 2012-07-09 17:19 -------- d-----w- c:\users\Robert\AppData\Roaming\Bytemobile
2012-07-09 17:17 . 2008-05-29 18:53 118272 ----a-w- c:\windows\system32\drivers\cm_seramd.sys
2012-07-09 17:17 . 2008-05-29 18:53 118272 ----a-w- c:\windows\system32\drivers\cm_ser.sys
2012-07-09 17:17 . 2008-05-29 18:53 133120 ----a-w- c:\windows\system32\drivers\cm_netamd.sys
2012-07-09 17:17 . 2008-05-29 18:53 133120 ----a-w- c:\windows\system32\drivers\cm_net.sys
2012-07-09 17:16 . 2012-07-09 17:16 -------- d-----w- c:\users\Robert\AppData\Local\Sprint
2012-07-09 17:15 . 2012-07-09 17:15 -------- d-----w- c:\users\Robert\AppData\Roaming\Sierra Wireless
2012-07-09 17:15 . 2010-10-19 14:00 47104 ----a-w- c:\windows\system32\drivers\swmsflt.sys
2012-07-09 17:15 . 2009-03-31 15:57 41280 ----a-w- c:\windows\system32\drivers\PCASp50a64.sys
2012-07-09 17:13 . 2012-07-09 17:13 -------- d-----w- c:\program files (x86)\Sprint
2012-07-06 18:43 . 2012-07-06 20:04 -------- d-----w- c:\users\Robert\AppData\Roaming\Odcoo
2012-07-06 18:43 . 2012-07-06 18:43 -------- d-----w- c:\users\Robert\AppData\Roaming\Ynceh
2012-07-05 18:04 . 2012-07-05 18:04 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-04 16:33 . 2012-07-04 16:35 -------- d-----w- c:\users\Robert\AppData\Roaming\AVG
2012-06-26 21:44 . 2012-06-26 21:44 -------- d-----w- c:\users\Administrator
2012-06-25 14:36 . 2012-06-25 14:36 -------- d-----w- c:\users\Robert\AppData\Roaming\Lipa
2012-06-25 14:36 . 2012-06-25 14:36 -------- d-----w- c:\users\Robert\AppData\Roaming\Dehagu
2012-06-21 18:27 . 2012-06-23 01:04 -------- d-----w- c:\users\Robert\AppData\Roaming\WildTangent
2012-06-20 16:07 . 2012-06-20 16:07 -------- d-----w- c:\users\Robert\AppData\Roaming\{90140011-0066-0409-0000-0000000FF1CE}
2012-06-20 16:07 . 2012-06-20 16:07 -------- d-----w- c:\programdata\Virtualized Applications
2012-06-15 14:37 . 2012-06-15 14:37 -------- d-----w- c:\users\Robert\AppData\Local\AVG Secure Search
2012-06-15 14:37 . 2012-06-15 14:45 -------- d-----w- c:\programdata\AVG Secure Search
2012-06-15 14:37 . 2012-06-15 14:37 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-06-15 14:37 . 2012-06-15 14:37 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-06-15 14:37 . 2012-06-15 14:37 -------- d--h--w- c:\programdata\Common Files
2012-06-15 14:37 . 2012-06-15 14:37 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-06-15 14:36 . 2012-06-15 14:36 -------- d-----w- C:\$AVG
2012-06-15 14:36 . 2012-07-12 16:34 -------- d-----w- c:\windows\system32\drivers\AVG
2012-06-15 14:36 . 2012-07-06 20:04 -------- d-----w- c:\programdata\AVG2012
2012-06-15 14:35 . 2012-07-04 16:32 -------- d-----w- c:\program files (x86)\AVG
2012-06-15 14:32 . 2012-07-12 16:35 -------- d-----w- c:\programdata\MFAData
2012-06-14 19:58 . 2012-06-14 19:58 -------- d--h--w- c:\users\Robert\AppData\Roaming\Malwarebytes
2012-06-14 19:58 . 2012-06-16 14:42 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-14 19:58 . 2012-06-14 19:58 -------- d-----w- c:\programdata\Malwarebytes
2012-06-14 18:19 . 2012-06-14 18:19 -------- d--h--w- c:\users\Guest\AppData\Roaming\hpqlog
2012-06-14 15:19 . 2012-06-14 15:19 -------- d--h--r- c:\users\Robert\AppData\Roaming\Brother
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 17:32 . 2012-06-03 13:36 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-23 17:32 . 2011-09-28 21:51 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-23 17:32 . 2012-06-03 14:32 9815752 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-30 14:08 . 2012-05-30 14:08 67176 ----a-w- c:\windows\SysWow64\pxfhwmcp.dll
2012-05-30 14:08 . 2012-05-30 14:08 136808 ----a-w- c:\windows\SysWow64\PCTIN50.dll
2012-04-19 08:50 . 2012-04-19 08:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-06-15 14:37 2074208 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-06-15 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe" [2010-02-10 1712184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"BrStsWnd"="c:\program files (x86)\Brownie\BrstsW64.exe" [2009-08-19 3695928]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-06-15 1107552]
