Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

svchost.exe *32 application playing random sound


  • This topic is locked This topic is locked
21 replies to this topic

#1 inlakeshalakin

inlakeshalakin

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:02 PM

Posted 16 July 2012 - 10:58 PM

Sound starts playing on computer almost immediately after start-up while no programs are open. I open task manager select "show processes from all users" and organize by memory. At the top of the list is the previously mentioned svchost.exe *32. When selected and ended the sound stops. Some five minutes later the sound comes back and the process is again at the top of memory usage on task manager. I tried to open the location of the application and delete it but the file comes back instantly after deletion every time. Tried to scan the file with AVG free edition 2012 and no threat found. Location of file C:/Windows

DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.5.0
Run by Owner at 22:17:16 on 2012-07-16
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local;<local>
BHO: MRI_DISABLED - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1079\TmIEPlg32.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
EB: MRI_DISABLED - No File
uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [aceefacfbddct] "Global\a7c0e30e-5fac-49f0-8351-b7179d438640DCT1fffffffd"
uRun: [Akamai NetSession Interface] "C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe"
mRun: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
mRun: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [<NO NAME>]
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
dRun: [Macromedia] RUNDLL32.EXE C:\Windows\system32\config\systemprofile\AppData\Local\Macromedia\zgdhllxk.dll,DeleteCTXMLTag
dRun: [Macromedia Update] RUNDLL32.EXE C:\Windows\system32\config\systemprofile\AppData\Local\Macromedia\zgdhllxk.dll,DSCCancel
dRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11f_ActiveX.exe -update activex
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{7757C5D6-5541-4CD3-A2E5-069485FC1B42} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{7757C5D6-5541-4CD3-A2E5-069485FC1B42}\441697370294E6E6 : DhcpNameServer = 10.10.10.1
TCP: Interfaces\{7757C5D6-5541-4CD3-A2E5-069485FC1B42}\84F64756C675962756C6563737 : DhcpNameServer = 10.10.10.1
TCP: Interfaces\{7757C5D6-5541-4CD3-A2E5-069485FC1B42}\E4544574541425 : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1079\TmIEPlg32.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: MRI_DISABLED - No File
BHO-X64: HP Print Enhancer - No File
BHO-X64: AcroIEHelperStub - No File
BHO-X64: HelloWorldBHO - No File
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: HP Smart BHO Class - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1079\TmIEPlg32.dll
BHO-X64: Trend Micro NSC BHO - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
BHO-X64: TmBpIeBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
EB-X64: MRI_DISABLED - No File
mRun-x64: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
mRun-x64: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
mRun-x64: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun-x64: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun-x64: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
mRun-x64: [OpwareSE4] "C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [(Default)]
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\x0plas0y.default\
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B9d57d371-71ec-49f0-9696-8a3310cff01d%7D&mid=ec43348f9e1f47d0bd7dd156500958c9-b0d4f81a8999f5981f04537c5ec8468fd5234593&ds=AVG&v=11.1.0.12&lang=en&pr=fr&d=2012-05-27%2009%3A04%3A21&sap=ku&q=
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2012-07-17 01:16:11 518144 ----a-w- C:\Windows\SWREG.exe
2012-07-17 01:16:11 256000 ----a-w- C:\Windows\PEV.exe
2012-07-17 01:16:11 208896 ----a-w- C:\Windows\MBR.exe
2012-07-17 01:16:10 98816 ----a-w- C:\Windows\sed.exe
2012-07-17 01:15:56 -------- d-s---w- C:\ComboFix
2012-07-15 01:58:20 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-07-15 01:58:20 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2012-07-14 16:33:37 772592 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-07-14 16:24:34 839152 ----a-w- C:\Windows\System32\deployJava1.dll
2012-07-14 16:24:33 955888 ----a-w- C:\Windows\System32\npDeployJava1.dll
2012-07-14 16:24:16 -------- d-----w- C:\Users\Owner\AppData\Local\Macromedia
2012-07-14 16:19:44 -------- d-----w- C:\ProgramData\McAfee Security Scan
2012-07-14 16:19:28 -------- d-----w- C:\Program Files (x86)\McAfee Security Scan
2012-07-14 16:19:13 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-13 03:09:21 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-07-13 03:08:55 624608 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-07-13 03:08:55 43488 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-07-13 03:08:55 157608 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-07-13 03:08:55 113120 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-07-12 04:47:38 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-10 21:23:41 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-07-10 21:23:41 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-07-10 21:23:41 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-07-10 21:23:41 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-07-10 21:23:37 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-07-10 21:23:36 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-07-10 21:23:35 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-07-10 21:23:33 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-07-10 21:23:29 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-07-10 21:23:00 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-30 01:02:13 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-06-30 01:02:13 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-06-30 01:00:29 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-06-30 01:00:28 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-06-30 01:00:25 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-06-30 01:00:06 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-06-30 00:59:18 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-06-30 00:59:15 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-06-30 00:59:11 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-06-30 00:59:11 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-06-30 00:59:01 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-06-30 00:59:00 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-06-30 00:59:00 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-06-30 00:59:00 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-06-30 00:59:00 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-06-30 00:59:00 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-06-30 00:57:49 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-06-30 00:57:24 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-06-30 00:57:23 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-06-30 00:42:14 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-30 00:41:54 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-30 00:41:09 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-30 00:41:09 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-24 18:50:51 992352 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\install_flashplayer.exe
2012-06-24 18:50:42 5120 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\B542.tmp
2012-06-24 18:50:42 113152 ------w- C:\ProgramData\Microsoft\Windows\DRM\B542.tmp.dat
.
==================== Find3M ====================
.
2012-07-15 02:54:28 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-05-27 13:57:52 104198 ----a-w- C:\Users\Owner\cc_20120527_085725.reg
2012-05-15 04:01:31 1188864 ----a-w- C:\Windows\System32\wininet.dll
2012-05-15 03:03:54 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-04-20 03:45:41 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-04-20 03:16:44 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-04-19 09:50:26 28480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
.
============= FINISH: 22:23:38.71 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:02 PM

Posted 17 July 2012 - 12:44 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 inlakeshalakin

inlakeshalakin
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:02 PM

Posted 17 July 2012 - 11:29 AM

Attached is the log from security check.
Combofix will not complete, after about 20-30 lines in the blue command prompt my computer shuts down with the blue memory dump screen.
Shut down my AVG.
Tried to turn off my firewall in control panel but gives me error code:0x80070424

Computer is running fine.
Random sound is still present.

Attached Files



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:02 PM

Posted 17 July 2012 - 05:50 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 inlakeshalakin

