Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus helppppp


  • This topic is locked This topic is locked
19 replies to this topic

#1 americanjohn500

americanjohn500

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:03 AM

Posted 07 August 2012 - 03:12 AM

Hi. Similar to this http://www.bleepingcomputer.com/forums/topic461572.html, I have a virus that keeps popping up on my computer to install Adobe Flash.

I will post my scan results below:

TDSSkiller:

22:18:00.0241 1808 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
22:18:02.0254 1808 ============================================================
22:18:02.0254 1808 Current date / time: 2012/08/06 22:18:02.0254
22:18:02.0254 1808 SystemInfo:
22:18:02.0254 1808
22:18:02.0254 1808 OS Version: 6.1.7601 ServicePack: 1.0
22:18:02.0254 1808 Product type: Workstation
22:18:02.0254 1808 ComputerName: JOHNTRAN
22:18:02.0254 1808 UserName: John Tran
22:18:02.0254 1808 Windows directory: C:\windows
22:18:02.0254 1808 System windows directory: C:\windows
22:18:02.0254 1808 Running under WOW64
22:18:02.0254 1808 Processor architecture: Intel x64
22:18:02.0254 1808 Number of processors: 2
22:18:02.0254 1808 Page size: 0x1000
22:18:02.0254 1808 Boot type: Normal boot
22:18:02.0254 1808 ============================================================
22:18:03.0721 1808 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:18:03.0737 1808 ============================================================
22:18:03.0737 1808 \Device\Harddisk0\DR0:
22:18:03.0737 1808 MBR partitions:
22:18:03.0737 1808 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x235D7000
22:18:03.0737 1808 ============================================================
22:18:03.0784 1808 C: <-> \Device\Harddisk0\DR0\Partition0
22:18:03.0784 1808 ============================================================
22:18:03.0784 1808 Initialize success
22:18:03.0784 1808 ============================================================
22:18:05.0827 2940 ============================================================
22:18:05.0827 2940 Scan started
22:18:05.0827 2940 Mode: Manual;
22:18:05.0827 2940 ============================================================
22:18:07.0793 2940 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
22:18:07.0793 2940 1394ohci - ok
22:18:07.0855 2940 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
22:18:07.0855 2940 ACPI - ok
22:18:07.0886 2940 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
22:18:07.0902 2940 AcpiPmi - ok
22:18:08.0027 2940 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:18:08.0027 2940 AdobeARMservice - ok
22:18:08.0105 2940 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
22:18:08.0120 2940 adp94xx - ok
22:18:08.0230 2940 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
22:18:08.0292 2940 adpahci - ok
22:18:08.0386 2940 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
22:18:08.0386 2940 adpu320 - ok
22:18:08.0464 2940 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
22:18:08.0479 2940 AeLookupSvc - ok
22:18:08.0588 2940 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
22:18:08.0604 2940 AFD - ok
22:18:08.0682 2940 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
22:18:08.0698 2940 agp440 - ok
22:18:08.0760 2940 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
22:18:08.0776 2940 ALG - ok
22:18:08.0791 2940 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
22:18:08.0807 2940 aliide - ok
22:18:08.0869 2940 AMD External Events Utility (2f2e91fd092811353c3bc968bec274d8) C:\windows\system32\atiesrxx.exe
22:18:08.0885 2940 AMD External Events Utility - ok
22:18:08.0916 2940 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
22:18:08.0916 2940 amdide - ok
22:18:08.0947 2940 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
22:18:08.0963 2940 AmdK8 - ok
22:18:10.0008 2940 amdkmdag (194d76d2083318a2e7071a988e02ecf4) C:\windows\system32\DRIVERS\atikmdag.sys
22:18:10.0133 2940 amdkmdag - ok
22:18:10.0320 2940 amdkmdap (1eeffce9a3a65a56a28793eaa3f57026) C:\windows\system32\DRIVERS\atikmpag.sys
22:18:10.0336 2940 amdkmdap - ok
22:18:10.0367 2940 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
22:18:10.0367 2940 AmdPPM - ok
22:18:10.0414 2940 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
22:18:10.0414 2940 amdsata - ok
22:18:10.0460 2940 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
22:18:10.0460 2940 amdsbs - ok
22:18:10.0492 2940 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
22:18:10.0492 2940 amdxata - ok
22:18:10.0523 2940 amd_sata (caee7c1afc9f1c9ee8dd11acd18d22e7) C:\windows\system32\DRIVERS\amd_sata.sys
22:18:10.0538 2940 amd_sata - ok
22:18:10.0570 2940 amd_xata (23726116b4fbcc84fc45b95157c08f5f) C:\windows\system32\DRIVERS\amd_xata.sys
22:18:10.0570 2940 amd_xata - ok
22:18:10.0632 2940 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
22:18:10.0632 2940 AppID - ok
22:18:10.0679 2940 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
22:18:10.0679 2940 AppIDSvc - ok
22:18:10.0710 2940 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
22:18:10.0726 2940 Appinfo - ok
22:18:10.0835 2940 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:18:10.0835 2940 Apple Mobile Device - ok
22:18:10.0882 2940 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
22:18:10.0882 2940 arc - ok
22:18:10.0913 2940 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
22:18:10.0913 2940 arcsas - ok
22:18:11.0022 2940 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:18:11.0022 2940 aspnet_state - ok
22:18:11.0053 2940 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
22:18:11.0053 2940 AsyncMac - ok
22:18:11.0100 2940 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
22:18:11.0100 2940 atapi - ok
22:18:11.0194 2940 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
22:18:11.0209 2940 AudioEndpointBuilder - ok
22:18:11.0225 2940 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
22:18:11.0240 2940 AudioSrv - ok
22:18:11.0911 2940 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
22:18:11.0989 2940 AVGIDSAgent - ok
22:18:12.0145 2940 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\windows\system32\DRIVERS\avgidsdrivera.sys
22:18:12.0145 2940 AVGIDSDriver - ok
22:18:12.0192 2940 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\windows\system32\DRIVERS\avgidsfiltera.sys
22:18:12.0192 2940 AVGIDSFilter - ok
22:18:12.0223 2940 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\windows\system32\DRIVERS\avgidsha.sys
22:18:12.0223 2940 AVGIDSHA - ok
22:18:12.0254 2940 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\windows\system32\DRIVERS\avgldx64.sys
22:18:12.0270 2940 Avgldx64 - ok
22:18:12.0301 2940 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\windows\system32\DRIVERS\avgmfx64.sys
22:18:12.0301 2940 Avgmfx64 - ok
22:18:12.0364 2940 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\windows\system32\DRIVERS\avgrkx64.sys
22:18:12.0379 2940 Avgrkx64 - ok
22:18:12.0426 2940 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\windows\system32\DRIVERS\avgtdia.sys
22:18:12.0442 2940 Avgtdia - ok
22:18:12.0582 2940 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
22:18:12.0582 2940 avgwd - ok
22:18:12.0691 2940 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
22:18:12.0707 2940 AxInstSV - ok
22:18:12.0894 2940 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
22:18:12.0925 2940 b06bdrv - ok
22:18:13.0019 2940 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
22:18:13.0034 2940 b57nd60a - ok
22:18:13.0112 2940 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
22:18:13.0128 2940 BDESVC - ok
22:18:13.0159 2940 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
22:18:13.0175 2940 Beep - ok
22:18:13.0206 2940 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
22:18:13.0206 2940 blbdrive - ok
22:18:13.0378 2940 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
22:18:13.0393 2940 Bonjour Service - ok
22:18:13.0440 2940 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
22:18:13.0456 2940 bowser - ok
22:18:13.0502 2940 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
22:18:13.0534 2940 BrFiltLo - ok
22:18:13.0580 2940 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
22:18:13.0768 2940 BrFiltUp - ok
22:18:13.0892 2940 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
22:18:13.0924 2940 Browser - ok
22:18:13.0970 2940 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
22:18:13.0986 2940 Brserid - ok
22:18:14.0002 2940 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
22:18:14.0017 2940 BrSerWdm - ok
22:18:14.0017 2940 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
22:18:14.0033 2940 BrUsbMdm - ok
22:18:14.0048 2940 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
22:18:14.0064 2940 BrUsbSer - ok
22:18:14.0095 2940 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
22:18:14.0111 2940 BTHMODEM - ok
22:18:14.0236 2940 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
22:18:14.0251 2940 bthserv - ok
22:18:14.0298 2940 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
22:18:14.0314 2940 cdfs - ok
22:18:14.0392 2940 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
22:18:14.0392 2940 cdrom - ok
22:18:14.0470 2940 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
22:18:14.0485 2940 CertPropSvc - ok
22:18:14.0532 2940 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
22:18:14.0532 2940 circlass - ok
22:18:14.0610 2940 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
22:18:14.0610 2940 CLFS - ok
22:18:14.0688 2940 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:18:14.0688 2940 clr_optimization_v2.0.50727_32 - ok
22:18:14.0735 2940 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:18:14.0750 2940 clr_optimization_v2.0.50727_64 - ok
22:18:14.0828 2940 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:18:14.0844 2940 clr_optimization_v4.0.30319_32 - ok
22:18:14.0906 2940 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:18:14.0906 2940 clr_optimization_v4.0.30319_64 - ok
22:18:14.0938 2940 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
22:18:14.0938 2940 CmBatt - ok
22:18:14.0969 2940 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
22:18:14.0969 2940 cmdide - ok
22:18:15.0047 2940 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\windows\system32\Drivers\cng.sys
22:18:15.0062 2940 CNG - ok
22:18:15.0265 2940 CnxtHdAudService (99b1b888b793de320c5479b3c953781f) C:\windows\system32\drivers\CHDRT64.sys
22:18:15.0296 2940 CnxtHdAudService - ok
22:18:15.0452 2940 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
22:18:15.0468 2940 Compbatt - ok
22:18:15.0499 2940 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys
22:18:15.0499 2940 CompositeBus - ok
22:18:15.0515 2940 COMSysApp - ok
22:18:15.0577 2940 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
22:18:15.0577 2940 crcdisk - ok
22:18:15.0750 2940 CryptSvc (4f5414602e2544a4554d95517948b705) C:\windows\system32\cryptsvc.dll