"Sprint SmartView"="c:\program files (x86)\Sprint\Sprint SmartView\SprintSV.exe" [2012-06-07 75368]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-07-04 5160568]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992]
R2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-06-24 315392]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]
R3 CASprint;Sprint Con App Svc;c:\program files (x86)\Sprint\Sprint SmartView\ConAppsSvc.exe [2012-05-30 124520]
R3 DMService;Microsoft Forefront UAG Endpoint Component Manager;c:\windows\DOWNLO~1\DMService.exe [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS [2010-08-05 43032]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-09 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-05-21 140272]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-02-04 92216]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 NvtlService;NovaCore SDK Service;c:\program files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [2011-02-07 92504]
S2 NWHelper;Novatel Wireless Device Helper ;c:\program files (x86)\Novatel Wireless\Drivers\NWHelper.exe [2011-03-16 270336]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SwiCardDetectSvc;Sierra Wireless Card Detection Service;c:\program files (x86)\Sprint\Sprint SmartView\SwiCardDetect64.exe [2010-09-22 307568]
S2 uagqecsvc;Microsoft Forefront UAG Quarantine Enforcement Client;c:\program files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [2010-04-09 149904]
S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-06-15 935008]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 bcm;WiMAX Network Adapter;c:\windows\system32\DRIVERS\drxvi314_64.sys [2012-03-20 416000]
S3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\DRIVERS\BcmBusCtr_64.sys [2012-03-20 64000]
S3 cm_net;C-motech USB Network Adapter Drivers;c:\windows\system32\DRIVERS\cm_net.sys [2008-05-29 133120]
S3 cm_ser;C-motech USB Data Modem Driver;c:\windows\system32\DRIVERS\cm_ser.sys [2008-05-29 118272]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-23 347680]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-02-05 1093152]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-03 17:32]
.
2012-07-11 c:\windows\Tasks\HPCeeScheduleForRobert.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-05 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-05 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-05 410648]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-07-18 6489704]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-06-18 8192]
"combofix"="c:\combofix\CF23803.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: ketsujin.com\fighterace
Trusted Zone: ketsujin.com\primary
Trusted Zone: ketsujin.com\update
Trusted Zone: ketsujin.com\www
Trusted Zone: nextel.com
Trusted Zone: sprint.com
Trusted Zone: stormofaces.com\www
TCP: Interfaces\{122EAE12-0101-4DC9-9B63-AF19DD8FA7C0}: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{122EAE12-0101-4DC9-9B63-AF19DD8FA7C0}\54879647255616C64797D27657563747: DhcpNameServer = 10.1.10.1 192.168.33.1
TCP: Interfaces\{122EAE12-0101-4DC9-9B63-AF19DD8FA7C0}\844534025465F402358696664702437402734414535414: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\4m0g7az6.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?ilc=2
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{96AFBE69-C3B0-4b00-8578-D933D2896EE2} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Brownie\brpjp04a.exe
c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files (x86)\Sprint\Sprint SmartView\RcAppSvc.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
.
**************************************************************************
.
Completion time: 2012-07-12 16:20:55 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-12 20:20
.
Pre-Run: 183,916,920,832 bytes free
Post-Run: 183,518,666,752 bytes free
.
- - End Of File - - 1825A43158A21D3C848FB496BFA28A31

