Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Patched Trojan_c.LXT and Luhe.Sirefef.A


  • This topic is locked This topic is locked
14 replies to this topic

#1 Boredley

Boredley

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 24 July 2012 - 01:46 AM

Earlier this morning AVG 2012 kept popping up with a message saying that a threat was detected upon opening and listed it as Patched Trojan_c.LXT or Luhe.Sirefef.A Everytime I would click on anything it would re-direct me to somewhere else. So I have spent all day researching this, and have tried everything I have read and it is doing a little better but after coming across this site and reading about others having the same problems as me and what they had to use to get rid of this issue I know I need someone trained to help me. I have done everything in the Preparation Guide except GMER because in running a 64 bit system. I have done a TDSSKiller, aswMBR, and ESET which will be included in my documentation. I really am stuck on what to do, so any help would be very much appreciated.
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Brad at 20:01:27 on 2012-07-23
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5815.4055 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files (x86)\Launch Manager\LMutilps32.exe
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\igfxext.exe
C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Windows\splwow64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Users\Brad\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brad\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brad\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brad\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brad\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brad\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brad\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brad\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brad\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brad\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brad\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Users\Brad\AppData\Local\Google\Chrome\Application\chrome.exe
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\AVG\AVG2012\avgcfgex.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://acer.msn.com
mDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://acer.msn.com
uURLSearchHooks: H - No File
uURLSearchHooks: N/A: {7a55cbb2-2b2e-4a41-9de1-6ac5d2c2be0a} - C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49SrcAs.dll
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Utility Chest: {cf67755f-9265-449c-87cf-b945519e073b} - C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49bar.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [AdobeBridge]
uRun: [Facebook Update] "C:\Users\Brad\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Spotify] "C:\Users\Brad\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
uRun: [Google Update] "C:\Users\Brad\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
StartupFolder: C:\Users\Brad\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
LSP: mswsock.dll
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{2E088290-B187-4E10-8A9E-BE2D1F04D00A} : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{2E088290-B187-4E10-8A9E-BE2D1F04D00A}\45F6E6765756020557E63686 : DhcpNameServer = 192.168.1.1 75.75.75.75 75.75.76.76
TCP: Interfaces\{2E088290-B187-4E10-8A9E-BE2D1F04D00A}\F4D48575946494 : DhcpNameServer = 208.67.222.222 208.67.220.220 2.2.2.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Winamp Toolbar Loader: {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
BHO-X64: Winamp Toolbar Loader - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO-X64: Canon Easy-WebPrint EX BHO - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Utility Chest: {cf67755f-9265-449c-87cf-b945519e073b} - C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49bar.dll
TB-X64: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB-X64: Winamp Toolbar: {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File
mRun-x64: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun-x64: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun-x64: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun-x64: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun-x64: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun-x64: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun-x64: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun-x64: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [?]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [?]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 acedrv11;acedrv11;\??\C:\Windows\system32\drivers\acedrv11.sys --> C:\Windows\system32\drivers\acedrv11.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-8-1 353360]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2011-10-7 872552]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2011-1-17 29696]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-7-31 13336]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-8-1 244624]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2012-1-5 256536]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-7-31 2320920]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\drivers\HECIx64.sys --> C:\Windows\system32\drivers\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-7-4 5160568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-30 136176]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe --> c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-15 158856]
S3 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-4-2 173424]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-30 136176]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 ssmirrdr;ssmirrdr;C:\Windows\system32\DRIVERS\ssmirrdr.sys --> C:\Windows\system32\DRIVERS\ssmirrdr.sys [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\system32\DRIVERS\WSDScan.sys --> C:\Windows\system32\DRIVERS\WSDScan.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-07-23 23:35:46 -------- d-----w- C:\ProgramData\PC Tools
2012-07-23 23:35:46 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2012-07-23 20:42:27 -------- d-----w- C:\Program Files\Enigma Software Group
2012-07-23 20:41:41 -------- d-----w- C:\Windows\F896D02690164122B9BD957FF092FFE9.TMP
2012-07-23 20:41:38 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-07-23 20:09:14 -------- d-----w- C:\Program Files (x86)\PC Tools Security
2012-07-23 20:02:55 -------- d-----w- C:\Users\Brad\AppData\Roaming\GetRightToGo
2012-07-23 15:23:28 -------- d-----w- C:\Users\Brad\AppData\Roaming\Malwarebytes
2012-07-23 15:23:19 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-23 15:23:17 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-23 07:27:31 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-07-11 10:07:10 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-11 08:21:15 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-07-10 11:20:49 -------- d-----w- C:\Users\Brad\AppData\Roaming\Unity
2012-07-05 09:18:26 -------- d-----w- C:\Program Files (x86)\Portal
.
==================== Find3M ====================
.
2012-07-23 07:23:18 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-23 07:23:18 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-17 12:23:09 106496 ----a-w- C:\Windows\SysWow64\ATL71.DLL
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-14 11:37:30 270336 ----a-w- C:\Windows\SysWow64\ssleay32.dll
2012-05-14 11:37:30 270336 ----a-w- C:\Windows\SysWow64\libssl32.dll
2012-05-14 11:37:10 1179648 ----a-w- C:\Windows\SysWow64\libeay32.dll
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
.
============= FINISH: 20:02:19.17 ===============