inlakeshalakin
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:02 PM

Posted 17 July 2012 - 09:36 PM

20:39:45.0662 4060 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
20:39:46.0166 4060 ============================================================
20:39:46.0166 4060 Current date / time: 2012/07/17 20:39:46.0166
20:39:46.0166 4060 SystemInfo:
20:39:46.0166 4060
20:39:46.0166 4060 OS Version: 6.1.7601 ServicePack: 1.0
20:39:46.0166 4060 Product type: Workstation
20:39:46.0166 4060 ComputerName: OWNER-PC
20:39:46.0166 4060 UserName: Owner
20:39:46.0166 4060 Windows directory: C:\Windows
20:39:46.0166 4060 System windows directory: C:\Windows
20:39:46.0166 4060 Running under WOW64
20:39:46.0166 4060 Processor architecture: Intel x64
20:39:46.0166 4060 Number of processors: 2
20:39:46.0166 4060 Page size: 0x1000
20:39:46.0166 4060 Boot type: Normal boot
20:39:46.0166 4060 ============================================================
20:39:49.0504 4060 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x13135, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x7F, Type 'K0', Flags 0x00000040
20:39:49.0504 4060 ============================================================
20:39:49.0504 4060 \Device\Harddisk0\DR0:
20:39:49.0504 4060 MBR partitions:
20:39:49.0504 4060 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
20:39:49.0504 4060 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x23C0D000
20:39:49.0504 4060 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x23C71000, BlocksNum 0x17BD000
20:39:49.0520 4060 ============================================================
20:39:49.0551 4060 C: <-> \Device\Harddisk0\DR0\Partition1
20:39:49.0598 4060 D: <-> \Device\Harddisk0\DR0\Partition2
20:39:49.0598 4060 ============================================================
20:39:49.0598 4060 Initialize success
20:39:49.0598 4060 ============================================================
20:39:52.0953 4760 ============================================================
20:39:52.0953 4760 Scan started
20:39:52.0953 4760 Mode: Manual;
20:39:52.0953 4760 ============================================================
20:39:55.0059 4760 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
20:39:55.0075 4760 1394ohci - ok
20:39:55.0121 4760 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
20:39:55.0121 4760 ACPI - ok
20:39:55.0168 4760 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
20:39:55.0184 4760 AcpiPmi - ok
20:39:55.0371 4760 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:39:55.0636 4760 AdobeFlashPlayerUpdateSvc - ok
20:39:55.0745 4760 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
20:39:55.0745 4760 adp94xx - ok
20:39:55.0839 4760 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
20:39:55.0839 4760 adpahci - ok
20:39:55.0886 4760 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
20:39:55.0886 4760 adpu320 - ok
20:39:56.0167 4760 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
20:39:56.0182 4760 AeLookupSvc - ok
20:39:56.0510 4760 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
20:39:56.0557 4760 AFD - ok
20:39:56.0635 4760 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
20:39:56.0635 4760 agp440 - ok
20:39:56.0697 4760 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
20:39:56.0744 4760 ALG - ok
20:39:56.0775 4760 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
20:39:56.0775 4760 aliide - ok
20:39:56.0822 4760 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
20:39:56.0822 4760 amdide - ok
20:39:56.0915 4760 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
20:39:56.0947 4760 AmdK8 - ok
20:39:56.0962 4760 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
20:39:56.0962 4760 AmdPPM - ok
20:39:57.0009 4760 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
20:39:57.0009 4760 amdsata - ok
20:39:57.0040 4760 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
20:39:57.0056 4760 amdsbs - ok
20:39:57.0087 4760 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
20:39:57.0087 4760 amdxata - ok
20:39:57.0274 4760 Amsp (18f64623e76ff58009d6f9cb9dea5d0a) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
20:39:57.0274 4760 Amsp - ok
20:39:57.0321 4760 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
20:39:57.0321 4760 AppID - ok
20:39:57.0337 4760 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
20:39:57.0352 4760 AppIDSvc - ok
20:39:57.0399 4760 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
20:39:57.0399 4760 Appinfo - ok
20:39:57.0664 4760 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:39:57.0664 4760 Apple Mobile Device - ok
20:39:57.0836 4760 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
20:39:57.0836 4760 arc - ok
20:39:57.0851 4760 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
20:39:57.0851 4760 arcsas - ok
20:39:57.0883 4760 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:39:57.0883 4760 AsyncMac - ok
20:39:57.0898 4760 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
20:39:57.0898 4760 atapi - ok
20:39:58.0132 4760 athr (38562a6a9cb10844759eaf2b01a7fcd3) C:\Windows\system32\DRIVERS\athrx.sys
20:39:58.0226 4760 athr - ok
20:39:58.0397 4760 ATMFBUS - ok
20:39:58.0460 4760 ATMFCVsp - ok
20:39:58.0491 4760 ATMFFLT - ok
20:39:58.0507 4760 ATMFMdm - ok
20:39:58.0522 4760 ATMFNET - ok
20:39:58.0538 4760 ATMFNVsp - ok
20:39:58.0538 4760 ATMFVsp - ok
20:39:58.0663 4760 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:39:58.0678 4760 AudioEndpointBuilder - ok
20:39:58.0678 4760 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:39:58.0694 4760 AudioSrv - ok
20:39:59.0801 4760 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
20:39:59.0833 4760 AVGIDSAgent - ok
20:40:00.0176 4760 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys
20:40:00.0176 4760 AVGIDSDriver - ok
20:40:00.0285 4760 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys
20:40:00.0285 4760 AVGIDSFilter - ok
20:40:00.0301 4760 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys
20:40:00.0301 4760 AVGIDSHA - ok
20:40:00.0425 4760 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
20:40:00.0425 4760 Avgldx64 - ok
20:40:00.0503 4760 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
20:40:00.0503 4760 Avgmfx64 - ok
20:40:00.0613 4760 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
20:40:00.0613 4760 Avgrkx64 - ok
20:40:00.0800 4760 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS\avgtdia.sys
20:40:00.0815 4760 Avgtdia - ok
20:40:01.0034 4760 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
20:40:01.0034 4760 avgwd - ok
20:40:01.0096 4760 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
20:40:01.0112 4760 AxInstSV - ok
20:40:01.0190 4760 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
20:40:01.0190 4760 b06bdrv - ok
20:40:01.0268 4760 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:40:01.0268 4760 b57nd60a - ok
20:40:01.0394 4760 BBSvc (2ed050291bc1d7f9e322e328db3aaecf) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
20:40:01.0394 4760 BBSvc - ok
20:40:01.0706 4760 BBUpdate (785de7abda13309d6065305542829e76) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
20:40:01.0721 4760 BBUpdate - ok
20:40:01.0830 4760 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
20:40:01.0830 4760 BDESVC - ok
20:40:01.0877 4760 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:40:01.0877 4760 Beep - ok
20:40:01.0955 4760 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
20:40:01.0971 4760 BFE - ok
20:40:02.0049 4760 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
20:40:02.0064 4760 BITS - ok
20:40:02.0158 4760 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:40:02.0174 4760 blbdrive - ok
20:40:02.0470 4760 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
20:40:02.0486 4760 Bonjour Service - ok
20:40:02.0517 4760 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
20:40:02.0517 4760 bowser - ok
20:40:02.0564 4760 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:40:02.0579 4760 BrFiltLo - ok
20:40:02.0595 4760 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:40:02.0595 4760 BrFiltUp - ok
20:40:02.0657 4760 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
20:40:02.0657 4760 BridgeMP - ok
20:40:02.0688 4760 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
20:40:02.0688 4760 Browser - ok
20:40:02.0735 4760 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:40:02.0751 4760 Brserid - ok
20:40:02.0766 4760 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:40:02.0766 4760 BrSerWdm - ok
20:40:02.0798 4760 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:40:02.0798 4760 BrUsbMdm - ok
20:40:02.0829 4760 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:40:02.0829 4760 BrUsbSer - ok
20:40:02.0876 4760 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
20:40:02.0876 4760 BTHMODEM - ok
20:40:02.0922 4760 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
20:40:02.0922 4760 bthserv - ok
20:40:02.0969 4760 CAXHWAZL (d1787e11c6a0078ddeaf8cf3ee2ab293) C:\Windows\system32\DRIVERS\CAXHWAZL.sys
20:40:02.0969 4760 CAXHWAZL - ok
20:40:03.0000 4760 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:40:03.0000 4760 cdfs - ok
20:40:03.0063 4760 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
20:40:03.0063 4760 cdrom - ok
20:40:03.0125 4760 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:40:03.0141 4760 CertPropSvc - ok
20:40:03.0188 4760 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
20:40:03.0188 4760 circlass - ok
20:40:03.0250 4760 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:40:03.0250 4760 CLFS - ok
20:40:03.0437 4760 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:40:03.0453 4760 clr_optimization_v2.0.50727_32 - ok
20:40:03.0515 4760 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:40:03.0515 4760 clr_optimization_v2.0.50727_64 - ok
20:40:03.0656 4760 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:40:03.0656 4760 clr_optimization_v4.0.30319_32 - ok
20:40:03.0796 4760 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:40:03.0796 4760 clr_optimization_v4.0.30319_64 - ok
20:40:03.0843 4760 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
20:40:03.0843 4760 CmBatt - ok
20:40:03.0858 4760 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
20:40:03.0858 4760 cmdide - ok
20:40:03.0936 4760 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
20:40:03.0936 4760 CNG - ok
20:40:03.0999 4760 CnxtHdAudService (a44dfdb81dc62b11760881175e5b2266) C:\Windows\system32\drivers\CHDRT64.sys
20:40:04.0014 4760 CnxtHdAudService - ok
20:40:04.0186 4760 Com4QLBEx (f9a79c5b27037821112c50a9c8fb367a) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
20:40:04.0202 4760 Com4QLBEx - ok
20:40:04.0404 4760 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
20:40:04.0404 4760 Compbatt - ok
20:40:04.0467 4760 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
20:40:04.0467 4760 CompositeBus - ok
20:40:04.0482 4760 COMSysApp - ok
20:40:04.0857 4760 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
20:40:04.0857 4760 crcdisk - ok
20:40:04.0950 4760 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
20:40:04.0950 4760 CryptSvc - ok
20:40:05.0028 4760 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:40:05.0028 4760 DcomLaunch - ok
20:40:05.0075 4760 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
20:40:05.0075 4760 defragsvc - ok
20:40:05.0138 4760 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
20:40:05.0138 4760 DfsC - ok
20:40:05.0216 4760 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
20:40:05.0216 4760 Dhcp - ok
20:40:05.0294 4760 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:40:05.0294 4760 discache - ok
20:40:05.0356 4760 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
20:40:05.0356 4760 Disk - ok
20:40:05.0403 4760 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
20:40:05.0403 4760 Dnscache - ok
20:40:05.0434 4760 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
20:40:05.0434 4760 dot3svc - ok
20:40:05.0481 4760 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
20:40:05.0481 4760 DPS - ok
20:40:05.0512 4760 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:40:05.0512 4760 drmkaud - ok
20:40:05.0606 4760 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
20:40:05.0606 4760 DXGKrnl - ok
20:40:05.0637 4760 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
20:40:05.0637 4760 EapHost - ok
20:40:06.0230 4760 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
20:40:06.0323 4760 ebdrv - ok
20:40:06.0479 4760 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
20:40:06.0479 4760 EFS - ok
20:40:06.0573 4760 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
20:40:06.0588 4760 ehRecvr - ok
20:40:06.0635 4760 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
20:40:06.0635 4760 ehSched - ok
20:40:06.0760 4760 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
20:40:06.0760 4760 elxstor - ok
20:40:06.0791 4760 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
20:40:06.0791 4760 ErrDev - ok
20:40:06.0854 4760 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
20:40:06.0854 4760 EventSystem - ok
20:40:06.0900 4760 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:40:06.0900 4760 exfat - ok
20:40:06.0932 4760 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:40:06.0947 4760 fastfat - ok
20:40:06.0994 4760 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
20:40:07.0010 4760 Fax - ok
20:40:07.0056 4760 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
20:40:07.0072 4760 fdc - ok
20:40:07.0103 4760 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
20:40:07.0103 4760 fdPHost - ok
20:40:07.0119 4760 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
20:40:07.0119 4760 FDResPub - ok
20:40:07.0166 4760 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:40:07.0166 4760 FileInfo - ok
20:40:07.0197 4760 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:40:07.0197 4760 Filetrace - ok
20:40:07.0228 4760 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
20:40:07.0228 4760 flpydisk - ok
20:40:07.0275 4760 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
20:40:07.0275 4760 FltMgr - ok
20:40:07.0353 4760 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
20:40:07.0368 4760 FontCache - ok
20:40:07.0462 4760 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:40:07.0478 4760 FontCache3.0.0.0 - ok
20:40:07.0556 4760 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:40:07.0556 4760 FsDepends - ok
20:40:07.0587 4760 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
20:40:07.0587 4760 Fs_Rec - ok
20:40:07.0634 4760 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:40:07.0634 4760 fvevol - ok
20:40:07.0665 4760 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:40:07.0665 4760 gagp30kx - ok
20:40:07.0727 4760 GEARAspiWDM (af4dee5531395dee72b35b36c9671fd0) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:40:07.0727 4760 GEARAspiWDM - ok
20:40:07.0790 4760 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
20:40:07.0790 4760 gpsvc - ok
20:40:07.0914 4760 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:40:07.0914 4760 gupdate - ok
20:40:07.0946 4760 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:40:07.0946 4760 gupdatem - ok
20:40:08.0039 4760 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
20:40:08.0055 4760 gusvc - ok
20:40:08.0086 4760 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:40:08.0102 4760 hcw85cir - ok
20:40:08.0180 4760 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
20:40:08.0195 4760 HdAudAddService - ok
20:40:08.0273 4760 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
20:40:08.0273 4760 HDAudBus - ok
20:40:08.0336 4760 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
20:40:08.0336 4760 HidBatt - ok
20:40:08.0367 4760 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
20:40:08.0367 4760 HidBth - ok
20:40:08.0415 4760 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
20:40:08.0415 4760 HidIr - ok
20:40:08.0524 4760 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
20:40:08.0524 4760 hidserv - ok
20:40:08.0571 4760 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
20:40:08.0571 4760 HidUsb - ok
20:40:08.0602 4760 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
20:40:08.0602 4760 hkmsvc - ok
20:40:08.0664 4760 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
20:40:08.0680 4760 HomeGroupListener - ok
20:40:08.0727 4760 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
20:40:08.0742 4760 HomeGroupProvider - ok
20:40:08.0883 4760 HP Health Check Service (0141816a095a3f5a83ffa5b4a47b8023) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
20:40:08.0883 4760 HP Health Check Service - ok
20:40:08.0976 4760 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
20:40:08.0976 4760 HpqKbFiltr - ok
20:40:09.0023 4760 hpqwmiex (fdf273a845f1ffcceadf363aaf47582f) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
20:40:09.0023 4760 hpqwmiex - ok
20:40:09.0101 4760 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
20:40:09.0117 4760 HpSAMD - ok
20:40:09.0273 4760 HsfXAudioService (447256d1c026654c5cd3cc17e7b20631) C:\Windows\SysWOW64\XAudio64.dll
20:40:09.0273 4760 HsfXAudioService - ok
20:40:09.0351 4760 HSF_DPV (26c5d00321937e49b6bc91029947d094) C:\Windows\system32\DRIVERS\CAX_DPV.sys
20:40:09.0366 4760 HSF_DPV - ok
20:40:09.0679 4760 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
20:40:09.0695 4760 HTTP - ok
20:40:09.0726 4760 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
20:40:09.0726 4760 hwpolicy - ok
20:40:09.0804 4760 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
20:40:09.0804 4760 i8042prt - ok
20:40:09.0882 4760 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
20:40:09.0882 4760 iaStorV - ok
20:40:10.0100 4760 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:40:10.0100 4760 idsvc - ok
20:40:11.0068 4760 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
20:40:11.0302 4760 igfx - ok
20:40:11.0474 4760 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
20:40:11.0474 4760 iirsp - ok
20:40:11.0599 4760 IJPLMSVC (2f95bef56aeeeb45de55ec44668e2695) C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
20:40:11.0599 4760 IJPLMSVC - ok
20:40:11.0693 4760 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
20:40:11.0708 4760 IKEEXT - ok
20:40:11.0771 4760 IntcHdmiAddService (d485d3bd3e2179aa86853a182f70699f) C:\Windows\system32\drivers\IntcHdmi.sys
20:40:11.0786 4760 IntcHdmiAddService - ok
20:40:11.0802 4760 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
20:40:11.0802 4760 intelide - ok
20:40:11.0849 4760 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:40:11.0849 4760 intelppm - ok
20:40:11.0880 4760 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
20:40:11.0880 4760 IPBusEnum - ok
20:40:11.0911 4760 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:40:11.0927 4760 IpFilterDriver - ok
20:40:12.0020 4760 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
20:40:12.0036 4760 iphlpsvc - ok
20:40:12.0083 4760 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
20:40:12.0083 4760 IPMIDRV - ok
20:40:12.0145 4760 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:40:12.0145 4760 IPNAT - ok
20:40:12.0395 4760 iPod Service (ee4c2a137c7088911a8919effc9812e7) C:\Program Files\iPod\bin\iPodService.exe
20:40:12.0410 4760 iPod Service - ok
20:40:12.0441 4760 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:40:12.0441 4760 IRENUM - ok
20:40:12.0473 4760 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
20:40:12.0473 4760 isapnp - ok
20:40:12.0535 4760 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
20:40:12.0535 4760 iScsiPrt - ok
20:40:12.0566 4760 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
20:40:12.0566 4760 kbdclass - ok
20:40:12.0629 4760 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
20:40:12.0629 4760 kbdhid - ok
20:40:12.0691 4760 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:40:12.0691 4760 KeyIso - ok
20:40:12.0722 4760 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
20:40:12.0722 4760 KSecDD - ok
20:40:12.0753 4760 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
20:40:12.0753 4760 KSecPkg - ok
20:40:12.0831 4760 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:40:12.0831 4760 ksthunk - ok
20:40:12.0909 4760 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
20:40:12.0909 4760 KtmRm - ok
20:40:12.0941 4760 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
20:40:12.0941 4760 LanmanServer - ok
20:40:12.0972 4760 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
20:40:12.0972 4760 LanmanWorkstation - ok
20:40:13.0081 4760 LightScribeService (83d8be94e1cbcbe2ea8372db1a95a159) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
20:40:13.0081 4760 LightScribeService - ok
20:40:13.0112 4760 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:40:13.0112 4760 lltdio - ok
20:40:13.0159 4760 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
20:40:13.0159 4760 lltdsvc - ok
20:40:13.0190 4760 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
20:40:13.0190 4760 lmhosts - ok
20:40:13.0221 4760 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:40:13.0221 4760 LSI_FC - ok
20:40:13.0253 4760 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:40:13.0253 4760 LSI_SAS - ok
20:40:13.0268 4760 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:40:13.0268 4760 LSI_SAS2 - ok
20:40:13.0315 4760 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:40:13.0315 4760 LSI_SCSI - ok
20:40:13.0362 4760 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:40:13.0362 4760 luafv - ok
20:40:13.0566 4760 McComponentHostService (22a7776c5d8eb5930edf9c8dd0884259) C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe
20:40:13.0597 4760 McComponentHostService - ok
20:40:13.0659 4760 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
20:40:13.0659 4760 Mcx2Svc - ok
20:40:13.0675 4760 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
20:40:13.0675 4760 mdmxsdk - ok
20:40:13.0722 4760 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
20:40:13.0722 4760 megasas - ok
20:40:13.0768 4760 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
20:40:13.0784 4760 MegaSR - ok
20:40:13.0846 4760 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:40:13.0846 4760 MMCSS - ok
20:40:13.0924 4760 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:40:13.0924 4760 Modem - ok
20:40:13.0956 4760 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:40:13.0956 4760 monitor - ok
20:40:13.0987 4760 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
20:40:13.0987 4760 mouclass - ok
20:40:14.0034 4760 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:40:14.0034 4760 mouhid - ok
20:40:14.0065 4760 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
20:40:14.0065 4760 mountmgr - ok
20:40:14.0143 4760 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:40:14.0158 4760 MozillaMaintenance - ok
20:40:14.0205 4760 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
20:40:14.0205 4760 mpio - ok
20:40:14.0236 4760 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:40:14.0236 4760 mpsdrv - ok
20:40:14.0283 4760 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
20:40:14.0283 4760 MRxDAV - ok
20:40:14.0330 4760 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:40:14.0330 4760 mrxsmb - ok
20:40:14.0392 4760 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:40:14.0408 4760 mrxsmb10 - ok
20:40:14.0439 4760 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:40:14.0455 4760 mrxsmb20 - ok
20:40:14.0470 4760 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
20:40:14.0470 4760 msahci - ok
20:40:14.0548 4760 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
20:40:14.0548 4760 msdsm - ok
20:40:14.0642 4760 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
20:40:14.0642 4760 MSDTC - ok
20:40:14.0704 4760 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:40:14.0704 4760 Msfs - ok
20:40:14.0736 4760 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:40:14.0736 4760 mshidkmdf - ok
20:40:14.0798 4760 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
20:40:14.0798 4760 msisadrv - ok
20:40:14.0829 4760 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
20:40:14.0845 4760 MSiSCSI - ok
20:40:14.0845 4760 msiserver - ok
20:40:14.0876 4760 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:40:14.0876 4760 MSKSSRV - ok
20:40:14.0907 4760 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:40:14.0923 4760 MSPCLOCK - ok
20:40:14.0970 4760 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:40:14.0970 4760 MSPQM - ok
20:40:15.0079 4760 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
20:40:15.0079 4760 MsRPC - ok
20:40:15.0188 4760 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
20:40:15.0188 4760 mssmbios - ok
20:40:15.0328 4760 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:40:15.0328 4760 MSTEE - ok
20:40:15.0360 4760 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
20:40:15.0360 4760 MTConfig - ok
20:40:15.0375 4760 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:40:15.0375 4760 Mup - ok
20:40:15.0422 4760 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
20:40:15.0422 4760 napagent - ok
20:40:15.0485 4760 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:40:15.0485 4760 NativeWifiP - ok
20:40:15.0563 4760 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
20:40:15.0563 4760 NDIS - ok
20:40:15.0595 4760 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:40:15.0595 4760 NdisCap - ok
20:40:15.0626 4760 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:40:15.0626 4760 NdisTapi - ok
20:40:15.0673 4760 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
20:40:15.0673 4760 Ndisuio - ok
20:40:15.0704 4760 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
20:40:15.0719 4760 NdisWan - ok
20:40:15.0751 4760 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
20:40:15.0751 4760 NDProxy - ok
20:40:15.0782 4760 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:40:15.0782 4760 NetBIOS - ok
20:40:15.0813 4760 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
20:40:15.0829 4760 NetBT - ok
20:40:15.0860 4760 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:40:15.0860 4760 Netlogon - ok
20:40:15.0922 4760 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
20:40:15.0938 4760 Netman - ok
20:40:15.0969 4760 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
20:40:15.0969 4760 netprofm - ok
20:40:16.0047 4760 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:40:16.0047 4760 NetTcpPortSharing - ok
20:40:16.0594 4760 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
20:40:16.0781 4760 netw5v64 - ok
20:40:17.0140 4760 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
20:40:17.0156 4760 nfrd960 - ok
20:40:17.0234 4760 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
20:40:17.0234 4760 NlaSvc - ok
20:40:17.0280 4760 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:40:17.0280 4760 Npfs - ok
20:40:17.0312 4760 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
20:40:17.0327 4760 nsi - ok
20:40:17.0358 4760 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:40:17.0358 4760 nsiproxy - ok
20:40:17.0686 4760 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
20:40:17.0702 4760 Ntfs - ok
20:40:18.0076 4760 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:40:18.0076 4760 Null - ok
20:40:18.0138 4760 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
20:40:18.0138 4760 nvraid - ok
20:40:18.0154 4760 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
20:40:18.0170 4760 nvstor - ok
20:40:18.0248 4760 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
20:40:18.0248 4760 nv_agp - ok
20:40:18.0294 4760 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
20:40:18.0294 4760 ohci1394 - ok
20:40:18.0466 4760 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:40:18.0466 4760 ose - ok
20:40:19.0293 4760 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:40:19.0418 4760 osppsvc - ok
20:40:19.0714 4760 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:40:19.0730 4760 p2pimsvc - ok
20:40:19.0761 4760 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
20:40:19.0761 4760 p2psvc - ok
20:40:19.0854 4760 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
20:40:19.0854 4760 Parport - ok
20:40:19.0917 4760 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
20:40:19.0917 4760 partmgr - ok
20:40:19.0932 4760 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
20:40:19.0948 4760 PcaSvc - ok
20:40:20.0026 4760 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
20:40:20.0042 4760 pci - ok
20:40:20.0088 4760 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
20:40:20.0088 4760 pciide - ok
20:40:20.0276 4760 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
20:40:20.0276 4760 pcmcia - ok
20:40:20.0338 4760 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:40:20.0338 4760 pcw - ok
20:40:20.0385 4760 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:40:20.0385 4760 PEAUTH - ok
20:40:20.0588 4760 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
20:40:20.0603 4760 PerfHost - ok
20:40:20.0915 4760 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
20:40:20.0962 4760 pla - ok
20:40:21.0087 4760 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
20:40:21.0087 4760 PlugPlay - ok
20:40:21.0134 4760 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
20:40:21.0180 4760 PNRPAutoReg - ok
20:40:21.0305 4760 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:40:21.0305 4760 PNRPsvc - ok
20:40:21.0461 4760 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
20:40:21.0477 4760 PolicyAgent - ok
20:40:21.0524 4760 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
20:40:21.0524 4760 Power - ok
20:40:21.0617 4760 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
20:40:21.0617 4760 PptpMiniport - ok
20:40:21.0680 4760 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
20:40:21.0680 4760 Processor - ok
20:40:21.0773 4760 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
20:40:21.0773 4760 ProfSvc - ok
20:40:21.0820 4760 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:40:21.0836 4760 ProtectedStorage - ok
20:40:21.0898 4760 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
20:40:21.0898 4760 Psched - ok
20:40:22.0070 4760 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
20:40:22.0085 4760 ql2300 - ok
20:40:22.0350 4760 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
20:40:22.0366 4760 ql40xx - ok
20:40:22.0475 4760 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
20:40:22.0491 4760 QWAVE - ok
20:40:22.0522 4760 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:40:22.0522 4760 QWAVEdrv - ok
20:40:22.0569 4760 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:40:22.0569 4760 RasAcd - ok
20:40:22.0616 4760 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:40:22.0616 4760 RasAgileVpn - ok
20:40:22.0662 4760 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
20:40:22.0662 4760 RasAuto - ok
20:40:22.0709 4760 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:40:22.0709 4760 Rasl2tp - ok
20:40:22.0756 4760 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
20:40:22.0756 4760 RasMan - ok
20:40:22.0787 4760 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:40:22.0787 4760 RasPppoe - ok
20:40:22.0834 4760 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:40:22.0834 4760 RasSstp - ok
20:40:22.0865 4760 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
20:40:22.0865 4760 rdbss - ok
20:40:22.0896 4760 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:40:22.0896 4760 rdpbus - ok
20:40:22.0912 4760 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:40:22.0912 4760 RDPCDD - ok
20:40:22.0943 4760 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:40:22.0943 4760 RDPENCDD - ok
20:40:22.0974 4760 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:40:22.0974 4760 RDPREFMP - ok
20:40:23.0021 4760 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
20:40:23.0037 4760 RDPWD - ok
20:40:23.0084 4760 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
20:40:23.0084 4760 rdyboost - ok
20:40:23.0146 4760 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
20:40:23.0146 4760 RemoteAccess - ok
20:40:23.0193 4760 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
20:40:23.0193 4760 RemoteRegistry - ok
20:40:23.0302 4760 RichVideo (498eb62a160674e793fa40fd65390625) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
20:40:23.0318 4760 RichVideo - ok
20:40:23.0411 4760 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
20:40:23.0411 4760 RpcEptMapper - ok
20:40:23.0442 4760 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
20:40:23.0458 4760 RpcLocator - ok
20:40:23.0567 4760 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:40:23.0583 4760 RpcSs - ok
20:40:23.0661 4760 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:40:23.0676 4760 rspndr - ok
20:40:23.0864 4760 RSUSBSTOR (2db8116d52b19216812c4e6d5d837810) C:\Windows\system32\Drivers\RtsUStor.sys
20:40:23.0879 4760 RSUSBSTOR - ok
20:40:23.0942 4760 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
20:40:23.0942 4760 RTL8167 - ok
20:40:23.0957 4760 RtsUIR - ok
20:40:23.0988 4760 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:40:23.0988 4760 SamSs - ok
20:40:24.0082 4760 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
20:40:24.0082 4760 sbp2port - ok
20:40:24.0144 4760 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
20:40:24.0160 4760 SCardSvr - ok
20:40:24.0238 4760 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
20:40:24.0238 4760 scfilter - ok
20:40:24.0332 4760 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
20:40:24.0347 4760 Schedule - ok
20:40:24.0394 4760 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:40:24.0394 4760 SCPolicySvc - ok
20:40:24.0503 4760 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
20:40:24.0503 4760 sdbus - ok
20:40:24.0567 4760 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
20:40:24.0582 4760 SDRSVC - ok
20:40:24.0629 4760 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:40:24.0629 4760 secdrv - ok
20:40:24.0676 4760 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
20:40:24.0691 4760 seclogon - ok
20:40:24.0723 4760 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
20:40:24.0723 4760 SENS - ok
20:40:24.0754 4760 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
20:40:24.0754 4760 SensrSvc - ok
20:40:24.0785 4760 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
20:40:24.0785 4760 Serenum - ok
20:40:24.0816 4760 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
20:40:24.0816 4760 Serial - ok
20:40:24.0910 4760 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
20:40:24.0910 4760 sermouse - ok
20:40:24.0988 4760 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
20:40:25.0003 4760 SessionEnv - ok
20:40:25.0019 4760 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
20:40:25.0019 4760 sffdisk - ok
20:40:25.0035 4760 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
20:40:25.0035 4760 sffp_mmc - ok
20:40:25.0050 4760 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
20:40:25.0050 4760 sffp_sd - ok
20:40:25.0066 4760 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
20:40:25.0066 4760 sfloppy - ok
20:40:25.0191 4760 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
20:40:25.0191 4760 ShellHWDetection - ok
20:40:25.0269 4760 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:40:25.0269 4760 SiSRaid2 - ok
20:40:25.0300 4760 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
20:40:25.0300 4760 SiSRaid4 - ok
20:40:25.0440 4760 SkypeUpdate (579ba0a911ff5ea70cb604cd3b744b0a) C:\Program Files (x86)\Skype\Updater\Updater.exe
20:40:25.0440 4760 SkypeUpdate - ok
20:40:25.0628 4760 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:40:25.0628 4760 Smb - ok
20:40:25.0722 4760 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
20:40:25.0722 4760 SNMPTRAP - ok
20:40:25.0769 4760 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:40:25.0769 4760 spldr - ok
20:40:25.0862 4760 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
20:40:25.0862 4760 Spooler - ok
20:40:26.0252 4760 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
20:40:26.0284 4760 sppsvc - ok
20:40:26.0580 4760 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
20:40:26.0580 4760 sppuinotify - ok
20:40:26.0690 4760 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
20:40:26.0706 4760 srv - ok
20:40:26.0768 4760 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
20:40:26.0768 4760 srv2 - ok
20:40:26.0815 4760 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
20:40:26.0831 4760 SrvHsfHDA - ok
20:40:26.0924 4760 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
20:40:26.0955 4760 SrvHsfV92 - ok
20:40:27.0174 4760 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
20:40:27.0189 4760 SrvHsfWinac - ok
20:40:27.0236 4760 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
20:40:27.0236 4760 srvnet - ok
20:40:27.0299 4760 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
20:40:27.0299 4760 SSDPSRV - ok
20:40:27.0314 4760 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
20:40:27.0330 4760 SstpSvc - ok
20:40:27.0361 4760 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
20:40:27.0361 4760 stexstor - ok
20:40:27.0517 4760 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
20:40:27.0533 4760 stisvc - ok
20:40:27.0595 4760 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
20:40:27.0595 4760 swenum - ok
20:40:27.0673 4760 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
20:40:27.0689 4760 swprv - ok
20:40:27.0767 4760 SynTP (bcf305959b53b200ceb2ad25ad22f8a7) C:\Windows\system32\DRIVERS\SynTP.sys
20:40:27.0767 4760 SynTP - ok
20:40:27.0969 4760 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
20:40:28.0001 4760 SysMain - ok
20:40:28.0219 4760 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
20:40:28.0219 4760 TabletInputService - ok
20:40:28.0266 4760 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
20:40:28.0281 4760 TapiSrv - ok
20:40:28.0297 4760 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
20:40:28.0297 4760 TBS - ok
20:40:28.0640 4760 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
20:40:28.0656 4760 Tcpip - ok
20:40:28.0968 4760 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
20:40:28.0983 4760 TCPIP6 - ok
20:40:29.0202 4760 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
20:40:29.0202 4760 tcpipreg - ok
20:40:29.0249 4760 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:40:29.0249 4760 TDPIPE - ok
20:40:29.0295 4760 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
20:40:29.0311 4760 TDTCP - ok
20:40:29.0327 4760 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
20:40:29.0327 4760 tdx - ok
20:40:29.0389 4760 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
20:40:29.0389 4760 TermDD - ok
20:40:29.0483 4760 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
20:40:29.0498 4760 TermService - ok
20:40:29.0529 4760 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
20:40:29.0545 4760 Themes - ok
20:40:29.0576 4760 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:40:29.0576 4760 THREADORDER - ok
20:40:29.0639 4760 tmactmon (73aaffdd2ac3c8814b26c440e5dd9dd4) C:\Windows\system32\DRIVERS\tmactmon.sys
20:40:29.0639 4760 tmactmon - ok
20:40:29.0685 4760 tmcomm (360e61217d4e1e333583d0c721057f70) C:\Windows\system32\DRIVERS\tmcomm.sys
20:40:29.0685 4760 tmcomm - ok
20:40:29.0732 4760 tmevtmgr (699d34eb7c670139ca23a65372bd5743) C:\Windows\system32\DRIVERS\tmevtmgr.sys
20:40:29.0732 4760 tmevtmgr - ok
20:40:29.0763 4760 tmtdi (262198efb734012bfcd17e7479ae4a09) C:\Windows\system32\DRIVERS\tmtdi.sys
20:40:29.0763 4760 tmtdi - ok
20:40:29.0810 4760 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
20:40:29.0810 4760 TrkWks - ok
20:40:29.0888 4760 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
20:40:29.0904 4760 TrustedInstaller - ok
20:40:29.0935 4760 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:40:29.0935 4760 tssecsrv - ok
20:40:29.0982 4760 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
20:40:29.0982 4760 TsUsbFlt - ok
20:40:30.0044 4760 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
20:40:30.0044 4760 tunnel - ok
20:40:30.0075 4760 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
20:40:30.0075 4760 uagp35 - ok
20:40:30.0122 4760 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
20:40:30.0138 4760 udfs - ok
20:40:30.0169 4760 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
20:40:30.0185 4760 UI0Detect - ok
20:40:30.0216 4760 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
20:40:30.0216 4760 uliagpkx - ok
20:40:30.0263 4760 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
20:40:30.0263 4760 umbus - ok
20:40:30.0294 4760 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
20:40:30.0294 4760 UmPass - ok
20:40:30.0341 4760 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
20:40:30.0341 4760 upnphost - ok
20:40:30.0403 4760 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
20:40:30.0403 4760 USBAAPL64 - ok
20:40:30.0450 4760 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
20:40:30.0450 4760 usbaudio - ok
20:40:30.0481 4760 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
20:40:30.0481 4760 usbccgp - ok
20:40:30.0512 4760 USBCCID - ok
20:40:30.0559 4760 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
20:40:30.0559 4760 usbcir - ok
20:40:30.0590 4760 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
20:40:30.0590 4760 usbehci - ok
20:40:30.0654 4760 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
20:40:30.0654 4760 usbhub - ok
20:40:30.0700 4760 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
20:40:30.0700 4760 usbohci - ok
20:40:30.0747 4760 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:40:30.0747 4760 usbprint - ok
20:40:30.0778 4760 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
20:40:30.0778 4760 usbscan - ok
20:40:30.0825 4760 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:40:30.0825 4760 USBSTOR - ok
20:40:30.0856 4760 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
20:40:30.0856 4760 usbuhci - ok
20:40:30.0919 4760 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
20:40:30.0919 4760 usbvideo - ok
20:40:30.0966 4760 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
20:40:30.0966 4760 UxSms - ok
20:40:31.0028 4760 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:40:31.0028 4760 VaultSvc - ok
20:40:31.0075 4760 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
20:40:31.0075 4760 vdrvroot - ok
20:40:31.0122 4760 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
20:40:31.0122 4760 vds - ok
20:40:31.0168 4760 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:40:31.0168 4760 vga - ok
20:40:31.0184 4760 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:40:31.0200 4760 VgaSave - ok
20:40:31.0215 4760 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
20:40:31.0231 4760 vhdmp - ok
20:40:31.0262 4760 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
20:40:31.0262 4760 viaide - ok
20:40:31.0278 4760 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
20:40:31.0278 4760 volmgr - ok
20:40:31.0324 4760 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
20:40:31.0324 4760 volmgrx - ok
20:40:31.0371 4760 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
20:40:31.0371 4760 volsnap - ok
20:40:31.0434 4760 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
20:40:31.0434 4760 vsmraid - ok
20:40:31.0605 4760 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
20:40:31.0653 4760 VSS - ok
20:40:31.0965 4760 vToolbarUpdater11.2.0 (8ed347bad8d1fb7c40b593bfb01786d2) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
20:40:31.0965 4760 vToolbarUpdater11.2.0 - ok
20:40:32.0215 4760 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
20:40:32.0215 4760 vwifibus - ok
20:40:32.0308 4760 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
20:40:32.0308 4760 vwififlt - ok
20:40:32.0386 4760 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
20:40:32.0402 4760 W32Time - ok
20:40:32.0464 4760 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
20:40:32.0464 4760 WacomPen - ok
20:40:32.0527 4760 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:40:32.0527 4760 WANARP - ok
20:40:32.0527 4760 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:40:32.0527 4760 Wanarpv6 - ok
20:40:32.0745 4760 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
20:40:32.0776 4760 WatAdminSvc - ok
20:40:32.0901 4760 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
20:40:32.0932 4760 wbengine - ok
20:40:33.0151 4760 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
20:40:33.0151 4760 WbioSrvc - ok
20:40:33.0260 4760 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
20:40:33.0275 4760 wcncsvc - ok
20:40:33.0338 4760 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
20:40:33.0338 4760 WcsPlugInService - ok
20:40:33.0431 4760 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
20:40:33.0431 4760 Wd - ok
20:40:33.0509 4760 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:40:33.0525 4760 Wdf01000 - ok
20:40:33.0541 4760 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:40:33.0541 4760 WdiServiceHost - ok
20:40:33.0556 4760 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:40:33.0556 4760 WdiSystemHost - ok
20:40:33.0603 4760 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
20:40:33.0603 4760 WebClient - ok
20:40:33.0650 4760 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
20:40:33.0665 4760 Wecsvc - ok
20:40:33.0681 4760 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
20:40:33.0697 4760 wercplsupport - ok
20:40:33.0728 4760 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
20:40:33.0728 4760 WerSvc - ok
20:40:33.0915 4760 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:40:33.0931 4760 WfpLwf - ok
20:40:33.0946 4760 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:40:33.0946 4760 WIMMount - ok
20:40:34.0024 4760 winachsf (a6ea7a3fc4b00f48535b506db1e86efd) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
20:40:34.0024 4760 winachsf - ok
20:40:34.0087 4760 WinDefend - ok
20:40:34.0102 4760 WinHttpAutoProxySvc - ok
20:40:34.0180 4760 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
20:40:34.0180 4760 Winmgmt - ok
20:40:34.0414 4760 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
20:40:34.0477 4760 WinRM - ok
20:40:34.0820 4760 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
20:40:34.0820 4760 WinUsb - ok
20:40:34.0914 4760 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
20:40:34.0929 4760 Wlansvc - ok
20:40:35.0007 4760 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
20:40:35.0007 4760 WmiAcpi - ok
20:40:35.0070 4760 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
20:40:35.0070 4760 wmiApSrv - ok
20:40:35.0132 4760 WMPNetworkSvc - ok
20:40:35.0319 4760 WMZuneComm (83b6ca03c846fcd47f9883d77d1eb27b) c:\Program Files\Zune\WMZuneComm.exe
20:40:35.0350 4760 WMZuneComm - ok
20:40:35.0382 4760 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
20:40:35.0382 4760 WPCSvc - ok
20:40:35.0444 4760 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
20:40:35.0460 4760 WPDBusEnum - ok
20:40:35.0475 4760 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:40:35.0491 4760 ws2ifsl - ok
20:40:35.0538 4760 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
20:40:35.0538 4760 wscsvc - ok
20:40:35.0538 4760 WSearch - ok
20:40:35.0740 4760 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
20:40:35.0803 4760 wuauserv - ok
20:40:35.0959 4760 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
20:40:35.0959 4760 WudfPf - ok
20:40:36.0006 4760 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:40:36.0006 4760 WUDFRd - ok
20:40:36.0037 4760 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
20:40:36.0037 4760 wudfsvc - ok
20:40:36.0084 4760 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
20:40:36.0099 4760 WwanSvc - ok
20:40:36.0115 4760 XAudio (e8f3fa126a06f8e7088f63757112a186) C:\Windows\system32\DRIVERS\XAudio64.sys
20:40:36.0115 4760 XAudio - ok
20:40:36.0193 4760 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
20:40:36.0208 4760 yukonw7 - ok
20:40:37.0144 4760 ZuneNetworkSvc (67b787c34fb2888d01b130ae007042d8) c:\Program Files\Zune\ZuneNss.exe
20:40:37.0394 4760 ZuneNetworkSvc - ok
20:40:37.0581 4760 ZuneWlanCfgSvc (4d89fc1c20cf655739efac5da81a67bc) c:\Program Files\Zune\ZuneWlanCfgSvc.exe
20:40:37.0597 4760 ZuneWlanCfgSvc - ok
20:40:37.0628 4760 MBR (0x1B8) (de23ad1285d12ab3358945dc7628786c) \Device\Harddisk0\DR0
20:40:37.0878 4760 \Device\Harddisk0\DR0 - ok
20:40:37.0893 4760 Boot (0x1200) (9a9e1f8bbbeb783df3d2872c58645a4b) \Device\Harddisk0\DR0\Partition0
20:40:37.0893 4760 \Device\Harddisk0\DR0\Partition0 - ok
20:40:37.0909 4760 Boot (0x1200) (eb4ff44826345e9bf9d9ee2dffa708a8) \Device\Harddisk0\DR0\Partition1
20:40:37.0924 4760 \Device\Harddisk0\DR0\Partition1 - ok
20:40:37.0956 4760 Boot (0x1200) (3523ff2542483805442b2cd5245b847d) \Device\Harddisk0\DR0\Partition2
20:40:37.0956 4760 \Device\Harddisk0\DR0\Partition2 - ok
20:40:37.0956 4760 ============================================================
20:40:37.0956 4760 Scan finished
20:40:37.0956 4760 ============================================================
20:40:37.0971 1508 Detected object count: 0
20:40:37.0971 1508 Actual detected object count: 0