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:19 AM

Posted 13 July 2012 - 12:54 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\users\Robert\AppData\Roaming\Odcoo
c:\users\Robert\AppData\Roaming\Ynceh
c:\users\Robert\AppData\Roaming\Lipa
c:\users\Robert\AppData\Roaming\Dehagu

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Eric M

Eric M
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:19 AM

Posted 13 July 2012 - 01:22 PM

Only thing out of the ordinary that I saw was the same error as before:

I got a box that popped up and said "C:\Windows\system32\GfxUI.exe - A device attached to the system is not functioning"

Otherwise, computer does seem to be running better than it was.

ComboFix follows:

ComboFix 12-07-13.03 - Robert 07/13/2012 14:04:28.2.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3003.1784 [GMT -4:00]
Running from: c:\users\Robert\Desktop\ComboFix.exe
Command switches used :: c:\users\Robert\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Robert\AppData\Roaming\Dehagu
c:\users\Robert\AppData\Roaming\Dehagu\geero.tmp
c:\users\Robert\AppData\Roaming\Lipa
c:\users\Robert\AppData\Roaming\Odcoo
c:\users\Robert\AppData\Roaming\Ynceh
c:\users\Robert\AppData\Roaming\Ynceh\ocelu.omc
.
.
((((((((((((((((((((((((( Files Created from 2012-06-13 to 2012-07-13 )))))))))))))))))))))))))))))))
.
.
2012-07-13 18:10 . 2012-07-13 18:10 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-07-13 18:10 . 2012-07-13 18:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-09 18:03 . 2012-07-09 18:03 -------- d-----w- c:\program files (x86)\Common Files\EPP
2012-07-09 18:03 . 2012-07-09 18:03 -------- d-----w- c:\program files (x86)\Common Files\PctelEapPeer Authentication
2012-07-09 18:03 . 2012-07-09 18:03 -------- d-----w- c:\program files (x86)\Sierra Wireless
2012-07-09 18:03 . 2012-07-09 18:03 -------- d-----w- c:\program files (x86)\Novatel Wireless
2012-07-09 18:03 . 2012-07-09 18:03 -------- d-----w- c:\programdata\Sprint
2012-07-09 17:19 . 2012-07-09 17:19 -------- d-----w- c:\users\Robert\AppData\Roaming\Bytemobile
2012-07-09 17:17 . 2008-05-29 18:53 118272 ----a-w- c:\windows\system32\drivers\cm_seramd.sys
2012-07-09 17:17 . 2008-05-29 18:53 118272 ----a-w- c:\windows\system32\drivers\cm_ser.sys
2012-07-09 17:17 . 2008-05-29 18:53 133120 ----a-w- c:\windows\system32\drivers\cm_netamd.sys
2012-07-09 17:17 . 2008-05-29 18:53 133120 ----a-w- c:\windows\system32\drivers\cm_net.sys
2012-07-09 17:16 . 2012-07-09 17:16 -------- d-----w- c:\users\Robert\AppData\Local\Sprint
2012-07-09 17:15 . 2012-07-09 17:15 -------- d-----w- c:\users\Robert\AppData\Roaming\Sierra Wireless
2012-07-09 17:15 . 2010-10-19 14:00 47104 ----a-w- c:\windows\system32\drivers\swmsflt.sys
2012-07-09 17:15 . 2009-03-31 15:57 41280 ----a-w- c:\windows\system32\drivers\PCASp50a64.sys
2012-07-09 17:13 . 2012-07-09 17:13 -------- d-----w- c:\program files (x86)\Sprint
2012-07-05 18:04 . 2012-07-05 18:04 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-04 16:33 . 2012-07-04 16:35 -------- d-----w- c:\users\Robert\AppData\Roaming\AVG
2012-06-26 21:44 . 2012-06-26 21:44 -------- d-----w- c:\users\Administrator
2012-06-21 18:27 . 2012-06-23 01:04 -------- d-----w- c:\users\Robert\AppData\Roaming\WildTangent
2012-06-20 16:07 . 2012-06-20 16:07 -------- d-----w- c:\users\Robert\AppData\Roaming\{90140011-0066-0409-0000-0000000FF1CE}
2012-06-20 16:07 . 2012-06-20 16:07 -------- d-----w- c:\programdata\Virtualized Applications
2012-06-15 14:37 . 2012-06-15 14:37 -------- d-----w- c:\users\Robert\AppData\Local\AVG Secure Search
2012-06-15 14:37 . 2012-06-15 14:45 -------- d-----w- c:\programdata\AVG Secure Search