Here is my TDSSKiller
20:46:20.0903 6308 TDSS rootkit removing tool 2.7.47.0 Jul 20 2012 20:36:30
20:46:21.0322 6308 ============================================================
20:46:21.0322 6308 Current date / time: 2012/07/23 20:46:21.0322
20:46:21.0322 6308 SystemInfo:
20:46:21.0322 6308
20:46:21.0322 6308 OS Version: 6.1.7601 ServicePack: 1.0
20:46:21.0322 6308 Product type: Workstation
20:46:21.0322 6308 ComputerName: BRAD-PC
20:46:21.0323 6308 UserName: Brad
20:46:21.0323 6308 Windows directory: C:\Windows
20:46:21.0323 6308 System windows directory: C:\Windows
20:46:21.0323 6308 Running under WOW64
20:46:21.0323 6308 Processor architecture: Intel x64
20:46:21.0323 6308 Number of processors: 4
20:46:21.0323 6308 Page size: 0x1000
20:46:21.0323 6308 Boot type: Normal boot
20:46:21.0323 6308 ============================================================
20:46:22.0101 6308 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:46:22.0112 6308 ============================================================
20:46:22.0112 6308 \Device\Harddisk0\DR0:
20:46:22.0113 6308 MBR partitions:
20:46:22.0113 6308 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2400800, BlocksNum 0x32000
20:46:22.0113 6308 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2432800, BlocksNum 0x37F53000
20:46:22.0113 6308 ============================================================
20:46:22.0153 6308 C: <-> \Device\Harddisk0\DR0\Partition1
20:46:22.0153 6308 ============================================================
20:46:22.0153 6308 Initialize success
20:46:22.0153 6308 ============================================================
20:48:27.0336 3124 Deinitialize success
20:06:39.0778 7596 TDSS rootkit removing tool 2.7.47.0 Jul 20 2012 20:36:30
20:06:40.0194 7596 ============================================================
20:06:40.0194 7596 Current date / time: 2012/07/23 20:06:40.0194
20:06:40.0194 7596 SystemInfo:
20:06:40.0194 7596
20:06:40.0194 7596 OS Version: 6.1.7601 ServicePack: 1.0
20:06:40.0194 7596 Product type: Workstation
20:06:40.0194 7596 ComputerName: BRAD-PC
20:06:40.0194 7596 UserName: Brad
20:06:40.0194 7596 Windows directory: C:\Windows
20:06:40.0194 7596 System windows directory: C:\Windows
20:06:40.0194 7596 Running under WOW64
20:06:40.0195 7596 Processor architecture: Intel x64
20:06:40.0195 7596 Number of processors: 4
20:06:40.0195 7596 Page size: 0x1000
20:06:40.0195 7596 Boot type: Normal boot
20:06:40.0195 7596 ============================================================
20:06:40.0971 7596 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:06:40.0981 7596 ============================================================
20:06:40.0981 7596 \Device\Harddisk0\DR0:
20:06:40.0981 7596 MBR partitions:
20:06:40.0981 7596 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2400800, BlocksNum 0x32000
20:06:40.0981 7596 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2432800, BlocksNum 0x37F53000
20:06:40.0981 7596 ============================================================
20:06:41.0023 7596 C: <-> \Device\Harddisk0\DR0\Partition1
20:06:41.0023 7596 ============================================================
20:06:41.0023 7596 Initialize success
20:06:41.0023 7596 ============================================================
20:07:01.0805 7368 ============================================================
20:07:01.0805 7368 Scan started
20:07:01.0805 7368 Mode: Manual; TDLFS;
20:07:01.0805 7368 ============================================================
20:07:02.0936 7368 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
20:07:02.0941 7368 1394ohci - ok
20:07:03.0143 7368 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
20:07:03.0144 7368 ACDaemon - ok
20:07:03.0241 7368 acedrv11 (a3769020f7e8a70fd3e824c050f33306) C:\Windows\system32\drivers\acedrv11.sys
20:07:03.0243 7368 acedrv11 - ok
20:07:03.0298 7368 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
20:07:03.0304 7368 ACPI - ok
20:07:03.0330 7368 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
20:07:03.0331 7368 AcpiPmi - ok
20:07:03.0441 7368 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:07:03.0442 7368 AdobeARMservice - ok
20:07:03.0514 7368 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
20:07:03.0522 7368 adp94xx - ok
20:07:03.0572 7368 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
20:07:03.0578 7368 adpahci - ok
20:07:03.0620 7368 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
20:07:03.0624 7368 adpu320 - ok
20:07:03.0653 7368 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
20:07:03.0654 7368 AeLookupSvc - ok
20:07:03.0744 7368 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
20:07:03.0753 7368 AFD - ok
20:07:03.0781 7368 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
20:07:03.0783 7368 agp440 - ok
20:07:03.0820 7368 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
20:07:03.0822 7368 ALG - ok
20:07:03.0845 7368 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
20:07:03.0846 7368 aliide - ok
20:07:03.0859 7368 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
20:07:03.0861 7368 amdide - ok
20:07:03.0871 7368 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
20:07:03.0873 7368 AmdK8 - ok
20:07:03.0883 7368 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
20:07:03.0885 7368 AmdPPM - ok
20:07:03.0912 7368 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
20:07:03.0915 7368 amdsata - ok
20:07:03.0939 7368 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
20:07:03.0943 7368 amdsbs - ok
20:07:03.0960 7368 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
20:07:03.0960 7368 amdxata - ok
20:07:04.0005 7368 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
20:07:04.0007 7368 AppID - ok
20:07:04.0031 7368 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
20:07:04.0032 7368 AppIDSvc - ok
20:07:04.0071 7368 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
20:07:04.0073 7368 Appinfo - ok
20:07:04.0097 7368 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
20:07:04.0100 7368 arc - ok
20:07:04.0123 7368 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
20:07:04.0126 7368 arcsas - ok
20:07:04.0163 7368 aspnet_state - ok
20:07:04.0191 7368 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:07:04.0192 7368 AsyncMac - ok
20:07:04.0233 7368 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
20:07:04.0234 7368 atapi - ok
20:07:04.0462 7368 athr (de9fb3dade8fd39ae2c587df22d36b8e) C:\Windows\system32\DRIVERS\athrx.sys
20:07:04.0508 7368 athr - ok
20:07:04.0686 7368 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:07:04.0694 7368 AudioEndpointBuilder - ok
20:07:04.0713 7368 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:07:04.0721 7368 AudioSrv - ok
20:07:05.0188 7368 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
20:07:05.0253 7368 AVGIDSAgent - ok
20:07:05.0416 7368 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys
20:07:05.0418 7368 AVGIDSDriver - ok
20:07:05.0467 7368 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys
20:07:05.0468 7368 AVGIDSFilter - ok
20:07:05.0482 7368 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys
20:07:05.0483 7368 AVGIDSHA - ok
20:07:05.0528 7368 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
20:07:05.0532 7368 Avgldx64 - ok
20:07:05.0555 7368 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
20:07:05.0556 7368 Avgmfx64 - ok
20:07:05.0593 7368 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
20:07:05.0594 7368 Avgrkx64 - ok
20:07:05.0647 7368 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS\avgtdia.sys
20:07:05.0651 7368 Avgtdia - ok
20:07:05.0752 7368 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
20:07:05.0755 7368 avgwd - ok
20:07:05.0807 7368 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
20:07:05.0809 7368 AxInstSV - ok
20:07:05.0873 7368 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
20:07:05.0881 7368 b06bdrv - ok
20:07:05.0943 7368 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:07:05.0948 7368 b57nd60a - ok
20:07:06.0323 7368 BCM43XX (11f844b46b631337395651abe9c4167b) C:\Windows\system32\DRIVERS\bcmwl664.sys
20:07:06.0442 7368 BCM43XX - ok
20:07:06.0587 7368 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
20:07:06.0589 7368 BDESVC - ok
20:07:06.0652 7368 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:07:06.0653 7368 Beep - ok
20:07:06.0671 7368 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
20:07:06.0673 7368 blbdrive - ok
20:07:06.0712 7368 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
20:07:06.0713 7368 bowser - ok
20:07:06.0755 7368 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
20:07:06.0756 7368 BrFiltLo - ok
20:07:06.0762 7368 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
20:07:06.0763 7368 BrFiltUp - ok
20:07:06.0813 7368 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
20:07:06.0815 7368 Browser - ok
20:07:06.0859 7368 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:07:06.0865 7368 Brserid - ok
20:07:06.0888 7368 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:07:06.0890 7368 BrSerWdm - ok
20:07:06.0902 7368 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:07:06.0903 7368 BrUsbMdm - ok
20:07:06.0923 7368 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:07:06.0924 7368 BrUsbSer - ok
20:07:06.0970 7368 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
20:07:06.0972 7368 BTHMODEM - ok
20:07:07.0008 7368 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
20:07:07.0010 7368 bthserv - ok
20:07:07.0043 7368 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:07:07.0046 7368 cdfs - ok
20:07:07.0094 7368 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
20:07:07.0097 7368 cdrom - ok
20:07:07.0133 7368 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:07:07.0135 7368 CertPropSvc - ok
20:07:07.0152 7368 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
20:07:07.0154 7368 circlass - ok
20:07:07.0210 7368 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:07:07.0215 7368 CLFS - ok
20:07:07.0273 7368 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:07:07.0275 7368 clr_optimization_v2.0.50727_32 - ok
20:07:07.0323 7368 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:07:07.0326 7368 clr_optimization_v2.0.50727_64 - ok
20:07:07.0416 7368 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:07:07.0419 7368 clr_optimization_v4.0.30319_32 - ok
20:07:07.0504 7368 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:07:07.0507 7368 clr_optimization_v4.0.30319_64 - ok
20:07:07.0538 7368 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
20:07:07.0539 7368 CmBatt - ok
20:07:07.0553 7368 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
20:07:07.0555 7368 cmdide - ok
20:07:07.0674 7368 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
20:07:07.0689 7368 CNG - ok
20:07:07.0760 7368 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
20:07:07.0761 7368 Compbatt - ok
20:07:07.0810 7368 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
20:07:07.0811 7368 CompositeBus - ok
20:07:07.0855 7368 COMSysApp - ok
20:07:07.0889 7368 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
20:07:07.0891 7368 crcdisk - ok
20:07:07.0988 7368 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
20:07:07.0991 7368 CryptSvc - ok
20:07:08.0159 7368 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
20:07:08.0169 7368 cvhsvc - ok
20:07:08.0236 7368 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:07:08.0245 7368 DcomLaunch - ok
20:07:08.0287 7368 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
20:07:08.0293 7368 defragsvc - ok
20:07:08.0364 7368 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
20:07:08.0367 7368 DfsC - ok
20:07:08.0436 7368 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
20:07:08.0440 7368 Dhcp - ok
20:07:08.0456 7368 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:07:08.0457 7368 discache - ok
20:07:08.0501 7368 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
20:07:08.0503 7368 Disk - ok
20:07:08.0538 7368 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
20:07:08.0541 7368 Dnscache - ok
20:07:08.0569 7368 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
20:07:08.0575 7368 dot3svc - ok
20:07:08.0591 7368 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
20:07:08.0594 7368 DPS - ok
20:07:08.0641 7368 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:07:08.0642 7368 drmkaud - ok
20:07:08.0732 7368 DsiWMIService (9dd3a22f804697606c2b7ff9e912ff6b) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
20:07:08.0736 7368 DsiWMIService - ok
20:07:08.0827 7368 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
20:07:08.0838 7368 DXGKrnl - ok
20:07:08.0873 7368 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
20:07:08.0876 7368 EapHost - ok
20:07:09.0138 7368 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
20:07:09.0227 7368 ebdrv - ok
20:07:09.0346 7368 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
20:07:09.0349 7368 EFS - ok
20:07:09.0434 7368 EgisTec Ticket Service (18dd872dd46acb24e106dc2c9c270466) C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
20:07:09.0438 7368 EgisTec Ticket Service - ok
20:07:09.0534 7368 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
20:07:09.0545 7368 ehRecvr - ok
20:07:09.0581 7368 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
20:07:09.0584 7368 ehSched - ok
20:07:09.0707 7368 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
20:07:09.0717 7368 elxstor - ok
20:07:09.0860 7368 ePowerSvc (ac5c64f828c0a6a1350971501ac2a0c7) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
20:07:09.0870 7368 ePowerSvc - ok
20:07:09.0984 7368 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
20:07:09.0985 7368 ErrDev - ok
20:07:10.0043 7368 esgiguard - ok
20:07:10.0089 7368 ETD (dbaa0c650c9549dc5c599d1e81dedaad) C:\Windows\system32\DRIVERS\ETD.sys
20:07:10.0091 7368 ETD - ok
20:07:10.0151 7368 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
20:07:10.0157 7368 EventSystem - ok
20:07:10.0195 7368 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:07:10.0199 7368 exfat - ok
20:07:10.0229 7368 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:07:10.0234 7368 fastfat - ok
20:07:10.0328 7368 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
20:07:10.0341 7368 Fax - ok
20:07:10.0368 7368 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
20:07:10.0370 7368 fdc - ok
20:07:10.0395 7368 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
20:07:10.0396 7368 fdPHost - ok
20:07:10.0412 7368 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
20:07:10.0414 7368 FDResPub - ok
20:07:10.0438 7368 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:07:10.0439 7368 FileInfo - ok
20:07:10.0449 7368 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:07:10.0451 7368 Filetrace - ok
20:07:10.0609 7368 FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
20:07:10.0621 7368 FLEXnet Licensing Service - ok
20:07:10.0659 7368 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
20:07:10.0660 7368 flpydisk - ok
20:07:10.0697 7368 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
20:07:10.0702 7368 FltMgr - ok
20:07:10.0801 7368 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
20:07:10.0821 7368 FontCache - ok
20:07:10.0892 7368 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:07:10.0894 7368 FontCache3.0.0.0 - ok
20:07:10.0952 7368 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:07:10.0954 7368 FsDepends - ok
20:07:11.0007 7368 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
20:07:11.0008 7368 Fs_Rec - ok
20:07:11.0064 7368 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:07:11.0068 7368 fvevol - ok
20:07:11.0102 7368 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
20:07:11.0104 7368 gagp30kx - ok
20:07:11.0194 7368 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
20:07:11.0204 7368 gpsvc - ok
20:07:11.0284 7368 GREGService (84e58fea8b1a7537696a20c59cb9b0c9) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
20:07:11.0285 7368 GREGService - ok
20:07:11.0368 7368 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:07:11.0370 7368 gupdate - ok
20:07:11.0393 7368 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:07:11.0395 7368 gupdatem - ok
20:07:11.0459 7368 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
20:07:11.0463 7368 gusvc - ok
20:07:11.0492 7368 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:07:11.0493 7368 hcw85cir - ok
20:07:11.0545 7368 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
20:07:11.0551 7368 HdAudAddService - ok
20:07:11.0582 7368 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
20:07:11.0585 7368 HDAudBus - ok
20:07:11.0628 7368 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\drivers\HECIx64.sys
20:07:11.0629 7368 HECIx64 - ok
20:07:11.0647 7368 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
20:07:11.0649 7368 HidBatt - ok
20:07:11.0662 7368 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
20:07:11.0665 7368 HidBth - ok
20:07:11.0686 7368 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
20:07:11.0688 7368 HidIr - ok
20:07:11.0718 7368 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
20:07:11.0720 7368 hidserv - ok
20:07:11.0755 7368 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
20:07:11.0757 7368 HidUsb - ok
20:07:11.0789 7368 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
20:07:11.0793 7368 hkmsvc - ok
20:07:11.0847 7368 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
20:07:11.0853 7368 HomeGroupListener - ok
20:07:11.0890 7368 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
20:07:11.0895 7368 HomeGroupProvider - ok
20:07:11.0936 7368 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
20:07:11.0939 7368 HpSAMD - ok
20:07:12.0005 7368 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
20:07:12.0014 7368 HTTP - ok
20:07:12.0038 7368 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
20:07:12.0039 7368 hwpolicy - ok
20:07:12.0065 7368 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
20:07:12.0067 7368 i8042prt - ok
20:07:12.0138 7368 iaStor (1384872112e8e7fd5786eceb8bddf4c9) C:\Windows\system32\drivers\iaStor.sys
20:07:12.0145 7368 iaStor - ok
20:07:12.0232 7368 IAStorDataMgrSvc (6b24d1c3096de796d15571079ea5e98c) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
20:07:12.0233 7368 IAStorDataMgrSvc - ok
20:07:12.0289 7368 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
20:07:12.0297 7368 iaStorV - ok
20:07:12.0400 7368 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
20:07:12.0402 7368 IDriverT - ok
20:07:12.0523 7368 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:07:12.0537 7368 idsvc - ok
20:07:13.0497 7368 igfx (f4f91789c7c7a159ce8215c1f69f2a85) C:\Windows\system32\DRIVERS\igdkmd64.sys
20:07:13.0773 7368 igfx - ok
20:07:13.0912 7368 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
20:07:13.0914 7368 iirsp - ok
20:07:14.0036 7368 IJPLMSVC (ad5df6f4fbbc798636edc66bfec7d0de) C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
20:07:14.0038 7368 IJPLMSVC - ok
20:07:14.0130 7368 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
20:07:14.0145 7368 IKEEXT - ok
20:07:14.0184 7368 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
20:07:14.0188 7368 Impcd - ok
20:07:14.0434 7368 IntcAzAudAddService (650d06e28a43e365a01ec4ee0946fc24) C:\Windows\system32\drivers\RTKVHD64.sys
20:07:14.0466 7368 IntcAzAudAddService - ok
20:07:14.0577 7368 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
20:07:14.0579 7368 intelide - ok
20:07:14.0612 7368 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:07:14.0613 7368 intelppm - ok
20:07:14.0647 7368 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
20:07:14.0651 7368 IPBusEnum - ok
20:07:14.0671 7368 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:07:14.0674 7368 IpFilterDriver - ok
20:07:14.0707 7368 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
20:07:14.0710 7368 IPMIDRV - ok
20:07:14.0730 7368 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:07:14.0733 7368 IPNAT - ok
20:07:14.0773 7368 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:07:14.0774 7368 IRENUM - ok
20:07:14.0786 7368 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
20:07:14.0787 7368 isapnp - ok
20:07:14.0814 7368 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
20:07:14.0820 7368 iScsiPrt - ok
20:07:14.0895 7368 k57nd60a (0469bff65bbdee9e46d0c45ee32a08bd) C:\Windows\system32\DRIVERS\k57nd60a.sys
20:07:14.0900 7368 k57nd60a - ok
20:07:14.0938 7368 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
20:07:14.0939 7368 kbdclass - ok
20:07:14.0966 7368 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
20:07:14.0969 7368 kbdhid - ok
20:07:15.0001 7368 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:07:15.0003 7368 KeyIso - ok
20:07:15.0060 7368 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
20:07:15.0062 7368 KSecDD - ok
20:07:15.0108 7368 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
20:07:15.0111 7368 KSecPkg - ok
20:07:15.0153 7368 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:07:15.0155 7368 ksthunk - ok
20:07:15.0216 7368 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
20:07:15.0225 7368 KtmRm - ok
20:07:15.0280 7368 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
20:07:15.0285 7368 LanmanServer - ok
20:07:15.0319 7368 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
20:07:15.0323 7368 LanmanWorkstation - ok
20:07:15.0403 7368 Live Updater Service (b705c7097f9a0ec941d02dce7c7d426c) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
20:07:15.0406 7368 Live Updater Service - ok
20:07:15.0445 7368 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:07:15.0447 7368 lltdio - ok
20:07:15.0498 7368 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
20:07:15.0505 7368 lltdsvc - ok
20:07:15.0524 7368 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
20:07:15.0525 7368 lmhosts - ok
20:07:15.0627 7368 LMS (dbc1136a62bd4decc3632df650284c2e) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
20:07:15.0631 7368 LMS - ok
20:07:15.0676 7368 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
20:07:15.0679 7368 LSI_FC - ok
20:07:15.0692 7368 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
20:07:15.0695 7368 LSI_SAS - ok
20:07:15.0705 7368 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
20:07:15.0707 7368 LSI_SAS2 - ok
20:07:15.0720 7368 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
20:07:15.0723 7368 LSI_SCSI - ok
20:07:15.0758 7368 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:07:15.0760 7368 luafv - ok
20:07:15.0786 7368 McAfee SiteAdvisor Service - ok
20:07:15.0839 7368 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
20:07:15.0842 7368 mcdbus - ok
20:07:15.0879 7368 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
20:07:15.0882 7368 Mcx2Svc - ok
20:07:15.0903 7368 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
20:07:15.0905 7368 megasas - ok
20:07:15.0937 7368 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
20:07:15.0943 7368 MegaSR - ok
20:07:15.0979 7368 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:07:15.0981 7368 MMCSS - ok
20:07:16.0005 7368 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:07:16.0007 7368 Modem - ok
20:07:16.0038 7368 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:07:16.0039 7368 monitor - ok
20:07:16.0062 7368 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
20:07:16.0063 7368 mouclass - ok
20:07:16.0112 7368 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:07:16.0114 7368 mouhid - ok
20:07:16.0135 7368 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
20:07:16.0137 7368 mountmgr - ok
20:07:16.0162 7368 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
20:07:16.0166 7368 mpio - ok
20:07:16.0194 7368 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:07:16.0196 7368 mpsdrv - ok
20:07:16.0230 7368 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
20:07:16.0234 7368 MRxDAV - ok
20:07:16.0263 7368 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:07:16.0265 7368 mrxsmb - ok
20:07:16.0327 7368 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:07:16.0330 7368 mrxsmb10 - ok
20:07:16.0370 7368 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:07:16.0372 7368 mrxsmb20 - ok
20:07:16.0388 7368 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
20:07:16.0390 7368 msahci - ok
20:07:16.0406 7368 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
20:07:16.0410 7368 msdsm - ok
20:07:16.0440 7368 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
20:07:16.0445 7368 MSDTC - ok
20:07:16.0486 7368 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:07:16.0488 7368 Msfs - ok
20:07:16.0523 7368 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:07:16.0524 7368 mshidkmdf - ok
20:07:16.0539 7368 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
20:07:16.0540 7368 msisadrv - ok
20:07:16.0572 7368 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
20:07:16.0577 7368 MSiSCSI - ok
20:07:16.0582 7368 msiserver - ok
20:07:16.0618 7368 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:07:16.0619 7368 MSKSSRV - ok
20:07:16.0634 7368 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:07:16.0635 7368 MSPCLOCK - ok
20:07:16.0647 7368 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:07:16.0648 7368 MSPQM - ok
20:07:16.0702 7368 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
20:07:16.0708 7368 MsRPC - ok
20:07:16.0727 7368 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
20:07:16.0729 7368 mssmbios - ok
20:07:16.0759 7368 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:07:16.0760 7368 MSTEE - ok
20:07:16.0775 7368 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
20:07:16.0776 7368 MTConfig - ok
20:07:16.0796 7368 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:07:16.0798 7368 Mup - ok
20:07:16.0823 7368 mwlPSDFilter (c009123b206c56854f4e88596035231d) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
20:07:16.0824 7368 mwlPSDFilter - ok
20:07:16.0842 7368 mwlPSDNServ (bf3739eeb9f008b1debac115089a53f8) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
20:07:16.0843 7368 mwlPSDNServ - ok
20:07:16.0865 7368 mwlPSDVDisk (38dd143d95e7a01b86f219dda9c28779) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
20:07:16.0866 7368 mwlPSDVDisk - ok
20:07:16.0936 7368 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
20:07:16.0946 7368 napagent - ok
20:07:17.0004 7368 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:07:17.0008 7368 NativeWifiP - ok
20:07:17.0106 7368 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
20:07:17.0121 7368 NDIS - ok
20:07:17.0146 7368 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:07:17.0148 7368 NdisCap - ok
20:07:17.0179 7368 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:07:17.0181 7368 NdisTapi - ok
20:07:17.0211 7368 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
20:07:17.0213 7368 Ndisuio - ok
20:07:17.0240 7368 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
20:07:17.0244 7368 NdisWan - ok
20:07:17.0270 7368 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
20:07:17.0272 7368 NDProxy - ok
20:07:17.0301 7368 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:07:17.0303 7368 NetBIOS - ok
20:07:17.0333 7368 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
20:07:17.0337 7368 NetBT - ok
20:07:17.0368 7368 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:07:17.0371 7368 Netlogon - ok
20:07:17.0423 7368 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
20:07:17.0431 7368 Netman - ok
20:07:17.0467 7368 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
20:07:17.0476 7368 netprofm - ok
20:07:17.0539 7368 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:07:17.0542 7368 NetTcpPortSharing - ok
20:07:17.0580 7368 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
20:07:17.0582 7368 nfrd960 - ok
20:07:17.0636 7368 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
20:07:17.0641 7368 NlaSvc - ok
20:07:17.0655 7368 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:07:17.0657 7368 Npfs - ok
20:07:17.0677 7368 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
20:07:17.0679 7368 nsi - ok
20:07:17.0705 7368 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:07:17.0706 7368 nsiproxy - ok
20:07:17.0844 7368 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
20:07:17.0871 7368 Ntfs - ok
20:07:17.0972 7368 NTI IScheduleSvc (d27a4546417ed7c4aea7b3420d4f1f50) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
20:07:17.0976 7368 NTI IScheduleSvc - ok
20:07:18.0098 7368 NTIDrvr (ee3ba1024594d5d09e314f206b94069e) C:\Windows\system32\drivers\NTIDrvr.sys
20:07:18.0098 7368 NTIDrvr - ok
20:07:18.0111 7368 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:07:18.0112 7368 Null - ok
20:07:18.0164 7368 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
20:07:18.0168 7368 nvraid - ok
20:07:18.0191 7368 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
20:07:18.0195 7368 nvstor - ok
20:07:18.0235 7368 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
20:07:18.0238 7368 nv_agp - ok
20:07:18.0248 7368 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
20:07:18.0250 7368 ohci1394 - ok
20:07:18.0349 7368 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:07:18.0352 7368 ose - ok
20:07:18.0798 7368 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:07:18.0924 7368 osppsvc - ok
20:07:19.0069 7368 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:07:19.0077 7368 p2pimsvc - ok
20:07:19.0127 7368 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
20:07:19.0136 7368 p2psvc - ok
20:07:19.0189 7368 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
20:07:19.0192 7368 Parport - ok
20:07:19.0240 7368 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
20:07:19.0242 7368 partmgr - ok
20:07:19.0280 7368 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
20:07:19.0285 7368 PcaSvc - ok
20:07:19.0314 7368 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
20:07:19.0318 7368 pci - ok
20:07:19.0334 7368 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
20:07:19.0336 7368 pciide - ok
20:07:19.0356 7368 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
20:07:19.0361 7368 pcmcia - ok
20:07:19.0386 7368 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:07:19.0387 7368 pcw - ok
20:07:19.0445 7368 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:07:19.0453 7368 PEAUTH - ok
20:07:19.0561 7368 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
20:07:19.0563 7368 PerfHost - ok
20:07:19.0744 7368 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
20:07:19.0768 7368 pla - ok
20:07:19.0849 7368 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
20:07:19.0856 7368 PlugPlay - ok
20:07:19.0882 7368 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
20:07:19.0885 7368 PNRPAutoReg - ok
20:07:19.0937 7368 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:07:19.0943 7368 PNRPsvc - ok
20:07:20.0017 7368 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
20:07:20.0026 7368 PolicyAgent - ok
20:07:20.0070 7368 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
20:07:20.0074 7368 Power - ok
20:07:20.0140 7368 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
20:07:20.0143 7368 PptpMiniport - ok
20:07:20.0160 7368 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
20:07:20.0162 7368 Processor - ok
20:07:20.0229 7368 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
20:07:20.0233 7368 ProfSvc - ok
20:07:20.0269 7368 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:07:20.0271 7368 ProtectedStorage - ok
20:07:20.0319 7368 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
20:07:20.0322 7368 Psched - ok
20:07:20.0458 7368 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
20:07:20.0485 7368 ql2300 - ok
20:07:20.0602 7368 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
20:07:20.0605 7368 ql40xx - ok
20:07:20.0653 7368 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
20:07:20.0659 7368 QWAVE - ok
20:07:20.0671 7368 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:07:20.0673 7368 QWAVEdrv - ok
20:07:20.0695 7368 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:07:20.0696 7368 RasAcd - ok
20:07:20.0734 7368 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:07:20.0736 7368 RasAgileVpn - ok
20:07:20.0774 7368 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
20:07:20.0778 7368 RasAuto - ok
20:07:20.0809 7368 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:07:20.0812 7368 Rasl2tp - ok
20:07:20.0868 7368 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
20:07:20.0877 7368 RasMan - ok
20:07:20.0908 7368 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:07:20.0910 7368 RasPppoe - ok
20:07:20.0940 7368 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:07:20.0942 7368 RasSstp - ok
20:07:20.0996 7368 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
20:07:21.0002 7368 rdbss - ok
20:07:21.0024 7368 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
20:07:21.0026 7368 rdpbus - ok
20:07:21.0058 7368 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:07:21.0058 7368 RDPCDD - ok
20:07:21.0086 7368 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:07:21.0087 7368 RDPENCDD - ok
20:07:21.0095 7368 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:07:21.0096 7368 RDPREFMP - ok
20:07:21.0153 7368 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
20:07:21.0156 7368 RDPWD - ok
20:07:21.0215 7368 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
20:07:21.0219 7368 rdyboost - ok
20:07:21.0268 7368 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
20:07:21.0271 7368 RemoteAccess - ok
20:07:21.0306 7368 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
20:07:21.0311 7368 RemoteRegistry - ok
20:07:21.0329 7368 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
20:07:21.0333 7368 RpcEptMapper - ok
20:07:21.0354 7368 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
20:07:21.0357 7368 RpcLocator - ok
20:07:21.0417 7368 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:07:21.0425 7368 RpcSs - ok
20:07:21.0470 7368 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:07:21.0472 7368 rspndr - ok
20:07:21.0524 7368 RSUSBSTOR (0e3dcf76f11dc431b088a2dfd7265cda) C:\Windows\system32\Drivers\RtsUStor.sys
20:07:21.0529 7368 RSUSBSTOR - ok
20:07:21.0558 7368 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:07:21.0561 7368 SamSs - ok
20:07:21.0587 7368 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
20:07:21.0590 7368 sbp2port - ok
20:07:21.0618 7368 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
20:07:21.0624 7368 SCardSvr - ok
20:07:21.0634 7368 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
20:07:21.0636 7368 scfilter - ok
20:07:21.0722 7368 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
20:07:21.0737 7368 Schedule - ok
20:07:21.0767 7368 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:07:21.0769 7368 SCPolicySvc - ok
20:07:21.0796 7368 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
20:07:21.0802 7368 SDRSVC - ok
20:07:21.0864 7368 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:07:21.0865 7368 secdrv - ok
20:07:21.0895 7368 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
20:07:21.0898 7368 seclogon - ok
20:07:21.0922 7368 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
20:07:21.0925 7368 SENS - ok
20:07:21.0951 7368 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
20:07:21.0954 7368 SensrSvc - ok
20:07:21.0986 7368 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
20:07:21.0988 7368 Serenum - ok
20:07:22.0011 7368 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
20:07:22.0014 7368 Serial - ok
20:07:22.0045 7368 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
20:07:22.0047 7368 sermouse - ok
20:07:22.0105 7368 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
20:07:22.0115 7368 SessionEnv - ok
20:07:22.0133 7368 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
20:07:22.0135 7368 sffdisk - ok
20:07:22.0153 7368 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
20:07:22.0154 7368 sffp_mmc - ok
20:07:22.0161 7368 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
20:07:22.0163 7368 sffp_sd - ok
20:07:22.0171 7368 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
20:07:22.0172 7368 sfloppy - ok
20:07:22.0278 7368 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
20:07:22.0287 7368 Sftfs - ok
20:07:22.0397 7368 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
20:07:22.0404 7368 sftlist - ok
20:07:22.0460 7368 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
20:07:22.0463 7368 Sftplay - ok
20:07:22.0477 7368 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
20:07:22.0478 7368 Sftredir - ok
20:07:22.0519 7368 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
20:07:22.0520 7368 Sftvol - ok
20:07:22.0550 7368 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
20:07:22.0553 7368 sftvsa - ok
20:07:22.0603 7368 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
20:07:22.0610 7368 ShellHWDetection - ok
20:07:22.0639 7368 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
20:07:22.0641 7368 SiSRaid2 - ok
20:07:22.0652 7368 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
20:07:22.0654 7368 SiSRaid4 - ok
20:07:22.0703 7368 SkypeUpdate (db0405d9aad62f0762e0876ac142b7e1) C:\Program Files (x86)\Skype\Updater\Updater.exe
20:07:22.0706 7368 SkypeUpdate - ok
20:07:22.0736 7368 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:07:22.0739 7368 Smb - ok
20:07:22.0787 7368 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
20:07:22.0789 7368 SNMPTRAP - ok
20:07:22.0823 7368 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:07:22.0824 7368 spldr - ok
20:07:22.0881 7368 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
20:07:22.0890 7368 Spooler - ok
20:07:23.0157 7368 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
20:07:23.0200 7368 sppsvc - ok
20:07:23.0320 7368 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
20:07:23.0324 7368 sppuinotify - ok
20:07:23.0337 7368 sptd - ok
20:07:23.0421 7368 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
20:07:23.0427 7368 srv - ok
20:07:23.0458 7368 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
20:07:23.0464 7368 srv2 - ok
20:07:23.0488 7368 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
20:07:23.0491 7368 srvnet - ok
20:07:23.0551 7368 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
20:07:23.0557 7368 SSDPSRV - ok
20:07:23.0611 7368 ssmirrdr (1100066057fbf612b573efd3b21383f1) C:\Windows\system32\DRIVERS\ssmirrdr.sys
20:07:23.0612 7368 ssmirrdr - ok
20:07:23.0634 7368 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
20:07:23.0638 7368 SstpSvc - ok
20:07:23.0747 7368 StarWindServiceAE (e5c796b621f6fba8616511063d7f0ffe) C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
20:07:23.0752 7368 StarWindServiceAE - ok
20:07:23.0775 7368 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
20:07:23.0777 7368 stexstor - ok
20:07:23.0858 7368 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
20:07:23.0868 7368 stisvc - ok
20:07:23.0894 7368 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
20:07:23.0895 7368 swenum - ok
20:07:24.0026 7368 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
20:07:24.0032 7368 SwitchBoard - ok
20:07:24.0098 7368 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
20:07:24.0109 7368 swprv - ok
20:07:24.0240 7368 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
20:07:24.0263 7368 SysMain - ok
20:07:24.0376 7368 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
20:07:24.0381 7368 TabletInputService - ok
20:07:24.0417 7368 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
20:07:24.0425 7368 TapiSrv - ok
20:07:24.0439 7368 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
20:07:24.0443 7368 TBS - ok
20:07:24.0648 7368 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
20:07:24.0679 7368 Tcpip - ok
20:07:24.0941 7368 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
20:07:24.0964 7368 TCPIP6 - ok
20:07:25.0089 7368 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
20:07:25.0090 7368 tcpipreg - ok
20:07:25.0114 7368 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:07:25.0115 7368 TDPIPE - ok
20:07:25.0164 7368 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
20:07:25.0166 7368 TDTCP - ok
20:07:25.0185 7368 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
20:07:25.0188 7368 tdx - ok
20:07:25.0226 7368 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
20:07:25.0228 7368 TermDD - ok
20:07:25.0303 7368 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
20:07:25.0317 7368 TermService - ok
20:07:25.0337 7368 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
20:07:25.0340 7368 Themes - ok
20:07:25.0369 7368 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:07:25.0371 7368 THREADORDER - ok
20:07:25.0402 7368 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
20:07:25.0406 7368 TrkWks - ok
20:07:25.0460 7368 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
20:07:25.0463 7368 TrustedInstaller - ok
20:07:25.0481 7368 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:07:25.0483 7368 tssecsrv - ok
20:07:25.0511 7368 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
20:07:25.0513 7368 TsUsbFlt - ok
20:07:25.0532 7368 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
20:07:25.0534 7368 TsUsbGD - ok
20:07:25.0579 7368 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
20:07:25.0582 7368 tunnel - ok
20:07:25.0605 7368 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
20:07:25.0607 7368 uagp35 - ok
20:07:25.0630 7368 UBHelper (a17d5e1a6df4eab0a480f2c490de4c9d) C:\Windows\system32\drivers\UBHelper.sys
20:07:25.0630 7368 UBHelper - ok
20:07:25.0681 7368 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
20:07:25.0688 7368 udfs - ok
20:07:25.0728 7368 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
20:07:25.0731 7368 UI0Detect - ok
20:07:25.0756 7368 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
20:07:25.0759 7368 uliagpkx - ok
20:07:25.0800 7368 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
20:07:25.0802 7368 umbus - ok
20:07:25.0833 7368 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
20:07:25.0835 7368 UmPass - ok
20:07:26.0055 7368 UNS (7466809e6da561d60c2f1ce8ede3c73f) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
20:07:26.0085 7368 UNS - ok
20:07:26.0215 7368 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
20:07:26.0223 7368 upnphost - ok
20:07:26.0278 7368 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
20:07:26.0281 7368 usbccgp - ok
20:07:26.0312 7368 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
20:07:26.0315 7368 usbcir - ok
20:07:26.0342 7368 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
20:07:26.0344 7368 usbehci - ok
20:07:26.0388 7368 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\drivers\usbhub.sys
20:07:26.0394 7368 usbhub - ok
20:07:26.0402 7368 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
20:07:26.0403 7368 usbohci - ok
20:07:26.0417 7368 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
20:07:26.0419 7368 usbprint - ok
20:07:26.0446 7368 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:07:26.0449 7368 USBSTOR - ok
20:07:26.0461 7368 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
20:07:26.0462 7368 usbuhci - ok
20:07:26.0504 7368 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
20:07:26.0508 7368 usbvideo - ok
20:07:26.0543 7368 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
20:07:26.0546 7368 UxSms - ok
20:07:26.0580 7368 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:07:26.0582 7368 VaultSvc - ok
20:07:26.0612 7368 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
20:07:26.0613 7368 vdrvroot - ok
20:07:26.0678 7368 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
20:07:26.0689 7368 vds - ok
20:07:26.0719 7368 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:07:26.0721 7368 vga - ok
20:07:26.0745 7368 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:07:26.0746 7368 VgaSave - ok
20:07:26.0783 7368 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
20:07:26.0787 7368 vhdmp - ok
20:07:26.0807 7368 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
20:07:26.0808 7368 viaide - ok
20:07:26.0834 7368 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
20:07:26.0836 7368 volmgr - ok
20:07:26.0880 7368 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
20:07:26.0887 7368 volmgrx - ok
20:07:26.0912 7368 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
20:07:26.0917 7368 volsnap - ok
20:07:26.0961 7368 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
20:07:26.0965 7368 vsmraid - ok
20:07:27.0100 7368 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
20:07:27.0129 7368 VSS - ok
20:07:27.0237 7368 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
20:07:27.0239 7368 vwifibus - ok
20:07:27.0254 7368 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
20:07:27.0256 7368 vwififlt - ok
20:07:27.0309 7368 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
20:07:27.0310 7368 vwifimp - ok
20:07:27.0366 7368 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
20:07:27.0375 7368 W32Time - ok
20:07:27.0398 7368 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
20:07:27.0400 7368 WacomPen - ok
20:07:27.0438 7368 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:07:27.0441 7368 WANARP - ok
20:07:27.0446 7368 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:07:27.0448 7368 Wanarpv6 - ok
20:07:27.0595 7368 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
20:07:27.0616 7368 WatAdminSvc - ok
20:07:27.0758 7368 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
20:07:27.0785 7368 wbengine - ok
20:07:27.0912 7368 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
20:07:27.0919 7368 WbioSrvc - ok
20:07:27.0964 7368 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
20:07:27.0973 7368 wcncsvc - ok
20:07:27.0998 7368 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
20:07:28.0002 7368 WcsPlugInService - ok
20:07:28.0056 7368 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
20:07:28.0058 7368 Wd - ok
20:07:28.0138 7368 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:07:28.0146 7368 Wdf01000 - ok
20:07:28.0179 7368 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:07:28.0184 7368 WdiServiceHost - ok
20:07:28.0189 7368 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:07:28.0193 7368 WdiSystemHost - ok
20:07:28.0227 7368 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
20:07:28.0234 7368 WebClient - ok
20:07:28.0265 7368 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
20:07:28.0272 7368 Wecsvc - ok
20:07:28.0301 7368 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
20:07:28.0306 7368 wercplsupport - ok
20:07:28.0334 7368 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
20:07:28.0339 7368 WerSvc - ok
20:07:28.0397 7368 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:07:28.0398 7368 WfpLwf - ok
20:07:28.0420 7368 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:07:28.0421 7368 WIMMount - ok
20:07:28.0429 7368 WinHttpAutoProxySvc - ok
20:07:28.0518 7368 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
20:07:28.0521 7368 Winmgmt - ok
20:07:28.0693 7368 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
20:07:28.0728 7368 WinRM - ok
20:07:28.0867 7368 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
20:07:28.0869 7368 WinUsb - ok
20:07:28.0956 7368 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
20:07:28.0969 7368 Wlansvc - ok
20:07:29.0047 7368 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
20:07:29.0049 7368 wlcrasvc - ok
20:07:29.0288 7368 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:07:29.0315 7368 wlidsvc - ok
20:07:29.0442 7368 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
20:07:29.0443 7368 WmiAcpi - ok
20:07:29.0506 7368 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
20:07:29.0510 7368 wmiApSrv - ok
20:07:29.0561 7368 WMPNetworkSvc - ok
20:07:29.0596 7368 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
20:07:29.0599 7368 WPCSvc - ok
20:07:29.0621 7368 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
20:07:29.0626 7368 WPDBusEnum - ok
20:07:29.0660 7368 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:07:29.0661 7368 ws2ifsl - ok
20:07:29.0719 7368 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
20:07:29.0720 7368 WSDPrintDevice - ok
20:07:29.0733 7368 WSDScan (4a2a5c50dd1a63577d3aca94269fbc7f) C:\Windows\system32\DRIVERS\WSDScan.sys
20:07:29.0734 7368 WSDScan - ok
20:07:29.0740 7368 WSearch - ok
20:07:29.0767 7368 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
20:07:29.0769 7368 WudfPf - ok
20:07:29.0819 7368 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:07:29.0823 7368 WUDFRd - ok
20:07:29.0855 7368 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
20:07:29.0859 7368 wudfsvc - ok
20:07:29.0887 7368 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
20:07:29.0894 7368 WwanSvc - ok
20:07:29.0940 7368 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:07:30.0770 7368 \Device\Harddisk0\DR0 - ok
20:07:30.0797 7368 Boot (0x1200) (20b258c1c959c4476f8ce70f99b41828) \Device\Harddisk0\DR0\Partition0
20:07:30.0799 7368 \Device\Harddisk0\DR0\Partition0 - ok
20:07:30.0818 7368 Boot (0x1200) (384f67dedaf51d4c0153997fbb3df72e) \Device\Harddisk0\DR0\Partition1
20:07:30.0820 7368 \Device\Harddisk0\DR0\Partition1 - ok
20:07:30.0820 7368 ============================================================
20:07:30.0820 7368 Scan finished
20:07:30.0820 7368 ============================================================
20:07:30.0840 5508 Detected object count: 0
20:07:30.0840 5508 Actual detected object count: 0
20:08:04.0617 7912 Deinitialize success