aswMBR.exe


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-17 21:10:28
-----------------------------
21:10:28.288 OS Version: Windows x64 6.1.7601 Service Pack 1
21:10:28.288 Number of processors: 2 586 0x170A
21:10:28.290 ComputerName: OWNER-PC UserName: Owner
21:10:29.723 Initialize success
21:11:51.197 AVAST engine defs: 12071701
21:18:54.672 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:18:54.678 Disk 0 Vendor: TOSHIBA_MK3263GSX FG020C Size: 305245MB BusType: 11
21:18:54.696 Disk 0 MBR read successfully
21:18:54.699 Disk 0 MBR scan
21:18:54.759 Disk 0 unknown MBR code
21:18:54.787 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
21:18:54.801 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 292890 MB offset 409600
21:18:54.845 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12154 MB offset 600248320
21:18:54.886 Disk 0 scanning C:\Windows\system32\drivers
21:19:11.625 Service scanning
21:20:14.681 Modules scanning
21:20:14.696 Disk 0 trace - called modules:
21:20:14.712 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
21:20:14.718 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003191060]
21:20:14.725 3 CLASSPNP.SYS[fffff880010c643f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8002ea7060]
21:20:16.343 AVAST engine scan C:\Windows
21:20:21.366 AVAST engine scan C:\Windows\system32
21:25:38.592 AVAST engine scan C:\Windows\system32\drivers
21:26:09.650 AVAST engine scan C:\Users\Owner
21:31:31.149 AVAST engine scan C:\ProgramData
21:32:48.940 File: C:\ProgramData\Microsoft\Windows\DRM\5D2C.tmp **INFECTED** Win32:Malware-gen
21:32:48.984 File: C:\ProgramData\Microsoft\Windows\DRM\5DBA.tmp **INFECTED** Win32:Malware-gen
21:32:49.091 File: C:\ProgramData\Microsoft\Windows\DRM\B542.tmp.dat **INFECTED** Win32:Alureon-ATR [Trj]
21:33:24.579 Scan finished successfully
21:34:25.725 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Documents\System Logs\MBR.dat"
21:34:25.738 The log file has been saved successfully to "C:\Users\Owner\Documents\System Logs\aswMBR.txt"