22:18:15.0765 2940 CryptSvc - ok
22:18:15.0890 2940 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
22:18:15.0921 2940 DcomLaunch - ok
22:18:16.0015 2940 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
22:18:16.0015 2940 defragsvc - ok
22:18:16.0062 2940 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
22:18:16.0062 2940 DfsC - ok
22:18:16.0140 2940 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
22:18:16.0155 2940 Dhcp - ok
22:18:16.0187 2940 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
22:18:16.0187 2940 discache - ok
22:18:16.0233 2940 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
22:18:16.0233 2940 Disk - ok
22:18:16.0327 2940 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
22:18:16.0327 2940 Dnscache - ok
22:18:16.0389 2940 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
22:18:16.0389 2940 dot3svc - ok
22:18:16.0436 2940 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
22:18:16.0436 2940 DPS - ok
22:18:16.0483 2940 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
22:18:16.0499 2940 drmkaud - ok
22:18:16.0623 2940 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
22:18:16.0639 2940 DXGKrnl - ok
22:18:16.0686 2940 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
22:18:16.0701 2940 EapHost - ok
22:18:17.0029 2940 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
22:18:17.0076 2940 ebdrv - ok
22:18:17.0216 2940 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
22:18:17.0216 2940 EFS - ok
22:18:17.0341 2940 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
22:18:17.0357 2940 ehRecvr - ok
22:18:17.0403 2940 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
22:18:17.0419 2940 ehSched - ok
22:18:17.0591 2940 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
22:18:17.0606 2940 elxstor - ok
22:18:17.0622 2940 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
22:18:17.0622 2940 ErrDev - ok
22:18:18.0027 2940 ETD (5d82d501d2fee413b1f45f0302b5802c) C:\windows\system32\DRIVERS\ETD.sys
22:18:18.0027 2940 ETD - ok
22:18:18.0105 2940 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
22:18:18.0105 2940 EventSystem - ok
22:18:18.0168 2940 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
22:18:18.0183 2940 exfat - ok
22:18:18.0199 2940 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
22:18:18.0215 2940 fastfat - ok
22:18:18.0293 2940 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
22:18:18.0308 2940 Fax - ok
22:18:18.0355 2940 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
22:18:18.0355 2940 fdc - ok
22:18:18.0386 2940 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
22:18:18.0402 2940 fdPHost - ok
22:18:18.0433 2940 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
22:18:18.0433 2940 FDResPub - ok
22:18:18.0464 2940 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
22:18:18.0464 2940 FileInfo - ok
22:18:18.0495 2940 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
22:18:18.0495 2940 Filetrace - ok
22:18:18.0542 2940 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
22:18:18.0558 2940 flpydisk - ok
22:18:18.0605 2940 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
22:18:18.0620 2940 FltMgr - ok
22:18:18.0761 2940 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
22:18:18.0792 2940 FontCache - ok
22:18:18.0839 2940 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:18:18.0839 2940 FontCache3.0.0.0 - ok
22:18:18.0885 2940 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
22:18:18.0885 2940 FsDepends - ok
22:18:18.0932 2940 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
22:18:18.0932 2940 Fs_Rec - ok
22:18:18.0979 2940 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
22:18:18.0979 2940 fvevol - ok
22:18:19.0010 2940 FwLnk (60acb128e64c35c2b4e4aab1b0a5c293) C:\windows\system32\DRIVERS\FwLnk.sys
22:18:19.0026 2940 FwLnk - ok
22:18:19.0073 2940 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
22:18:19.0088 2940 gagp30kx - ok
22:18:19.0166 2940 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
22:18:19.0182 2940 GEARAspiWDM - ok
22:18:19.0275 2940 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
22:18:19.0291 2940 gpsvc - ok
22:18:19.0385 2940 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:18:19.0400 2940 gupdate - ok
22:18:19.0416 2940 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:18:19.0416 2940 gupdatem - ok
22:18:19.0447 2940 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
22:18:19.0447 2940 hcw85cir - ok
22:18:19.0509 2940 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
22:18:19.0525 2940 HdAudAddService - ok
22:18:19.0634 2940 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys
22:18:19.0650 2940 HDAudBus - ok
22:18:19.0712 2940 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
22:18:19.0712 2940 HidBatt - ok
22:18:19.0743 2940 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
22:18:19.0759 2940 HidBth - ok
22:18:19.0775 2940 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
22:18:19.0775 2940 HidIr - ok
22:18:19.0821 2940 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\system32\hidserv.dll
22:18:19.0821 2940 hidserv - ok
22:18:19.0868 2940 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
22:18:19.0868 2940 HidUsb - ok
22:18:19.0931 2940 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
22:18:19.0931 2940 hkmsvc - ok
22:18:19.0977 2940 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
22:18:19.0993 2940 HomeGroupListener - ok
22:18:20.0040 2940 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
22:18:20.0055 2940 HomeGroupProvider - ok
22:18:20.0087 2940 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
22:18:20.0102 2940 HpSAMD - ok
22:18:20.0211 2940 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
22:18:20.0227 2940 HTTP - ok
22:18:20.0258 2940 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
22:18:20.0258 2940 hwpolicy - ok
22:18:20.0321 2940 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
22:18:20.0321 2940 i8042prt - ok
22:18:20.0383 2940 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
22:18:20.0399 2940 iaStorV - ok
22:18:20.0570 2940 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:18:20.0586 2940 idsvc - ok
22:18:20.0633 2940 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
22:18:20.0633 2940 iirsp - ok
22:18:20.0757 2940 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
22:18:20.0789 2940 IKEEXT - ok
22:18:20.0804 2940 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
22:18:20.0804 2940 intelide - ok
22:18:20.0867 2940 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\drivers\intelppm.sys
22:18:20.0867 2940 intelppm - ok
22:18:20.0898 2940 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
22:18:20.0898 2940 IPBusEnum - ok
22:18:20.0929 2940 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
22:18:20.0945 2940 IpFilterDriver - ok
22:18:20.0960 2940 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
22:18:20.0960 2940 IPMIDRV - ok
22:18:21.0007 2940 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
22:18:21.0007 2940 IPNAT - ok
22:18:21.0163 2940 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
22:18:21.0179 2940 iPod Service - ok
22:18:21.0225 2940 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
22:18:21.0225 2940 IRENUM - ok
22:18:21.0272 2940 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
22:18:21.0272 2940 isapnp - ok
22:18:21.0319 2940 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
22:18:21.0335 2940 iScsiPrt - ok
22:18:21.0366 2940 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
22:18:21.0366 2940 kbdclass - ok
22:18:21.0397 2940 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
22:18:21.0413 2940 kbdhid - ok
22:18:21.0459 2940 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
22:18:21.0459 2940 KeyIso - ok
22:18:21.0553 2940 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\windows\system32\Drivers\ksecdd.sys
22:18:21.0569 2940 KSecDD - ok
22:18:21.0631 2940 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\windows\system32\Drivers\ksecpkg.sys
22:18:21.0631 2940 KSecPkg - ok
22:18:21.0678 2940 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
22:18:21.0693 2940 ksthunk - ok
22:18:21.0849 2940 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
22:18:21.0865 2940 KtmRm - ok
22:18:21.0912 2940 L1C (0e154da6ca9105354a07d0c576804037) C:\windows\system32\DRIVERS\L1C62x64.sys
22:18:21.0912 2940 L1C - ok
22:18:22.0005 2940 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\system32\srvsvc.dll
22:18:22.0005 2940 LanmanServer - ok
22:18:22.0037 2940 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
22:18:22.0052 2940 LanmanWorkstation - ok
22:18:22.0083 2940 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
22:18:22.0099 2940 lltdio - ok
22:18:22.0177 2940 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
22:18:22.0177 2940 lltdsvc - ok
22:18:22.0208 2940 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
22:18:22.0224 2940 lmhosts - ok
22:18:22.0286 2940 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
22:18:22.0286 2940 LSI_FC - ok
22:18:22.0317 2940 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
22:18:22.0333 2940 LSI_SAS - ok
22:18:22.0349 2940 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
22:18:22.0349 2940 LSI_SAS2 - ok
22:18:22.0395 2940 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
22:18:22.0395 2940 LSI_SCSI - ok
22:18:22.0458 2940 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
22:18:22.0458 2940 luafv - ok
22:18:22.0505 2940 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
22:18:22.0505 2940 Mcx2Svc - ok
22:18:22.0520 2940 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
22:18:22.0536 2940 megasas - ok
22:18:22.0583 2940 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
22:18:22.0583 2940 MegaSR - ok
22:18:22.0692 2940 Microsoft SharePoint Workspace Audit Service - ok
22:18:22.0723 2940 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
22:18:22.0739 2940 MMCSS - ok
22:18:22.0754 2940 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
22:18:22.0770 2940 Modem - ok
22:18:22.0817 2940 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
22:18:22.0817 2940 monitor - ok
22:18:22.0848 2940 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
22:18:22.0863 2940 mouclass - ok
22:18:22.0895 2940 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
22:18:22.0895 2940 mouhid - ok
22:18:22.0926 2940 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
22:18:22.0926 2940 mountmgr - ok
22:18:23.0004 2940 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\windows\system32\DRIVERS\MpFilter.sys
22:18:23.0019 2940 MpFilter - ok
22:18:23.0066 2940 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
22:18:23.0066 2940 mpio - ok
22:18:23.0097 2940 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
22:18:23.0113 2940 mpsdrv - ok