2012-06-15 14:37 . 2012-06-15 14:37 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-06-15 14:37 . 2012-06-15 14:37 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-06-15 14:37 . 2012-06-15 14:37 -------- d--h--w- c:\programdata\Common Files
2012-06-15 14:37 . 2012-06-15 14:37 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-06-15 14:36 . 2012-06-15 14:36 -------- d-----w- C:\$AVG
2012-06-15 14:36 . 2012-07-13 14:04 -------- d-----w- c:\windows\system32\drivers\AVG
2012-06-15 14:36 . 2012-07-06 20:04 -------- d-----w- c:\programdata\AVG2012
2012-06-15 14:35 . 2012-07-04 16:32 -------- d-----w- c:\program files (x86)\AVG
2012-06-15 14:32 . 2012-07-13 14:05 -------- d-----w- c:\programdata\MFAData
2012-06-14 19:58 . 2012-06-14 19:58 -------- d--h--w- c:\users\Robert\AppData\Roaming\Malwarebytes
2012-06-14 19:58 . 2012-06-16 14:42 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-14 19:58 . 2012-06-14 19:58 -------- d-----w- c:\programdata\Malwarebytes
2012-06-14 18:19 . 2012-06-14 18:19 -------- d--h--w- c:\users\Guest\AppData\Roaming\hpqlog
2012-06-14 15:19 . 2012-06-14 15:19 -------- d--h--r- c:\users\Robert\AppData\Roaming\Brother
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 17:32 . 2012-06-03 13:36 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-23 17:32 . 2011-09-28 21:51 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-23 17:32 . 2012-06-03 14:32 9815752 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-30 14:08 . 2012-05-30 14:08 67176 ----a-w- c:\windows\SysWow64\pxfhwmcp.dll
2012-05-30 14:08 . 2012-05-30 14:08 136808 ----a-w- c:\windows\SysWow64\PCTIN50.dll
2012-04-19 08:50 . 2012-04-19 08:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-12_20.14.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-07-13 18:11 . 2012-07-13 18:11 13585 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2012-07-12 20:12 . 2012-07-12 20:12 13585 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2009-07-14 05:10 . 2012-07-13 18:14 48624 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-12-29 02:30 . 2012-07-13 18:14 12618 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-329038569-1128595963-247867193-1000_UserData.bin
- 2010-11-27 20:42 . 2012-07-12 19:27 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-11-27 20:42 . 2012-07-13 14:04 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-11-27 20:42 . 2012-07-12 19:27 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-11-27 20:42 . 2012-07-13 14:04 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-12 19:27 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-13 14:04 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-07-13 18:12 . 2012-07-13 18:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-12 20:13 . 2012-07-12 20:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-13 18:12 . 2012-07-13 18:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-12 20:13 . 2012-07-12 20:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 04:54 . 2012-07-12 20:13 425984 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-07-13 18:12 425984 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-11-28 05:58 . 2012-07-13 13:59 259952 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 04:54 . 2012-07-12 20:13 3735552 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-13 18:12 3735552 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-12 20:13 1802240 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-13 18:12 1802240 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-06-15 14:37 2074208 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-06-15 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe" [2010-02-10 1712184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"BrStsWnd"="c:\program files (x86)\Brownie\BrstsW64.exe" [2009-08-19 3695928]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-06-15 1107552]