TDSS Rootkit was run twice and the log was extracted after second run if that matters. Could not locate any other logs on C:\ drive

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:02 PM

Posted 17 July 2012 - 09:45 PM

Hello

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:02 PM

Posted 19 July 2012 - 11:44 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 inlakeshalakin

inlakeshalakin
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:02 PM

Posted 20 July 2012 - 09:19 AM

I am not sure because I cannot read these "Predator" logs... Ha! But I'm pretty sure that tdss rootkit thing removed whatever the hell was on my computer. Don't know if you can see that because like I said the tool ran twice and had me "cure" something the first time but not the second and the log was extracted after the second run. Anyhow here is the next log you requested.




Scan result of Farbar Recovery Scan Tool Version: 16-07-2012 02
Ran by SYSTEM at 19-07-2012 23:03:28
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1808168 2009-06-18] (Synaptics Incorporated)
HKLM\...\Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [495104 2009-07-14] (Conexant Systems, Inc.)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [161304 2010-08-25] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [386584 2010-08-25] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [415256 2010-08-25] (Intel Corporation)
HKLM\...\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe -set Silent "1" SplashURL "" [1111568 2011-02-16] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [197152 2011-02-10] (Trend Micro Inc.)
HKLM\...\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe" [163552 2011-08-05] (Microsoft Corporation)
HKLM\...\Run: [wmdwmg] rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\Roaming\wmdwmg.dll",SteamAPI_UnregisterCallback [x]
HKLM-x32\...\Run: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe" [468264 2009-06-23] (CyberLink Corp.)
HKLM-x32\...\Run: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0" [218408 2009-02-17] (CyberLink Corp.)
HKLM-x32\...\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [320056 2009-06-24] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM-x32\...\Run: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [OpwareSE4] "C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe" [79400 2007-02-04] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35760 2010-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-01-16] (Apple Inc.)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [36760 2012-04-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [815512 2012-04-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2587008 2012-04-05] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [1107552 2012-07-09] ()
HKLM-x32\...\Run: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction [36960 2012-07-18] ()
HKU\Default\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [x]
HKU\Default User\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [x]
HKU\Owner\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW [x]
HKU\Owner\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2009-06-17] (Hewlett-Packard Company)
HKU\Owner\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-07-12] (Google Inc.)
HKU\Owner\...\Run: [aceefacfbddct] "Global\a7c0e30e-5fac-49f0-8351-b7179d438640DCT1fffffffd" [x]
HKU\Owner\...\Run: [Akamai NetSession Interface] "C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe" [3331872 2012-03-13] (Akamai Technologies, Inc)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
HKLM\...\InprocServer32: [Default-wbemess] \\.\globalroot\systemroot\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\n. ATTENTION! ====> ZeroAccess
Startup: C:\Users\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.)

==================== Services (Whitelisted) ======

2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe" [5160568 2012-07-04] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [97432 2007-04-13] ()
3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe" [237008 2011-06-17] (McAfee, Inc.)
2 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [247152 2009-01-21] ()
2 vToolbarUpdater11.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [935008 2012-07-09] ()
3 WMZuneComm; "C:\Program Files\Zune\WMZuneComm.exe" [306400 2011-08-05] (Microsoft Corporation)
3 ZuneNetworkSvc; "C:\Program Files\Zune\ZuneNss.exe" [8277728 2011-08-05] (Microsoft Corporation)
3 ZuneWlanCfgSvc; "C:\Program Files\Zune\ZuneWlanCfgSvc.exe" [467680 2011-08-05] (Microsoft Corporation)
2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [x]

========================== Drivers (Whitelisted) =============

3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [124496 2011-12-23] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [289872 2012-02-22] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [383808 2012-03-19] (AVG Technologies CZ, s.r.o.)
2 tmactmon; C:\Windows\System32\Drivers\tmactmon.sys [90704 2010-09-17] (Trend Micro Inc.)
2 tmcomm; C:\Windows\System32\Drivers\tmcomm.sys [144464 2010-09-17] (Trend Micro Inc.)
2 tmevtmgr; C:\Windows\System32\Drivers\tmevtmgr.sys [67664 2010-09-17] (Trend Micro Inc.)
1 tmtdi; C:\Windows\System32\Drivers\tmtdi.sys [105552 2010-09-17] (Trend Micro Inc.)
3 ATMFBUS; C:\Windows\System32\DRIVERS\ATMFBUS.sys [x]
3 ATMFCVsp; C:\Windows\System32\DRIVERS\ATMFCVsp.sys [x]
3 ATMFFLT; C:\Windows\System32\DRIVERS\ATMFFLT.sys [x]
3 ATMFMdm; C:\Windows\System32\DRIVERS\ATMFMdm.sys [x]
3 ATMFNET; C:\Windows\System32\DRIVERS\ATMFNET.sys [x]
3 ATMFNVsp; C:\Windows\System32\DRIVERS\ATMFNVsp.sys [x]
3 ATMFVsp; C:\Windows\System32\DRIVERS\ATMFVsp.sys [x]
3 RtsUIR; C:\Windows\System32\DRIVERS\Rts516xIR.sys [x]
3 USBCCID; C:\Windows\System32\DRIVERS\RtsUCcid.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-17 18:09 - 2012-07-17 18:10 - 04731392 ____A (AVAST Software) C:\Users\Owner\Downloads\aswMBR.exe
2012-07-17 17:25 - 2012-07-17 17:25 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-07-17 17:17 - 2012-07-17 17:17 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Owner\Downloads\tdsskiller.exe
2012-07-17 08:02 - 2012-07-17 08:02 - 00277352 ____A C:\Windows\Minidump\071712-47705-01.dmp
2012-07-17 07:51 - 2012-07-17 08:00 - 00000000 ___SD C:\ComboFix
2012-07-17 07:41 - 2012-07-17 07:41 - 00881475 ____A C:\Users\Owner\Downloads\SecurityCheck.exe
2012-07-16 19:22 - 2012-07-16 19:22 - 00294216 ____A C:\Users\Owner\Downloads\gmer.zip
2012-07-16 19:16 - 2012-07-16 19:16 - 00607260 ____R (Swearware) C:\Users\Owner\Downloads\dds.scr
2012-07-16 19:16 - 2012-07-16 19:16 - 00000000 ____A C:\Users\Owner\defogger_reenable
2012-07-16 19:15 - 2012-07-16 19:15 - 00050477 ____A C:\Users\Owner\Downloads\Defogger.exe
2012-07-16 17:29 - 2012-07-16 17:29 - 00277352 ____A C:\Windows\Minidump\071612-45521-01.dmp
2012-07-16 17:24 - 2012-07-16 17:24 - 00277352 ____A C:\Windows\Minidump\071612-45957-01.dmp
2012-07-16 17:16 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-07-16 17:16 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-07-16 17:16 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-07-16 17:16 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-07-16 17:16 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-07-16 17:16 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-07-16 17:16 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-07-16 17:16 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-07-16 17:15 - 2012-07-16 17:15 - 00000000 ____D C:\Windows\erdnt
2012-07-16 17:15 - 2012-07-16 17:15 - 00000000 ____D C:\Qoobox
2012-07-16 17:14 - 2012-07-16 17:14 - 04579127 ____R (Swearware) C:\Users\Owner\Downloads\ComboFix.exe
2012-07-16 16:54 - 2012-07-16 16:54 - 00027520 ____A C:\Users\Owner\AppData\Local\dt.dat
2012-07-15 09:05 - 2012-07-15 09:06 - 00277352 ____A C:\Windows\Minidump\071512-40903-01.dmp
2012-07-14 08:33 - 2012-07-14 08:32 - 00772592 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-07-14 08:33 - 2012-07-14 08:32 - 00227824 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-07-14 08:32 - 2012-07-14 08:32 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-07-14 08:32 - 2012-07-14 08:32 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-07-14 08:30 - 2012-07-14 08:31 - 21055472 ____A (Oracle Corporation) C:\Users\Owner\Downloads\jre-7u5-windows-i586.exe
2012-07-14 08:30 - 2012-07-14 08:29 - 00268784 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-07-14 08:29 - 2012-07-14 08:29 - 00189424 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-07-14 08:29 - 2012-07-14 08:29 - 00188912 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-07-14 08:29 - 2012-07-14 08:29 - 00000000 ____D C:\Program Files\Java
2012-07-14 08:27 - 2012-07-14 08:27 - 21869552 ____A (Oracle Corporation) C:\Users\Owner\Downloads\jre-7u5-windows-x64(1).exe
2012-07-14 08:24 - 2012-07-14 08:29 - 00955888 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-07-14 08:24 - 2012-07-14 08:29 - 00839152 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-07-14 08:24 - 2012-07-14 08:24 - 00000000 ____D C:\Users\Owner\AppData\Local\Macromedia
2012-07-14 08:19 - 2012-07-19 19:54 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-14 08:19 - 2012-07-18 08:33 - 00002054 ____A C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2012-07-14 08:19 - 2012-07-18 08:33 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan
2012-07-14 08:19 - 2012-07-14 18:54 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-14 08:19 - 2012-07-14 08:19 - 21869552 ____A (Oracle Corporation) C:\Users\Owner\Downloads\jre-7u5-windows-x64.exe
2012-07-14 08:19 - 2012-07-14 08:19 - 00000000 ____D C:\Users\All Users\McAfee Security Scan
2012-07-13 07:27 - 2012-07-13 07:27 - 00015296 ____H C:\Users\Owner\Documents\~WRL2563.tmp
2012-07-12 19:09 - 2012-07-15 09:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-07-12 19:09 - 2012-07-12 19:09 - 00000000 ____D C:\Users\All Users\Mozilla
2012-07-11 20:47 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-10 13:23 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-10 13:23 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-10 13:23 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-10 13:23 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-10 13:23 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-10 13:23 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-10 13:23 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-10 13:23 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-10 13:23 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-10 13:23 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-10 13:23 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-10 13:23 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-07-10 13:22 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-10 13:22 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-07-10 13:22 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-10 13:22 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-10 13:22 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-07-10 13:22 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-07-10 13:22 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2012-07-10 06:48 - 2012-07-10 06:48 - 00317912 ____A C:\Windows\Minidump\071012-56425-01.dmp
2012-07-08 09:50 - 2012-07-08 09:55 - 00000000 ____D C:\Users\Owner\Documents\Austin Community College
2012-06-29 17:02 - 2012-03-02 22:35 - 01544704 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-06-29 17:02 - 2012-03-02 21:31 - 01077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-06-29 17:01 - 2012-05-14 20:01 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-29 17:01 - 2012-05-14 19:59 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-29 17:01 - 2012-05-14 19:03 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-29 17:01 - 2012-05-14 19:00 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-29 17:01 - 2012-04-19 21:42 - 12297216 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-29 17:01 - 2012-04-19 21:42 - 09059840 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-29 17:01 - 2012-04-19 21:42 - 02454528 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-29 17:01 - 2012-04-19 21:42 - 01494016 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-29 17:01 - 2012-04-19 21:42 - 00735744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-06-29 17:01 - 2012-04-19 21:42 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-29 17:01 - 2012-04-19 21:42 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-29 17:01 - 2012-04-19 21:42 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-29 17:01 - 2012-04-19 21:00 - 01231360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-29 17:01 - 2012-04-19 21:00 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-29 17:01 - 2012-04-19 20:57 - 06027776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-29 17:01 - 2012-04-19 20:57 - 00627712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-06-29 17:01 - 2012-04-19 20:57 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-29 17:01 - 2012-04-19 20:56 - 11020800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-29 17:01 - 2012-04-19 20:56 - 02073600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-29 17:01 - 2012-04-19 20:56 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-29 17:01 - 2012-04-19 19:45 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-29 17:01 - 2012-04-19 19:16 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-29 17:01 - 2012-04-16 21:31 - 00918016 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-29 17:01 - 2012-04-16 20:34 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-29 17:00 - 2012-05-04 03:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-06-29 17:00 - 2012-04-30 21:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-06-29 17:00 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-29 17:00 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-29 17:00 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-29 16:59 - 2012-05-04 02:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-06-29 16:59 - 2012-05-04 02:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-06-29 16:59 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-29 16:59 - 2012-04-23 21:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-29 16:59 - 2012-04-23 21:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-29 16:59 - 2012-04-23 21:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-29 16:59 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-06-29 16:59 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-06-29 16:59 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-06-29 16:59 - 2012-04-07 04:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-06-29 16:59 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-06-29 16:59 - 2012-03-16 23:58 - 00075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-06-29 16:57 - 2012-03-30 03:35 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-06-29 16:42 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-29 16:42 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-29 16:42 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-29 16:42 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-29 16:41 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-29 16:41 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-29 16:41 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-29 16:41 - 2012-06-02 12:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-29 16:41 - 2012-06-02 12:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-24 10:52 - 2012-06-24 10:52 - 00277352 ____A C:\Windows\Minidump\062412-48313-01.dmp
2012-06-22 16:42 - 2012-06-22 16:42 - 00317912 ____A C:\Windows\Minidump\062212-61791-01.dmp