22:18:23.0144 2940 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
22:18:23.0160 2940 MRxDAV - ok
22:18:23.0207 2940 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
22:18:23.0207 2940 mrxsmb - ok
22:18:23.0238 2940 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
22:18:23.0253 2940 mrxsmb10 - ok
22:18:23.0285 2940 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
22:18:23.0285 2940 mrxsmb20 - ok
22:18:23.0300 2940 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
22:18:23.0316 2940 msahci - ok
22:18:23.0363 2940 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
22:18:23.0425 2940 msdsm - ok
22:18:23.0487 2940 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
22:18:23.0503 2940 MSDTC - ok
22:18:23.0581 2940 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
22:18:23.0581 2940 Msfs - ok
22:18:23.0612 2940 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
22:18:23.0612 2940 mshidkmdf - ok
22:18:23.0643 2940 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
22:18:23.0659 2940 msisadrv - ok
22:18:23.0737 2940 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
22:18:23.0753 2940 MSiSCSI - ok
22:18:23.0753 2940 msiserver - ok
22:18:23.0847 2940 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
22:18:23.0863 2940 MSKSSRV - ok
22:18:23.0910 2940 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
22:18:23.0910 2940 MSPCLOCK - ok
22:18:23.0941 2940 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
22:18:23.0941 2940 MSPQM - ok
22:18:24.0003 2940 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
22:18:24.0019 2940 MsRPC - ok
22:18:24.0050 2940 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
22:18:24.0050 2940 mssmbios - ok
22:18:24.0081 2940 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
22:18:24.0081 2940 MSTEE - ok
22:18:24.0097 2940 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
22:18:24.0112 2940 MTConfig - ok
22:18:24.0144 2940 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
22:18:24.0144 2940 Mup - ok
22:18:24.0222 2940 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
22:18:24.0237 2940 napagent - ok
22:18:24.0331 2940 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
22:18:24.0331 2940 NativeWifiP - ok
22:18:24.0456 2940 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
22:18:24.0487 2940 NDIS - ok
22:18:24.0518 2940 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
22:18:24.0534 2940 NdisCap - ok
22:18:24.0580 2940 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
22:18:24.0580 2940 NdisTapi - ok
22:18:24.0612 2940 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
22:18:24.0627 2940 Ndisuio - ok
22:18:24.0674 2940 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
22:18:24.0674 2940 NdisWan - ok
22:18:24.0705 2940 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
22:18:24.0705 2940 NDProxy - ok
22:18:24.0752 2940 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
22:18:24.0752 2940 NetBIOS - ok
22:18:24.0799 2940 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
22:18:24.0814 2940 NetBT - ok
22:18:24.0846 2940 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
22:18:24.0846 2940 Netlogon - ok
22:18:24.0924 2940 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
22:18:24.0924 2940 Netman - ok
22:18:25.0033 2940 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:18:25.0033 2940 NetMsmqActivator - ok
22:18:25.0049 2940 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:18:25.0049 2940 NetPipeActivator - ok
22:18:25.0142 2940 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
22:18:25.0158 2940 netprofm - ok
22:18:25.0189 2940 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:18:25.0189 2940 NetTcpActivator - ok
22:18:25.0205 2940 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:18:25.0205 2940 NetTcpPortSharing - ok
22:18:25.0298 2940 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
22:18:25.0314 2940 nfrd960 - ok
22:18:25.0376 2940 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\windows\system32\DRIVERS\NisDrvWFP.sys
22:18:25.0392 2940 NisDrv - ok
22:18:25.0501 2940 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
22:18:25.0517 2940 NisSrv - ok
22:18:25.0626 2940 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
22:18:25.0641 2940 NlaSvc - ok
22:18:25.0688 2940 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
22:18:25.0704 2940 Npfs - ok
22:18:25.0735 2940 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
22:18:25.0751 2940 nsi - ok
22:18:25.0797 2940 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
22:18:25.0797 2940 nsiproxy - ok
22:18:26.0094 2940 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
22:18:26.0125 2940 Ntfs - ok
22:18:26.0297 2940 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
22:18:26.0297 2940 Null - ok
22:18:26.0343 2940 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
22:18:26.0343 2940 nvraid - ok
22:18:26.0375 2940 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
22:18:26.0390 2940 nvstor - ok
22:18:26.0421 2940 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
22:18:26.0421 2940 nv_agp - ok
22:18:26.0437 2940 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
22:18:26.0453 2940 ohci1394 - ok
22:18:26.0546 2940 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:18:26.0546 2940 ose - ok
22:18:27.0093 2940 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:18:27.0156 2940 osppsvc - ok
22:18:27.0374 2940 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
22:18:27.0390 2940 p2pimsvc - ok
22:18:27.0452 2940 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
22:18:27.0468 2940 p2psvc - ok
22:18:27.0577 2940 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
22:18:27.0577 2940 Parport - ok
22:18:27.0655 2940 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys
22:18:27.0655 2940 partmgr - ok
22:18:27.0717 2940 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
22:18:27.0733 2940 PcaSvc - ok
22:18:27.0842 2940 PCCUJobMgr (2f86be1818c2d7ac90478e3323ee7fcb) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
22:18:27.0842 2940 PCCUJobMgr - ok
22:18:27.0904 2940 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
22:18:27.0904 2940 pci - ok
22:18:27.0936 2940 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
22:18:27.0936 2940 pciide - ok
22:18:27.0982 2940 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
22:18:27.0982 2940 pcmcia - ok
22:18:28.0029 2940 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
22:18:28.0045 2940 pcw - ok
22:18:28.0341 2940 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
22:18:28.0404 2940 PEAUTH - ok
22:18:28.0482 2940 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
22:18:28.0497 2940 PerfHost - ok
22:18:28.0591 2940 PGEffect (91111cebbde8015e822c46120ed9537c) C:\windows\system32\DRIVERS\pgeffect.sys
22:18:28.0591 2940 PGEffect - ok
22:18:28.0762 2940 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
22:18:28.0809 2940 pla - ok
22:18:28.0887 2940 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
22:18:28.0903 2940 PlugPlay - ok
22:18:28.0934 2940 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
22:18:28.0950 2940 PNRPAutoReg - ok
22:18:28.0996 2940 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
22:18:28.0996 2940 PNRPsvc - ok
22:18:29.0090 2940 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
22:18:29.0106 2940 PolicyAgent - ok
22:18:29.0168 2940 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
22:18:29.0168 2940 Power - ok
22:18:29.0230 2940 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
22:18:29.0230 2940 PptpMiniport - ok
22:18:29.0293 2940 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
22:18:29.0293 2940 Processor - ok
22:18:29.0371 2940 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\windows\system32\profsvc.dll
22:18:29.0371 2940 ProfSvc - ok
22:18:29.0418 2940 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
22:18:29.0418 2940 ProtectedStorage - ok
22:18:29.0496 2940 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
22:18:29.0496 2940 Psched - ok
22:18:29.0776 2940 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
22:18:29.0808 2940 ql2300 - ok
22:18:29.0964 2940 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
22:18:29.0964 2940 ql40xx - ok
22:18:30.0042 2940 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
22:18:30.0057 2940 QWAVE - ok
22:18:30.0120 2940 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
22:18:30.0120 2940 QWAVEdrv - ok
22:18:30.0151 2940 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
22:18:30.0151 2940 RasAcd - ok
22:18:30.0244 2940 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
22:18:30.0260 2940 RasAgileVpn - ok
22:18:30.0307 2940 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
22:18:30.0322 2940 RasAuto - ok
22:18:30.0385 2940 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
22:18:30.0400 2940 Rasl2tp - ok
22:18:30.0463 2940 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
22:18:30.0494 2940 RasMan - ok
22:18:30.0572 2940 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
22:18:30.0572 2940 RasPppoe - ok
22:18:30.0603 2940 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
22:18:30.0603 2940 RasSstp - ok
22:18:30.0681 2940 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
22:18:30.0681 2940 rdbss - ok
22:18:30.0728 2940 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
22:18:30.0728 2940 rdpbus - ok
22:18:30.0744 2940 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
22:18:30.0759 2940 RDPCDD - ok
22:18:30.0790 2940 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
22:18:30.0806 2940 RDPENCDD - ok
22:18:30.0822 2940 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
22:18:30.0837 2940 RDPREFMP - ok
22:18:30.0884 2940 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\windows\system32\drivers\RDPWD.sys
22:18:30.0884 2940 RDPWD - ok
22:18:30.0931 2940 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
22:18:30.0962 2940 rdyboost - ok
22:18:31.0024 2940 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
22:18:31.0040 2940 RemoteAccess - ok
22:18:31.0071 2940 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
22:18:31.0087 2940 RemoteRegistry - ok
22:18:31.0134 2940 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
22:18:31.0134 2940 RpcEptMapper - ok
22:18:31.0212 2940 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
22:18:31.0212 2940 RpcLocator - ok
22:18:31.0290 2940 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
22:18:31.0305 2940 RpcSs - ok
22:18:31.0336 2940 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
22:18:31.0352 2940 rspndr - ok
22:18:31.0414 2940 RSUSBSTOR (0e3dcf76f11dc431b088a2dfd7265cda) C:\windows\system32\Drivers\RtsUStor.sys
22:18:31.0414 2940 RSUSBSTOR - ok
22:18:31.0586 2940 RTL8192Ce (64fdf4fe366ca42da2b7d9d424b6e39b) C:\windows\system32\DRIVERS\rtl8192Ce.sys
22:18:31.0617 2940 RTL8192Ce - ok
22:18:31.0664 2940 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