Here is my aswMBR
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-23 20:09:24
-----------------------------
20:09:24.998 OS Version: Windows x64 6.1.7601 Service Pack 1
20:09:24.998 Number of processors: 4 586 0x2505
20:09:25.000 ComputerName: BRAD-PC UserName: Brad
20:09:26.455 Initialize success
20:11:18.052 AVAST engine defs: 12072302
20:11:22.604 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:11:22.608 Disk 0 Vendor: Hitachi_ JE3O Size: 476940MB BusType: 3
20:11:22.626 Disk 0 MBR read successfully
20:11:22.631 Disk 0 MBR scan
20:11:22.641 Disk 0 Windows 7 default MBR code
20:11:22.658 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 18432 MB offset 2048
20:11:22.683 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 37750784
20:11:22.703 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 458406 MB offset 37955584
20:11:22.734 Disk 0 scanning C:\Windows\system32\drivers
20:11:34.825 Service scanning
20:12:07.556 Modules scanning
20:12:07.573 Disk 0 trace - called modules:
20:12:07.594 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
20:12:07.605 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80083cc060]
20:12:07.616 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80063cb050]
20:12:09.450 AVAST engine scan C:\Windows
20:12:12.650 AVAST engine scan C:\Windows\system32
20:14:32.356 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
20:14:34.598 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
20:15:58.825 AVAST engine scan C:\Windows\system32\drivers
20:16:14.925 AVAST engine scan C:\Users\Brad
20:17:12.677 File: C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Local State **SUSPICIOUS**
20:42:46.983 AVAST engine scan C:\ProgramData
20:44:35.938 Scan finished successfully
20:44:49.989 Disk 0 MBR has been saved successfully to "C:\Users\Brad\Desktop\MBR.dat"
20:44:50.002 The log file has been saved successfully to "C:\Users\Brad\Desktop\aswMBR.txt"

and finally here in mt ESET
C:\Users\Brad\AppData\Local\Temp\InstallMonetizer.exe multiple threats cleaned by deleting - quarantined
C:\Users\Brad\AppData\Local\Temp\ICReinstall\cnet2_eBookOrganizerSetup_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Users\Joy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\89SU9XF6\cnet_faceprotected2_zip.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Users\Joy\AppData\Local\Temp\ICReinstall\cnet_faceprotected2_zip.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Windows\Installer\{68001dc5-c06f-89a2-ff6e-a5d91ee8a271}\U\00000008.@ Win64/Agent.BA trojan cleaned by deleting - quarantined
C:\Windows\Installer\{68001dc5-c06f-89a2-ff6e-a5d91ee8a271}\U\80000032.@ a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
Operating memory multiple threats

Any help would be amazing thanks. Oh and all of these reports are in chronological order.

Attached Files


Edited by Boredley, 24 July 2012 - 01:48 AM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:16 PM

Posted 25 July 2012 - 02:03 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Boredley

Boredley
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 25 July 2012 - 06:28 PM

Hi, and thanks a lot for helping me. I ran Security Check and ComboFix with no issues and have been using my computer for about 45 mins now with no issues so far at all. It's actually running noticably faster than I have seen it run in a long time. Here's the log:

ComboFix 12-07-26.04 - Brad 07/25/2012 15:36:51.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5815.4535 [GMT -7:00]
Running from: c:\users\Brad\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\windows\Installer\{68001dc5-c06f-89a2-ff6e-a5d91ee8a271}\@
c:\windows\Installer\{68001dc5-c06f-89a2-ff6e-a5d91ee8a271}\L\00000004.@
c:\windows\Installer\{68001dc5-c06f-89a2-ff6e-a5d91ee8a271}\L\201d3dde
c:\windows\Installer\{68001dc5-c06f-89a2-ff6e-a5d91ee8a271}\U\00000004.@
c:\windows\Installer\{68001dc5-c06f-89a2-ff6e-a5d91ee8a271}\U\00000008.@
c:\windows\Installer\{68001dc5-c06f-89a2-ff6e-a5d91ee8a271}\U\000000cb.@
c:\windows\Installer\{68001dc5-c06f-89a2-ff6e-a5d91ee8a271}\U\80000000.@
c:\windows\Installer\{68001dc5-c06f-89a2-ff6e-a5d91ee8a271}\U\80000032.@
c:\windows\Installer\{68001dc5-c06f-89a2-ff6e-a5d91ee8a271}\U\80000064.@
.
Infected copy of c:\windows\system32\services.exe was found and disinfected
Restored copy from - c:\32788r22fwjfw\HarddiskVolumeShadowCopy1_!Windows!System32!services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-25 to 2012-07-25 )))))))))))))))))))))))))))))))
.
.
2012-07-25 22:46 . 2012-07-25 22:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-24 03:15 . 2012-07-24 03:15 -------- d-----w- c:\program files (x86)\ESET
2012-07-23 23:35 . 2012-07-23 23:37 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-07-23 23:35 . 2012-07-23 23:36 -------- d-----w- c:\programdata\PC Tools
2012-07-23 20:42 . 2012-07-24 01:05 -------- d-----w- c:\program files\Enigma Software Group
2012-07-23 20:41 . 2012-07-24 01:40 -------- d-----w- c:\windows\F896D02690164122B9BD957FF092FFE9.TMP
2012-07-23 20:41 . 2012-07-23 20:41 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-07-23 20:09 . 2012-07-24 01:07 -------- d-----w- c:\program files (x86)\PC Tools Security
2012-07-23 20:02 . 2012-07-23 20:08 -------- d-----w- c:\users\Brad\AppData\Roaming\GetRightToGo
2012-07-23 15:23 . 2012-07-24 01:05 -------- d-----w- c:\users\Brad\AppData\Roaming\Malwarebytes
2012-07-23 15:23 . 2012-07-23 15:23 -------- d-----w- c:\programdata\Malwarebytes
2012-07-23 15:23 . 2012-07-24 01:07 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-23 07:27 . 2012-07-23 07:27 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-23 05:09 . 2012-07-23 05:13 -------- d-----w- c:\program files (x86)\Real
2012-07-11 10:07 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 08:21 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-10 11:20 . 2012-07-10 11:20 -------- d-----w- c:\users\Brad\AppData\Roaming\Unity
2012-07-05 09:18 . 2012-07-23 21:29 -------- d-----w- c:\program files (x86)\Portal
2012-07-02 00:56 . 2012-07-13 02:35 -------- d-----w- c:\users\Joy\AppData\Local\Windows Live
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-23 07:23 . 2012-04-02 10:56 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-23 07:23 . 2011-08-01 07:12 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 10:02 . 2011-12-09 07:25 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-17 12:24 . 2012-06-17 12:24 61440 ----a-r- c:\users\Brad\AppData\Roaming\Microsoft\Installer\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}\ARPPRODUCTICON.exe
2012-06-17 12:23 . 2011-05-20 18:13 106496 ----a-w- c:\windows\SysWow64\ATL71.DLL
2012-06-02 22:19 . 2012-06-21 02:35 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 02:35 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 02:35 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 02:35 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 02:35 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-21 02:35 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 02:35 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 02:35 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:15 . 2012-06-21 02:35 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-05-14 11:37 . 2012-05-14 11:37 270336 ----a-w- c:\windows\SysWow64\ssleay32.dll
2012-05-14 11:37 . 2012-05-14 11:37 270336 ----a-w- c:\windows\SysWow64\libssl32.dll
2012-05-14 11:37 . 2012-05-14 11:37 1179648 ----a-w- c:\windows\SysWow64\libeay32.dll
2012-05-04 11:06 . 2012-06-13 04:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-13 04:06 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-13 04:06 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-13 04:06 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-13 04:06 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-27 04:12 . 2012-04-27 04:12 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-04-27 04:11 . 2012-02-20 00:03 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-04-27 04:11 . 2012-02-20 00:02 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-04-27 04:11 . 2012-04-27 04:11 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\Brad\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-13 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2011-04-02 340848]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2011-03-29 408432]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2011-03-29 202608]
"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2012-01-05 296984]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-07-01 1103440]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-12-09 74752]
"Nikon Message Center 2"="c:\program files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe" [2011-10-30 571392]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-03-03 140640]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
c:\users\Brad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2012-3-6 576000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-31 136176]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-15 158856]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-04-02 173424]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-31 136176]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-09-22 243712]
R3 ssmirrdr;ssmirrdr;c:\windows\system32\DRIVERS\ssmirrdr.sys [2011-03-15 10112]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-07 1255736]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2011-08-01 22648]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2011-08-01 20520]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2011-08-01 62776]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-02-24 191616]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-07-05 5160568]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-07-01 353360]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2011-05-10 872552]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2011-05-26 29696]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2011-04-22 244624]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2012-01-05 256536]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2011-04-05 142632]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2011-01-17 412712]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-25 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2338821148-439923472-4049080198-1001Core.job
- c:\users\Brad\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-02 00:44]
.
2012-07-25 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2338821148-439923472-4049080198-1001UA.job
- c:\users\Brad\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-02 00:44]
.
2012-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-31 02:35]
.
2012-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-31 02:35]
.
2012-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2338821148-439923472-4049080198-1001Core.job
- c:\users\Brad\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-03 21:50]
.
2012-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2338821148-439923472-4049080198-1001UA.job
- c:\users\Brad\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-03 21:50]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-02-18 11779176]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-05-10 1831528]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-16 499608]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-11 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-11 392984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-11 417560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{7a55cbb2-2b2e-4a41-9de1-6ac5d2c2be0a} - c:\program files (x86)\UtilityChest_49\bar\1.bin\49SrcAs.dll
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-Spotify - c:\users\Brad\AppData\Roaming\Spotify\Spotify.exe
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-EncFlac - c:\program files (x86)\Winamp\EncFlac-Uninstall.exe
AddRemove-InFlac - c:\program files (x86)\Winamp\InFlac-Uninstall.exe
AddRemove-MEXP - c:\program files (x86)\Winamp\plugins\MEXP\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2338821148-439923472-4049080198-1001\Software\SecuROM\License information*]
"datasecu"=hex:2e,be,2f,2d,89,04,58,15,f2,70,44,2d,d4,4c,ab,a3,35,1f,95,08,15,
00,19,32,d0,f1,85,b4,77,56,c2,da,27,c8,c7,82,27,19,78,9d,3d,bc,a0,18,41,0d,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Launch Manager\LMutilps32.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
.
**************************************************************************
.
Completion time: 2012-07-25 16:02:52 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-25 23:02
.
Pre-Run: 279,255,977,984 bytes free
Post-Run: 281,384,075,264 bytes free
.
- - End Of File - - 2EF2A196F3D1B385E5C093F2757D1781