============ 3 Months Modified Files ========================

2012-07-19 19:59 - 2009-10-20 04:31 - 02033008 ____A C:\Windows\WindowsUpdate.log
2012-07-19 19:59 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-19 19:59 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-19 19:54 - 2012-07-14 08:19 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-19 19:54 - 2009-10-20 04:50 - 00000222 ____A C:\Users\All Users\hpqp.ini
2012-07-19 19:53 - 2012-05-27 05:51 - 00004928 ____A C:\Windows\setupact.log
2012-07-19 19:53 - 2010-07-26 08:00 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-19 19:53 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-19 19:36 - 2010-07-26 08:00 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-18 08:33 - 2012-07-14 08:19 - 00002054 ____A C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2012-07-17 18:10 - 2012-07-17 18:09 - 04731392 ____A (AVAST Software) C:\Users\Owner\Downloads\aswMBR.exe
2012-07-17 17:17 - 2012-07-17 17:17 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Owner\Downloads\tdsskiller.exe
2012-07-17 08:02 - 2012-07-17 08:02 - 00277352 ____A C:\Windows\Minidump\071712-47705-01.dmp
2012-07-17 08:02 - 2012-05-27 09:55 - 473636361 ____A C:\Windows\MEMORY.DMP
2012-07-17 08:02 - 2012-05-27 09:55 - 00292790 ____A C:\Windows\PFRO.log
2012-07-17 07:41 - 2012-07-17 07:41 - 00881475 ____A C:\Users\Owner\Downloads\SecurityCheck.exe
2012-07-17 05:56 - 2012-05-27 06:04 - 00000925 ____A C:\Users\Public\Desktop\AVG 2012.lnk
2012-07-16 19:22 - 2012-07-16 19:22 - 00294216 ____A C:\Users\Owner\Downloads\gmer.zip
2012-07-16 19:16 - 2012-07-16 19:16 - 00607260 ____R (Swearware) C:\Users\Owner\Downloads\dds.scr
2012-07-16 19:16 - 2012-07-16 19:16 - 00000000 ____A C:\Users\Owner\defogger_reenable
2012-07-16 19:15 - 2012-07-16 19:15 - 00050477 ____A C:\Users\Owner\Downloads\Defogger.exe
2012-07-16 17:29 - 2012-07-16 17:29 - 00277352 ____A C:\Windows\Minidump\071612-45521-01.dmp
2012-07-16 17:24 - 2012-07-16 17:24 - 00277352 ____A C:\Windows\Minidump\071612-45957-01.dmp
2012-07-16 17:14 - 2012-07-16 17:14 - 04579127 ____R (Swearware) C:\Users\Owner\Downloads\ComboFix.exe
2012-07-16 16:54 - 2012-07-16 16:54 - 00027520 ____A C:\Users\Owner\AppData\Local\dt.dat
2012-07-15 09:06 - 2012-07-15 09:05 - 00277352 ____A C:\Windows\Minidump\071512-40903-01.dmp
2012-07-14 18:54 - 2012-07-14 08:19 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-14 18:54 - 2011-06-29 19:20 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-14 08:32 - 2012-07-14 08:33 - 00772592 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-07-14 08:32 - 2012-07-14 08:33 - 00227824 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-07-14 08:32 - 2012-07-14 08:32 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-07-14 08:32 - 2012-07-14 08:32 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-07-14 08:31 - 2012-07-14 08:30 - 21055472 ____A (Oracle Corporation) C:\Users\Owner\Downloads\jre-7u5-windows-i586.exe
2012-07-14 08:29 - 2012-07-14 08:30 - 00268784 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-07-14 08:29 - 2012-07-14 08:29 - 00189424 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-07-14 08:29 - 2012-07-14 08:29 - 00188912 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-07-14 08:29 - 2012-07-14 08:24 - 00955888 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-07-14 08:29 - 2012-07-14 08:24 - 00839152 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-07-14 08:27 - 2012-07-14 08:27 - 21869552 ____A (Oracle Corporation) C:\Users\Owner\Downloads\jre-7u5-windows-x64(1).exe
2012-07-14 08:19 - 2012-07-14 08:19 - 21869552 ____A (Oracle Corporation) C:\Users\Owner\Downloads\jre-7u5-windows-x64.exe
2012-07-13 07:27 - 2012-07-13 07:27 - 00015296 ____H C:\Users\Owner\Documents\~WRL2563.tmp
2012-07-12 14:53 - 2009-07-13 20:45 - 00430624 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-11 20:46 - 2012-02-17 15:02 - 00000129 ____A C:\Windows\System32\MRT.INI
2012-07-11 20:42 - 2009-12-14 14:29 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-10 06:48 - 2012-07-10 06:48 - 00317912 ____A C:\Windows\Minidump\071012-56425-01.dmp
2012-06-29 22:14 - 2009-07-13 21:13 - 00760282 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-24 10:52 - 2012-06-24 10:52 - 00277352 ____A C:\Windows\Minidump\062412-48313-01.dmp
2012-06-22 16:42 - 2012-06-22 16:42 - 00317912 ____A C:\Windows\Minidump\062212-61791-01.dmp
2012-06-11 19:08 - 2012-07-11 20:47 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-10 15:28 - 2012-06-10 15:28 - 00277352 ____A C:\Windows\Minidump\061012-57174-01.dmp
2012-06-10 10:37 - 2012-06-10 10:37 - 00317912 ____A C:\Windows\Minidump\061012-46956-01.dmp
2012-06-09 18:56 - 2012-06-09 18:56 - 00277328 ____A C:\Windows\Minidump\060912-57626-01.dmp
2012-06-09 10:52 - 2012-06-09 10:52 - 00277352 ____A C:\Windows\Minidump\060912-75847-01.dmp
2012-06-08 21:43 - 2012-07-10 13:23 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:41 - 2012-07-10 13:23 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-05 22:06 - 2012-07-10 13:23 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 22:06 - 2012-07-10 13:22 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 22:02 - 2012-07-10 13:22 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-05 21:05 - 2012-07-10 13:22 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:05 - 2012-07-10 13:22 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 21:03 - 2012-07-10 13:22 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-03 10:12 - 2012-06-03 10:12 - 00277352 ____A C:\Windows\Minidump\060312-55879-01.dmp
2012-06-02 17:37 - 2012-06-02 17:37 - 00759410 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-06-02 16:52 - 2012-06-02 16:52 - 00277328 ____A C:\Windows\Minidump\060212-53289-01.dmp
2012-06-02 15:39 - 2012-06-02 15:39 - 00000012 ____A C:\Windows\srun.log
2012-06-02 15:12 - 2012-06-02 15:12 - 00277352 ____A C:\Windows\Minidump\060212-58157-01.dmp
2012-06-02 14:19 - 2012-06-29 16:42 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-29 16:42 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-29 16:42 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-29 16:41 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-29 16:41 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-29 16:42 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-29 16:41 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 12:19 - 2012-06-29 16:41 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 12:15 - 2012-06-29 16:41 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-01 21:50 - 2012-07-10 13:23 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:48 - 2012-07-10 13:23 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:48 - 2012-07-10 13:23 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:45 - 2012-07-10 13:23 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:44 - 2012-07-10 13:23 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:40 - 2012-07-10 13:23 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:40 - 2012-07-10 13:23 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:39 - 2012-07-10 13:23 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:34 - 2012-07-10 13:23 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-06-01 19:04 - 2012-06-01 19:04 - 00277352 ____A C:\Windows\Minidump\060112-55661-01.dmp
2012-05-31 20:50 - 2012-05-31 20:50 - 00277328 ____A C:\Windows\Minidump\053112-53149-01.dmp
2012-05-27 16:39 - 2012-05-27 16:39 - 00944264 ____A (Skype Technologies S.A.) C:\Users\Owner\Downloads\SkypeSetup.exe
2012-05-27 09:56 - 2012-05-27 09:56 - 00277352 ____A C:\Windows\Minidump\052712-54506-01.dmp
2012-05-27 09:56 - 2009-07-13 21:08 - 00032612 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-05-27 05:57 - 2012-05-27 05:57 - 00104198 ____A C:\Users\Owner\cc_20120527_085725.reg
2012-05-27 05:51 - 2012-05-27 05:51 - 00000000 ____A C:\Windows\setuperr.log
2012-05-26 15:47 - 2012-05-26 15:47 - 03862112 ____A (Piriform Ltd) C:\Users\Owner\Downloads\ccsetup319(1).exe
2012-05-26 15:45 - 2012-05-26 15:45 - 03862112 ____A (Piriform Ltd) C:\Users\Owner\Downloads\ccsetup319.exe
2012-05-26 15:40 - 2012-02-27 12:57 - 00001986 ____A C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
2012-05-26 15:34 - 2012-05-26 15:34 - 00108605 ____A C:\Users\Owner\AppData\Roaming\userenv.xml.urlencode
2012-05-26 15:34 - 2012-05-26 15:34 - 00081636 ____A C:\Users\Owner\AppData\Roaming\userenv.xml
2012-05-14 20:01 - 2012-06-29 17:01 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-14 19:59 - 2012-06-29 17:01 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-14 19:03 - 2012-06-29 17:01 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-14 19:00 - 2012-06-29 17:01 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-04 03:06 - 2012-06-29 17:00 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:03 - 2012-06-29 16:59 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-29 16:59 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-04-30 21:40 - 2012-06-29 17:00 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-30 17:53 - 2012-04-30 17:53 - 00000184 ____A C:\Users\All Users\-OhHLaRdlQeimdpr
2012-04-30 17:53 - 2012-04-30 17:53 - 00000000 ____A C:\Users\All Users\-OhHLaRdlQeimdp
2012-04-30 17:53 - 2012-04-30 17:52 - 00000256 ____A C:\Users\All Users\OhHLaRdlQeimdp
2012-04-27 19:55 - 2012-06-29 16:59 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-25 21:41 - 2012-06-29 17:00 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 21:41 - 2012-06-29 17:00 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 21:34 - 2012-06-29 17:00 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-25 19:46 - 2012-04-25 19:46 - 00000184 ____A C:\Users\All Users\-H7lxS9JFLtop0pr
2012-04-25 19:46 - 2012-04-25 19:46 - 00000000 ____A C:\Users\All Users\-H7lxS9JFLtop0p
2012-04-25 19:46 - 2012-04-25 19:45 - 00000256 ____A C:\Users\All Users\H7lxS9JFLtop0p
2012-04-23 21:37 - 2012-06-29 16:59 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 21:37 - 2012-06-29 16:59 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 21:37 - 2012-06-29 16:59 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 20:36 - 2012-06-29 16:59 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-23 20:36 - 2012-06-29 16:59 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-23 20:36 - 2012-06-29 16:59 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll


ZeroAccess:
C:\Windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}
C:\Windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\@
C:\Windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\L
C:\Windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U

Possible MBR infection:
C:\Windows\svchost.exe

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 22%
Total physical RAM: 3003.19 MB
Available physical RAM: 2336 MB
Total Pagefile: 3001.34 MB
Available Pagefile: 2329.25 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:286.03 GB) (Free:213.47 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (RECOVERY) (Fixed) (Total:11.87 GB) (Free:2 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive g: (ALOHA) (Removable) (Total:3.92 GB) (Free:3.92 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 4026 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 286 GB 200 MB
Partition 3 Primary 11 GB 286 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 286 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E RECOVERY NTFS Partition 11 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 4025 MB 32 KB

==================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G ALOHA FAT32 Removable 4025 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-18 14:34

======================= End Of Log ==========================

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:02 PM

Posted 20 July 2012 - 10:46 PM

Hello

I would like you to download an updated version of combofix.

update combofix

Delete the version of combofix you have now on your desktop and download a new one from here

Link 1
Link 2
Link 3
**Note: It is important that it is saved directly to your desktop**

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note:Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer
[/list]
"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 inlakeshalakin

inlakeshalakin
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:02 PM

Posted 21 July 2012 - 07:34 PM

ComboFix 12-07-21.01 - Owner 07/21/2012 18:39:18.3.2 - x64
Running from: c:\users\Owner\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\ReGBe.Bin
c:\users\Owner\AppData\Roaming\Effy
c:\users\Owner\AppData\Roaming\Effy\lowoy.roi
c:\users\Owner\Documents\~WRL2563.tmp
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-21 to 2012-07-21 )))))))))))))))))))))))))))))))
.
.
2012-07-21 23:55 . 2012-07-21 23:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-20 07:03 . 2012-07-20 07:03 -------- d-----w- C:\FRST
2012-07-20 05:52 . 2012-07-20 05:52 -------- d-----w- c:\program files\Perfect Uninstaller
2012-07-18 01:25 . 2012-07-18 01:25 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-15 01:58 . 2012-07-15 01:58 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-07-15 01:58 . 2012-07-15 01:58 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-07-14 16:33 . 2012-07-14 16:32 772592 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-07-14 16:30 . 2012-07-14 16:29 268784 ----a-w- c:\windows\system32\javaws.exe
2012-07-14 16:29 . 2012-07-14 16:29 189424 ----a-w- c:\windows\system32\javaw.exe
2012-07-14 16:29 . 2012-07-14 16:29 188912 ----a-w- c:\windows\system32\java.exe
2012-07-14 16:29 . 2012-07-14 16:29 -------- d-----w- c:\program files\Java
2012-07-14 16:24 . 2012-07-14 16:29 839152 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-14 16:24 . 2012-07-14 16:29 955888 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-14 16:24 . 2012-07-14 16:24 -------- d-----w- c:\users\Owner\AppData\Local\Macromedia
2012-07-14 16:19 . 2012-07-14 16:19 -------- d-----w- c:\programdata\McAfee Security Scan
2012-07-14 16:19 . 2012-07-18 16:33 -------- d-----w- c:\program files (x86)\McAfee Security Scan
2012-07-14 16:19 . 2012-07-15 02:54 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-13 03:09 . 2012-07-20 14:01 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-07-13 03:08 . 2012-07-20 05:40 68576 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-07-13 03:08 . 2012-07-20 05:40 573920 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-07-13 03:08 . 2012-07-20 05:40 157608 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-07-13 03:08 . 2012-07-20 05:40 113120 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-07-12 04:47 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-10 21:23 . 2012-06-02 05:50 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-07-10 21:23 . 2012-06-02 05:48 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-07-10 21:23 . 2012-06-02 05:45 340992 ----a-w- c:\windows\system32\schannel.dll
2012-07-10 21:23 . 2012-06-02 05:44 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-10 21:23 . 2012-06-02 04:39 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-07-10 21:23 . 2012-06-02 04:40 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-07-10 21:23 . 2012-06-02 05:48 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-10 21:23 . 2012-06-02 04:40 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-07-10 21:23 . 2012-06-02 04:34 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-07-10 21:23 . 2012-06-09 05:43 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-07-10 21:23 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-30 01:02 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-06-30 01:02 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-06-30 01:00 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-30 01:00 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-30 01:00 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-30 01:00 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-30 01:00 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-30 00:59 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-30 00:59 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-30 00:59 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-30 00:59 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-06-30 00:59 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-30 00:59 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-30 00:59 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-30 00:59 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-30 00:59 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-30 00:59 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-30 00:59 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-30 00:59 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-30 00:57 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-06-30 00:57 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-06-30 00:57 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-06-30 00:42 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-30 00:42 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-30 00:42 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-30 00:42 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-30 00:41 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-30 00:41 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-30 00:41 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-30 00:41 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-30 00:41 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-24 18:50 . 2012-06-24 18:50 992352 ----a-w- c:\programdata\Microsoft\Windows\DRM\install_flashplayer.exe
2012-06-24 18:50 . 2012-06-24 18:50 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\B542.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-15 02:54 . 2011-06-30 03:20 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 04:42 . 2009-12-14 22:29 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-05-27 13:57 . 2012-05-27 13:57 104198 ----a-w- c:\users\Owner\cc_20120527_085725.reg
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-09 14:49 2074208 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-09 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"aceefacfbddct"="Global\a7c0e30e-5fac-49f0-8351-b7179d438640DCT1fffffffd" [X]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-07-13 39408]
"Akamai NetSession Interface"="c:\users\Owner\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QPService"="c:\program files (x86)\HP\QuickPlay\QPService.exe" [2009-06-24 468264]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-18 218408]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-06-24 320056]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-04-04 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-04-04 815512]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-07-09 1107552]
"HF_G_Jul"="c:\program files (x86)\AVG Secure Search\HF_G_Jul.exe" [2012-07-18 36960]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Macromedia"="c:\windows\system32\config\systemprofile\AppData\Local\Macromedia\zgdhllxk.dll" [2011-12-07 315392]
"Macromedia Update"="c:\windows\system32\config\systemprofile\AppData\Local\Macromedia\zgdhllxk.dll" [2011-12-07 315392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 20:49 249064 ----a-w- c:\program files (x86)\Common Files\Java\Java Update\jusched.exe
.
3;2 Amsp;Trend Micro Solution Platform [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-26 135664]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-15 250056]
R3 ATMFBUS;A600 USB Composite Device Driver;c:\windows\system32\DRIVERS\ATMFBUS.sys [x]
R3 ATMFCVsp;A600 Cricket CM Port;c:\windows\system32\DRIVERS\ATMFCVsp.sys [x]
R3 ATMFFLT;A600 USB Modem Installation CD;c:\windows\system32\DRIVERS\ATMFFLT.sys [x]
R3 ATMFMdm;A600 Cricket EVDO Modem;c:\windows\system32\DRIVERS\ATMFMdm.sys [x]
R3 ATMFNET;A600 Cricket EVDO Network Adapter;c:\windows\system32\DRIVERS\ATMFNET.sys [x]
R3 ATMFNVsp;A600 Cricket NMEA Port Serial Port;c:\windows\system32\DRIVERS\ATMFNVsp.sys [x]
R3 ATMFVsp;A600 Cricket Diagnostics Port;c:\windows\system32\DRIVERS\ATMFVsp.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-07-08 195336]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-26 135664]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 237008]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-20 113120]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-05 216064]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-02 1255736]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-07-04 5160568]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-06-15 249648]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2010-09-17 67664]
S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-07-09 935008]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [2009-06-24 292864]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-26 138752]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - IPNAT
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 19:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-14 02:54]
.
2012-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-26 16:00]
.
2012-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-26 16:00]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-07-14 495104]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2011-02-17 1111568]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-02-10 197152]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.2.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\x0plas0y.default\
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B9d57d371-71ec-49f0-9696-8a3310cff01d%7D&mid=ec43348f9e1f47d0bd7dd156500958c9-b0d4f81a8999f5981f04537c5ec8468fd5234593&ds=AVG&v=11.1.0.12&lang=en&pr=fr&d=2012-05-27%2009%3A04%3A21&sap=ku&q=
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-HPADVISOR - c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
Wow6432Node-HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\SysWOW64\Macromed\Flash\FlashUtil11f_ActiveX.exe
SafeBoot-Wdf01000.sys
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-wmdwmg - c:\windows\system32\config\systemprofile\AppData\Roaming\wmdwmg.dll
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
.
**************************************************************************
.
Completion time: 2012-07-21 19:25:55 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-22 00:25
.
Pre-Run: 227,237,441,536 bytes free
Post-Run: 229,165,969,408 bytes free
.
- - End Of File - - 69374C2BB062013BE36D75275471CE3B