22:18:31.0664 2940 SamSs - ok
22:18:31.0726 2940 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
22:18:31.0726 2940 sbp2port - ok
22:18:31.0789 2940 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
22:18:31.0789 2940 SCardSvr - ok
22:18:31.0836 2940 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
22:18:31.0836 2940 scfilter - ok
22:18:31.0930 2940 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
22:18:31.0961 2940 Schedule - ok
22:18:31.0977 2940 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
22:18:31.0993 2940 SCPolicySvc - ok
22:18:32.0024 2940 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
22:18:32.0039 2940 SDRSVC - ok
22:18:32.0086 2940 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
22:18:32.0102 2940 secdrv - ok
22:18:32.0149 2940 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
22:18:32.0149 2940 seclogon - ok
22:18:32.0180 2940 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll
22:18:32.0180 2940 SENS - ok
22:18:32.0227 2940 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
22:18:32.0227 2940 SensrSvc - ok
22:18:32.0258 2940 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
22:18:32.0273 2940 Serenum - ok
22:18:32.0289 2940 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
22:18:32.0289 2940 Serial - ok
22:18:32.0305 2940 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
22:18:32.0320 2940 sermouse - ok
22:18:32.0383 2940 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
22:18:32.0398 2940 SessionEnv - ok
22:18:32.0414 2940 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
22:18:32.0429 2940 sffdisk - ok
22:18:32.0429 2940 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
22:18:32.0445 2940 sffp_mmc - ok
22:18:32.0461 2940 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
22:18:32.0476 2940 sffp_sd - ok
22:18:32.0492 2940 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
22:18:32.0492 2940 sfloppy - ok
22:18:32.0554 2940 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
22:18:32.0601 2940 ShellHWDetection - ok
22:18:32.0695 2940 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
22:18:32.0695 2940 SiSRaid2 - ok
22:18:32.0726 2940 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
22:18:32.0726 2940 SiSRaid4 - ok
22:18:32.0804 2940 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
22:18:32.0804 2940 Smb - ok
22:18:32.0866 2940 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
22:18:32.0866 2940 SNMPTRAP - ok
22:18:32.0913 2940 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
22:18:32.0913 2940 spldr - ok
22:18:32.0991 2940 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
22:18:33.0007 2940 Spooler - ok
22:18:33.0272 2940 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
22:18:33.0319 2940 sppsvc - ok
22:18:33.0615 2940 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
22:18:33.0631 2940 sppuinotify - ok
22:18:33.0771 2940 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
22:18:33.0771 2940 srv - ok
22:18:33.0849 2940 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
22:18:33.0849 2940 srv2 - ok
22:18:33.0880 2940 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
22:18:33.0880 2940 srvnet - ok
22:18:33.0943 2940 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
22:18:33.0958 2940 SSDPSRV - ok
22:18:33.0989 2940 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
22:18:33.0989 2940 SstpSvc - ok
22:18:34.0005 2940 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
22:18:34.0021 2940 stexstor - ok
22:18:34.0083 2940 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
22:18:34.0099 2940 stisvc - ok
22:18:34.0130 2940 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
22:18:34.0130 2940 swenum - ok
22:18:34.0208 2940 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
22:18:34.0223 2940 swprv - ok
22:18:34.0379 2940 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
22:18:34.0411 2940 SysMain - ok
22:18:34.0551 2940 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
22:18:34.0551 2940 TabletInputService - ok
22:18:34.0598 2940 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
22:18:34.0598 2940 TapiSrv - ok
22:18:34.0629 2940 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
22:18:34.0645 2940 TBS - ok
22:18:34.0847 2940 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys
22:18:34.0863 2940 Tcpip - ok
22:18:35.0159 2940 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys
22:18:35.0175 2940 TCPIP6 - ok
22:18:35.0347 2940 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
22:18:35.0347 2940 tcpipreg - ok
22:18:35.0378 2940 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
22:18:35.0378 2940 tdcmdpst - ok
22:18:35.0409 2940 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
22:18:35.0409 2940 TDPIPE - ok
22:18:35.0440 2940 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
22:18:35.0456 2940 TDTCP - ok
22:18:35.0487 2940 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
22:18:35.0503 2940 tdx - ok
22:18:35.0565 2940 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys
22:18:35.0581 2940 TermDD - ok
22:18:35.0752 2940 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
22:18:35.0768 2940 TermService - ok
22:18:35.0815 2940 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
22:18:35.0815 2940 Themes - ok
22:18:35.0846 2940 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
22:18:35.0861 2940 THREADORDER - ok
22:18:35.0971 2940 TMachInfo (71c321649b28638ee80a2eeb164c1dc8) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
22:18:35.0986 2940 TMachInfo - ok
22:18:36.0049 2940 TODDSrv (8e2c799d3476eac32c3ba0df7ce6af19) C:\windows\system32\TODDSrv.exe
22:18:36.0049 2940 TODDSrv - ok
22:18:36.0205 2940 TosCoSrv (1c73689b900428c7d054a41c4687f55c) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
22:18:36.0205 2940 TosCoSrv - ok
22:18:36.0298 2940 TOSHIBA HDD SSD Alert Service (29d0886cf250fcef1bf9e65ab8d2c0c8) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
22:18:36.0298 2940 TOSHIBA HDD SSD Alert Service - ok
22:18:36.0345 2940 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
22:18:36.0345 2940 TrkWks - ok
22:18:36.0423 2940 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
22:18:36.0423 2940 TrustedInstaller - ok
22:18:36.0470 2940 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
22:18:36.0470 2940 tssecsrv - ok
22:18:36.0501 2940 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
22:18:36.0517 2940 TsUsbFlt - ok
22:18:36.0517 2940 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
22:18:36.0532 2940 TsUsbGD - ok
22:18:36.0563 2940 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
22:18:36.0579 2940 tunnel - ok
22:18:36.0626 2940 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
22:18:36.0626 2940 TVALZ - ok
22:18:36.0673 2940 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
22:18:36.0673 2940 uagp35 - ok
22:18:36.0704 2940 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
22:18:36.0719 2940 udfs - ok
22:18:36.0766 2940 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
22:18:36.0766 2940 UI0Detect - ok
22:18:36.0797 2940 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
22:18:36.0797 2940 uliagpkx - ok
22:18:36.0844 2940 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
22:18:36.0844 2940 umbus - ok
22:18:36.0891 2940 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
22:18:36.0891 2940 UmPass - ok
22:18:36.0985 2940 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
22:18:37.0000 2940 upnphost - ok
22:18:37.0047 2940 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\windows\system32\Drivers\usbaapl64.sys
22:18:37.0047 2940 USBAAPL64 - ok
22:18:37.0094 2940 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
22:18:37.0094 2940 usbccgp - ok
22:18:37.0125 2940 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
22:18:37.0125 2940 usbcir - ok
22:18:37.0172 2940 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
22:18:37.0172 2940 usbehci - ok
22:18:37.0219 2940 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
22:18:37.0234 2940 usbhub - ok
22:18:37.0265 2940 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\DRIVERS\usbohci.sys
22:18:37.0265 2940 usbohci - ok
22:18:37.0312 2940 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
22:18:37.0312 2940 usbprint - ok
22:18:37.0359 2940 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
22:18:37.0375 2940 usbscan - ok
22:18:37.0390 2940 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
22:18:37.0406 2940 USBSTOR - ok
22:18:37.0406 2940 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
22:18:37.0421 2940 usbuhci - ok
22:18:37.0468 2940 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
22:18:37.0468 2940 usbvideo - ok
22:18:37.0499 2940 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
22:18:37.0499 2940 UxSms - ok
22:18:37.0577 2940 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
22:18:37.0577 2940 VaultSvc - ok
22:18:37.0671 2940 VClone (fd911873c0bb6945fa38c16e9a2b58f9) C:\windows\system32\DRIVERS\VClone.sys
22:18:37.0671 2940 VClone - ok
22:18:37.0749 2940 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
22:18:37.0749 2940 vdrvroot - ok
22:18:37.0905 2940 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
22:18:37.0921 2940 vds - ok
22:18:37.0967 2940 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
22:18:37.0983 2940 vga - ok
22:18:38.0014 2940 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
22:18:38.0030 2940 VgaSave - ok
22:18:38.0077 2940 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
22:18:38.0092 2940 vhdmp - ok
22:18:38.0092 2940 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
22:18:38.0108 2940 viaide - ok
22:18:38.0155 2940 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
22:18:38.0170 2940 volmgr - ok
22:18:38.0264 2940 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
22:18:38.0264 2940 volmgrx - ok
22:18:38.0295 2940 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\windows\system32\drivers\volsnap.sys
22:18:38.0295 2940 volsnap - ok
22:18:38.0342 2940 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
22:18:38.0357 2940 vsmraid - ok
22:18:38.0513 2940 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
22:18:38.0529 2940 VSS - ok
22:18:38.0888 2940 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
22:18:38.0888 2940 vwifibus - ok
22:18:38.0919 2940 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
22:18:38.0919 2940 vwififlt - ok
22:18:38.0981 2940 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
22:18:38.0997 2940 W32Time - ok
22:18:39.0028 2940 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
22:18:39.0044 2940 WacomPen - ok
22:18:39.0091 2940 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
22:18:39.0091 2940 WANARP - ok
22:18:39.0106 2940 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
22:18:39.0106 2940 Wanarpv6 - ok
22:18:39.0262 2940 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