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:16 PM

Posted 25 July 2012 - 08:13 PM

Greetings Boredley

Lets run a couple more checks to be sure

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Boredley

Boredley
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 25 July 2012 - 11:30 PM

Here is the log for TDSSKiller:

19:52:12.0790 5256 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
19:52:13.0353 5256 ============================================================
19:52:13.0353 5256 Current date / time: 2012/07/25 19:52:13.0353
19:52:13.0353 5256 SystemInfo:
19:52:13.0353 5256
19:52:13.0353 5256 OS Version: 6.1.7601 ServicePack: 1.0
19:52:13.0353 5256 Product type: Workstation
19:52:13.0353 5256 ComputerName: BRAD-PC
19:52:13.0354 5256 UserName: Brad
19:52:13.0354 5256 Windows directory: C:\Windows
19:52:13.0354 5256 System windows directory: C:\Windows
19:52:13.0354 5256 Running under WOW64
19:52:13.0354 5256 Processor architecture: Intel x64
19:52:13.0354 5256 Number of processors: 4
19:52:13.0354 5256 Page size: 0x1000
19:52:13.0354 5256 Boot type: Normal boot
19:52:13.0354 5256 ============================================================
19:52:14.0394 5256 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:52:14.0407 5256 ============================================================
19:52:14.0407 5256 \Device\Harddisk0\DR0:
19:52:14.0407 5256 MBR partitions:
19:52:14.0407 5256 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2400800, BlocksNum 0x32000
19:52:14.0407 5256 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2432800, BlocksNum 0x37F53000
19:52:14.0407 5256 ============================================================
19:52:14.0458 5256 C: <-> \Device\Harddisk0\DR0\Partition1
19:52:14.0458 5256 ============================================================
19:52:14.0458 5256 Initialize success
19:52:14.0458 5256 ============================================================
19:52:34.0078 5820 ============================================================
19:52:34.0078 5820 Scan started
19:52:34.0078 5820 Mode: Manual;
19:52:34.0078 5820 ============================================================
19:52:34.0761 5820 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
19:52:34.0765 5820 1394ohci - ok
19:52:34.0882 5820 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
19:52:34.0885 5820 ACDaemon - ok
19:52:34.0999 5820 acedrv11 (a3769020f7e8a70fd3e824c050f33306) C:\Windows\system32\drivers\acedrv11.sys
19:52:35.0002 5820 acedrv11 - ok
19:52:35.0058 5820 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
19:52:35.0063 5820 ACPI - ok
19:52:35.0087 5820 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
19:52:35.0088 5820 AcpiPmi - ok
19:52:35.0176 5820 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:52:35.0178 5820 AdobeARMservice - ok
19:52:35.0252 5820 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
19:52:35.0258 5820 adp94xx - ok
19:52:35.0308 5820 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
19:52:35.0313 5820 adpahci - ok
19:52:35.0356 5820 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
19:52:35.0359 5820 adpu320 - ok
19:52:35.0410 5820 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
19:52:35.0413 5820 AeLookupSvc - ok
19:52:35.0494 5820 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
19:52:35.0500 5820 AFD - ok
19:52:35.0527 5820 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
19:52:35.0529 5820 agp440 - ok
19:52:35.0567 5820 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
19:52:35.0569 5820 ALG - ok
19:52:35.0590 5820 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
19:52:35.0591 5820 aliide - ok
19:52:35.0615 5820 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
19:52:35.0616 5820 amdide - ok
19:52:35.0637 5820 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
19:52:35.0638 5820 AmdK8 - ok
19:52:35.0648 5820 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
19:52:35.0650 5820 AmdPPM - ok
19:52:35.0670 5820 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
19:52:35.0672 5820 amdsata - ok
19:52:35.0697 5820 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
19:52:35.0700 5820 amdsbs - ok
19:52:35.0717 5820 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
19:52:35.0718 5820 amdxata - ok
19:52:35.0762 5820 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
19:52:35.0764 5820 AppID - ok
19:52:35.0788 5820 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
19:52:35.0791 5820 AppIDSvc - ok
19:52:35.0862 5820 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
19:52:35.0864 5820 Appinfo - ok
19:52:35.0944 5820 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
19:52:35.0946 5820 arc - ok
19:52:35.0968 5820 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
19:52:35.0970 5820 arcsas - ok
19:52:36.0010 5820 aspnet_state - ok
19:52:36.0059 5820 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:52:36.0060 5820 AsyncMac - ok
19:52:36.0101 5820 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
19:52:36.0102 5820 atapi - ok
19:52:36.0338 5820 athr (de9fb3dade8fd39ae2c587df22d36b8e) C:\Windows\system32\DRIVERS\athrx.sys
19:52:36.0369 5820 athr - ok
19:52:36.0546 5820 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
19:52:36.0558 5820 AudioEndpointBuilder - ok
19:52:36.0571 5820 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
19:52:36.0579 5820 AudioSrv - ok
19:52:37.0089 5820 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
19:52:37.0215 5820 AVGIDSAgent - ok
19:52:37.0407 5820 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys
19:52:37.0409 5820 AVGIDSDriver - ok
19:52:37.0458 5820 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys
19:52:37.0459 5820 AVGIDSFilter - ok
19:52:37.0472 5820 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys
19:52:37.0473 5820 AVGIDSHA - ok
19:52:37.0521 5820 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
19:52:37.0526 5820 Avgldx64 - ok
19:52:37.0557 5820 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
19:52:37.0558 5820 Avgmfx64 - ok
19:52:37.0594 5820 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
19:52:37.0596 5820 Avgrkx64 - ok
19:52:37.0651 5820 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS\avgtdia.sys
19:52:37.0656 5820 Avgtdia - ok
19:52:37.0764 5820 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
19:52:37.0767 5820 avgwd - ok
19:52:37.0830 5820 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
19:52:37.0834 5820 AxInstSV - ok
19:52:37.0904 5820 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
19:52:37.0910 5820 b06bdrv - ok
19:52:37.0972 5820 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:52:37.0976 5820 b57nd60a - ok
19:52:38.0379 5820 BCM43XX (11f844b46b631337395651abe9c4167b) C:\Windows\system32\DRIVERS\bcmwl664.sys
19:52:38.0447 5820 BCM43XX - ok
19:52:38.0567 5820 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
19:52:38.0570 5820 BDESVC - ok
19:52:38.0642 5820 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:52:38.0643 5820 Beep - ok
19:52:38.0723 5820 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
19:52:38.0735 5820 BFE - ok
19:52:38.0762 5820 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
19:52:38.0763 5820 blbdrive - ok
19:52:38.0803 5820 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
19:52:38.0805 5820 bowser - ok
19:52:38.0834 5820 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
19:52:38.0835 5820 BrFiltLo - ok
19:52:38.0841 5820 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
19:52:38.0842 5820 BrFiltUp - ok
19:52:38.0908 5820 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
19:52:38.0910 5820 BridgeMP - ok
19:52:38.0959 5820 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
19:52:38.0963 5820 Browser - ok
19:52:39.0007 5820 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:52:39.0012 5820 Brserid - ok
19:52:39.0076 5820 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:52:39.0078 5820 BrSerWdm - ok
19:52:39.0104 5820 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:52:39.0105 5820 BrUsbMdm - ok
19:52:39.0124 5820 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:52:39.0125 5820 BrUsbSer - ok
19:52:39.0161 5820 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
19:52:39.0163 5820 BTHMODEM - ok
19:52:39.0210 5820 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
19:52:39.0213 5820 bthserv - ok
19:52:39.0233 5820 catchme - ok
19:52:39.0296 5820 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:52:39.0298 5820 cdfs - ok
19:52:39.0340 5820 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
19:52:39.0343 5820 cdrom - ok
19:52:39.0379 5820 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
19:52:39.0382 5820 CertPropSvc - ok
19:52:39.0410 5820 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
19:52:39.0411 5820 circlass - ok
19:52:39.0470 5820 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:52:39.0477 5820 CLFS - ok
19:52:39.0552 5820 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:52:39.0555 5820 clr_optimization_v2.0.50727_32 - ok
19:52:39.0602 5820 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:52:39.0606 5820 clr_optimization_v2.0.50727_64 - ok
19:52:39.0685 5820 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:52:39.0688 5820 clr_optimization_v4.0.30319_32 - ok
19:52:39.0772 5820 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:52:39.0776 5820 clr_optimization_v4.0.30319_64 - ok
19:52:39.0806 5820 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
19:52:39.0808 5820 CmBatt - ok
19:52:39.0821 5820 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
19:52:39.0822 5820 cmdide - ok
19:52:39.0911 5820 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
19:52:39.0916 5820 CNG - ok
19:52:39.0973 5820 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
19:52:39.0973 5820 Compbatt - ok
19:52:40.0000 5820 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
19:52:40.0002 5820 CompositeBus - ok
19:52:40.0012 5820 COMSysApp - ok
19:52:40.0034 5820 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
19:52:40.0036 5820 crcdisk - ok
19:52:40.0091 5820 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
19:52:40.0095 5820 CryptSvc - ok
19:52:40.0310 5820 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
19:52:40.0321 5820 cvhsvc - ok
19:52:40.0412 5820 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
19:52:40.0421 5820 DcomLaunch - ok
19:52:40.0468 5820 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
19:52:40.0473 5820 defragsvc - ok
19:52:40.0544 5820 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
19:52:40.0546 5820 DfsC - ok
19:52:40.0616 5820 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
19:52:40.0621 5820 Dhcp - ok
19:52:40.0646 5820 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:52:40.0648 5820 discache - ok
19:52:40.0692 5820 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
19:52:40.0694 5820 Disk - ok
19:52:40.0752 5820 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
19:52:40.0755 5820 Dnscache - ok
19:52:40.0784 5820 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
19:52:40.0789 5820 dot3svc - ok
19:52:40.0808 5820 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
19:52:40.0811 5820 DPS - ok
19:52:40.0853 5820 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:52:40.0854 5820 drmkaud - ok
19:52:40.0945 5820 DsiWMIService (9dd3a22f804697606c2b7ff9e912ff6b) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
19:52:40.0950 5820 DsiWMIService - ok
19:52:41.0046 5820 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
19:52:41.0058 5820 DXGKrnl - ok
19:52:41.0097 5820 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
19:52:41.0100 5820 EapHost - ok
19:52:41.0379 5820 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
19:52:41.0417 5820 ebdrv - ok
19:52:41.0559 5820 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
19:52:41.0561 5820 EFS - ok
19:52:41.0654 5820 EgisTec Ticket Service (18dd872dd46acb24e106dc2c9c270466) C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
19:52:41.0659 5820 EgisTec Ticket Service - ok
19:52:41.0756 5820 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
19:52:41.0769 5820 ehRecvr - ok
19:52:41.0806 5820 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
19:52:41.0810 5820 ehSched - ok
19:52:41.0930 5820 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
19:52:41.0937 5820 elxstor - ok
19:52:42.0074 5820 ePowerSvc (ac5c64f828c0a6a1350971501ac2a0c7) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
19:52:42.0085 5820 ePowerSvc - ok
19:52:42.0207 5820 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
19:52:42.0208 5820 ErrDev - ok
19:52:42.0273 5820 esgiguard - ok
19:52:42.0322 5820 ETD (dbaa0c650c9549dc5c599d1e81dedaad) C:\Windows\system32\DRIVERS\ETD.sys
19:52:42.0325 5820 ETD - ok
19:52:42.0385 5820 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
19:52:42.0391 5820 EventSystem - ok
19:52:42.0440 5820 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:52:42.0443 5820 exfat - ok
19:52:42.0475 5820 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:52:42.0479 5820 fastfat - ok
19:52:42.0569 5820 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
19:52:42.0578 5820 Fax - ok
19:52:42.0603 5820 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
19:52:42.0605 5820 fdc - ok
19:52:42.0629 5820 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
19:52:42.0631 5820 fdPHost - ok
19:52:42.0647 5820 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
19:52:42.0648 5820 FDResPub - ok
19:52:42.0672 5820 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:52:42.0674 5820 FileInfo - ok
19:52:42.0695 5820 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:52:42.0697 5820 Filetrace - ok
19:52:42.0807 5820 FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
19:52:42.0819 5820 FLEXnet Licensing Service - ok
19:52:42.0849 5820 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
19:52:42.0850 5820 flpydisk - ok
19:52:42.0886 5820 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
19:52:42.0890 5820 FltMgr - ok
19:52:42.0987 5820 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
19:52:43.0001 5820 FontCache - ok
19:52:43.0071 5820 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:52:43.0074 5820 FontCache3.0.0.0 - ok
19:52:43.0131 5820 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:52:43.0133 5820 FsDepends - ok
19:52:43.0164 5820 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
19:52:43.0165 5820 Fs_Rec - ok
19:52:43.0220 5820 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:52:43.0223 5820 fvevol - ok
19:52:43.0248 5820 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
19:52:43.0250 5820 gagp30kx - ok
19:52:43.0337 5820 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
19:52:43.0348 5820 gpsvc - ok
19:52:43.0419 5820 GREGService (84e58fea8b1a7537696a20c59cb9b0c9) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
19:52:43.0420 5820 GREGService - ok
19:52:43.0673 5820 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:52:43.0676 5820 gupdate - ok
19:52:43.0750 5820 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:52:43.0753 5820 gupdatem - ok
19:52:43.0841 5820 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
19:52:43.0845 5820 gusvc - ok
19:52:43.0903 5820 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:52:43.0905 5820 hcw85cir - ok
19:52:43.0983 5820 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
19:52:43.0988 5820 HdAudAddService - ok
19:52:44.0039 5820 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
19:52:44.0041 5820 HDAudBus - ok
19:52:44.0084 5820 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\drivers\HECIx64.sys
19:52:44.0086 5820 HECIx64 - ok
19:52:44.0115 5820 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
19:52:44.0116 5820 HidBatt - ok
19:52:44.0128 5820 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
19:52:44.0131 5820 HidBth - ok
19:52:44.0153 5820 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
19:52:44.0155 5820 HidIr - ok
19:52:44.0186 5820 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
19:52:44.0188 5820 hidserv - ok
19:52:44.0214 5820 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
19:52:44.0215 5820 HidUsb - ok
19:52:44.0246 5820 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
19:52:44.0249 5820 hkmsvc - ok
19:52:44.0281 5820 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
19:52:44.0286 5820 HomeGroupListener - ok
19:52:44.0324 5820 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
19:52:44.0328 5820 HomeGroupProvider - ok
19:52:44.0371 5820 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
19:52:44.0373 5820 HpSAMD - ok
19:52:44.0438 5820 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
19:52:44.0447 5820 HTTP - ok
19:52:44.0461 5820 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
19:52:44.0462 5820 hwpolicy - ok
19:52:44.0499 5820 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
19:52:44.0502 5820 i8042prt - ok
19:52:44.0572 5820 iaStor (1384872112e8e7fd5786eceb8bddf4c9) C:\Windows\system32\drivers\iaStor.sys
19:52:44.0579 5820 iaStor - ok
19:52:44.0666 5820 IAStorDataMgrSvc (6b24d1c3096de796d15571079ea5e98c) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
19:52:44.0667 5820 IAStorDataMgrSvc - ok
19:52:44.0711 5820 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
19:52:44.0717 5820 iaStorV - ok
19:52:44.0812 5820 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
19:52:44.0815 5820 IDriverT - ok
19:52:44.0959 5820 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:52:44.0974 5820 idsvc - ok
19:52:45.0899 5820 igfx (f4f91789c7c7a159ce8215c1f69f2a85) C:\Windows\system32\DRIVERS\igdkmd64.sys
19:52:46.0043 5820 igfx - ok
19:52:46.0191 5820 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
19:52:46.0193 5820 iirsp - ok
19:52:46.0282 5820 IJPLMSVC (ad5df6f4fbbc798636edc66bfec7d0de) C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
19:52:46.0284 5820 IJPLMSVC - ok
19:52:46.0396 5820 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
19:52:46.0408 5820 IKEEXT - ok
19:52:46.0452 5820 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
19:52:46.0455 5820 Impcd - ok
19:52:46.0706 5820 IntcAzAudAddService (650d06e28a43e365a01ec4ee0946fc24) C:\Windows\system32\drivers\RTKVHD64.sys
19:52:46.0739 5820 IntcAzAudAddService - ok
19:52:46.0856 5820 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
19:52:46.0857 5820 intelide - ok
19:52:46.0891 5820 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
19:52:46.0892 5820 intelppm - ok
19:52:46.0926 5820 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
19:52:46.0929 5820 IPBusEnum - ok
19:52:46.0972 5820 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:52:46.0974 5820 IpFilterDriver - ok
19:52:47.0045 5820 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
19:52:47.0053 5820 iphlpsvc - ok
19:52:47.0075 5820 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
19:52:47.0077 5820 IPMIDRV - ok
19:52:47.0099 5820 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:52:47.0101 5820 IPNAT - ok
19:52:47.0141 5820 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:52:47.0142 5820 IRENUM - ok
19:52:47.0176 5820 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
19:52:47.0177 5820 isapnp - ok
19:52:47.0215 5820 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
19:52:47.0219 5820 iScsiPrt - ok
19:52:47.0291 5820 k57nd60a (0469bff65bbdee9e46d0c45ee32a08bd) C:\Windows\system32\DRIVERS\k57nd60a.sys
19:52:47.0297 5820 k57nd60a - ok
19:52:47.0328 5820 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
19:52:47.0330 5820 kbdclass - ok
19:52:47.0356 5820 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
19:52:47.0357 5820 kbdhid - ok
19:52:47.0403 5820 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:52:47.0405 5820 KeyIso - ok
19:52:47.0438 5820 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
19:52:47.0440 5820 KSecDD - ok
19:52:47.0487 5820 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
19:52:47.0490 5820 KSecPkg - ok
19:52:47.0532 5820 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:52:47.0533 5820 ksthunk - ok
19:52:47.0604 5820 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
19:52:47.0611 5820 KtmRm - ok
19:52:47.0671 5820 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
19:52:47.0677 5820 LanmanServer - ok
19:52:47.0710 5820 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
19:52:47.0715 5820 LanmanWorkstation - ok
19:52:47.0815 5820 Live Updater Service (b705c7097f9a0ec941d02dce7c7d426c) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
19:52:47.0820 5820 Live Updater Service - ok
19:52:47.0847 5820 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:52:47.0849 5820 lltdio - ok
19:52:47.0919 5820 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
19:52:47.0925 5820 lltdsvc - ok
19:52:47.0947 5820 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
19:52:47.0949 5820 lmhosts - ok
19:52:48.0060 5820 LMS (dbc1136a62bd4decc3632df650284c2e) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
19:52:48.0064 5820 LMS - ok
19:52:48.0110 5820 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
19:52:48.0113 5820 LSI_FC - ok
19:52:48.0129 5820 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
19:52:48.0131 5820 LSI_SAS - ok
19:52:48.0141 5820 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
19:52:48.0144 5820 LSI_SAS2 - ok
19:52:48.0155 5820 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
19:52:48.0157 5820 LSI_SCSI - ok
19:52:48.0192 5820 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:52:48.0194 5820 luafv - ok
19:52:48.0221 5820 McAfee SiteAdvisor Service - ok
19:52:48.0285 5820 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
19:52:48.0289 5820 mcdbus - ok
19:52:48.0313 5820 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
19:52:48.0317 5820 Mcx2Svc - ok
19:52:48.0338 5820 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
19:52:48.0340 5820 megasas - ok
19:52:48.0383 5820 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
19:52:48.0388 5820 MegaSR - ok
19:52:48.0424 5820 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:52:48.0428 5820 MMCSS - ok
19:52:48.0450 5820 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:52:48.0452 5820 Modem - ok
19:52:48.0483 5820 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:52:48.0484 5820 monitor - ok
19:52:48.0518 5820 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
19:52:48.0520 5820 mouclass - ok
19:52:48.0560 5820 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
19:52:48.0562 5820 mouhid - ok
19:52:48.0591 5820 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
19:52:48.0594 5820 mountmgr - ok
19:52:48.0618 5820 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
19:52:48.0621 5820 mpio - ok
19:52:48.0639 5820 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:52:48.0641 5820 mpsdrv - ok
19:52:48.0732 5820 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
19:52:48.0744 5820 MpsSvc - ok
19:52:48.0786 5820 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
19:52:48.0789 5820 MRxDAV - ok
19:52:48.0819 5820 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:52:48.0822 5820 mrxsmb - ok
19:52:48.0871 5820 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:52:48.0875 5820 mrxsmb10 - ok
19:52:48.0916 5820 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:52:48.0918 5820 mrxsmb20 - ok
19:52:48.0934 5820 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
19:52:48.0935 5820 msahci - ok
19:52:48.0951 5820 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
19:52:48.0954 5820 msdsm - ok
19:52:48.0985 5820 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
19:52:48.0990 5820 MSDTC - ok
19:52:49.0021 5820 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:52:49.0022 5820 Msfs - ok
19:52:49.0057 5820 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:52:49.0059 5820 mshidkmdf - ok
19:52:49.0073 5820 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
19:52:49.0074 5820 msisadrv - ok
19:52:49.0115 5820 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
19:52:49.0119 5820 MSiSCSI - ok
19:52:49.0125 5820 msiserver - ok
19:52:49.0169 5820 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:52:49.0170 5820 MSKSSRV - ok
19:52:49.0191 5820 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:52:49.0192 5820 MSPCLOCK - ok
19:52:49.0204 5820 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:52:49.0205 5820 MSPQM - ok
19:52:49.0246 5820 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
19:52:49.0251 5820 MsRPC - ok
19:52:49.0273 5820 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
19:52:49.0275 5820 mssmbios - ok
19:52:49.0305 5820 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:52:49.0306 5820 MSTEE - ok
19:52:49.0321 5820 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
19:52:49.0322 5820 MTConfig - ok
19:52:49.0342 5820 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:52:49.0343 5820 Mup - ok
19:52:49.0369 5820 mwlPSDFilter (c009123b206c56854f4e88596035231d) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
19:52:49.0370 5820 mwlPSDFilter - ok
19:52:49.0388 5820 mwlPSDNServ (bf3739eeb9f008b1debac115089a53f8) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
19:52:49.0389 5820 mwlPSDNServ - ok
19:52:49.0411 5820 mwlPSDVDisk (38dd143d95e7a01b86f219dda9c28779) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
19:52:49.0413 5820 mwlPSDVDisk - ok
19:52:49.0481 5820 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
19:52:49.0489 5820 napagent - ok
19:52:49.0549 5820 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:52:49.0554 5820 NativeWifiP - ok
19:52:49.0649 5820 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
19:52:49.0661 5820 NDIS - ok
19:52:49.0685 5820 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:52:49.0687 5820 NdisCap - ok
19:52:49.0725 5820 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:52:49.0727 5820 NdisTapi - ok
19:52:49.0757 5820 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
19:52:49.0759 5820 Ndisuio - ok
19:52:49.0786 5820 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
19:52:49.0789 5820 NdisWan - ok
19:52:49.0816 5820 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
19:52:49.0818 5820 NDProxy - ok
19:52:49.0847 5820 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:52:49.0848 5820 NetBIOS - ok
19:52:49.0879 5820 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
19:52:49.0883 5820 NetBT - ok
19:52:49.0937 5820 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:52:49.0939 5820 Netlogon - ok
19:52:49.0990 5820 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
19:52:49.0996 5820 Netman - ok
19:52:50.0029 5820 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
19:52:50.0037 5820 netprofm - ok
19:52:50.0104 5820 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:52:50.0108 5820 NetTcpPortSharing - ok
19:52:50.0159 5820 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
19:52:50.0161 5820 nfrd960 - ok
19:52:50.0214 5820 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
19:52:50.0220 5820 NlaSvc - ok
19:52:50.0234 5820 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:52:50.0235 5820 Npfs - ok
19:52:50.0256 5820 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
19:52:50.0258 5820 nsi - ok
19:52:50.0284 5820 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:52:50.0285 5820 nsiproxy - ok
19:52:50.0420 5820 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
19:52:50.0440 5820 Ntfs - ok
19:52:50.0539 5820 NTI IScheduleSvc (d27a4546417ed7c4aea7b3420d4f1f50) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
19:52:50.0544 5820 NTI IScheduleSvc - ok
19:52:50.0666 5820 NTIDrvr (ee3ba1024594d5d09e314f206b94069e) C:\Windows\system32\drivers\NTIDrvr.sys
19:52:50.0667 5820 NTIDrvr - ok
19:52:50.0678 5820 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:52:50.0680 5820 Null - ok
19:52:50.0731 5820 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
19:52:50.0734 5820 nvraid - ok
19:52:50.0758 5820 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
19:52:50.0761 5820 nvstor - ok
19:52:50.0803 5820 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
19:52:50.0805 5820 nv_agp - ok
19:52:50.0815 5820 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
19:52:50.0817 5820 ohci1394 - ok
19:52:50.0909 5820 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:52:50.0914 5820 ose - ok
19:52:51.0325 5820 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:52:51.0448 5820 osppsvc - ok
19:52:51.0581 5820 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:52:51.0587 5820 p2pimsvc - ok
19:52:51.0627 5820 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
19:52:51.0634 5820 p2psvc - ok
19:52:51.0690 5820 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
19:52:51.0692 5820 Parport - ok
19:52:51.0730 5820 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
19:52:51.0732 5820 partmgr - ok
19:52:51.0770 5820 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
19:52:51.0774 5820 PcaSvc - ok
19:52:51.0804 5820 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
19:52:51.0808 5820 pci - ok
19:52:51.0837 5820 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
19:52:51.0838 5820 pciide - ok
19:52:51.0872 5820 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
19:52:51.0876 5820 pcmcia - ok
19:52:51.0921 5820 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:52:51.0922 5820 pcw - ok
19:52:51.0978 5820 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:52:51.0987 5820 PEAUTH - ok
19:52:52.0085 5820 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
19:52:52.0089 5820 PerfHost - ok
19:52:52.0260 5820 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
19:52:52.0279 5820 pla - ok
19:52:52.0359 5820 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
19:52:52.0367 5820 PlugPlay - ok
19:52:52.0394 5820 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
19:52:52.0397 5820 PNRPAutoReg - ok
19:52:52.0437 5820 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:52:52.0443 5820 PNRPsvc - ok
19:52:52.0505 5820 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
19:52:52.0512 5820 PolicyAgent - ok
19:52:52.0570 5820 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
19:52:52.0575 5820 Power - ok
19:52:52.0642 5820 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
19:52:52.0644 5820 PptpMiniport - ok
19:52:52.0661 5820 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
19:52:52.0663 5820 Processor - ok
19:52:52.0718 5820 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
19:52:52.0723 5820 ProfSvc - ok
19:52:52.0748 5820 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:52:52.0751 5820 ProtectedStorage - ok
19:52:52.0798 5820 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
19:52:52.0800 5820 Psched - ok
19:52:52.0934 5820 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
19:52:52.0952 5820 ql2300 - ok
19:52:53.0069 5820 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
19:52:53.0072 5820 ql40xx - ok
19:52:53.0119 5820 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
19:52:53.0125 5820 QWAVE - ok
19:52:53.0139 5820 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:52:53.0141 5820 QWAVEdrv - ok
19:52:53.0163 5820 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:52:53.0164 5820 RasAcd - ok
19:52:53.0202 5820 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:52:53.0203 5820 RasAgileVpn - ok
19:52:53.0253 5820 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
19:52:53.0257 5820 RasAuto - ok
19:52:53.0288 5820 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:52:53.0290 5820 Rasl2tp - ok
19:52:53.0347 5820 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
19:52:53.0354 5820 RasMan - ok
19:52:53.0387 5820 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:52:53.0389 5820 RasPppoe - ok
19:52:53.0419 5820 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:52:53.0421 5820 RasSstp - ok
19:52:53.0464 5820 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
19:52:53.0468 5820 rdbss - ok
19:52:53.0481 5820 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
19:52:53.0482 5820 rdpbus - ok