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:02 PM

Posted 21 July 2012 - 08:41 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 inlakeshalakin

inlakeshalakin
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:02 PM

Posted 22 July 2012 - 10:17 AM

10:01:13.0864 4608 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
10:01:14.0354 4608 ============================================================
10:01:14.0354 4608 Current date / time: 2012/07/22 10:01:14.0354
10:01:14.0354 4608 SystemInfo:
10:01:14.0354 4608
10:01:14.0354 4608 OS Version: 6.1.7601 ServicePack: 1.0
10:01:14.0354 4608 Product type: Workstation
10:01:14.0354 4608 ComputerName: OWNER-PC
10:01:14.0354 4608 UserName: Owner
10:01:14.0354 4608 Windows directory: C:\Windows
10:01:14.0354 4608 System windows directory: C:\Windows
10:01:14.0354 4608 Running under WOW64
10:01:14.0354 4608 Processor architecture: Intel x64
10:01:14.0354 4608 Number of processors: 2
10:01:14.0354 4608 Page size: 0x1000
10:01:14.0354 4608 Boot type: Normal boot
10:01:14.0354 4608 ============================================================
10:01:16.0084 4608 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x13135, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x7F, Type 'K0', Flags 0x00000040
10:01:16.0104 4608 ============================================================
10:01:16.0104 4608 \Device\Harddisk0\DR0:
10:01:16.0104 4608 MBR partitions:
10:01:16.0104 4608 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
10:01:16.0104 4608 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x23C0D000
10:01:16.0104 4608 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x23C71000, BlocksNum 0x17BD000
10:01:16.0104 4608 ============================================================
10:01:16.0114 4608 C: <-> \Device\Harddisk0\DR0\Partition1
10:01:16.0174 4608 D: <-> \Device\Harddisk0\DR0\Partition2
10:01:16.0174 4608 ============================================================
10:01:16.0174 4608 Initialize success
10:01:16.0174 4608 ============================================================
10:01:18.0304 4620 ============================================================
10:01:18.0304 4620 Scan started
10:01:18.0304 4620 Mode: Manual;
10:01:18.0304 4620 ============================================================
10:01:19.0484 4620 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
10:01:19.0484 4620 1394ohci - ok
10:01:19.0524 4620 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
10:01:19.0534 4620 ACPI - ok
10:01:19.0564 4620 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
10:01:19.0564 4620 AcpiPmi - ok
10:01:19.0724 4620 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:01:19.0724 4620 AdobeFlashPlayerUpdateSvc - ok
10:01:19.0794 4620 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
10:01:19.0804 4620 adp94xx - ok
10:01:19.0854 4620 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
10:01:19.0864 4620 adpahci - ok
10:01:19.0884 4620 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
10:01:19.0884 4620 adpu320 - ok
10:01:19.0914 4620 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
10:01:19.0924 4620 AeLookupSvc - ok
10:01:20.0004 4620 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
10:01:20.0004 4620 AFD - ok
10:01:20.0044 4620 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
10:01:20.0044 4620 agp440 - ok
10:01:20.0094 4620 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
10:01:20.0094 4620 ALG - ok
10:01:20.0134 4620 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
10:01:20.0134 4620 aliide - ok
10:01:20.0154 4620 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
10:01:20.0154 4620 amdide - ok
10:01:20.0194 4620 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
10:01:20.0194 4620 AmdK8 - ok
10:01:20.0224 4620 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
10:01:20.0224 4620 AmdPPM - ok
10:01:20.0264 4620 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
10:01:20.0264 4620 amdsata - ok
10:01:20.0314 4620 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
10:01:20.0314 4620 amdsbs - ok
10:01:20.0585 4620 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
10:01:20.0585 4620 amdxata - ok
10:01:20.0685 4620 Amsp (18f64623e76ff58009d6f9cb9dea5d0a) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
10:01:20.0685 4620 Amsp - ok
10:01:20.0725 4620 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
10:01:20.0725 4620 AppID - ok
10:01:20.0745 4620 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
10:01:20.0745 4620 AppIDSvc - ok
10:01:20.0795 4620 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
10:01:20.0795 4620 Appinfo - ok
10:01:20.0955 4620 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:01:20.0965 4620 Apple Mobile Device - ok
10:01:21.0005 4620 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
10:01:21.0015 4620 arc - ok
10:01:21.0025 4620 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
10:01:21.0035 4620 arcsas - ok
10:01:21.0065 4620 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
10:01:21.0065 4620 AsyncMac - ok
10:01:21.0085 4620 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
10:01:21.0085 4620 atapi - ok
10:01:21.0185 4620 athr (38562a6a9cb10844759eaf2b01a7fcd3) C:\Windows\system32\DRIVERS\athrx.sys
10:01:21.0195 4620 athr - ok
10:01:21.0315 4620 ATMFBUS - ok
10:01:21.0325 4620 ATMFCVsp - ok
10:01:21.0325 4620 ATMFFLT - ok
10:01:21.0345 4620 ATMFMdm - ok
10:01:21.0365 4620 ATMFNET - ok
10:01:21.0365 4620 ATMFNVsp - ok
10:01:21.0375 4620 ATMFVsp - ok
10:01:21.0455 4620 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
10:01:21.0465 4620 AudioEndpointBuilder - ok
10:01:21.0465 4620 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
10:01:21.0475 4620 AudioSrv - ok
10:01:21.0795 4620 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
10:01:21.0835 4620 AVGIDSAgent - ok
10:01:21.0965 4620 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys
10:01:21.0975 4620 AVGIDSDriver - ok
10:01:21.0995 4620 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys
10:01:22.0005 4620 AVGIDSFilter - ok
10:01:22.0015 4620 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys
10:01:22.0025 4620 AVGIDSHA - ok
10:01:22.0085 4620 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
10:01:22.0095 4620 Avgldx64 - ok
10:01:22.0125 4620 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
10:01:22.0125 4620 Avgmfx64 - ok
10:01:22.0215 4620 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
10:01:22.0225 4620 Avgrkx64 - ok
10:01:22.0305 4620 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS\avgtdia.sys
10:01:22.0315 4620 Avgtdia - ok
10:01:22.0435 4620 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
10:01:22.0435 4620 avgwd - ok
10:01:22.0485 4620 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
10:01:22.0485 4620 AxInstSV - ok
10:01:22.0545 4620 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
10:01:22.0555 4620 b06bdrv - ok
10:01:22.0595 4620 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
10:01:22.0605 4620 b57nd60a - ok
10:01:22.0695 4620 BBSvc (2ed050291bc1d7f9e322e328db3aaecf) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
10:01:22.0705 4620 BBSvc - ok
10:01:22.0785 4620 BBUpdate (785de7abda13309d6065305542829e76) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
10:01:22.0785 4620 BBUpdate - ok
10:01:22.0815 4620 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
10:01:22.0825 4620 BDESVC - ok
10:01:22.0865 4620 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
10:01:22.0865 4620 Beep - ok
10:01:22.0925 4620 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
10:01:22.0935 4620 BFE - ok
10:01:22.0985 4620 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
10:01:22.0995 4620 BITS - ok
10:01:23.0065 4620 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
10:01:23.0065 4620 blbdrive - ok
10:01:23.0185 4620 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
10:01:23.0185 4620 Bonjour Service - ok
10:01:23.0225 4620 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
10:01:23.0225 4620 bowser - ok
10:01:23.0275 4620 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:01:23.0275 4620 BrFiltLo - ok
10:01:23.0295 4620 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:01:23.0295 4620 BrFiltUp - ok
10:01:23.0345 4620 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
10:01:23.0345 4620 BridgeMP - ok
10:01:23.0385 4620 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
10:01:23.0385 4620 Browser - ok
10:01:23.0425 4620 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
10:01:23.0425 4620 Brserid - ok
10:01:23.0445 4620 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
10:01:23.0445 4620 BrSerWdm - ok
10:01:23.0485 4620 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:01:23.0485 4620 BrUsbMdm - ok
10:01:23.0505 4620 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
10:01:23.0505 4620 BrUsbSer - ok
10:01:23.0555 4620 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
10:01:23.0555 4620 BTHMODEM - ok
10:01:23.0605 4620 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
10:01:23.0615 4620 bthserv - ok
10:01:23.0635 4620 catchme - ok
10:01:23.0685 4620 CAXHWAZL (d1787e11c6a0078ddeaf8cf3ee2ab293) C:\Windows\system32\DRIVERS\CAXHWAZL.sys
10:01:23.0685 4620 CAXHWAZL - ok
10:01:23.0725 4620 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
10:01:23.0725 4620 cdfs - ok
10:01:23.0775 4620 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
10:01:23.0775 4620 cdrom - ok
10:01:23.0815 4620 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
10:01:23.0815 4620 CertPropSvc - ok
10:01:23.0855 4620 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
10:01:23.0855 4620 circlass - ok
10:01:23.0895 4620 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
10:01:23.0905 4620 CLFS - ok
10:01:23.0975 4620 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:01:23.0985 4620 clr_optimization_v2.0.50727_32 - ok
10:01:24.0045 4620 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:01:24.0045 4620 clr_optimization_v2.0.50727_64 - ok
10:01:24.0155 4620 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:01:24.0165 4620 clr_optimization_v4.0.30319_32 - ok
10:01:24.0195 4620 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:01:24.0205 4620 clr_optimization_v4.0.30319_64 - ok
10:01:24.0235 4620 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
10:01:24.0235 4620 CmBatt - ok
10:01:24.0255 4620 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
10:01:24.0255 4620 cmdide - ok
10:01:24.0335 4620 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
10:01:24.0345 4620 CNG - ok
10:01:24.0405 4620 CnxtHdAudService (a44dfdb81dc62b11760881175e5b2266) C:\Windows\system32\drivers\CHDRT64.sys
10:01:24.0415 4620 CnxtHdAudService - ok
10:01:24.0545 4620 Com4QLBEx (f9a79c5b27037821112c50a9c8fb367a) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
10:01:24.0545 4620 Com4QLBEx - ok
10:01:24.0585 4620 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
10:01:24.0595 4620 Compbatt - ok
10:01:24.0625 4620 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
10:01:24.0625 4620 CompositeBus - ok
10:01:24.0645 4620 COMSysApp - ok
10:01:24.0675 4620 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
10:01:24.0675 4620 crcdisk - ok
10:01:24.0725 4620 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
10:01:24.0725 4620 CryptSvc - ok
10:01:24.0795 4620 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
10:01:24.0805 4620 DcomLaunch - ok
10:01:24.0855 4620 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
10:01:24.0855 4620 defragsvc - ok
10:01:24.0885 4620 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
10:01:24.0885 4620 DfsC - ok
10:01:24.0945 4620 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
10:01:24.0945 4620 Dhcp - ok
10:01:24.0965 4620 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
10:01:24.0965 4620 discache - ok
10:01:25.0005 4620 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
10:01:25.0015 4620 Disk - ok
10:01:25.0055 4620 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
10:01:25.0065 4620 Dnscache - ok
10:01:25.0105 4620 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
10:01:25.0105 4620 dot3svc - ok
10:01:25.0145 4620 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
10:01:25.0145 4620 DPS - ok
10:01:25.0185 4620 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
10:01:25.0185 4620 drmkaud - ok
10:01:25.0265 4620 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
10:01:25.0275 4620 DXGKrnl - ok
10:01:25.0315 4620 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
10:01:25.0325 4620 EapHost - ok
10:01:25.0465 4620 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
10:01:25.0515 4620 ebdrv - ok
10:01:25.0825 4620 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
10:01:25.0825 4620 EFS - ok
10:01:25.0925 4620 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
10:01:25.0935 4620 ehRecvr - ok
10:01:25.0985 4620 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
10:01:25.0985 4620 ehSched - ok
10:01:26.0055 4620 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
10:01:26.0065 4620 elxstor - ok
10:01:26.0085 4620 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
10:01:26.0085 4620 ErrDev - ok
10:01:26.0155 4620 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
10:01:26.0165 4620 EventSystem - ok
10:01:26.0205 4620 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
10:01:26.0205 4620 exfat - ok
10:01:26.0235 4620 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
10:01:26.0235 4620 fastfat - ok
10:01:26.0295 4620 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
10:01:26.0305 4620 Fax - ok
10:01:26.0325 4620 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
10:01:26.0325 4620 fdc - ok
10:01:26.0335 4620 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
10:01:26.0345 4620 fdPHost - ok
10:01:26.0355 4620 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
10:01:26.0365 4620 FDResPub - ok
10:01:26.0385 4620 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
10:01:26.0395 4620 FileInfo - ok
10:01:26.0405 4620 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
10:01:26.0405 4620 Filetrace - ok
10:01:26.0435 4620 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
10:01:26.0435 4620 flpydisk - ok
10:01:26.0475 4620 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
10:01:26.0475 4620 FltMgr - ok
10:01:26.0545 4620 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
10:01:26.0555 4620 FontCache - ok
10:01:26.0625 4620 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:01:26.0625 4620 FontCache3.0.0.0 - ok
10:01:26.0665 4620 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
10:01:26.0665 4620 FsDepends - ok
10:01:26.0705 4620 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
10:01:26.0725 4620 Fs_Rec - ok
10:01:26.0765 4620 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
10:01:26.0765 4620 fvevol - ok
10:01:26.0795 4620 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
10:01:26.0795 4620 gagp30kx - ok
10:01:26.0875 4620 GEARAspiWDM (af4dee5531395dee72b35b36c9671fd0) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:01:26.0885 4620 GEARAspiWDM - ok
10:01:26.0935 4620 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
10:01:26.0945 4620 gpsvc - ok
10:01:27.0075 4620 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:01:27.0075 4620 gupdate - ok
10:01:27.0095 4620 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:01:27.0105 4620 gupdatem - ok
10:01:27.0185 4620 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
10:01:27.0185 4620 gusvc - ok
10:01:27.0215 4620 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
10:01:27.0215 4620 hcw85cir - ok
10:01:27.0275 4620 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
10:01:27.0275 4620 HdAudAddService - ok
10:01:27.0305 4620 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
10:01:27.0305 4620 HDAudBus - ok
10:01:27.0335 4620 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
10:01:27.0335 4620 HidBatt - ok
10:01:27.0365 4620 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
10:01:27.0365 4620 HidBth - ok
10:01:27.0385 4620 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
10:01:27.0395 4620 HidIr - ok
10:01:27.0425 4620 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
10:01:27.0425 4620 hidserv - ok
10:01:27.0476 4620 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
10:01:27.0486 4620 HidUsb - ok
10:01:27.0506 4620 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
10:01:27.0506 4620 hkmsvc - ok
10:01:27.0536 4620 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
10:01:27.0536 4620 HomeGroupListener - ok
10:01:27.0576 4620 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
10:01:27.0576 4620 HomeGroupProvider - ok
10:01:27.0686 4620 HP Health Check Service (0141816a095a3f5a83ffa5b4a47b8023) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
10:01:27.0696 4620 HP Health Check Service - ok
10:01:27.0756 4620 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
10:01:27.0756 4620 HpqKbFiltr - ok
10:01:27.0806 4620 hpqwmiex (fdf273a845f1ffcceadf363aaf47582f) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
10:01:27.0816 4620 hpqwmiex - ok
10:01:27.0856 4620 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
10:01:27.0856 4620 HpSAMD - ok
10:01:27.0946 4620 HsfXAudioService (447256d1c026654c5cd3cc17e7b20631) C:\Windows\SysWOW64\XAudio64.dll
10:01:27.0956 4620 HsfXAudioService - ok
10:01:28.0026 4620 HSF_DPV (26c5d00321937e49b6bc91029947d094) C:\Windows\system32\DRIVERS\CAX_DPV.sys
10:01:28.0046 4620 HSF_DPV - ok
10:01:28.0166 4620 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
10:01:28.0176 4620 HTTP - ok
10:01:28.0206 4620 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
10:01:28.0206 4620 hwpolicy - ok
10:01:28.0246 4620 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
10:01:28.0246 4620 i8042prt - ok
10:01:28.0306 4620 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
10:01:28.0316 4620 iaStorV - ok
10:01:28.0406 4620 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:01:28.0426 4620 idsvc - ok
10:01:28.0846 4620 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
10:01:29.0106 4620 igfx - ok
10:01:29.0196 4620 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
10:01:29.0196 4620 iirsp - ok
10:01:29.0306 4620 IJPLMSVC (2f95bef56aeeeb45de55ec44668e2695) C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
10:01:29.0306 4620 IJPLMSVC - ok
10:01:29.0396 4620 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
10:01:29.0416 4620 IKEEXT - ok
10:01:29.0476 4620 IntcHdmiAddService (d485d3bd3e2179aa86853a182f70699f) C:\Windows\system32\drivers\IntcHdmi.sys
10:01:29.0486 4620 IntcHdmiAddService - ok
10:01:29.0506 4620 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
10:01:29.0506 4620 intelide - ok
10:01:29.0556 4620 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
10:01:29.0566 4620 intelppm - ok
10:01:29.0596 4620 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
10:01:29.0596 4620 IPBusEnum - ok
10:01:29.0626 4620 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:01:29.0626 4620 IpFilterDriver - ok
10:01:29.0696 4620 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
10:01:29.0706 4620 iphlpsvc - ok
10:01:29.0736 4620 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
10:01:29.0736 4620 IPMIDRV - ok
10:01:29.0796 4620 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
10:01:29.0796 4620 IPNAT - ok
10:01:29.0936 4620 iPod Service (ee4c2a137c7088911a8919effc9812e7) C:\Program Files\iPod\bin\iPodService.exe
10:01:29.0946 4620 iPod Service - ok
10:01:29.0976 4620 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
10:01:29.0976 4620 IRENUM - ok
10:01:30.0006 4620 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
10:01:30.0006 4620 isapnp - ok
10:01:30.0036 4620 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
10:01:30.0036 4620 iScsiPrt - ok
10:01:30.0066 4620 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
10:01:30.0066 4620 kbdclass - ok
10:01:30.0106 4620 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
10:01:30.0106 4620 kbdhid - ok
10:01:30.0146 4620 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:01:30.0146 4620 KeyIso - ok
10:01:30.0196 4620 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
10:01:30.0196 4620 KSecDD - ok
10:01:30.0216 4620 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
10:01:30.0226 4620 KSecPkg - ok
10:01:30.0246 4620 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
10:01:30.0246 4620 ksthunk - ok
10:01:30.0296 4620 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
10:01:30.0296 4620 KtmRm - ok
10:01:30.0346 4620 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
10:01:30.0346 4620 LanmanServer - ok
10:01:30.0376 4620 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
10:01:30.0386 4620 LanmanWorkstation - ok
10:01:30.0467 4620 LightScribeService (83d8be94e1cbcbe2ea8372db1a95a159) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
10:01:30.0467 4620 LightScribeService - ok
10:01:30.0497 4620 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
10:01:30.0497 4620 lltdio - ok
10:01:30.0547 4620 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
10:01:30.0557 4620 lltdsvc - ok
10:01:30.0577 4620 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
10:01:30.0577 4620 lmhosts - ok
10:01:30.0617 4620 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
10:01:30.0617 4620 LSI_FC - ok
10:01:30.0647 4620 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
10:01:30.0647 4620 LSI_SAS - ok
10:01:30.0667 4620 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:01:30.0667 4620 LSI_SAS2 - ok
10:01:30.0727 4620 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:01:30.0737 4620 LSI_SCSI - ok
10:01:30.0757 4620 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
10:01:30.0767 4620 luafv - ok
10:01:31.0077 4620 McComponentHostService (22a7776c5d8eb5930edf9c8dd0884259) C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe
10:01:31.0087 4620 McComponentHostService - ok
10:01:31.0137 4620 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
10:01:31.0137 4620 Mcx2Svc - ok
10:01:31.0187 4620 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
10:01:31.0187 4620 mdmxsdk - ok
10:01:31.0217 4620 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
10:01:31.0217 4620 megasas - ok
10:01:31.0267 4620 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
10:01:31.0267 4620 MegaSR - ok
10:01:31.0297 4620 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
10:01:31.0307 4620 MMCSS - ok
10:01:31.0337 4620 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
10:01:31.0337 4620 Modem - ok
10:01:31.0367 4620 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
10:01:31.0367 4620 monitor - ok
10:01:31.0397 4620 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
10:01:31.0407 4620 mouclass - ok
10:01:31.0447 4620 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
10:01:31.0447 4620 mouhid - ok
10:01:31.0477 4620 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
10:01:31.0477 4620 mountmgr - ok
10:01:31.0567 4620 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
10:01:31.0567 4620 MozillaMaintenance - ok
10:01:31.0607 4620 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
10:01:31.0607 4620 mpio - ok
10:01:31.0637 4620 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
10:01:31.0647 4620 mpsdrv - ok
10:01:31.0717 4620 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
10:01:31.0727 4620 MpsSvc - ok
10:01:31.0737 4620 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
10:01:31.0747 4620 MRxDAV - ok
10:01:31.0797 4620 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:01:31.0807 4620 mrxsmb - ok
10:01:31.0867 4620 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:01:31.0867 4620 mrxsmb10 - ok
10:01:31.0897 4620 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:01:31.0907 4620 mrxsmb20 - ok
10:01:31.0947 4620 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
10:01:31.0947 4620 msahci - ok
10:01:31.0987 4620 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
10:01:31.0987 4620 msdsm - ok
10:01:32.0027 4620 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
10:01:32.0037 4620 MSDTC - ok
10:01:32.0097 4620 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
10:01:32.0097 4620 Msfs - ok
10:01:32.0107 4620 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
10:01:32.0107 4620 mshidkmdf - ok
10:01:32.0147 4620 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
10:01:32.0147 4620 msisadrv - ok
10:01:32.0177 4620 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
10:01:32.0187 4620 MSiSCSI - ok
10:01:32.0187 4620 msiserver - ok
10:01:32.0227 4620 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
10:01:32.0237 4620 MSKSSRV - ok
10:01:32.0247 4620 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
10:01:32.0247 4620 MSPCLOCK - ok
10:01:32.0257 4620 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
10:01:32.0257 4620 MSPQM - ok
10:01:32.0297 4620 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