22:18:39.0278 2940 WatAdminSvc - ok
22:18:39.0434 2940 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
22:18:39.0465 2940 wbengine - ok
22:18:39.0730 2940 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
22:18:39.0746 2940 WbioSrvc - ok
22:18:39.0808 2940 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
22:18:39.0824 2940 wcncsvc - ok
22:18:39.0855 2940 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
22:18:39.0886 2940 WcsPlugInService - ok
22:18:39.0964 2940 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
22:18:39.0964 2940 Wd - ok
22:18:40.0058 2940 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
22:18:40.0105 2940 Wdf01000 - ok
22:18:40.0151 2940 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
22:18:40.0151 2940 WdiServiceHost - ok
22:18:40.0167 2940 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
22:18:40.0167 2940 WdiSystemHost - ok
22:18:40.0245 2940 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
22:18:40.0245 2940 WebClient - ok
22:18:40.0292 2940 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
22:18:40.0323 2940 Wecsvc - ok
22:18:40.0448 2940 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
22:18:40.0479 2940 wercplsupport - ok
22:18:40.0526 2940 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
22:18:40.0541 2940 WerSvc - ok
22:18:40.0619 2940 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
22:18:40.0619 2940 WfpLwf - ok
22:18:40.0635 2940 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
22:18:40.0651 2940 WIMMount - ok
22:18:40.0697 2940 WinHttpAutoProxySvc - ok
22:18:40.0775 2940 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
22:18:40.0775 2940 Winmgmt - ok
22:18:40.0995 2940 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
22:18:41.0042 2940 WinRM - ok
22:18:41.0276 2940 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
22:18:41.0322 2940 Wlansvc - ok
22:18:41.0432 2940 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
22:18:41.0432 2940 wlcrasvc - ok
22:18:41.0868 2940 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:18:41.0900 2940 wlidsvc - ok
22:18:42.0071 2940 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
22:18:42.0071 2940 WmiAcpi - ok
22:18:42.0165 2940 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
22:18:42.0180 2940 wmiApSrv - ok
22:18:42.0243 2940 WMPNetworkSvc - ok
22:18:42.0274 2940 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
22:18:42.0290 2940 WPCSvc - ok
22:18:42.0321 2940 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
22:18:42.0336 2940 WPDBusEnum - ok
22:18:42.0368 2940 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
22:18:42.0368 2940 ws2ifsl - ok
22:18:42.0383 2940 WSearch - ok
22:18:42.0430 2940 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
22:18:42.0430 2940 WudfPf - ok
22:18:42.0477 2940 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
22:18:42.0477 2940 WUDFRd - ok
22:18:42.0524 2940 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
22:18:42.0539 2940 wudfsvc - ok
22:18:42.0586 2940 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
22:18:42.0602 2940 WwanSvc - ok
22:18:42.0648 2940 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
22:18:42.0960 2940 \Device\Harddisk0\DR0 - ok
22:18:42.0992 2940 Boot (0x1200) (0e8181833307af9717ce06ca6178d97c) \Device\Harddisk0\DR0\Partition0
22:18:42.0992 2940 \Device\Harddisk0\DR0\Partition0 - ok
22:18:42.0992 2940 ============================================================
22:18:42.0992 2940 Scan finished
22:18:42.0992 2940 ============================================================
22:18:43.0038 3248 Detected object count: 0
22:18:43.0038 3248 Actual detected object count: 0
22:19:16.0992 2676 ============================================================
22:19:16.0992 2676 Scan started
22:19:16.0992 2676 Mode: Manual; TDLFS;
22:19:16.0992 2676 ============================================================
22:19:18.0006 2676 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
22:19:18.0006 2676 1394ohci - ok
22:19:18.0037 2676 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
22:19:18.0053 2676 ACPI - ok
22:19:18.0068 2676 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
22:19:18.0068 2676 AcpiPmi - ok
22:19:18.0146 2676 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:19:18.0146 2676 AdobeARMservice - ok
22:19:18.0193 2676 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
22:19:18.0209 2676 adp94xx - ok
22:19:18.0271 2676 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
22:19:18.0271 2676 adpahci - ok
22:19:18.0302 2676 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
22:19:18.0302 2676 adpu320 - ok
22:19:18.0349 2676 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
22:19:18.0349 2676 AeLookupSvc - ok
22:19:18.0427 2676 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
22:19:18.0427 2676 AFD - ok
22:19:18.0474 2676 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
22:19:18.0474 2676 agp440 - ok
22:19:18.0505 2676 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
22:19:18.0505 2676 ALG - ok
22:19:18.0521 2676 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
22:19:18.0521 2676 aliide - ok
22:19:18.0568 2676 AMD External Events Utility (2f2e91fd092811353c3bc968bec274d8) C:\windows\system32\atiesrxx.exe
22:19:18.0583 2676 AMD External Events Utility - ok
22:19:18.0599 2676 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
22:19:18.0599 2676 amdide - ok
22:19:18.0614 2676 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
22:19:18.0614 2676 AmdK8 - ok
22:19:19.0285 2676 amdkmdag (194d76d2083318a2e7071a988e02ecf4) C:\windows\system32\DRIVERS\atikmdag.sys
22:19:19.0394 2676 amdkmdag - ok
22:19:19.0598 2676 amdkmdap (1eeffce9a3a65a56a28793eaa3f57026) C:\windows\system32\DRIVERS\atikmpag.sys
22:19:19.0614 2676 amdkmdap - ok
22:19:19.0676 2676 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
22:19:19.0676 2676 AmdPPM - ok
22:19:19.0723 2676 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
22:19:19.0723 2676 amdsata - ok
22:19:19.0785 2676 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
22:19:19.0801 2676 amdsbs - ok
22:19:19.0832 2676 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
22:19:19.0832 2676 amdxata - ok
22:19:19.0863 2676 amd_sata (caee7c1afc9f1c9ee8dd11acd18d22e7) C:\windows\system32\DRIVERS\amd_sata.sys
22:19:19.0863 2676 amd_sata - ok
22:19:19.0895 2676 amd_xata (23726116b4fbcc84fc45b95157c08f5f) C:\windows\system32\DRIVERS\amd_xata.sys
22:19:19.0895 2676 amd_xata - ok
22:19:19.0957 2676 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
22:19:19.0957 2676 AppID - ok
22:19:19.0988 2676 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
22:19:19.0988 2676 AppIDSvc - ok
22:19:20.0019 2676 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
22:19:20.0035 2676 Appinfo - ok
22:19:20.0160 2676 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:19:20.0160 2676 Apple Mobile Device - ok
22:19:20.0253 2676 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
22:19:20.0269 2676 arc - ok
22:19:20.0316 2676 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
22:19:20.0316 2676 arcsas - ok
22:19:20.0409 2676 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:19:20.0409 2676 aspnet_state - ok
22:19:20.0441 2676 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
22:19:20.0441 2676 AsyncMac - ok
22:19:20.0488 2676 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
22:19:20.0488 2676 atapi - ok
22:19:20.0582 2676 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
22:19:20.0598 2676 AudioEndpointBuilder - ok
22:19:20.0613 2676 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
22:19:20.0629 2676 AudioSrv - ok
22:19:21.0144 2676 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
22:19:21.0206 2676 AVGIDSAgent - ok
22:19:21.0378 2676 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\windows\system32\DRIVERS\avgidsdrivera.sys
22:19:21.0378 2676 AVGIDSDriver - ok
22:19:21.0393 2676 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\windows\system32\DRIVERS\avgidsfiltera.sys
22:19:21.0409 2676 AVGIDSFilter - ok
22:19:21.0424 2676 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\windows\system32\DRIVERS\avgidsha.sys
22:19:21.0424 2676 AVGIDSHA - ok
22:19:21.0487 2676 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\windows\system32\DRIVERS\avgldx64.sys
22:19:21.0487 2676 Avgldx64 - ok
22:19:21.0518 2676 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\windows\system32\DRIVERS\avgmfx64.sys
22:19:21.0518 2676 Avgmfx64 - ok
22:19:21.0596 2676 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\windows\system32\DRIVERS\avgrkx64.sys
22:19:21.0596 2676 Avgrkx64 - ok
22:19:22.0033 2676 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\windows\system32\DRIVERS\avgtdia.sys
22:19:22.0048 2676 Avgtdia - ok
22:19:22.0189 2676 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
22:19:22.0189 2676 avgwd - ok
22:19:22.0236 2676 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
22:19:22.0236 2676 AxInstSV - ok
22:19:22.0298 2676 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
22:19:22.0314 2676 b06bdrv - ok
22:19:22.0360 2676 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
22:19:22.0360 2676 b57nd60a - ok
22:19:22.0407 2676 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
22:19:22.0407 2676 BDESVC - ok
22:19:22.0438 2676 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
22:19:22.0438 2676 Beep - ok
22:19:22.0470 2676 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
22:19:22.0470 2676 blbdrive - ok
22:19:22.0610 2676 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
22:19:22.0610 2676 Bonjour Service - ok
22:19:22.0657 2676 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
22:19:22.0657 2676 bowser - ok
22:19:22.0688 2676 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
22:19:22.0688 2676 BrFiltLo - ok
22:19:22.0735 2676 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
22:19:22.0735 2676 BrFiltUp - ok
22:19:22.0906 2676 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
22:19:22.0906 2676 Browser - ok
22:19:22.0953 2676 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
22:19:22.0953 2676 Brserid - ok
22:19:22.0984 2676 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
22:19:22.0984 2676 BrSerWdm - ok
22:19:22.0984 2676 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
22:19:23.0000 2676 BrUsbMdm - ok
22:19:23.0016 2676 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
22:19:23.0016 2676 BrUsbSer - ok
22:19:23.0031 2676 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
22:19:23.0047 2676 BTHMODEM - ok
22:19:23.0078 2676 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
22:19:23.0078 2676 bthserv - ok
22:19:23.0140 2676 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
22:19:23.0140 2676 cdfs - ok
22:19:23.0172 2676 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