19:52:53.0514 5820 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:52:53.0516 5820 RDPCDD - ok
19:52:53.0532 5820 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:52:53.0533 5820 RDPENCDD - ok
19:52:53.0542 5820 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:52:53.0543 5820 RDPREFMP - ok
19:52:53.0617 5820 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
19:52:53.0620 5820 RDPWD - ok
19:52:53.0671 5820 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
19:52:53.0675 5820 rdyboost - ok
19:52:53.0724 5820 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
19:52:53.0728 5820 RemoteAccess - ok
19:52:53.0761 5820 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
19:52:53.0766 5820 RemoteRegistry - ok
19:52:53.0808 5820 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
19:52:53.0811 5820 RpcEptMapper - ok
19:52:53.0833 5820 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
19:52:53.0835 5820 RpcLocator - ok
19:52:53.0901 5820 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
19:52:53.0909 5820 RpcSs - ok
19:52:53.0949 5820 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:52:53.0951 5820 rspndr - ok
19:52:54.0003 5820 RSUSBSTOR (0e3dcf76f11dc431b088a2dfd7265cda) C:\Windows\system32\Drivers\RtsUStor.sys
19:52:54.0006 5820 RSUSBSTOR - ok
19:52:54.0037 5820 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:52:54.0040 5820 SamSs - ok
19:52:54.0065 5820 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
19:52:54.0068 5820 sbp2port - ok
19:52:54.0108 5820 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
19:52:54.0113 5820 SCardSvr - ok
19:52:54.0124 5820 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
19:52:54.0126 5820 scfilter - ok
19:52:54.0213 5820 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
19:52:54.0228 5820 Schedule - ok
19:52:54.0257 5820 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
19:52:54.0259 5820 SCPolicySvc - ok
19:52:54.0297 5820 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
19:52:54.0302 5820 SDRSVC - ok
19:52:54.0365 5820 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:52:54.0366 5820 secdrv - ok
19:52:54.0396 5820 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
19:52:54.0398 5820 seclogon - ok
19:52:54.0427 5820 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
19:52:54.0430 5820 SENS - ok
19:52:54.0453 5820 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
19:52:54.0456 5820 SensrSvc - ok
19:52:54.0487 5820 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
19:52:54.0489 5820 Serenum - ok
19:52:54.0517 5820 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
19:52:54.0519 5820 Serial - ok
19:52:54.0557 5820 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
19:52:54.0558 5820 sermouse - ok
19:52:54.0607 5820 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
19:52:54.0611 5820 SessionEnv - ok
19:52:54.0623 5820 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
19:52:54.0625 5820 sffdisk - ok
19:52:54.0654 5820 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
19:52:54.0655 5820 sffp_mmc - ok
19:52:54.0663 5820 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
19:52:54.0665 5820 sffp_sd - ok
19:52:54.0673 5820 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
19:52:54.0674 5820 sfloppy - ok
19:52:54.0777 5820 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
19:52:54.0787 5820 Sftfs - ok
19:52:54.0909 5820 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
19:52:54.0918 5820 sftlist - ok
19:52:54.0971 5820 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
19:52:54.0976 5820 Sftplay - ok
19:52:54.0988 5820 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
19:52:54.0990 5820 Sftredir - ok
19:52:55.0020 5820 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
19:52:55.0021 5820 Sftvol - ok
19:52:55.0070 5820 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
19:52:55.0074 5820 sftvsa - ok
19:52:55.0156 5820 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
19:52:55.0163 5820 SharedAccess - ok
19:52:55.0215 5820 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
19:52:55.0222 5820 ShellHWDetection - ok
19:52:55.0251 5820 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
19:52:55.0253 5820 SiSRaid2 - ok
19:52:55.0265 5820 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
19:52:55.0267 5820 SiSRaid4 - ok
19:52:55.0338 5820 SkypeUpdate (db0405d9aad62f0762e0876ac142b7e1) C:\Program Files (x86)\Skype\Updater\Updater.exe
19:52:55.0342 5820 SkypeUpdate - ok
19:52:55.0382 5820 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:52:55.0384 5820 Smb - ok
19:52:55.0421 5820 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
19:52:55.0424 5820 SNMPTRAP - ok
19:52:55.0457 5820 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:52:55.0458 5820 spldr - ok
19:52:55.0518 5820 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
19:52:55.0527 5820 Spooler - ok
19:52:55.0774 5820 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
19:52:55.0816 5820 sppsvc - ok
19:52:55.0954 5820 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
19:52:55.0958 5820 sppuinotify - ok
19:52:55.0972 5820 sptd - ok
19:52:56.0055 5820 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
19:52:56.0061 5820 srv - ok
19:52:56.0092 5820 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
19:52:56.0098 5820 srv2 - ok
19:52:56.0132 5820 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
19:52:56.0135 5820 srvnet - ok
19:52:56.0185 5820 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
19:52:56.0190 5820 SSDPSRV - ok
19:52:56.0223 5820 ssmirrdr (1100066057fbf612b573efd3b21383f1) C:\Windows\system32\DRIVERS\ssmirrdr.sys
19:52:56.0225 5820 ssmirrdr - ok
19:52:56.0257 5820 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
19:52:56.0261 5820 SstpSvc - ok
19:52:56.0381 5820 StarWindServiceAE (e5c796b621f6fba8616511063d7f0ffe) C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
19:52:56.0386 5820 StarWindServiceAE - ok
19:52:56.0410 5820 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
19:52:56.0412 5820 stexstor - ok
19:52:56.0492 5820 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
19:52:56.0502 5820 stisvc - ok
19:52:56.0528 5820 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
19:52:56.0530 5820 swenum - ok
19:52:56.0658 5820 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
19:52:56.0664 5820 SwitchBoard - ok
19:52:56.0730 5820 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
19:52:56.0739 5820 swprv - ok
19:52:56.0878 5820 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
19:52:56.0900 5820 SysMain - ok
19:52:57.0022 5820 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
19:52:57.0026 5820 TabletInputService - ok
19:52:57.0060 5820 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
19:52:57.0067 5820 TapiSrv - ok
19:52:57.0085 5820 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
19:52:57.0089 5820 TBS - ok
19:52:57.0268 5820 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
19:52:57.0291 5820 Tcpip - ok
19:52:57.0545 5820 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
19:52:57.0568 5820 TCPIP6 - ok
19:52:57.0702 5820 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
19:52:57.0703 5820 tcpipreg - ok
19:52:57.0726 5820 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:52:57.0728 5820 TDPIPE - ok
19:52:57.0754 5820 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
19:52:57.0756 5820 TDTCP - ok
19:52:57.0786 5820 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
19:52:57.0789 5820 tdx - ok
19:52:57.0827 5820 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
19:52:57.0829 5820 TermDD - ok
19:52:57.0909 5820 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
19:52:57.0919 5820 TermService - ok
19:52:57.0938 5820 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
19:52:57.0941 5820 Themes - ok
19:52:57.0970 5820 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:52:57.0973 5820 THREADORDER - ok
19:52:58.0014 5820 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
19:52:58.0018 5820 TrkWks - ok
19:52:58.0072 5820 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
19:52:58.0075 5820 TrustedInstaller - ok
19:52:58.0094 5820 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:52:58.0096 5820 tssecsrv - ok
19:52:58.0123 5820 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
19:52:58.0125 5820 TsUsbFlt - ok
19:52:58.0144 5820 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
19:52:58.0146 5820 TsUsbGD - ok
19:52:58.0180 5820 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
19:52:58.0183 5820 tunnel - ok
19:52:58.0206 5820 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
19:52:58.0208 5820 uagp35 - ok
19:52:58.0231 5820 UBHelper (a17d5e1a6df4eab0a480f2c490de4c9d) C:\Windows\system32\drivers\UBHelper.sys
19:52:58.0232 5820 UBHelper - ok
19:52:58.0281 5820 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
19:52:58.0286 5820 udfs - ok
19:52:58.0329 5820 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
19:52:58.0333 5820 UI0Detect - ok
19:52:58.0359 5820 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
19:52:58.0361 5820 uliagpkx - ok
19:52:58.0401 5820 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
19:52:58.0403 5820 umbus - ok
19:52:58.0435 5820 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
19:52:58.0436 5820 UmPass - ok
19:52:58.0639 5820 UNS (7466809e6da561d60c2f1ce8ede3c73f) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
19:52:58.0667 5820 UNS - ok
19:52:58.0815 5820 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
19:52:58.0822 5820 upnphost - ok
19:52:58.0878 5820 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
19:52:58.0881 5820 usbccgp - ok
19:52:58.0913 5820 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
19:52:58.0916 5820 usbcir - ok
19:52:58.0943 5820 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
19:52:58.0945 5820 usbehci - ok
19:52:58.0989 5820 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\drivers\usbhub.sys
19:52:58.0994 5820 usbhub - ok
19:52:59.0001 5820 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
19:52:59.0003 5820 usbohci - ok
19:52:59.0018 5820 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
19:52:59.0020 5820 usbprint - ok
19:52:59.0063 5820 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:52:59.0066 5820 USBSTOR - ok
19:52:59.0084 5820 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
19:52:59.0086 5820 usbuhci - ok
19:52:59.0111 5820 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
19:52:59.0114 5820 usbvideo - ok
19:52:59.0144 5820 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
19:52:59.0148 5820 UxSms - ok
19:52:59.0192 5820 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:52:59.0195 5820 VaultSvc - ok
19:52:59.0224 5820 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
19:52:59.0225 5820 vdrvroot - ok
19:52:59.0317 5820 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
19:52:59.0326 5820 vds - ok
19:52:59.0354 5820 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:52:59.0356 5820 vga - ok
19:52:59.0391 5820 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:52:59.0393 5820 VgaSave - ok
19:52:59.0428 5820 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
19:52:59.0432 5820 vhdmp - ok
19:52:59.0453 5820 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
19:52:59.0454 5820 viaide - ok
19:52:59.0501 5820 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
19:52:59.0503 5820 volmgr - ok
19:52:59.0548 5820 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
19:52:59.0553 5820 volmgrx - ok
19:52:59.0577 5820 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
19:52:59.0581 5820 volsnap - ok
19:52:59.0628 5820 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
19:52:59.0631 5820 vsmraid - ok
19:52:59.0775 5820 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
19:52:59.0796 5820 VSS - ok
19:52:59.0939 5820 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
19:52:59.0940 5820 vwifibus - ok
19:52:59.0955 5820 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
19:52:59.0957 5820 vwififlt - ok
19:53:00.0011 5820 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
19:53:00.0012 5820 vwifimp - ok
19:53:00.0089 5820 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
19:53:00.0096 5820 W32Time - ok
19:53:00.0121 5820 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
19:53:00.0123 5820 WacomPen - ok
19:53:00.0161 5820 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:53:00.0164 5820 WANARP - ok
19:53:00.0169 5820 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:53:00.0172 5820 Wanarpv6 - ok
19:53:00.0318 5820 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
19:53:00.0334 5820 WatAdminSvc - ok
19:53:00.0461 5820 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
19:53:00.0481 5820 wbengine - ok
19:53:00.0624 5820 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
19:53:00.0630 5820 WbioSrvc - ok
19:53:00.0675 5820 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
19:53:00.0683 5820 wcncsvc - ok
19:53:00.0710 5820 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
19:53:00.0714 5820 WcsPlugInService - ok
19:53:00.0768 5820 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
19:53:00.0770 5820 Wd - ok
19:53:00.0835 5820 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:53:00.0844 5820 Wdf01000 - ok
19:53:00.0880 5820 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:53:00.0884 5820 WdiServiceHost - ok
19:53:00.0890 5820 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:53:00.0894 5820 WdiSystemHost - ok
19:53:00.0928 5820 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
19:53:00.0934 5820 WebClient - ok
19:53:00.0977 5820 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
19:53:00.0983 5820 Wecsvc - ok
19:53:01.0003 5820 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
19:53:01.0007 5820 wercplsupport - ok
19:53:01.0046 5820 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
19:53:01.0051 5820 WerSvc - ok
19:53:01.0110 5820 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:53:01.0111 5820 WfpLwf - ok
19:53:01.0132 5820 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:53:01.0134 5820 WIMMount - ok
19:53:01.0188 5820 WinDefend - ok
19:53:01.0199 5820 WinHttpAutoProxySvc - ok
19:53:01.0278 5820 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
19:53:01.0282 5820 Winmgmt - ok
19:53:01.0440 5820 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
19:53:01.0467 5820 WinRM - ok
19:53:01.0607 5820 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
19:53:01.0609 5820 WinUsb - ok
19:53:01.0703 5820 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
19:53:01.0717 5820 Wlansvc - ok
19:53:01.0804 5820 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:53:01.0806 5820 wlcrasvc - ok
19:53:02.0037 5820 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:53:02.0070 5820 wlidsvc - ok
19:53:02.0199 5820 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
19:53:02.0200 5820 WmiAcpi - ok
19:53:02.0273 5820 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
19:53:02.0277 5820 wmiApSrv - ok
19:53:02.0322 5820 WMPNetworkSvc - ok
19:53:02.0353 5820 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
19:53:02.0356 5820 WPCSvc - ok
19:53:02.0378 5820 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
19:53:02.0383 5820 WPDBusEnum - ok
19:53:02.0406 5820 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:53:02.0407 5820 ws2ifsl - ok
19:53:02.0451 5820 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
19:53:02.0456 5820 wscsvc - ok
19:53:02.0488 5820 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
19:53:02.0489 5820 WSDPrintDevice - ok
19:53:02.0499 5820 WSDScan (4a2a5c50dd1a63577d3aca94269fbc7f) C:\Windows\system32\DRIVERS\WSDScan.sys
19:53:02.0501 5820 WSDScan - ok
19:53:02.0507 5820 WSearch - ok
19:53:02.0708 5820 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
19:53:02.0740 5820 wuauserv - ok
19:53:02.0857 5820 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
19:53:02.0860 5820 WudfPf - ok
19:53:02.0898 5820 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:53:02.0901 5820 WUDFRd - ok
19:53:02.0934 5820 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
19:53:02.0938 5820 wudfsvc - ok
19:53:02.0966 5820 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
19:53:02.0972 5820 WwanSvc - ok
19:53:03.0019 5820 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:53:03.0688 5820 \Device\Harddisk0\DR0 - ok
19:53:03.0709 5820 Boot (0x1200) (20b258c1c959c4476f8ce70f99b41828) \Device\Harddisk0\DR0\Partition0
19:53:03.0711 5820 \Device\Harddisk0\DR0\Partition0 - ok
19:53:03.0719 5820 Boot (0x1200) (384f67dedaf51d4c0153997fbb3df72e) \Device\Harddisk0\DR0\Partition1
19:53:03.0722 5820 \Device\Harddisk0\DR0\Partition1 - ok
19:53:03.0722 5820 ============================================================
19:53:03.0722 5820 Scan finished
19:53:03.0722 5820 ============================================================
19:53:03.0738 5396 Detected object count: 0
19:53:03.0738 5396 Actual detected object count: 0
19:54:54.0750 3628 ============================================================
19:54:54.0750 3628 Scan started
19:54:54.0751 3628 Mode: Manual;
19:54:54.0751 3628 ============================================================
19:54:55.0240 3628 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
19:54:55.0244 3628 1394ohci - ok
19:54:55.0417 3628 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
19:54:55.0419 3628 ACDaemon - ok
19:54:55.0480 3628 acedrv11 (a3769020f7e8a70fd3e824c050f33306) C:\Windows\system32\drivers\acedrv11.sys
19:54:55.0484 3628 acedrv11 - ok
19:54:55.0559 3628 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
19:54:55.0563 3628 ACPI - ok
19:54:55.0592 3628 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
19:54:55.0593 3628 AcpiPmi - ok
19:54:55.0715 3628 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:54:55.0717 3628 AdobeARMservice - ok
19:54:55.0779 3628 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
19:54:55.0785 3628 adp94xx - ok
19:54:55.0818 3628 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
19:54:55.0822 3628 adpahci - ok
19:54:55.0862 3628 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
19:54:55.0865 3628 adpu320 - ok
19:54:55.0938 3628 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
19:54:55.0940 3628 AeLookupSvc - ok
19:54:56.0009 3628 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
19:54:56.0015 3628 AFD - ok
19:54:56.0043 3628 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
19:54:56.0045 3628 agp440 - ok
19:54:56.0072 3628 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
19:54:56.0074 3628 ALG - ok
19:54:56.0079 3628 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
19:54:56.0080 3628 aliide - ok
19:54:56.0087 3628 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
19:54:56.0089 3628 amdide - ok
19:54:56.0099 3628 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
19:54:56.0101 3628 AmdK8 - ok
19:54:56.0109 3628 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
19:54:56.0111 3628 AmdPPM - ok
19:54:56.0123 3628 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
19:54:56.0125 3628 amdsata - ok
19:54:56.0157 3628 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
19:54:56.0160 3628 amdsbs - ok
19:54:56.0177 3628 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
19:54:56.0179 3628 amdxata - ok
19:54:56.0223 3628 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
19:54:56.0225 3628 AppID - ok
19:54:56.0249 3628 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
19:54:56.0250 3628 AppIDSvc - ok
19:54:56.0278 3628 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
19:54:56.0280 3628 Appinfo - ok
19:54:56.0295 3628 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
19:54:56.0297 3628 arc - ok
19:54:56.0307 3628 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
19:54:56.0309 3628 arcsas - ok
19:54:56.0337 3628 aspnet_state - ok
19:54:56.0353 3628 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:54:56.0354 3628 AsyncMac - ok
19:54:56.0373 3628 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
19:54:56.0374 3628 atapi - ok
19:54:56.0592 3628 athr (de9fb3dade8fd39ae2c587df22d36b8e) C:\Windows\system32\DRIVERS\athrx.sys
19:54:56.0625 3628 athr - ok
19:54:56.0786 3628 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
19:54:56.0794 3628 AudioEndpointBuilder - ok
19:54:56.0807 3628 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
19:54:56.0816 3628 AudioSrv - ok
19:54:57.0279 3628 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
19:54:57.0342 3628 AVGIDSAgent - ok
19:54:57.0478 3628 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys
19:54:57.0481 3628 AVGIDSDriver - ok
19:54:57.0507 3628 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys
19:54:57.0508 3628 AVGIDSFilter - ok
19:54:57.0522 3628 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys
19:54:57.0523 3628 AVGIDSHA - ok
19:54:57.0560 3628 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
19:54:57.0564 3628 Avgldx64 - ok
19:54:57.0595 3628 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
19:54:57.0597 3628 Avgmfx64 - ok
19:54:57.0610 3628 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
19:54:57.0612 3628 Avgrkx64 - ok
19:54:57.0678 3628 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS\avgtdia.sys
19:54:57.0683 3628 Avgtdia - ok
19:54:57.0791 3628 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
19:54:57.0795 3628 avgwd - ok
19:54:57.0835 3628 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
19:54:57.0838 3628 AxInstSV - ok
19:54:57.0905 3628 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
19:54:57.0911 3628 b06bdrv - ok
19:54:57.0950 3628 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:54:57.0954 3628 b57nd60a - ok
19:54:58.0353 3628 BCM43XX (11f844b46b631337395651abe9c4167b) C:\Windows\system32\DRIVERS\bcmwl664.sys
19:54:58.0409 3628 BCM43XX - ok
19:54:58.0538 3628 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
19:54:58.0541 3628 BDESVC - ok
19:54:58.0603 3628 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:54:58.0604 3628 Beep - ok
19:54:58.0687 3628 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
19:54:58.0695 3628 BFE - ok
19:54:58.0725 3628 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
19:54:58.0726 3628 blbdrive - ok
19:54:58.0758 3628 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
19:54:58.0761 3628 bowser - ok
19:54:58.0794 3628 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
19:54:58.0795 3628 BrFiltLo - ok
19:54:58.0801 3628 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
19:54:58.0802 3628 BrFiltUp - ok
19:54:58.0863 3628 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
19:54:58.0865 3628 BridgeMP - ok
19:54:58.0910 3628 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
19:54:58.0913 3628 Browser - ok
19:54:58.0989 3628 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:54:58.0993 3628 Brserid - ok
19:54:59.0052 3628 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:54:59.0053 3628 BrSerWdm - ok
19:54:59.0087 3628 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:54:59.0088 3628 BrUsbMdm - ok
19:54:59.0107 3628 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:54:59.0108 3628 BrUsbSer - ok
19:54:59.0133 3628 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
19:54:59.0134 3628 BTHMODEM - ok
19:54:59.0182 3628 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
19:54:59.0184 3628 bthserv - ok
19:54:59.0188 3628 catchme - ok
19:54:59.0227 3628 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:54:59.0229 3628 cdfs - ok
19:54:59.0256 3628 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
19:54:59.0259 3628 cdrom - ok
19:54:59.0284 3628 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
19:54:59.0286 3628 CertPropSvc - ok
19:54:59.0315 3628 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
19:54:59.0316 3628 circlass - ok
19:54:59.0364 3628 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:54:59.0370 3628 CLFS - ok
19:54:59.0424 3628 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:54:59.0426 3628 clr_optimization_v2.0.50727_32 - ok
19:54:59.0474 3628 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:54:59.0476 3628 clr_optimization_v2.0.50727_64 - ok
19:54:59.0545 3628 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:54:59.0548 3628 clr_optimization_v4.0.30319_32 - ok
19:54:59.0570 3628 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:54:59.0573 3628 clr_optimization_v4.0.30319_64 - ok
19:54:59.0600 3628 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
19:54:59.0601 3628 CmBatt - ok
19:54:59.0615 3628 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
19:54:59.0616 3628 cmdide - ok
19:54:59.0688 3628 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
19:54:59.0694 3628 CNG - ok
19:54:59.0722 3628 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
19:54:59.0723 3628 Compbatt - ok
19:54:59.0738 3628 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
19:54:59.0740 3628 CompositeBus - ok
19:54:59.0744 3628 COMSysApp - ok
19:54:59.0762 3628 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
19:54:59.0763 3628 crcdisk - ok
19:54:59.0807 3628 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
19:54:59.0810 3628 CryptSvc - ok
19:54:59.0987 3628 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
19:54:59.0998 3628 cvhsvc - ok
19:55:00.0076 3628 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
19:55:00.0085 3628 DcomLaunch - ok
19:55:00.0151 3628 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
19:55:00.0155 3628 defragsvc - ok
19:55:00.0272 3628 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
19:55:00.0274 3628 DfsC - ok
19:55:00.0322 3628 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
19:55:00.0327 3628 Dhcp - ok
19:55:00.0351 3628 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:55:00.0353 3628 discache - ok
19:55:00.0375 3628 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
19:55:00.0377 3628 Disk - ok
19:55:00.0412 3628 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
19:55:00.0416 3628 Dnscache - ok
19:55:00.0445 3628 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
19:55:00.0449 3628 dot3svc - ok
19:55:00.0500 3628 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
19:55:00.0504 3628 DPS - ok
19:55:00.0536 3628 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:55:00.0537 3628 drmkaud - ok
19:55:00.0693 3628 DsiWMIService (9dd3a22f804697606c2b7ff9e912ff6b) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
19:55:00.0697 3628 DsiWMIService - ok
19:55:00.0791 3628 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
19:55:00.0803 3628 DXGKrnl - ok
19:55:00.0835 3628 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
19:55:00.0839 3628 EapHost - ok
19:55:01.0151 3628 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
19:55:01.0190 3628 ebdrv - ok
19:55:01.0308 3628 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
19:55:01.0311 3628 EFS - ok
19:55:01.0385 3628 EgisTec Ticket Service (18dd872dd46acb24e106dc2c9c270466) C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
19:55:01.0388 3628 EgisTec Ticket Service - ok
19:55:01.0496 3628 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
19:55:01.0504 3628 ehRecvr - ok
19:55:01.0534 3628 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
19:55:01.0536 3628 ehSched - ok
19:55:01.0635 3628 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
19:55:01.0642 3628 elxstor - ok
19:55:01.0779 3628 ePowerSvc (ac5c64f828c0a6a1350971501ac2a0c7) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
19:55:01.0791 3628 ePowerSvc - ok
19:55:01.0912 3628 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
19:55:01.0913 3628 ErrDev - ok
19:55:01.0945 3628 esgiguard - ok
19:55:01.0984 3628 ETD (dbaa0c650c9549dc5c599d1e81dedaad) C:\Windows\system32\DRIVERS\ETD.sys
19:55:01.0987 3628 ETD - ok
19:55:02.0049 3628 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
19:55:02.0055 3628 EventSystem - ok
19:55:02.0091 3628 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:55:02.0095 3628 exfat - ok
19:55:02.0127 3628 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:55:02.0130 3628 fastfat - ok
19:55:02.0211 3628 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
19:55:02.0221 3628 Fax - ok
19:55:02.0241 3628 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
19:55:02.0243 3628 fdc - ok
19:55:02.0268 3628 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
19:55:02.0269 3628 fdPHost - ok
19:55:02.0285 3628 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
19:55:02.0287 3628 FDResPub - ok
19:55:02.0311 3628 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:55:02.0313 3628 FileInfo - ok
19:55:02.0337 3628 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:55:02.0338 3628 Filetrace - ok
19:55:02.0452 3628 FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
19:55:02.0461 3628 FLEXnet Licensing Service - ok
19:55:02.0488 3628 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
19:55:02.0489 3628 flpydisk - ok
19:55:02.0526 3628 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
19:55:02.0530 3628 FltMgr - ok
19:55:02.0649 3628 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
19:55:02.0664 3628 FontCache - ok
19:55:02.0721 3628 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:55:02.0722 3628 FontCache3.0.0.0 - ok
19:55:02.0792 3628 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:55:02.0794 3628 FsDepends - ok
19:55:02.0825 3628 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
19:55:02.0826 3628 Fs_Rec - ok
19:55:02.0871 3628 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:55:02.0874 3628 fvevol - ok
19:55:02.0898 3628 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
19:55:02.0900 3628 gagp30kx - ok
19:55:02.0980 3628 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
19:55:02.0991 3628 gpsvc - ok
19:55:03.0046 3628 GREGService (84e58fea8b1a7537696a20c59cb9b0c9) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
19:55:03.0048 3628 GREGService - ok
19:55:03.0119 3628 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:55:03.0122 3628 gupdate - ok
19:55:03.0128 3628 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:55:03.0131 3628 gupdatem - ok
19:55:03.0175 3628 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
19:55:03.0178 3628 gusvc - ok
19:55:03.0209 3628 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:55:03.0211 3628 hcw85cir - ok
19:55:03.0244 3628 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
19:55:03.0249 3628 HdAudAddService - ok
19:55:03.0279 3628 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
19:55:03.0281 3628 HDAudBus - ok
19:55:03.0312 3628 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\drivers\HECIx64.sys
19:55:03.0314 3628 HECIx64 - ok
19:55:03.0343 3628 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
19:55:03.0344 3628 HidBatt - ok
19:55:03.0359 3628 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
19:55:03.0361 3628 HidBth - ok
19:55:03.0370 3628 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
19:55:03.0372 3628 HidIr - ok
19:55:03.0413 3628 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
19:55:03.0416 3628 hidserv - ok
19:55:03.0453 3628 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
19:55:03.0455 3628 HidUsb - ok
19:55:03.0485 3628 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
19:55:03.0488 3628 hkmsvc - ok
19:55:03.0520 3628 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
19:55:03.0525 3628 HomeGroupListener - ok
19:55:03.0564 3628 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
19:55:03.0569 3628 HomeGroupProvider - ok
19:55:03.0599 3628 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
19:55:03.0601 3628 HpSAMD - ok
19:55:03.0687 3628 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
19:55:03.0696 3628 HTTP - ok
19:55:03.0711 3628 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
19:55:03.0712 3628 hwpolicy - ok
19:55:03.0749 3628 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
19:55:03.0751 3628 i8042prt - ok
19:55:03.0856 3628 iaStor (1384872112e8e7fd5786eceb8bddf4c9) C:\Windows\system32\drivers\iaStor.sys