10:01:32.0307 4620 MsRPC - ok
10:01:32.0337 4620 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
10:01:32.0337 4620 mssmbios - ok
10:01:32.0367 4620 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
10:01:32.0367 4620 MSTEE - ok
10:01:32.0387 4620 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
10:01:32.0397 4620 MTConfig - ok
10:01:32.0417 4620 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
10:01:32.0427 4620 Mup - ok
10:01:32.0477 4620 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
10:01:32.0487 4620 napagent - ok
10:01:32.0537 4620 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
10:01:32.0547 4620 NativeWifiP - ok
10:01:32.0617 4620 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
10:01:32.0627 4620 NDIS - ok
10:01:32.0667 4620 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
10:01:32.0667 4620 NdisCap - ok
10:01:32.0687 4620 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
10:01:32.0687 4620 NdisTapi - ok
10:01:32.0747 4620 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
10:01:32.0747 4620 Ndisuio - ok
10:01:32.0767 4620 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
10:01:32.0777 4620 NdisWan - ok
10:01:32.0797 4620 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
10:01:32.0807 4620 NDProxy - ok
10:01:32.0837 4620 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
10:01:32.0837 4620 NetBIOS - ok
10:01:32.0877 4620 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
10:01:32.0877 4620 NetBT - ok
10:01:32.0907 4620 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:01:32.0917 4620 Netlogon - ok
10:01:32.0957 4620 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
10:01:32.0967 4620 Netman - ok
10:01:32.0997 4620 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
10:01:33.0007 4620 netprofm - ok
10:01:33.0077 4620 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:01:33.0077 4620 NetTcpPortSharing - ok
10:01:33.0307 4620 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
10:01:33.0437 4620 netw5v64 - ok
10:01:33.0527 4620 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
10:01:33.0547 4620 nfrd960 - ok
10:01:33.0597 4620 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
10:01:33.0607 4620 NlaSvc - ok
10:01:33.0627 4620 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
10:01:33.0637 4620 Npfs - ok
10:01:33.0657 4620 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
10:01:33.0657 4620 nsi - ok
10:01:33.0677 4620 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
10:01:33.0677 4620 nsiproxy - ok
10:01:33.0777 4620 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
10:01:33.0797 4620 Ntfs - ok
10:01:33.0877 4620 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
10:01:33.0887 4620 Null - ok
10:01:33.0927 4620 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
10:01:33.0927 4620 nvraid - ok
10:01:33.0947 4620 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
10:01:33.0947 4620 nvstor - ok
10:01:33.0987 4620 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
10:01:33.0987 4620 nv_agp - ok
10:01:34.0007 4620 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
10:01:34.0007 4620 ohci1394 - ok
10:01:34.0127 4620 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:01:34.0127 4620 ose - ok
10:01:34.0517 4620 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:01:34.0567 4620 osppsvc - ok
10:01:34.0697 4620 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
10:01:34.0707 4620 p2pimsvc - ok
10:01:34.0727 4620 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
10:01:34.0737 4620 p2psvc - ok
10:01:34.0787 4620 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
10:01:34.0787 4620 Parport - ok
10:01:34.0827 4620 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
10:01:34.0837 4620 partmgr - ok
10:01:34.0877 4620 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
10:01:34.0877 4620 PcaSvc - ok
10:01:34.0907 4620 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
10:01:34.0917 4620 pci - ok
10:01:34.0937 4620 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
10:01:34.0937 4620 pciide - ok
10:01:34.0967 4620 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
10:01:34.0967 4620 pcmcia - ok
10:01:34.0997 4620 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
10:01:34.0997 4620 pcw - ok
10:01:35.0027 4620 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
10:01:35.0037 4620 PEAUTH - ok
10:01:35.0107 4620 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
10:01:35.0117 4620 PerfHost - ok
10:01:35.0247 4620 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
10:01:35.0257 4620 pla - ok
10:01:35.0327 4620 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
10:01:35.0337 4620 PlugPlay - ok
10:01:35.0367 4620 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
10:01:35.0367 4620 PNRPAutoReg - ok
10:01:35.0397 4620 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
10:01:35.0407 4620 PNRPsvc - ok
10:01:35.0447 4620 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
10:01:35.0457 4620 PolicyAgent - ok
10:01:35.0497 4620 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
10:01:35.0497 4620 Power - ok
10:01:35.0567 4620 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
10:01:35.0567 4620 PptpMiniport - ok
10:01:35.0617 4620 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
10:01:35.0617 4620 Processor - ok
10:01:35.0677 4620 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
10:01:35.0677 4620 ProfSvc - ok
10:01:35.0737 4620 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:01:35.0737 4620 ProtectedStorage - ok
10:01:35.0777 4620 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
10:01:35.0777 4620 Psched - ok
10:01:35.0857 4620 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
10:01:35.0877 4620 ql2300 - ok
10:01:35.0957 4620 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
10:01:35.0967 4620 ql40xx - ok
10:01:36.0007 4620 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
10:01:36.0017 4620 QWAVE - ok
10:01:36.0067 4620 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
10:01:36.0067 4620 QWAVEdrv - ok
10:01:36.0077 4620 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
10:01:36.0087 4620 RasAcd - ok
10:01:36.0137 4620 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:01:36.0137 4620 RasAgileVpn - ok
10:01:36.0177 4620 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
10:01:36.0187 4620 RasAuto - ok
10:01:36.0237 4620 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:01:36.0237 4620 Rasl2tp - ok
10:01:36.0287 4620 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
10:01:36.0297 4620 RasMan - ok
10:01:36.0337 4620 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
10:01:36.0337 4620 RasPppoe - ok
10:01:36.0387 4620 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
10:01:36.0387 4620 RasSstp - ok
10:01:36.0417 4620 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
10:01:36.0427 4620 rdbss - ok
10:01:36.0457 4620 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
10:01:36.0467 4620 rdpbus - ok
10:01:36.0487 4620 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:01:36.0487 4620 RDPCDD - ok
10:01:36.0507 4620 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
10:01:36.0507 4620 RDPENCDD - ok
10:01:36.0537 4620 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
10:01:36.0537 4620 RDPREFMP - ok
10:01:36.0587 4620 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
10:01:36.0597 4620 RDPWD - ok
10:01:36.0637 4620 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
10:01:36.0637 4620 rdyboost - ok
10:01:36.0697 4620 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
10:01:36.0697 4620 RemoteAccess - ok
10:01:36.0707 4620 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
10:01:36.0717 4620 RemoteRegistry - ok
10:01:36.0837 4620 RichVideo (498eb62a160674e793fa40fd65390625) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
10:01:36.0837 4620 RichVideo - ok
10:01:36.0877 4620 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
10:01:36.0887 4620 RpcEptMapper - ok
10:01:36.0917 4620 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
10:01:36.0917 4620 RpcLocator - ok
10:01:36.0977 4620 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
10:01:36.0987 4620 RpcSs - ok
10:01:37.0047 4620 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
10:01:37.0057 4620 rspndr - ok
10:01:37.0107 4620 RSUSBSTOR (2db8116d52b19216812c4e6d5d837810) C:\Windows\system32\Drivers\RtsUStor.sys
10:01:37.0117 4620 RSUSBSTOR - ok
10:01:37.0167 4620 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
10:01:37.0177 4620 RTL8167 - ok
10:01:37.0197 4620 RtsUIR - ok
10:01:37.0237 4620 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:01:37.0237 4620 SamSs - ok
10:01:37.0277 4620 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
10:01:37.0277 4620 sbp2port - ok
10:01:37.0317 4620 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
10:01:37.0317 4620 SCardSvr - ok
10:01:37.0347 4620 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
10:01:37.0357 4620 scfilter - ok
10:01:37.0458 4620 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
10:01:37.0468 4620 Schedule - ok
10:01:37.0498 4620 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
10:01:37.0498 4620 SCPolicySvc - ok
10:01:37.0538 4620 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
10:01:37.0548 4620 sdbus - ok
10:01:37.0578 4620 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
10:01:37.0588 4620 SDRSVC - ok
10:01:37.0618 4620 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
10:01:37.0618 4620 secdrv - ok
10:01:37.0638 4620 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
10:01:37.0648 4620 seclogon - ok
10:01:37.0698 4620 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
10:01:37.0698 4620 SENS - ok
10:01:37.0718 4620 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
10:01:37.0718 4620 SensrSvc - ok
10:01:37.0748 4620 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
10:01:37.0748 4620 Serenum - ok
10:01:37.0768 4620 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
10:01:37.0768 4620 Serial - ok
10:01:37.0798 4620 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
10:01:37.0808 4620 sermouse - ok
10:01:37.0848 4620 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
10:01:37.0848 4620 SessionEnv - ok
10:01:37.0878 4620 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
10:01:37.0878 4620 sffdisk - ok
10:01:37.0878 4620 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
10:01:37.0888 4620 sffp_mmc - ok
10:01:37.0898 4620 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
10:01:37.0898 4620 sffp_sd - ok
10:01:37.0928 4620 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
10:01:37.0928 4620 sfloppy - ok
10:01:38.0008 4620 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
10:01:38.0008 4620 SharedAccess - ok
10:01:38.0048 4620 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
10:01:38.0058 4620 ShellHWDetection - ok
10:01:38.0098 4620 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:01:38.0098 4620 SiSRaid2 - ok
10:01:38.0108 4620 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
10:01:38.0118 4620 SiSRaid4 - ok
10:01:38.0228 4620 SkypeUpdate (579ba0a911ff5ea70cb604cd3b744b0a) C:\Program Files (x86)\Skype\Updater\Updater.exe
10:01:38.0228 4620 SkypeUpdate - ok
10:01:38.0278 4620 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
10:01:38.0278 4620 Smb - ok
10:01:38.0348 4620 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
10:01:38.0348 4620 SNMPTRAP - ok
10:01:38.0358 4620 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
10:01:38.0358 4620 spldr - ok
10:01:38.0408 4620 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
10:01:38.0418 4620 Spooler - ok
10:01:38.0568 4620 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
10:01:38.0668 4620 sppsvc - ok
10:01:38.0748 4620 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
10:01:38.0758 4620 sppuinotify - ok
10:01:38.0818 4620 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
10:01:38.0828 4620 srv - ok
10:01:38.0868 4620 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
10:01:38.0878 4620 srv2 - ok
10:01:38.0918 4620 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
10:01:38.0928 4620 SrvHsfHDA - ok
10:01:38.0998 4620 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
10:01:39.0048 4620 SrvHsfV92 - ok
10:01:39.0198 4620 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
10:01:39.0208 4620 SrvHsfWinac - ok
10:01:39.0258 4620 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
10:01:39.0258 4620 srvnet - ok
10:01:39.0308 4620 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
10:01:39.0308 4620 SSDPSRV - ok
10:01:39.0338 4620 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
10:01:39.0338 4620 SstpSvc - ok
10:01:39.0378 4620 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
10:01:39.0378 4620 stexstor - ok
10:01:39.0418 4620 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
10:01:39.0438 4620 stisvc - ok
10:01:39.0478 4620 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
10:01:39.0478 4620 swenum - ok
10:01:39.0568 4620 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
10:01:39.0588 4620 swprv - ok
10:01:39.0648 4620 SynTP (bcf305959b53b200ceb2ad25ad22f8a7) C:\Windows\system32\DRIVERS\SynTP.sys
10:01:39.0648 4620 SynTP - ok
10:01:39.0758 4620 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
10:01:39.0788 4620 SysMain - ok
10:01:39.0878 4620 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
10:01:39.0888 4620 TabletInputService - ok
10:01:39.0948 4620 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
10:01:39.0948 4620 TapiSrv - ok
10:01:39.0978 4620 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
10:01:39.0978 4620 TBS - ok
10:01:40.0158 4620 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
10:01:40.0178 4620 Tcpip - ok
10:01:40.0408 4620 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
10:01:40.0418 4620 TCPIP6 - ok
10:01:40.0518 4620 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
10:01:40.0518 4620 tcpipreg - ok
10:01:40.0558 4620 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
10:01:40.0558 4620 TDPIPE - ok
10:01:40.0618 4620 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
10:01:40.0628 4620 TDTCP - ok
10:01:40.0698 4620 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
10:01:40.0708 4620 tdx - ok
10:01:40.0738 4620 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
10:01:40.0738 4620 TermDD - ok
10:01:40.0798 4620 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
10:01:40.0808 4620 TermService - ok
10:01:40.0838 4620 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
10:01:40.0838 4620 Themes - ok
10:01:40.0878 4620 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
10:01:40.0878 4620 THREADORDER - ok
10:01:40.0918 4620 tmactmon (73aaffdd2ac3c8814b26c440e5dd9dd4) C:\Windows\system32\DRIVERS\tmactmon.sys
10:01:40.0928 4620 tmactmon - ok
10:01:40.0978 4620 tmcomm (360e61217d4e1e333583d0c721057f70) C:\Windows\system32\DRIVERS\tmcomm.sys
10:01:40.0978 4620 tmcomm - ok
10:01:41.0028 4620 tmevtmgr (699d34eb7c670139ca23a65372bd5743) C:\Windows\system32\DRIVERS\tmevtmgr.sys
10:01:41.0028 4620 tmevtmgr - ok
10:01:41.0068 4620 tmtdi (262198efb734012bfcd17e7479ae4a09) C:\Windows\system32\DRIVERS\tmtdi.sys
10:01:41.0078 4620 tmtdi - ok
10:01:41.0248 4620 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
10:01:41.0248 4620 TrkWks - ok
10:01:41.0298 4620 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
10:01:41.0298 4620 TrustedInstaller - ok
10:01:41.0338 4620 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:01:41.0348 4620 tssecsrv - ok
10:01:41.0388 4620 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
10:01:41.0398 4620 TsUsbFlt - ok
10:01:41.0438 4620 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
10:01:41.0438 4620 tunnel - ok
10:01:41.0468 4620 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
10:01:41.0468 4620 uagp35 - ok
10:01:41.0508 4620 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
10:01:41.0508 4620 udfs - ok
10:01:41.0558 4620 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
10:01:41.0558 4620 UI0Detect - ok
10:01:41.0588 4620 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
10:01:41.0588 4620 uliagpkx - ok
10:01:41.0628 4620 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
10:01:41.0628 4620 umbus - ok
10:01:41.0648 4620 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
10:01:41.0658 4620 UmPass - ok
10:01:41.0688 4620 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
10:01:41.0698 4620 upnphost - ok
10:01:41.0738 4620 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
10:01:41.0738 4620 USBAAPL64 - ok
10:01:41.0778 4620 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
10:01:41.0788 4620 usbaudio - ok
10:01:41.0818 4620 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
10:01:41.0818 4620 usbccgp - ok
10:01:41.0848 4620 USBCCID - ok
10:01:41.0898 4620 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
10:01:41.0898 4620 usbcir - ok
10:01:41.0928 4620 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
10:01:41.0928 4620 usbehci - ok
10:01:41.0988 4620 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
10:01:41.0998 4620 usbhub - ok
10:01:42.0028 4620 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
10:01:42.0038 4620 usbohci - ok
10:01:42.0068 4620 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
10:01:42.0078 4620 usbprint - ok
10:01:42.0098 4620 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
10:01:42.0098 4620 usbscan - ok
10:01:42.0128 4620 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:01:42.0138 4620 USBSTOR - ok
10:01:42.0168 4620 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
10:01:42.0168 4620 usbuhci - ok
10:01:42.0228 4620 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
10:01:42.0228 4620 usbvideo - ok
10:01:42.0258 4620 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
10:01:42.0258 4620 UxSms - ok
10:01:42.0298 4620 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:01:42.0308 4620 VaultSvc - ok
10:01:42.0378 4620 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
10:01:42.0388 4620 vdrvroot - ok
10:01:42.0468 4620 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
10:01:42.0478 4620 vds - ok
10:01:42.0518 4620 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
10:01:42.0518 4620 vga - ok
10:01:42.0538 4620 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
10:01:42.0538 4620 VgaSave - ok
10:01:42.0568 4620 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
10:01:42.0568 4620 vhdmp - ok
10:01:42.0598 4620 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
10:01:42.0608 4620 viaide - ok
10:01:42.0618 4620 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
10:01:42.0628 4620 volmgr - ok
10:01:42.0668 4620 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
10:01:42.0678 4620 volmgrx - ok
10:01:42.0708 4620 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
10:01:42.0708 4620 volsnap - ok
10:01:42.0738 4620 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
10:01:42.0748 4620 vsmraid - ok
10:01:42.0828 4620 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
10:01:42.0848 4620 VSS - ok
10:01:43.0008 4620 vToolbarUpdater11.2.0 (8ed347bad8d1fb7c40b593bfb01786d2) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
10:01:43.0018 4620 vToolbarUpdater11.2.0 - ok
10:01:43.0098 4620 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
10:01:43.0098 4620 vwifibus - ok
10:01:43.0148 4620 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
10:01:43.0148 4620 vwififlt - ok
10:01:43.0188 4620 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
10:01:43.0198 4620 W32Time - ok
10:01:43.0238 4620 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
10:01:43.0248 4620 WacomPen - ok
10:01:43.0298 4620 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:01:43.0298 4620 WANARP - ok
10:01:43.0308 4620 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:01:43.0318 4620 Wanarpv6 - ok
10:01:43.0438 4620 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
10:01:43.0448 4620 WatAdminSvc - ok
10:01:43.0528 4620 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
10:01:43.0548 4620 wbengine - ok
10:01:43.0648 4620 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
10:01:43.0658 4620 WbioSrvc - ok
10:01:43.0698 4620 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
10:01:43.0708 4620 wcncsvc - ok
10:01:43.0748 4620 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
10:01:43.0748 4620 WcsPlugInService - ok
10:01:43.0808 4620 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
10:01:43.0808 4620 Wd - ok
10:01:43.0868 4620 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
10:01:43.0878 4620 Wdf01000 - ok
10:01:43.0908 4620 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
10:01:43.0918 4620 WdiServiceHost - ok
10:01:43.0938 4620 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
10:01:43.0938 4620 WdiSystemHost - ok
10:01:43.0978 4620 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
10:01:43.0988 4620 WebClient - ok
10:01:44.0038 4620 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
10:01:44.0038 4620 Wecsvc - ok
10:01:44.0058 4620 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
10:01:44.0068 4620 wercplsupport - ok
10:01:44.0108 4620 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
10:01:44.0118 4620 WerSvc - ok
10:01:44.0178 4620 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
10:01:44.0178 4620 WfpLwf - ok
10:01:44.0198 4620 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
10:01:44.0198 4620 WIMMount - ok
10:01:44.0278 4620 winachsf (a6ea7a3fc4b00f48535b506db1e86efd) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
10:01:44.0288 4620 winachsf - ok
10:01:44.0348 4620 WinDefend - ok
10:01:44.0358 4620 WinHttpAutoProxySvc - ok
10:01:44.0408 4620 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
10:01:44.0418 4620 Winmgmt - ok
10:01:44.0528 4620 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
10:01:44.0558 4620 WinRM - ok
10:01:44.0708 4620 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
10:01:44.0708 4620 WinUsb - ok
10:01:44.0788 4620 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
10:01:44.0798 4620 Wlansvc - ok
10:01:44.0838 4620 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
10:01:44.0838 4620 WmiAcpi - ok
10:01:44.0898 4620 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
10:01:44.0898 4620 wmiApSrv - ok
10:01:44.0938 4620 WMPNetworkSvc - ok
10:01:45.0058 4620 WMZuneComm (83b6ca03c846fcd47f9883d77d1eb27b) c:\Program Files\Zune\WMZuneComm.exe
10:01:45.0058 4620 WMZuneComm - ok
10:01:45.0088 4620 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
10:01:45.0088 4620 WPCSvc - ok
10:01:45.0128 4620 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
10:01:45.0128 4620 WPDBusEnum - ok
10:01:45.0158 4620 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
10:01:45.0158 4620 ws2ifsl - ok
10:01:45.0238 4620 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
10:01:45.0238 4620 wscsvc - ok
10:01:45.0248 4620 WSearch - ok
10:01:45.0398 4620 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
10:01:45.0428 4620 wuauserv - ok
10:01:45.0548 4620 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
10:01:45.0548 4620 WudfPf - ok
10:01:45.0598 4620 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:01:45.0598 4620 WUDFRd - ok
10:01:45.0618 4620 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
10:01:45.0618 4620 wudfsvc - ok
10:01:45.0668 4620 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
10:01:45.0668 4620 WwanSvc - ok
10:01:45.0698 4620 XAudio (e8f3fa126a06f8e7088f63757112a186) C:\Windows\system32\DRIVERS\XAudio64.sys
10:01:45.0698 4620 XAudio - ok
10:01:45.0758 4620 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
10:01:45.0758 4620 yukonw7 - ok
10:01:46.0168 4620 ZuneNetworkSvc (67b787c34fb2888d01b130ae007042d8) c:\Program Files\Zune\ZuneNss.exe
10:01:46.0398 4620 ZuneNetworkSvc - ok
10:01:46.0559 4620 ZuneWlanCfgSvc (4d89fc1c20cf655739efac5da81a67bc) c:\Program Files\Zune\ZuneWlanCfgSvc.exe
10:01:46.0569 4620 ZuneWlanCfgSvc - ok
10:01:46.0629 4620 MBR (0x1B8) (de23ad1285d12ab3358945dc7628786c) \Device\Harddisk0\DR0
10:01:46.0799 4620 \Device\Harddisk0\DR0 - ok
10:01:46.0809 4620 Boot (0x1200) (9a9e1f8bbbeb783df3d2872c58645a4b) \Device\Harddisk0\DR0\Partition0
10:01:46.0809 4620 \Device\Harddisk0\DR0\Partition0 - ok
10:01:46.0819 4620 Boot (0x1200) (eb4ff44826345e9bf9d9ee2dffa708a8) \Device\Harddisk0\DR0\Partition1
10:01:46.0819 4620 \Device\Harddisk0\DR0\Partition1 - ok
10:01:46.0849 4620 Boot (0x1200) (3523ff2542483805442b2cd5245b847d) \Device\Harddisk0\DR0\Partition2
10:01:46.0849 4620 \Device\Harddisk0\DR0\Partition2 - ok
10:01:46.0849 4620 ============================================================
10:01:46.0849 4620 Scan finished
10:01:46.0849 4620 ============================================================
10:01:46.0879 5564 Detected object count: 0
10:01:46.0879 5564 Actual detected object count: 0