22:19:23.0187 2676 cdrom - ok
22:19:23.0218 2676 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
22:19:23.0218 2676 CertPropSvc - ok
22:19:23.0250 2676 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
22:19:23.0250 2676 circlass - ok
22:19:23.0328 2676 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
22:19:23.0343 2676 CLFS - ok
22:19:23.0421 2676 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:19:23.0421 2676 clr_optimization_v2.0.50727_32 - ok
22:19:23.0485 2676 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:19:23.0485 2676 clr_optimization_v2.0.50727_64 - ok
22:19:23.0578 2676 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:19:23.0578 2676 clr_optimization_v4.0.30319_32 - ok
22:19:23.0672 2676 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:19:23.0672 2676 clr_optimization_v4.0.30319_64 - ok
22:19:23.0719 2676 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
22:19:23.0734 2676 CmBatt - ok
22:19:23.0765 2676 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
22:19:23.0765 2676 cmdide - ok
22:19:23.0859 2676 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\windows\system32\Drivers\cng.sys
22:19:23.0859 2676 CNG - ok
22:19:24.0093 2676 CnxtHdAudService (99b1b888b793de320c5479b3c953781f) C:\windows\system32\drivers\CHDRT64.sys
22:19:24.0124 2676 CnxtHdAudService - ok
22:19:24.0280 2676 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
22:19:24.0280 2676 Compbatt - ok
22:19:24.0327 2676 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys
22:19:24.0327 2676 CompositeBus - ok
22:19:24.0343 2676 COMSysApp - ok
22:19:24.0374 2676 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
22:19:24.0374 2676 crcdisk - ok
22:19:24.0421 2676 CryptSvc (4f5414602e2544a4554d95517948b705) C:\windows\system32\cryptsvc.dll
22:19:24.0421 2676 CryptSvc - ok
22:19:24.0561 2676 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
22:19:24.0561 2676 DcomLaunch - ok
22:19:24.0639 2676 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
22:19:24.0655 2676 defragsvc - ok
22:19:24.0686 2676 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
22:19:24.0686 2676 DfsC - ok
22:19:24.0748 2676 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
22:19:24.0764 2676 Dhcp - ok
22:19:24.0826 2676 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
22:19:24.0826 2676 discache - ok
22:19:24.0873 2676 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
22:19:24.0873 2676 Disk - ok
22:19:24.0904 2676 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
22:19:24.0904 2676 Dnscache - ok
22:19:24.0998 2676 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
22:19:24.0998 2676 dot3svc - ok
22:19:25.0060 2676 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
22:19:25.0060 2676 DPS - ok
22:19:25.0091 2676 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
22:19:25.0107 2676 drmkaud - ok
22:19:25.0372 2676 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
22:19:25.0388 2676 DXGKrnl - ok
22:19:25.0481 2676 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
22:19:25.0497 2676 EapHost - ok
22:19:25.0949 2676 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
22:19:25.0996 2676 ebdrv - ok
22:19:26.0121 2676 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
22:19:26.0121 2676 EFS - ok
22:19:26.0246 2676 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
22:19:26.0246 2676 ehRecvr - ok
22:19:26.0277 2676 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
22:19:26.0293 2676 ehSched - ok
22:19:26.0402 2676 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
22:19:26.0417 2676 elxstor - ok
22:19:26.0417 2676 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
22:19:26.0433 2676 ErrDev - ok
22:19:26.0480 2676 ETD (5d82d501d2fee413b1f45f0302b5802c) C:\windows\system32\DRIVERS\ETD.sys
22:19:26.0480 2676 ETD - ok
22:19:26.0559 2676 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
22:19:26.0574 2676 EventSystem - ok
22:19:26.0621 2676 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
22:19:26.0621 2676 exfat - ok
22:19:26.0652 2676 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
22:19:26.0652 2676 fastfat - ok
22:19:26.0762 2676 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
22:19:26.0777 2676 Fax - ok
22:19:26.0793 2676 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
22:19:26.0793 2676 fdc - ok
22:19:26.0840 2676 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
22:19:26.0855 2676 fdPHost - ok
22:19:26.0886 2676 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
22:19:26.0886 2676 FDResPub - ok
22:19:26.0949 2676 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
22:19:26.0949 2676 FileInfo - ok
22:19:26.0980 2676 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
22:19:26.0996 2676 Filetrace - ok
22:19:27.0042 2676 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
22:19:27.0058 2676 flpydisk - ok
22:19:27.0437 2676 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
22:19:27.0437 2676 FltMgr - ok
22:19:27.0656 2676 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
22:19:27.0672 2676 FontCache - ok
22:19:27.0734 2676 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:19:27.0734 2676 FontCache3.0.0.0 - ok
22:19:27.0797 2676 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
22:19:27.0797 2676 FsDepends - ok
22:19:27.0828 2676 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
22:19:27.0828 2676 Fs_Rec - ok
22:19:27.0890 2676 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
22:19:27.0890 2676 fvevol - ok
22:19:27.0922 2676 FwLnk (60acb128e64c35c2b4e4aab1b0a5c293) C:\windows\system32\DRIVERS\FwLnk.sys
22:19:27.0922 2676 FwLnk - ok
22:19:27.0968 2676 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
22:19:27.0968 2676 gagp30kx - ok
22:19:28.0000 2676 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
22:19:28.0000 2676 GEARAspiWDM - ok
22:19:28.0093 2676 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
22:19:28.0109 2676 gpsvc - ok
22:19:28.0187 2676 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:19:28.0187 2676 gupdate - ok
22:19:28.0202 2676 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:19:28.0202 2676 gupdatem - ok
22:19:28.0249 2676 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
22:19:28.0249 2676 hcw85cir - ok
22:19:28.0296 2676 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
22:19:28.0312 2676 HdAudAddService - ok
22:19:28.0343 2676 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys
22:19:28.0343 2676 HDAudBus - ok
22:19:28.0374 2676 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
22:19:28.0390 2676 HidBatt - ok
22:19:28.0405 2676 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
22:19:28.0421 2676 HidBth - ok
22:19:28.0436 2676 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
22:19:28.0436 2676 HidIr - ok
22:19:28.0483 2676 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\system32\hidserv.dll
22:19:28.0483 2676 hidserv - ok
22:19:28.0530 2676 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
22:19:28.0530 2676 HidUsb - ok
22:19:28.0583 2676 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
22:19:28.0583 2676 hkmsvc - ok
22:19:28.0614 2676 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
22:19:28.0630 2676 HomeGroupListener - ok
22:19:28.0676 2676 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
22:19:28.0676 2676 HomeGroupProvider - ok
22:19:28.0723 2676 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
22:19:28.0723 2676 HpSAMD - ok
22:19:28.0801 2676 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
22:19:28.0801 2676 HTTP - ok
22:19:28.0832 2676 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
22:19:28.0832 2676 hwpolicy - ok
22:19:28.0864 2676 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
22:19:28.0864 2676 i8042prt - ok
22:19:28.0942 2676 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
22:19:28.0973 2676 iaStorV - ok
22:19:29.0160 2676 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:19:29.0160 2676 idsvc - ok
22:19:29.0207 2676 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
22:19:29.0207 2676 iirsp - ok
22:19:29.0300 2676 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
22:19:29.0316 2676 IKEEXT - ok
22:19:29.0363 2676 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
22:19:29.0363 2676 intelide - ok
22:19:29.0410 2676 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\drivers\intelppm.sys
22:19:29.0410 2676 intelppm - ok
22:19:29.0456 2676 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
22:19:29.0456 2676 IPBusEnum - ok
22:19:29.0488 2676 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
22:19:29.0488 2676 IpFilterDriver - ok
22:19:29.0566 2676 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
22:19:29.0566 2676 IPMIDRV - ok
22:19:29.0612 2676 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
22:19:29.0612 2676 IPNAT - ok
22:19:29.0800 2676 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
22:19:29.0815 2676 iPod Service - ok
22:19:29.0846 2676 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
22:19:29.0846 2676 IRENUM - ok
22:19:29.0893 2676 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
22:19:29.0893 2676 isapnp - ok
22:19:29.0940 2676 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
22:19:29.0940 2676 iScsiPrt - ok
22:19:29.0971 2676 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
22:19:29.0971 2676 kbdclass - ok
22:19:30.0002 2676 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
22:19:30.0002 2676 kbdhid - ok
22:19:30.0034 2676 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
22:19:30.0034 2676 KeyIso - ok
22:19:30.0080 2676 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\windows\system32\Drivers\ksecdd.sys
22:19:30.0096 2676 KSecDD - ok
22:19:30.0143 2676 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\windows\system32\Drivers\ksecpkg.sys
22:19:30.0143 2676 KSecPkg - ok
22:19:30.0174 2676 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
22:19:30.0190 2676 ksthunk - ok
22:19:30.0252 2676 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
22:19:30.0268 2676 KtmRm - ok
22:19:30.0299 2676 L1C (0e154da6ca9105354a07d0c576804037) C:\windows\system32\DRIVERS\L1C62x64.sys
22:19:30.0314 2676 L1C - ok
22:19:30.0361 2676 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\system32\srvsvc.dll
22:19:30.0361 2676 LanmanServer - ok
22:19:30.0424 2676 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
22:19:30.0424 2676 LanmanWorkstation - ok
22:19:30.0470 2676 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
22:19:30.0486 2676 lltdio - ok
22:19:30.0548 2676 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
22:19:30.0564 2676 lltdsvc - ok
22:19:30.0595 2676 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
22:19:30.0595 2676 lmhosts - ok
22:19:30.0673 2676 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
22:19:30.0673 2676 LSI_FC - ok
22:19:30.0689 2676 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