19:55:03.0866 3628 iaStor - ok
19:55:03.0938 3628 IAStorDataMgrSvc (6b24d1c3096de796d15571079ea5e98c) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
19:55:03.0939 3628 IAStorDataMgrSvc - ok
19:55:03.0985 3628 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
19:55:03.0991 3628 iaStorV - ok
19:55:04.0062 3628 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
19:55:04.0064 3628 IDriverT - ok
19:55:04.0192 3628 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:55:04.0203 3628 idsvc - ok
19:55:05.0177 3628 igfx (f4f91789c7c7a159ce8215c1f69f2a85) C:\Windows\system32\DRIVERS\igdkmd64.sys
19:55:05.0325 3628 igfx - ok
19:55:05.0452 3628 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
19:55:05.0453 3628 iirsp - ok
19:55:05.0543 3628 IJPLMSVC (ad5df6f4fbbc798636edc66bfec7d0de) C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
19:55:05.0545 3628 IJPLMSVC - ok
19:55:05.0631 3628 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
19:55:05.0642 3628 IKEEXT - ok
19:55:05.0669 3628 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
19:55:05.0672 3628 Impcd - ok
19:55:05.0910 3628 IntcAzAudAddService (650d06e28a43e365a01ec4ee0946fc24) C:\Windows\system32\drivers\RTKVHD64.sys
19:55:05.0944 3628 IntcAzAudAddService - ok
19:55:06.0050 3628 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
19:55:06.0051 3628 intelide - ok
19:55:06.0074 3628 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
19:55:06.0076 3628 intelppm - ok
19:55:06.0110 3628 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
19:55:06.0113 3628 IPBusEnum - ok
19:55:06.0134 3628 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:55:06.0136 3628 IpFilterDriver - ok
19:55:06.0198 3628 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
19:55:06.0207 3628 iphlpsvc - ok
19:55:06.0236 3628 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
19:55:06.0238 3628 IPMIDRV - ok
19:55:06.0253 3628 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:55:06.0256 3628 IPNAT - ok
19:55:06.0268 3628 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:55:06.0270 3628 IRENUM - ok
19:55:06.0277 3628 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
19:55:06.0279 3628 isapnp - ok
19:55:06.0312 3628 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
19:55:06.0316 3628 iScsiPrt - ok
19:55:06.0378 3628 k57nd60a (0469bff65bbdee9e46d0c45ee32a08bd) C:\Windows\system32\DRIVERS\k57nd60a.sys
19:55:06.0383 3628 k57nd60a - ok
19:55:06.0411 3628 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
19:55:06.0413 3628 kbdclass - ok
19:55:06.0429 3628 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
19:55:06.0430 3628 kbdhid - ok
19:55:06.0464 3628 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:55:06.0466 3628 KeyIso - ok
19:55:06.0500 3628 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
19:55:06.0502 3628 KSecDD - ok
19:55:06.0549 3628 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
19:55:06.0552 3628 KSecPkg - ok
19:55:06.0582 3628 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:55:06.0584 3628 ksthunk - ok
19:55:06.0637 3628 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
19:55:06.0644 3628 KtmRm - ok
19:55:06.0690 3628 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
19:55:06.0696 3628 LanmanServer - ok
19:55:06.0727 3628 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
19:55:06.0732 3628 LanmanWorkstation - ok
19:55:06.0800 3628 Live Updater Service (b705c7097f9a0ec941d02dce7c7d426c) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
19:55:06.0803 3628 Live Updater Service - ok
19:55:06.0830 3628 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:55:06.0832 3628 lltdio - ok
19:55:06.0882 3628 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
19:55:06.0888 3628 lltdsvc - ok
19:55:06.0908 3628 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
19:55:06.0911 3628 lmhosts - ok
19:55:06.0979 3628 LMS (dbc1136a62bd4decc3632df650284c2e) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
19:55:06.0983 3628 LMS - ok
19:55:07.0016 3628 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
19:55:07.0018 3628 LSI_FC - ok
19:55:07.0032 3628 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
19:55:07.0035 3628 LSI_SAS - ok
19:55:07.0045 3628 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
19:55:07.0046 3628 LSI_SAS2 - ok
19:55:07.0059 3628 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
19:55:07.0062 3628 LSI_SCSI - ok
19:55:07.0087 3628 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:55:07.0089 3628 luafv - ok
19:55:07.0097 3628 McAfee SiteAdvisor Service - ok
19:55:07.0147 3628 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
19:55:07.0152 3628 mcdbus - ok
19:55:07.0175 3628 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
19:55:07.0178 3628 Mcx2Svc - ok
19:55:07.0199 3628 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
19:55:07.0200 3628 megasas - ok
19:55:07.0234 3628 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
19:55:07.0238 3628 MegaSR - ok
19:55:07.0263 3628 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:55:07.0266 3628 MMCSS - ok
19:55:07.0289 3628 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:55:07.0290 3628 Modem - ok
19:55:07.0322 3628 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:55:07.0324 3628 monitor - ok
19:55:07.0346 3628 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
19:55:07.0348 3628 mouclass - ok
19:55:07.0365 3628 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
19:55:07.0367 3628 mouhid - ok
19:55:07.0397 3628 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
19:55:07.0399 3628 mountmgr - ok
19:55:07.0435 3628 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
19:55:07.0438 3628 mpio - ok
19:55:07.0456 3628 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:55:07.0458 3628 mpsdrv - ok
19:55:07.0571 3628 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
19:55:07.0582 3628 MpsSvc - ok
19:55:07.0626 3628 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
19:55:07.0628 3628 MRxDAV - ok
19:55:07.0659 3628 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:55:07.0662 3628 mrxsmb - ok
19:55:07.0723 3628 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:55:07.0728 3628 mrxsmb10 - ok
19:55:07.0766 3628 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:55:07.0769 3628 mrxsmb20 - ok
19:55:07.0784 3628 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
19:55:07.0785 3628 msahci - ok
19:55:07.0802 3628 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
19:55:07.0805 3628 msdsm - ok
19:55:07.0836 3628 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
19:55:07.0840 3628 MSDTC - ok
19:55:07.0859 3628 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:55:07.0860 3628 Msfs - ok
19:55:07.0896 3628 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:55:07.0897 3628 mshidkmdf - ok
19:55:07.0912 3628 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
19:55:07.0913 3628 msisadrv - ok
19:55:07.0942 3628 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
19:55:07.0946 3628 MSiSCSI - ok
19:55:07.0951 3628 msiserver - ok
19:55:07.0975 3628 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:55:07.0976 3628 MSKSSRV - ok
19:55:07.0996 3628 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:55:07.0997 3628 MSPCLOCK - ok
19:55:08.0009 3628 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:55:08.0010 3628 MSPQM - ok
19:55:08.0065 3628 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
19:55:08.0070 3628 MsRPC - ok
19:55:08.0090 3628 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
19:55:08.0091 3628 mssmbios - ok
19:55:08.0110 3628 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:55:08.0111 3628 MSTEE - ok
19:55:08.0126 3628 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
19:55:08.0127 3628 MTConfig - ok
19:55:08.0158 3628 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:55:08.0160 3628 Mup - ok
19:55:08.0174 3628 mwlPSDFilter (c009123b206c56854f4e88596035231d) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
19:55:08.0175 3628 mwlPSDFilter - ok
19:55:08.0193 3628 mwlPSDNServ (bf3739eeb9f008b1debac115089a53f8) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
19:55:08.0194 3628 mwlPSDNServ - ok
19:55:08.0216 3628 mwlPSDVDisk (38dd143d95e7a01b86f219dda9c28779) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
19:55:08.0218 3628 mwlPSDVDisk - ok
19:55:08.0287 3628 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
19:55:08.0295 3628 napagent - ok
19:55:08.0346 3628 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:55:08.0351 3628 NativeWifiP - ok
19:55:08.0434 3628 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
19:55:08.0446 3628 NDIS - ok
19:55:08.0469 3628 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:55:08.0470 3628 NdisCap - ok
19:55:08.0497 3628 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:55:08.0499 3628 NdisTapi - ok
19:55:08.0518 3628 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
19:55:08.0520 3628 Ndisuio - ok
19:55:08.0548 3628 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
19:55:08.0551 3628 NdisWan - ok
19:55:08.0577 3628 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
19:55:08.0579 3628 NDProxy - ok
19:55:08.0597 3628 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:55:08.0598 3628 NetBIOS - ok
19:55:08.0629 3628 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
19:55:08.0633 3628 NetBT - ok
19:55:08.0664 3628 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:55:08.0666 3628 Netlogon - ok
19:55:08.0709 3628 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
19:55:08.0715 3628 Netman - ok
19:55:08.0752 3628 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
19:55:08.0759 3628 netprofm - ok
19:55:08.0844 3628 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:55:08.0846 3628 NetTcpPortSharing - ok
19:55:08.0887 3628 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
19:55:08.0888 3628 nfrd960 - ok
19:55:08.0933 3628 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
19:55:08.0939 3628 NlaSvc - ok
19:55:08.0962 3628 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:55:08.0964 3628 Npfs - ok
19:55:08.0983 3628 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
19:55:08.0985 3628 nsi - ok
19:55:09.0012 3628 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:55:09.0013 3628 nsiproxy - ok
19:55:09.0160 3628 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
19:55:09.0180 3628 Ntfs - ok
19:55:09.0280 3628 NTI IScheduleSvc (d27a4546417ed7c4aea7b3420d4f1f50) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
19:55:09.0283 3628 NTI IScheduleSvc - ok
19:55:09.0382 3628 NTIDrvr (ee3ba1024594d5d09e314f206b94069e) C:\Windows\system32\drivers\NTIDrvr.sys
19:55:09.0383 3628 NTIDrvr - ok
19:55:09.0395 3628 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:55:09.0396 3628 Null - ok
19:55:09.0427 3628 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
19:55:09.0429 3628 nvraid - ok
19:55:09.0454 3628 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
19:55:09.0457 3628 nvstor - ok
19:55:09.0478 3628 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
19:55:09.0480 3628 nv_agp - ok
19:55:09.0490 3628 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
19:55:09.0493 3628 ohci1394 - ok
19:55:09.0560 3628 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:55:09.0563 3628 ose - ok
19:55:10.0013 3628 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:55:10.0071 3628 osppsvc - ok
19:55:10.0210 3628 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:55:10.0216 3628 p2pimsvc - ok
19:55:10.0268 3628 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
19:55:10.0275 3628 p2psvc - ok
19:55:10.0329 3628 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
19:55:10.0332 3628 Parport - ok
19:55:10.0369 3628 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
19:55:10.0371 3628 partmgr - ok
19:55:10.0410 3628 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
19:55:10.0415 3628 PcaSvc - ok
19:55:10.0455 3628 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
19:55:10.0458 3628 pci - ok
19:55:10.0474 3628 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
19:55:10.0475 3628 pciide - ok
19:55:10.0499 3628 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
19:55:10.0502 3628 pcmcia - ok
19:55:10.0525 3628 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:55:10.0527 3628 pcw - ok
19:55:10.0591 3628 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:55:10.0599 3628 PEAUTH - ok
19:55:10.0690 3628 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
19:55:10.0692 3628 PerfHost - ok
19:55:10.0886 3628 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
19:55:10.0905 3628 pla - ok
19:55:10.0967 3628 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
19:55:10.0974 3628 PlugPlay - ok
19:55:10.0998 3628 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
19:55:11.0002 3628 PNRPAutoReg - ok
19:55:11.0044 3628 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:55:11.0050 3628 PNRPsvc - ok
19:55:11.0122 3628 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
19:55:11.0130 3628 PolicyAgent - ok
19:55:11.0176 3628 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
19:55:11.0181 3628 Power - ok
19:55:11.0235 3628 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
19:55:11.0238 3628 PptpMiniport - ok
19:55:11.0265 3628 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
19:55:11.0267 3628 Processor - ok
19:55:11.0313 3628 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
19:55:11.0318 3628 ProfSvc - ok
19:55:11.0352 3628 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:55:11.0355 3628 ProtectedStorage - ok
19:55:11.0392 3628 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
19:55:11.0395 3628 Psched - ok
19:55:11.0523 3628 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
19:55:11.0541 3628 ql2300 - ok
19:55:11.0675 3628 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
19:55:11.0678 3628 ql40xx - ok
19:55:11.0727 3628 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
19:55:11.0733 3628 QWAVE - ok
19:55:11.0756 3628 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:55:11.0758 3628 QWAVEdrv - ok
19:55:11.0779 3628 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:55:11.0780 3628 RasAcd - ok
19:55:11.0818 3628 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:55:11.0820 3628 RasAgileVpn - ok
19:55:11.0859 3628 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
19:55:11.0865 3628 RasAuto - ok
19:55:11.0912 3628 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:55:11.0915 3628 Rasl2tp - ok
19:55:11.0955 3628 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
19:55:11.0962 3628 RasMan - ok
19:55:11.0993 3628 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:55:11.0995 3628 RasPppoe - ok
19:55:12.0013 3628 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:55:12.0015 3628 RasSstp - ok
19:55:12.0048 3628 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
19:55:12.0053 3628 rdbss - ok
19:55:12.0075 3628 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
19:55:12.0076 3628 rdpbus - ok
19:55:12.0097 3628 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:55:12.0098 3628 RDPCDD - ok
19:55:12.0114 3628 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:55:12.0115 3628 RDPENCDD - ok
19:55:12.0124 3628 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:55:12.0126 3628 RDPREFMP - ok
19:55:12.0182 3628 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
19:55:12.0186 3628 RDPWD - ok
19:55:12.0234 3628 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
19:55:12.0237 3628 rdyboost - ok
19:55:12.0274 3628 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
19:55:12.0278 3628 RemoteAccess - ok
19:55:12.0324 3628 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
19:55:12.0329 3628 RemoteRegistry - ok
19:55:12.0347 3628 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
19:55:12.0351 3628 RpcEptMapper - ok
19:55:12.0371 3628 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
19:55:12.0373 3628 RpcLocator - ok
19:55:12.0434 3628 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
19:55:12.0443 3628 RpcSs - ok
19:55:12.0477 3628 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:55:12.0479 3628 rspndr - ok
19:55:12.0532 3628 RSUSBSTOR (0e3dcf76f11dc431b088a2dfd7265cda) C:\Windows\system32\Drivers\RtsUStor.sys
19:55:12.0536 3628 RSUSBSTOR - ok
19:55:12.0565 3628 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:55:12.0567 3628 SamSs - ok
19:55:12.0593 3628 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
19:55:12.0596 3628 sbp2port - ok
19:55:12.0647 3628 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
19:55:12.0651 3628 SCardSvr - ok
19:55:12.0664 3628 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
19:55:12.0665 3628 scfilter - ok
19:55:12.0776 3628 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
19:55:12.0792 3628 Schedule - ok
19:55:12.0829 3628 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
19:55:12.0832 3628 SCPolicySvc - ok
19:55:12.0870 3628 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
19:55:12.0875 3628 SDRSVC - ok
19:55:12.0926 3628 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:55:12.0927 3628 secdrv - ok
19:55:12.0956 3628 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
19:55:12.0959 3628 seclogon - ok
19:55:12.0984 3628 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
19:55:12.0988 3628 SENS - ok
19:55:12.0996 3628 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
19:55:12.0999 3628 SensrSvc - ok
19:55:13.0026 3628 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
19:55:13.0028 3628 Serenum - ok
19:55:13.0040 3628 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
19:55:13.0043 3628 Serial - ok
19:55:13.0053 3628 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
19:55:13.0055 3628 sermouse - ok
19:55:13.0102 3628 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
19:55:13.0106 3628 SessionEnv - ok
19:55:13.0128 3628 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
19:55:13.0129 3628 sffdisk - ok
19:55:13.0147 3628 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
19:55:13.0149 3628 sffp_mmc - ok
19:55:13.0156 3628 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
19:55:13.0158 3628 sffp_sd - ok
19:55:13.0166 3628 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
19:55:13.0167 3628 sfloppy - ok
19:55:13.0243 3628 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
19:55:13.0253 3628 Sftfs - ok
19:55:13.0361 3628 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
19:55:13.0367 3628 sftlist - ok
19:55:13.0401 3628 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
19:55:13.0406 3628 Sftplay - ok
19:55:13.0438 3628 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
19:55:13.0440 3628 Sftredir - ok
19:55:13.0459 3628 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
19:55:13.0460 3628 Sftvol - ok
19:55:13.0490 3628 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
19:55:13.0494 3628 sftvsa - ok
19:55:13.0543 3628 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
19:55:13.0549 3628 SharedAccess - ok
19:55:13.0600 3628 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
19:55:13.0607 3628 ShellHWDetection - ok
19:55:13.0634 3628 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
19:55:13.0636 3628 SiSRaid2 - ok
19:55:13.0648 3628 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
19:55:13.0650 3628 SiSRaid4 - ok
19:55:13.0688 3628 SkypeUpdate (db0405d9aad62f0762e0876ac142b7e1) C:\Program Files (x86)\Skype\Updater\Updater.exe
19:55:13.0691 3628 SkypeUpdate - ok
19:55:13.0710 3628 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:55:13.0712 3628 Smb - ok
19:55:13.0749 3628 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
19:55:13.0751 3628 SNMPTRAP - ok
19:55:13.0785 3628 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:55:13.0786 3628 spldr - ok
19:55:13.0847 3628 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
19:55:13.0856 3628 Spooler - ok
19:55:14.0153 3628 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
19:55:14.0197 3628 sppsvc - ok
19:55:14.0315 3628 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
19:55:14.0319 3628 sppuinotify - ok
19:55:14.0323 3628 sptd - ok
19:55:14.0409 3628 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
19:55:14.0415 3628 srv - ok
19:55:14.0448 3628 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
19:55:14.0454 3628 srv2 - ok
19:55:14.0484 3628 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
19:55:14.0487 3628 srvnet - ok
19:55:14.0525 3628 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
19:55:14.0530 3628 SSDPSRV - ok
19:55:14.0562 3628 ssmirrdr (1100066057fbf612b573efd3b21383f1) C:\Windows\system32\DRIVERS\ssmirrdr.sys
19:55:14.0563 3628 ssmirrdr - ok
19:55:14.0596 3628 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
19:55:14.0600 3628 SstpSvc - ok
19:55:14.0712 3628 StarWindServiceAE (e5c796b621f6fba8616511063d7f0ffe) C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
19:55:14.0717 3628 StarWindServiceAE - ok
19:55:14.0748 3628 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
19:55:14.0750 3628 stexstor - ok
19:55:14.0824 3628 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
19:55:14.0834 3628 stisvc - ok
19:55:14.0856 3628 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
19:55:14.0857 3628 swenum - ok
19:55:14.0965 3628 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
19:55:14.0972 3628 SwitchBoard - ok
19:55:15.0039 3628 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
19:55:15.0048 3628 swprv - ok
19:55:15.0180 3628 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
19:55:15.0203 3628 SysMain - ok
19:55:15.0317 3628 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
19:55:15.0321 3628 TabletInputService - ok
19:55:15.0358 3628 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
19:55:15.0365 3628 TapiSrv - ok
19:55:15.0380 3628 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
19:55:15.0384 3628 TBS - ok
19:55:15.0749 3628 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
19:55:15.0772 3628 Tcpip - ok
19:55:16.0060 3628 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
19:55:16.0083 3628 TCPIP6 - ok
19:55:16.0207 3628 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
19:55:16.0209 3628 tcpipreg - ok
19:55:16.0231 3628 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:55:16.0233 3628 TDPIPE - ok
19:55:16.0260 3628 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
19:55:16.0261 3628 TDTCP - ok
19:55:16.0292 3628 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
19:55:16.0295 3628 tdx - ok
19:55:16.0333 3628 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
19:55:16.0335 3628 TermDD - ok
19:55:16.0412 3628 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
19:55:16.0423 3628 TermService - ok
19:55:16.0443 3628 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
19:55:16.0447 3628 Themes - ok
19:55:16.0475 3628 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:55:16.0478 3628 THREADORDER - ok
19:55:16.0520 3628 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
19:55:16.0525 3628 TrkWks - ok
19:55:16.0578 3628 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
19:55:16.0581 3628 TrustedInstaller - ok
19:55:16.0599 3628 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:55:16.0601 3628 tssecsrv - ok
19:55:16.0617 3628 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
19:55:16.0619 3628 TsUsbFlt - ok
19:55:16.0639 3628 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
19:55:16.0641 3628 TsUsbGD - ok
19:55:16.0664 3628 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
19:55:16.0667 3628 tunnel - ok
19:55:16.0678 3628 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
19:55:16.0680 3628 uagp35 - ok
19:55:16.0691 3628 UBHelper (a17d5e1a6df4eab0a480f2c490de4c9d) C:\Windows\system32\drivers\UBHelper.sys
19:55:16.0693 3628 UBHelper - ok
19:55:16.0745 3628 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
19:55:16.0750 3628 udfs - ok
19:55:16.0790 3628 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
19:55:16.0794 3628 UI0Detect - ok
19:55:16.0820 3628 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
19:55:16.0822 3628 uliagpkx - ok
19:55:16.0851 3628 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
19:55:16.0853 3628 umbus - ok
19:55:16.0873 3628 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
19:55:16.0874 3628 UmPass - ok
19:55:17.0099 3628 UNS (7466809e6da561d60c2f1ce8ede3c73f) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
19:55:17.0127 3628 UNS - ok
19:55:17.0268 3628 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
19:55:17.0275 3628 upnphost - ok
19:55:17.0329 3628 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
19:55:17.0332 3628 usbccgp - ok
19:55:17.0352 3628 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
19:55:17.0355 3628 usbcir - ok
19:55:17.0382 3628 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
19:55:17.0384 3628 usbehci - ok
19:55:17.0441 3628 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\drivers\usbhub.sys
19:55:17.0446 3628 usbhub - ok
19:55:17.0460 3628 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
19:55:17.0462 3628 usbohci - ok
19:55:17.0479 3628 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
19:55:17.0481 3628 usbprint - ok
19:55:17.0513 3628 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:55:17.0516 3628 USBSTOR - ok
19:55:17.0534 3628 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
19:55:17.0536 3628 usbuhci - ok
19:55:17.0563 3628 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
19:55:17.0566 3628 usbvideo - ok
19:55:17.0605 3628 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
19:55:17.0609 3628 UxSms - ok
19:55:17.0642 3628 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:55:17.0645 3628 VaultSvc - ok
19:55:17.0663 3628 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
19:55:17.0665 3628 vdrvroot - ok
19:55:17.0739 3628 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
19:55:17.0749 3628 vds - ok
19:55:17.0770 3628 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:55:17.0772 3628 vga - ok
19:55:17.0796 3628 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:55:17.0797 3628 VgaSave - ok
19:55:17.0835 3628 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
19:55:17.0838 3628 vhdmp - ok
19:55:17.0858 3628 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
19:55:17.0859 3628 viaide - ok
19:55:17.0896 3628 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
19:55:17.0898 3628 volmgr - ok
19:55:17.0945 3628 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
19:55:17.0950 3628 volmgrx - ok
19:55:17.0976 3628 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
19:55:17.0980 3628 volsnap - ok
19:55:18.0013 3628 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
19:55:18.0016 3628 vsmraid - ok
19:55:18.0154 3628 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
19:55:18.0175 3628 VSS - ok
19:55:18.0288 3628 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
19:55:18.0290 3628 vwifibus - ok
19:55:18.0306 3628 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
19:55:18.0308 3628 vwififlt - ok
19:55:18.0327 3628 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
19:55:18.0328 3628 vwifimp - ok
19:55:18.0385 3628 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
19:55:18.0393 3628 W32Time - ok
19:55:18.0416 3628 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
19:55:18.0417 3628 WacomPen - ok
19:55:18.0456 3628 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:55:18.0458 3628 WANARP - ok
19:55:18.0464 3628 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:55:18.0467 3628 Wanarpv6 - ok
19:55:18.0590 3628 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
19:55:18.0605 3628 WatAdminSvc - ok
19:55:18.0742 3628 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
19:55:18.0763 3628 wbengine - ok
19:55:18.0897 3628 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
19:55:18.0903 3628 WbioSrvc - ok
19:55:18.0950 3628 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
19:55:18.0957 3628 wcncsvc - ok
19:55:18.0993 3628 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
19:55:18.0997 3628 WcsPlugInService - ok
19:55:19.0052 3628 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
19:55:19.0053 3628 Wd - ok
19:55:19.0119 3628 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:55:19.0127 3628 Wdf01000 - ok
19:55:19.0164 3628 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:55:19.0168 3628 WdiServiceHost - ok
19:55:19.0173 3628 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:55:19.0178 3628 WdiSystemHost - ok
19:55:19.0214 3628 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
19:55:19.0220 3628 WebClient - ok
19:55:19.0251 3628 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
19:55:19.0257 3628 Wecsvc - ok
19:55:19.0297 3628 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
19:55:19.0301 3628 wercplsupport - ok
19:55:19.0319 3628 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
19:55:19.0323 3628 WerSvc - ok
19:55:19.0370 3628 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:55:19.0371 3628 WfpLwf - ok
19:55:19.0393 3628 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:55:19.0394 3628 WIMMount - ok
19:55:19.0437 3628 WinDefend - ok
19:55:19.0448 3628 WinHttpAutoProxySvc - ok
19:55:19.0530 3628 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
19:55:19.0534 3628 Winmgmt - ok
19:55:19.0701 3628 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
19:55:19.0728 3628 WinRM - ok
19:55:19.0846 3628 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
19:55:19.0848 3628 WinUsb - ok
19:55:19.0954 3628 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
19:55:19.0968 3628 Wlansvc - ok
19:55:20.0042 3628 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:55:20.0044 3628 wlcrasvc - ok
19:55:20.0276 3628 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:55:20.0304 3628 wlidsvc - ok
19:55:20.0427 3628 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
19:55:20.0428 3628 WmiAcpi - ok
19:55:20.0491 3628 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
19:55:20.0495 3628 wmiApSrv - ok
19:55:20.0550 3628 WMPNetworkSvc - ok
19:55:20.0580 3628 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
19:55:20.0583 3628 WPCSvc - ok
19:55:20.0607 3628 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
19:55:20.0611 3628 WPDBusEnum - ok
19:55:20.0633 3628 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:55:20.0634 3628 ws2ifsl - ok
19:55:20.0668 3628 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
19:55:20.0673 3628 wscsvc - ok
19:55:20.0704 3628 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
19:55:20.0705 3628 WSDPrintDevice - ok
19:55:20.0716 3628 WSDScan (4a2a5c50dd1a63577d3aca94269fbc7f) C:\Windows\system32\DRIVERS\WSDScan.sys
19:55:20.0718 3628 WSDScan - ok
19:55:20.0723 3628 WSearch - ok
19:55:20.0927 3628 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
19:55:20.0959 3628 wuauserv - ok
19:55:21.0074 3628 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
19:55:21.0076 3628 WudfPf - ok
19:55:21.0105 3628 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:55:21.0108 3628 WUDFRd - ok
19:55:21.0140 3628 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
19:55:21.0144 3628 wudfsvc - ok
19:55:21.0173 3628 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
19:55:21.0179 3628 WwanSvc - ok
19:55:21.0213 3628 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:55:21.0887 3628 \Device\Harddisk0\DR0 - ok
19:55:21.0903 3628 Boot (0x1200) (20b258c1c959c4476f8ce70f99b41828) \Device\Harddisk0\DR0\Partition0
19:55:21.0906 3628 \Device\Harddisk0\DR0\Partition0 - ok
19:55:21.0924 3628 Boot (0x1200) (384f67dedaf51d4c0153997fbb3df72e) \Device\Harddisk0\DR0\Partition1
19:55:21.0926 3628 \Device\Harddisk0\DR0\Partition1 - ok
19:55:21.0927 3628 ============================================================
19:55:21.0927 3628 Scan finished
19:55:21.0927 3628 ============================================================
19:55:21.0940 4164 Detected object count: 0
19:55:21.0940 4164 Actual detected object count: 0
19:56:14.0566 1892 Deinitialize success