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:02 PM

Posted 22 July 2012 - 12:34 PM

Greetings


Were you able to run the aswMBR scan? If so let me have the report please



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 inlakeshalakin

inlakeshalakin
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:02 PM

Posted 22 July 2012 - 10:48 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-17 21:10:28
-----------------------------
21:10:28.288 OS Version: Windows x64 6.1.7601 Service Pack 1
21:10:28.288 Number of processors: 2 586 0x170A
21:10:28.290 ComputerName: OWNER-PC UserName: Owner
21:10:29.723 Initialize success
21:11:51.197 AVAST engine defs: 12071701
21:18:54.672 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:18:54.678 Disk 0 Vendor: TOSHIBA_MK3263GSX FG020C Size: 305245MB BusType: 11
21:18:54.696 Disk 0 MBR read successfully
21:18:54.699 Disk 0 MBR scan
21:18:54.759 Disk 0 unknown MBR code
21:18:54.787 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
21:18:54.801 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 292890 MB offset 409600
21:18:54.845 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12154 MB offset 600248320
21:18:54.886 Disk 0 scanning C:\Windows\system32\drivers
21:19:11.625 Service scanning
21:20:14.681 Modules scanning
21:20:14.696 Disk 0 trace - called modules:
21:20:14.712 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
21:20:14.718 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003191060]
21:20:14.725 3 CLASSPNP.SYS[fffff880010c643f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8002ea7060]
21:20:16.343 AVAST engine scan C:\Windows
21:20:21.366 AVAST engine scan C:\Windows\system32
21:25:38.592 AVAST engine scan C:\Windows\system32\drivers
21:26:09.650 AVAST engine scan C:\Users\Owner
21:31:31.149 AVAST engine scan C:\ProgramData
21:32:48.940 File: C:\ProgramData\Microsoft\Windows\DRM\5D2C.tmp **INFECTED** Win32:Malware-gen
21:32:48.984 File: C:\ProgramData\Microsoft\Windows\DRM\5DBA.tmp **INFECTED** Win32:Malware-gen
21:32:49.091 File: C:\ProgramData\Microsoft\Windows\DRM\B542.tmp.dat **INFECTED** Win32:Alureon-ATR [Trj]
21:33:24.579 Scan finished successfully
21:34:25.725 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Documents\System Logs\MBR.dat"
21:34:25.738 The log file has been saved successfully to "C:\Users\Owner\Documents\System Logs\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-22 10:17:51
-----------------------------
10:17:51.410 OS Version: Windows x64 6.1.7601 Service Pack 1
10:17:51.410 Number of processors: 2 586 0x170A
10:17:51.410 ComputerName: OWNER-PC UserName: Owner
10:17:53.460 Initialize success
10:19:23.703 AVAST engine defs: 12072200
10:41:13.499 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
10:41:13.499 Disk 0 Vendor: TOSHIBA_MK3263GSX FG020C Size: 305245MB BusType: 11
10:41:13.514 Disk 0 MBR read successfully
10:41:13.514 Disk 0 MBR scan
10:41:13.530 Disk 0 unknown MBR code
10:41:13.545 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
10:41:13.561 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 292890 MB offset 409600
10:41:13.592 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12154 MB offset 600248320
10:41:13.639 Disk 0 scanning C:\Windows\system32\drivers
10:41:26.269 Service scanning
10:42:19.101 Modules scanning
10:42:19.111 Disk 0 trace - called modules:
10:42:19.151 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
10:42:19.171 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003031590]
10:42:19.181 3 CLASSPNP.SYS[fffff880010b943f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8002e55060]
10:42:20.371 AVAST engine scan C:\Windows
10:42:25.436 AVAST engine scan C:\Windows\system32
10:46:59.468 AVAST engine scan C:\Windows\system32\drivers
10:47:22.026 AVAST engine scan C:\Users\Owner
10:51:25.070 AVAST engine scan C:\ProgramData
10:52:31.725 File: C:\ProgramData\Microsoft\Windows\DRM\5D2C.tmp **INFECTED** Win32:Malware-gen
10:52:31.772 File: C:\ProgramData\Microsoft\Windows\DRM\5DBA.tmp **INFECTED** Win32:Malware-gen
10:52:31.838 File: C:\ProgramData\Microsoft\Windows\DRM\B542.tmp.dat **INFECTED** Win32:Alureon-ATR [Trj]
10:53:00.043 Scan finished successfully
22:31:36.177 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Documents\System Logs\MBR.dat"
22:31:36.187 The log file has been saved successfully to "C:\Users\Owner\Documents\System Logs\aswMBR.txt"

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:02 PM

Posted 22 July 2012 - 10:54 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
C:\ProgramData\Microsoft\Windows\DRM

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users