22:19:30.0689 2676 LSI_SAS - ok
22:19:30.0720 2676 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
22:19:30.0720 2676 LSI_SAS2 - ok
22:19:30.0751 2676 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
22:19:30.0767 2676 LSI_SCSI - ok
22:19:30.0798 2676 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
22:19:30.0798 2676 luafv - ok
22:19:30.0845 2676 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
22:19:30.0860 2676 Mcx2Svc - ok
22:19:30.0876 2676 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
22:19:30.0876 2676 megasas - ok
22:19:30.0954 2676 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
22:19:30.0970 2676 MegaSR - ok
22:19:31.0063 2676 Microsoft SharePoint Workspace Audit Service - ok
22:19:31.0126 2676 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
22:19:31.0126 2676 MMCSS - ok
22:19:31.0157 2676 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
22:19:31.0157 2676 Modem - ok
22:19:31.0204 2676 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
22:19:31.0204 2676 monitor - ok
22:19:31.0235 2676 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
22:19:31.0250 2676 mouclass - ok
22:19:31.0282 2676 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
22:19:31.0282 2676 mouhid - ok
22:19:31.0344 2676 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
22:19:31.0344 2676 mountmgr - ok
22:19:31.0406 2676 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\windows\system32\DRIVERS\MpFilter.sys
22:19:31.0406 2676 MpFilter - ok
22:19:31.0469 2676 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
22:19:31.0469 2676 mpio - ok
22:19:31.0516 2676 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
22:19:31.0516 2676 mpsdrv - ok
22:19:31.0610 2676 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
22:19:31.0626 2676 MRxDAV - ok
22:19:31.0751 2676 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
22:19:31.0766 2676 mrxsmb - ok
22:19:31.0829 2676 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
22:19:31.0829 2676 mrxsmb10 - ok
22:19:31.0875 2676 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
22:19:31.0891 2676 mrxsmb20 - ok
22:19:31.0922 2676 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
22:19:31.0938 2676 msahci - ok
22:19:31.0969 2676 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
22:19:31.0969 2676 msdsm - ok
22:19:32.0016 2676 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
22:19:32.0016 2676 MSDTC - ok
22:19:32.0063 2676 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
22:19:32.0063 2676 Msfs - ok
22:19:32.0078 2676 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
22:19:32.0094 2676 mshidkmdf - ok
22:19:32.0109 2676 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
22:19:32.0109 2676 msisadrv - ok
22:19:32.0172 2676 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
22:19:32.0172 2676 MSiSCSI - ok
22:19:32.0187 2676 msiserver - ok
22:19:32.0234 2676 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
22:19:32.0234 2676 MSKSSRV - ok
22:19:32.0250 2676 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
22:19:32.0250 2676 MSPCLOCK - ok
22:19:32.0281 2676 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
22:19:32.0281 2676 MSPQM - ok
22:19:32.0375 2676 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
22:19:32.0390 2676 MsRPC - ok
22:19:32.0437 2676 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
22:19:32.0437 2676 mssmbios - ok
22:19:32.0468 2676 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
22:19:32.0468 2676 MSTEE - ok
22:19:32.0484 2676 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
22:19:32.0499 2676 MTConfig - ok
22:19:32.0531 2676 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
22:19:32.0531 2676 Mup - ok
22:19:32.0610 2676 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
22:19:32.0610 2676 napagent - ok
22:19:32.0688 2676 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
22:19:32.0688 2676 NativeWifiP - ok
22:19:32.0906 2676 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
22:19:32.0906 2676 NDIS - ok
22:19:32.0937 2676 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
22:19:32.0937 2676 NdisCap - ok
22:19:32.0968 2676 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
22:19:32.0968 2676 NdisTapi - ok
22:19:32.0984 2676 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
22:19:33.0000 2676 Ndisuio - ok
22:19:33.0046 2676 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
22:19:33.0046 2676 NdisWan - ok
22:19:33.0093 2676 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
22:19:33.0093 2676 NDProxy - ok
22:19:33.0109 2676 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
22:19:33.0124 2676 NetBIOS - ok
22:19:33.0171 2676 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
22:19:33.0171 2676 NetBT - ok
22:19:33.0202 2676 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
22:19:33.0202 2676 Netlogon - ok
22:19:33.0296 2676 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
22:19:33.0296 2676 Netman - ok
22:19:33.0374 2676 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:19:33.0390 2676 NetMsmqActivator - ok
22:19:33.0390 2676 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:19:33.0405 2676 NetPipeActivator - ok
22:19:33.0483 2676 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
22:19:33.0483 2676 netprofm - ok
22:19:33.0514 2676 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:19:33.0514 2676 NetTcpActivator - ok
22:19:33.0546 2676 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:19:33.0561 2676 NetTcpPortSharing - ok
22:19:33.0640 2676 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
22:19:33.0640 2676 nfrd960 - ok
22:19:33.0718 2676 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\windows\system32\DRIVERS\NisDrvWFP.sys
22:19:33.0734 2676 NisDrv - ok
22:19:33.0843 2676 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
22:19:33.0843 2676 NisSrv - ok
22:19:33.0921 2676 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
22:19:33.0937 2676 NlaSvc - ok
22:19:33.0983 2676 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
22:19:33.0983 2676 Npfs - ok
22:19:34.0015 2676 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
22:19:34.0030 2676 nsi - ok
22:19:34.0061 2676 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
22:19:34.0061 2676 nsiproxy - ok
22:19:34.0327 2676 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
22:19:34.0358 2676 Ntfs - ok
22:19:34.0545 2676 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
22:19:34.0545 2676 Null - ok
22:19:34.0592 2676 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
22:19:34.0592 2676 nvraid - ok
22:19:34.0639 2676 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
22:19:34.0639 2676 nvstor - ok
22:19:34.0654 2676 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
22:19:34.0670 2676 nv_agp - ok
22:19:34.0685 2676 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
22:19:34.0701 2676 ohci1394 - ok
22:19:34.0795 2676 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:19:34.0795 2676 ose - ok
22:19:35.0309 2676 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:19:35.0356 2676 osppsvc - ok
22:19:35.0528 2676 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
22:19:35.0543 2676 p2pimsvc - ok
22:19:35.0638 2676 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
22:19:35.0654 2676 p2psvc - ok
22:19:35.0810 2676 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
22:19:35.0810 2676 Parport - ok
22:19:35.0856 2676 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys
22:19:35.0856 2676 partmgr - ok
22:19:35.0919 2676 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
22:19:35.0919 2676 PcaSvc - ok
22:19:35.0997 2676 PCCUJobMgr (2f86be1818c2d7ac90478e3323ee7fcb) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
22:19:35.0997 2676 PCCUJobMgr - ok
22:19:36.0059 2676 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
22:19:36.0059 2676 pci - ok
22:19:36.0090 2676 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
22:19:36.0090 2676 pciide - ok
22:19:36.0137 2676 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
22:19:36.0137 2676 pcmcia - ok
22:19:36.0184 2676 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
22:19:36.0184 2676 pcw - ok
22:19:36.0278 2676 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
22:19:36.0293 2676 PEAUTH - ok
22:19:36.0402 2676 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
22:19:36.0402 2676 PerfHost - ok
22:19:36.0465 2676 PGEffect (91111cebbde8015e822c46120ed9537c) C:\windows\system32\DRIVERS\pgeffect.sys
22:19:36.0465 2676 PGEffect - ok
22:19:36.0636 2676 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
22:19:36.0653 2676 pla - ok
22:19:36.0731 2676 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
22:19:36.0747 2676 PlugPlay - ok
22:19:36.0778 2676 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
22:19:36.0778 2676 PNRPAutoReg - ok
22:19:36.0825 2676 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
22:19:36.0825 2676 PNRPsvc - ok
22:19:36.0965 2676 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
22:19:36.0981 2676 PolicyAgent - ok
22:19:37.0043 2676 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
22:19:37.0043 2676 Power - ok
22:19:37.0105 2676 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
22:19:37.0105 2676 PptpMiniport - ok
22:19:37.0152 2676 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
22:19:37.0152 2676 Processor - ok
22:19:37.0199 2676 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\windows\system32\profsvc.dll
22:19:37.0215 2676 ProfSvc - ok
22:19:37.0246 2676 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
22:19:37.0261 2676 ProtectedStorage - ok
22:19:37.0293 2676 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
22:19:37.0308 2676 Psched - ok
22:19:37.0824 2676 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
22:19:37.0840 2676 ql2300 - ok
22:19:37.0996 2676 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
22:19:38.0011 2676 ql40xx - ok
22:19:38.0058 2676 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
22:19:38.0074 2676 QWAVE - ok
22:19:38.0105 2676 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
22:19:38.0105 2676 QWAVEdrv - ok
22:19:38.0120 2676 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
22:19:38.0120 2676 RasAcd - ok
22:19:38.0152 2676 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
22:19:38.0152 2676 RasAgileVpn - ok
22:19:38.0183 2676 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
22:19:38.0183 2676 RasAuto - ok
22:19:38.0230 2676 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
22:19:38.0230 2676 Rasl2tp - ok
22:19:38.0276 2676 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
22:19:38.0292 2676 RasMan - ok
22:19:38.0323 2676 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
22:19:38.0323 2676 RasPppoe - ok
22:19:38.0354 2676 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
22:19:38.0354 2676 RasSstp - ok