And here is the aswMBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-25 20:36:23
-----------------------------
20:36:23.736 OS Version: Windows x64 6.1.7601 Service Pack 1
20:36:23.736 Number of processors: 4 586 0x2505
20:36:23.737 ComputerName: BRAD-PC UserName: Brad
20:36:26.083 Initialize success
20:36:38.928 AVAST engine defs: 12072502
20:36:45.427 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:36:45.433 Disk 0 Vendor: Hitachi_ JE3O Size: 476940MB BusType: 3
20:36:45.546 Disk 0 MBR read successfully
20:36:45.552 Disk 0 MBR scan
20:36:45.562 Disk 0 Windows 7 default MBR code
20:36:45.598 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 18432 MB offset 2048
20:36:45.637 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 37750784
20:36:45.668 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 458406 MB offset 37955584
20:36:45.839 Disk 0 scanning C:\Windows\system32\drivers
20:37:41.097 Service scanning
20:38:32.156 Modules scanning
20:38:32.157 Disk 0 trace - called modules:
20:38:32.183 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
20:38:32.185 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80083c9060]
20:38:32.185 3 CLASSPNP.SYS[fffff88001a5143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80063cc050]
20:38:34.323 AVAST engine scan C:\Windows
20:39:34.239 AVAST engine scan C:\Windows\system32
20:47:10.969 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
20:47:20.210 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
20:50:30.224 AVAST engine scan C:\Windows\system32\drivers
20:50:47.793 AVAST engine scan C:\Users\Brad
21:23:52.684 Disk 0 MBR has been saved successfully to "C:\Users\Brad\Desktop\MBR.dat"
21:23:52.684 The log file has been saved successfully to "C:\Users\Brad\Desktop\aswMBR.txt"
21:23:58.932 AVAST engine scan C:\ProgramData
21:26:22.560 Scan finished successfully
21:26:28.238 Disk 0 MBR has been saved successfully to "C:\Users\Brad\Desktop\MBR.dat"
21:26:28.253 The log file has been saved successfully to "C:\Users\Brad\Desktop\aswMBR.txt"