"Sprint SmartView"="c:\program files (x86)\Sprint\Sprint SmartView\SprintSV.exe" [2012-06-07 75368]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-07-04 5160568]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992]
R2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-06-24 315392]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]
R3 CASprint;Sprint Con App Svc;c:\program files (x86)\Sprint\Sprint SmartView\ConAppsSvc.exe [2012-05-30 124520]
R3 DMService;Microsoft Forefront UAG Endpoint Component Manager;c:\windows\DOWNLO~1\DMService.exe [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS [2010-08-05 43032]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-09 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-05-21 140272]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-02-04 92216]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 NvtlService;NovaCore SDK Service;c:\program files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [2011-02-07 92504]
S2 NWHelper;Novatel Wireless Device Helper ;c:\program files (x86)\Novatel Wireless\Drivers\NWHelper.exe [2011-03-16 270336]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SwiCardDetectSvc;Sierra Wireless Card Detection Service;c:\program files (x86)\Sprint\Sprint SmartView\SwiCardDetect64.exe [2010-09-22 307568]
S2 uagqecsvc;Microsoft Forefront UAG Quarantine Enforcement Client;c:\program files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [2010-04-09 149904]
S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-06-15 935008]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 bcm;WiMAX Network Adapter;c:\windows\system32\DRIVERS\drxvi314_64.sys [2012-03-20 416000]
S3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\DRIVERS\BcmBusCtr_64.sys [2012-03-20 64000]
S3 cm_net;C-motech USB Network Adapter Drivers;c:\windows\system32\DRIVERS\cm_net.sys [2008-05-29 133120]
S3 cm_ser;C-motech USB Data Modem Driver;c:\windows\system32\DRIVERS\cm_ser.sys [2008-05-29 118272]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-23 347680]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-02-05 1093152]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-03 17:32]
.
2012-07-11 c:\windows\Tasks\HPCeeScheduleForRobert.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-05 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-05 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-05 410648]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-07-18 6489704]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-06-18 8192]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: ketsujin.com\fighterace
Trusted Zone: ketsujin.com\primary
Trusted Zone: ketsujin.com\update
Trusted Zone: ketsujin.com\www
Trusted Zone: nextel.com
Trusted Zone: sprint.com
Trusted Zone: stormofaces.com\www
TCP: Interfaces\{122EAE12-0101-4DC9-9B63-AF19DD8FA7C0}: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{122EAE12-0101-4DC9-9B63-AF19DD8FA7C0}\54879647255616C64797D27657563747: DhcpNameServer = 10.1.10.1 192.168.33.1
TCP: Interfaces\{122EAE12-0101-4DC9-9B63-AF19DD8FA7C0}\844534025465F402358696664702437402734414535414: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\4m0g7az6.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?ilc=2
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Brownie\brpjp04a.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
.
**************************************************************************
.
Completion time: 2012-07-13 14:18:16 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-13 18:18
ComboFix2.txt 2012-07-12 20:20
.
Pre-Run: 182,812,221,440 bytes free
Post-Run: 182,566,600,704 bytes free
.
- - End Of File - - 240172ECD82409F45E346DC0BBDC93ED




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users