Unfortunately still there..

Edited by Boredley, 25 July 2012 - 11:33 PM.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:16 PM

Posted 25 July 2012 - 11:52 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Boredley

Boredley
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 26 July 2012 - 12:29 AM

I ran the CFScript without any issues and so far after running it haven't noticed abnormal. Here is the report, and thanks again for all your help.


ComboFix 12-07-26.04 - Brad 07/25/2012 21:58:55.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5815.3932 [GMT -7:00]
Running from: c:\users\Brad\Desktop\ComboFix.exe
Command switches used :: c:\users\Brad\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-06-26 to 2012-07-26 )))))))))))))))))))))))))))))))
.
.
2012-07-26 05:08 . 2012-07-26 05:08 -------- d-----w- c:\users\Joy\AppData\Local\temp
2012-07-26 05:08 . 2012-07-26 05:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-24 03:15 . 2012-07-24 03:15 -------- d-----w- c:\program files (x86)\ESET
2012-07-23 23:35 . 2012-07-23 23:37 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-07-23 23:35 . 2012-07-23 23:36 -------- d-----w- c:\programdata\PC Tools
2012-07-23 20:42 . 2012-07-24 01:05 -------- d-----w- c:\program files\Enigma Software Group
2012-07-23 20:41 . 2012-07-24 01:40 -------- d-----w- c:\windows\F896D02690164122B9BD957FF092FFE9.TMP
2012-07-23 20:41 . 2012-07-23 20:41 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-07-23 20:09 . 2012-07-24 01:07 -------- d-----w- c:\program files (x86)\PC Tools Security
2012-07-23 20:02 . 2012-07-23 20:08 -------- d-----w- c:\users\Brad\AppData\Roaming\GetRightToGo
2012-07-23 15:23 . 2012-07-24 01:05 -------- d-----w- c:\users\Brad\AppData\Roaming\Malwarebytes
2012-07-23 15:23 . 2012-07-23 15:23 -------- d-----w- c:\programdata\Malwarebytes
2012-07-23 15:23 . 2012-07-24 01:07 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-23 07:27 . 2012-07-23 07:27 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-23 05:09 . 2012-07-23 05:13 -------- d-----w- c:\program files (x86)\Real
2012-07-11 10:07 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 08:21 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-10 11:20 . 2012-07-10 11:20 -------- d-----w- c:\users\Brad\AppData\Roaming\Unity
2012-07-05 09:18 . 2012-07-23 21:29 -------- d-----w- c:\program files (x86)\Portal
2012-07-02 00:56 . 2012-07-13 02:35 -------- d-----w- c:\users\Joy\AppData\Local\Windows Live
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-23 07:23 . 2012-04-02 10:56 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-23 07:23 . 2011-08-01 07:12 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 10:02 . 2011-12-09 07:25 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-17 12:24 . 2012-06-17 12:24 61440 ----a-r- c:\users\Brad\AppData\Roaming\Microsoft\Installer\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}\ARPPRODUCTICON.exe
2012-06-17 12:23 . 2011-05-20 18:13 106496 ----a-w- c:\windows\SysWow64\ATL71.DLL
2012-06-02 22:19 . 2012-06-21 02:35 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 02:35 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 02:35 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 02:35 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 02:35 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-21 02:35 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 02:35 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 02:35 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:15 . 2012-06-21 02:35 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-05-14 11:37 . 2012-05-14 11:37 270336 ----a-w- c:\windows\SysWow64\ssleay32.dll
2012-05-14 11:37 . 2012-05-14 11:37 270336 ----a-w- c:\windows\SysWow64\libssl32.dll
2012-05-14 11:37 . 2012-05-14 11:37 1179648 ----a-w- c:\windows\SysWow64\libeay32.dll
2012-05-04 11:06 . 2012-06-13 04:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-13 04:06 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-13 04:06 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-13 04:06 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-13 04:06 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-25_22.53.24 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-07-25 23:11 55270 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-25 23:11 42648 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-12-05 18:57 . 2012-07-25 23:11 13338 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2338821148-439923472-4049080198-1001_UserData.bin
- 2011-12-05 18:58 . 2012-07-13 01:56 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-12-05 18:58 . 2012-07-26 00:03 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-12-05 18:58 . 2012-07-13 01:56 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-12-05 18:58 . 2012-07-26 00:03 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-26 00:03 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-13 01:56 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-07-25 22:52 . 2012-07-25 22:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-26 05:09 . 2012-07-26 05:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-26 05:09 . 2012-07-26 05:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-25 22:52 . 2012-07-25 22:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-04 18:55 . 2012-07-26 02:40 313192 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2009-07-14 02:36 . 2012-07-25 21:42 633770 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-26 02:42 633770 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-07-25 21:42 111114 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-07-26 02:42 111114 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-07-26 05:08 390380 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-07-25 22:51 390380 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-12-05 20:20 . 2012-07-25 22:51 2287364 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2338821148-439923472-4049080198-1001-8192.dat
+ 2011-12-05 20:20 . 2012-07-26 05:08 2287364 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2338821148-439923472-4049080198-1001-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\Brad\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-13 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2011-04-02 340848]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2011-03-29 408432]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2011-03-29 202608]
"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2012-01-05 296984]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-07-01 1103440]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-12-09 74752]
"Nikon Message Center 2"="c:\program files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe" [2011-10-30 571392]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-03-03 140640]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
c:\users\Brad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2012-3-6 576000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-31 136176]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-15 158856]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-04-02 173424]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-31 136176]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-09-22 243712]
R3 ssmirrdr;ssmirrdr;c:\windows\system32\DRIVERS\ssmirrdr.sys [2011-03-15 10112]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-07 1255736]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2011-08-01 22648]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2011-08-01 20520]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2011-08-01 62776]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-02-24 191616]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-07-05 5160568]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-07-01 353360]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2011-05-10 872552]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2011-05-26 29696]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2011-04-22 244624]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2012-01-05 256536]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2011-04-05 142632]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2011-01-17 412712]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-26 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2338821148-439923472-4049080198-1001Core.job
- c:\users\Brad\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-02 00:44]
.
2012-07-26 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2338821148-439923472-4049080198-1001UA.job
- c:\users\Brad\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-02 00:44]
.
2012-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-31 02:35]
.
2012-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-31 02:35]
.
2012-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2338821148-439923472-4049080198-1001Core.job
- c:\users\Brad\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-03 21:50]
.
2012-07-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2338821148-439923472-4049080198-1001UA.job
- c:\users\Brad\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-03 21:50]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-02-18 11779176]
"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-05-10 1831528]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-16 499608]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-11 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-11 392984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-11 417560]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2338821148-439923472-4049080198-1001\Software\SecuROM\License information*]
"datasecu"=hex:2e,be,2f,2d,89,04,58,15,f2,70,44,2d,d4,4c,ab,a3,35,1f,95,08,15,
00,19,32,d0,f1,85,b4,77,56,c2,da,27,c8,c7,82,27,19,78,9d,3d,bc,a0,18,41,0d,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Launch Manager\LMutilps32.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
.
**************************************************************************
.
Completion time: 2012-07-25 22:18:31 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-26 05:18
ComboFix2.txt 2012-07-25 23:02
.
Pre-Run: 277,771,898,880 bytes free
Post-Run: 277,829,910,528 bytes free
.
- - End Of File - - EC01022B37D5662DABC2C3357976D425

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:16 PM

Posted 26 July 2012 - 01:02 AM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

µTorrent
Java™ 6 Update 22
Java™ 6 Update 31
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Boredley

Boredley
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 26 July 2012 - 02:16 AM

So far i haven't run into a single hiccup after we ran the script on ComboFix. Everything seems like it's working properly and efficiently. Here is the scan from MBAM:

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.26.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Brad :: BRAD-PC [administrator]

Protection: Disabled

7/25/2012 11:59:55 PM
mbam-log-2012-07-25 (23-59-55).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 216092
Time elapsed: 2 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

and here is the HijackThis scan:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:10:42 AM, on 7/26/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files (x86)\AVG\AVG2012\avgcfgex.exe
C:\Users\Brad\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Brad\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKUS\S-1-5-18\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EgisTec Ticket Service - Egis Technology Inc. - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI IScheduleSvc - NTI Corporation - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12718 bytes

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:16 PM

Posted 26 July 2012 - 02:33 AM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
      O4 - HKLM\..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
      O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
      O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
      O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Brad\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
      O4 - Startup: MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Boredley

Boredley
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 26 July 2012 - 02:58 PM

ESET Scan found some things unfortunately...


C:\Qoobox\Quarantine\C\Windows\Installer\{68001dc5-c06f-89a2-ff6e-a5d91ee8a271}\U\00000008.@.vir Win64/Agent.BA trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{68001dc5-c06f-89a2-ff6e-a5d91ee8a271}\U\80000032.@.vir a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\System32\services.exe.vir Win64/Patched.A.Gen trojan

still running really well though.. none of the symptoms are showing. running smooth.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:16 PM

Posted 26 July 2012 - 03:06 PM

Hello

The Online scan looks very good!! It is only reporting backups created during the course of this fix!!


C:\Qoobox\Quarantine\<-- combofix


Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wrong time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.
:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standard today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.


  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)

    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Boredley

Boredley
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 27 July 2012 - 04:31 PM

Thank you so much for all your help

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:16 PM

Posted 27 July 2012 - 06:15 PM

you are more than welcome and glad I was able to help


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:16 PM

Posted 29 July 2012 - 11:22 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users