22:19:38.0417 2676 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
22:19:38.0417 2676 rdbss - ok
22:19:38.0448 2676 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
22:19:38.0448 2676 rdpbus - ok
22:19:38.0479 2676 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
22:19:38.0479 2676 RDPCDD - ok
22:19:38.0542 2676 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
22:19:38.0542 2676 RDPENCDD - ok
22:19:38.0573 2676 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
22:19:38.0573 2676 RDPREFMP - ok
22:19:38.0620 2676 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\windows\system32\drivers\RDPWD.sys
22:19:38.0620 2676 RDPWD - ok
22:19:38.0666 2676 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
22:19:38.0682 2676 rdyboost - ok
22:19:38.0713 2676 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
22:19:38.0729 2676 RemoteAccess - ok
22:19:38.0807 2676 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
22:19:38.0807 2676 RemoteRegistry - ok
22:19:38.0854 2676 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
22:19:38.0869 2676 RpcEptMapper - ok
22:19:38.0947 2676 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
22:19:38.0947 2676 RpcLocator - ok
22:19:39.0041 2676 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
22:19:39.0041 2676 RpcSs - ok
22:19:39.0088 2676 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
22:19:39.0088 2676 rspndr - ok
22:19:39.0150 2676 RSUSBSTOR (0e3dcf76f11dc431b088a2dfd7265cda) C:\windows\system32\Drivers\RtsUStor.sys
22:19:39.0166 2676 RSUSBSTOR - ok
22:19:39.0275 2676 RTL8192Ce (64fdf4fe366ca42da2b7d9d424b6e39b) C:\windows\system32\DRIVERS\rtl8192Ce.sys
22:19:39.0290 2676 RTL8192Ce - ok
22:19:39.0322 2676 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
22:19:39.0322 2676 SamSs - ok
22:19:39.0368 2676 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
22:19:39.0368 2676 sbp2port - ok
22:19:39.0446 2676 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
22:19:39.0462 2676 SCardSvr - ok
22:19:39.0478 2676 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
22:19:39.0478 2676 scfilter - ok
22:19:39.0649 2676 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
22:19:39.0665 2676 Schedule - ok
22:19:39.0696 2676 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
22:19:39.0696 2676 SCPolicySvc - ok
22:19:39.0758 2676 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
22:19:39.0758 2676 SDRSVC - ok
22:19:39.0836 2676 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
22:19:39.0836 2676 secdrv - ok
22:19:39.0868 2676 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
22:19:39.0868 2676 seclogon - ok
22:19:39.0899 2676 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll
22:19:39.0899 2676 SENS - ok
22:19:39.0930 2676 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
22:19:39.0930 2676 SensrSvc - ok
22:19:39.0961 2676 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
22:19:39.0961 2676 Serenum - ok
22:19:40.0024 2676 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
22:19:40.0024 2676 Serial - ok
22:19:40.0055 2676 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
22:19:40.0055 2676 sermouse - ok
22:19:40.0133 2676 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
22:19:40.0148 2676 SessionEnv - ok
22:19:40.0164 2676 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
22:19:40.0164 2676 sffdisk - ok
22:19:40.0180 2676 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
22:19:40.0180 2676 sffp_mmc - ok
22:19:40.0211 2676 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
22:19:40.0211 2676 sffp_sd - ok
22:19:40.0226 2676 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
22:19:40.0226 2676 sfloppy - ok
22:19:40.0289 2676 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
22:19:40.0289 2676 ShellHWDetection - ok
22:19:40.0320 2676 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
22:19:40.0320 2676 SiSRaid2 - ok
22:19:40.0351 2676 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
22:19:40.0367 2676 SiSRaid4 - ok
22:19:40.0382 2676 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
22:19:40.0382 2676 Smb - ok
22:19:40.0445 2676 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
22:19:40.0445 2676 SNMPTRAP - ok
22:19:40.0476 2676 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
22:19:40.0476 2676 spldr - ok
22:19:40.0570 2676 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
22:19:40.0585 2676 Spooler - ok
22:19:40.0928 2676 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
22:19:40.0960 2676 sppsvc - ok
22:19:41.0162 2676 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
22:19:41.0178 2676 sppuinotify - ok
22:19:41.0272 2676 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
22:19:41.0272 2676 srv - ok
22:19:41.0350 2676 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
22:19:41.0365 2676 srv2 - ok
22:19:41.0381 2676 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
22:19:41.0381 2676 srvnet - ok
22:19:41.0459 2676 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
22:19:41.0459 2676 SSDPSRV - ok
22:19:41.0490 2676 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
22:19:41.0506 2676 SstpSvc - ok
22:19:41.0537 2676 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
22:19:41.0537 2676 stexstor - ok
22:19:41.0677 2676 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
22:19:41.0693 2676 stisvc - ok
22:19:41.0740 2676 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
22:19:41.0740 2676 swenum - ok
22:19:41.0818 2676 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
22:19:41.0833 2676 swprv - ok
22:19:42.0005 2676 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
22:19:42.0036 2676 SysMain - ok
22:19:42.0192 2676 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
22:19:42.0192 2676 TabletInputService - ok
22:19:42.0239 2676 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
22:19:42.0239 2676 TapiSrv - ok
22:19:42.0270 2676 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
22:19:42.0270 2676 TBS - ok
22:19:42.0504 2676 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys
22:19:42.0520 2676 Tcpip - ok
22:19:43.0346 2676 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys
22:19:43.0378 2676 TCPIP6 - ok
22:19:43.0596 2676 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
22:19:43.0596 2676 tcpipreg - ok
22:19:43.0690 2676 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
22:19:43.0690 2676 tdcmdpst - ok
22:19:43.0736 2676 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
22:19:43.0736 2676 TDPIPE - ok
22:19:43.0783 2676 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
22:19:43.0783 2676 TDTCP - ok
22:19:43.0861 2676 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
22:19:43.0861 2676 tdx - ok
22:19:43.0908 2676 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys
22:19:43.0924 2676 TermDD - ok
22:19:44.0080 2676 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
22:19:44.0095 2676 TermService - ok
22:19:44.0142 2676 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
22:19:44.0142 2676 Themes - ok
22:19:44.0204 2676 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
22:19:44.0204 2676 THREADORDER - ok
22:19:44.0298 2676 TMachInfo (71c321649b28638ee80a2eeb164c1dc8) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
22:19:44.0298 2676 TMachInfo - ok
22:19:44.0360 2676 TODDSrv (8e2c799d3476eac32c3ba0df7ce6af19) C:\windows\system32\TODDSrv.exe
22:19:44.0360 2676 TODDSrv - ok
22:19:44.0579 2676 TosCoSrv (1c73689b900428c7d054a41c4687f55c) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
22:19:44.0594 2676 TosCoSrv - ok
22:19:44.0641 2676 TOSHIBA HDD SSD Alert Service (29d0886cf250fcef1bf9e65ab8d2c0c8) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
22:19:44.0657 2676 TOSHIBA HDD SSD Alert Service - ok
22:19:44.0688 2676 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
22:19:44.0688 2676 TrkWks - ok
22:19:44.0797 2676 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
22:19:44.0797 2676 TrustedInstaller - ok
22:19:44.0875 2676 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
22:19:44.0891 2676 tssecsrv - ok
22:19:44.0938 2676 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
22:19:44.0938 2676 TsUsbFlt - ok
22:19:44.0969 2676 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
22:19:44.0984 2676 TsUsbGD - ok
22:19:45.0016 2676 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
22:19:45.0031 2676 tunnel - ok
22:19:45.0062 2676 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
22:19:45.0062 2676 TVALZ - ok
22:19:45.0094 2676 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
22:19:45.0109 2676 uagp35 - ok
22:19:45.0156 2676 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
22:19:45.0172 2676 udfs - ok
22:19:45.0234 2676 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
22:19:45.0234 2676 UI0Detect - ok
22:19:45.0281 2676 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
22:19:45.0296 2676 uliagpkx - ok
22:19:45.0343 2676 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
22:19:45.0359 2676 umbus - ok
22:19:45.0406 2676 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
22:19:45.0406 2676 UmPass - ok
22:19:45.0484 2676 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
22:19:45.0484 2676 upnphost - ok
22:19:45.0562 2676 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\windows\system32\Drivers\usbaapl64.sys
22:19:45.0562 2676 USBAAPL64 - ok
22:19:45.0624 2676 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
22:19:45.0640 2676 usbccgp - ok
22:19:45.0702 2676 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
22:19:45.0702 2676 usbcir - ok
22:19:45.0749 2676 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
22:19:45.0749 2676 usbehci - ok
22:19:45.0842 2676 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
22:19:45.0858 2676 usbhub - ok
22:19:45.0889 2676 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\DRIVERS\usbohci.sys
22:19:45.0889 2676 usbohci - ok
22:19:45.0936 2676 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
22:19:45.0952 2676 usbprint - ok
22:19:46.0076 2676 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
22:19:46.0076 2676 usbscan - ok
22:19:46.0154 2676 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
22:19:46.0154 2676 USBSTOR - ok
22:19:46.0186 2676 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
22:19:46.0186 2676 usbuhci - ok
22:19:46.0264 2676 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
22:19:46.0264 2676 usbvideo - ok
22:19:46.0310 2676 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
22:19:46.0326 2676 UxSms - ok
22:19:46.0342 2676 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
22:19:46.0357 2676 VaultSvc - ok
22:19:46.0388 2676 VClone (fd911873c0bb6945fa38c16e9a2b58f9) C:\windows\system32\DRIVERS\VClone.sys
22:19:46.0404 2676 VClone - ok
22:19:46.0451 2676 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
22:19:46.0451 2676 vdrvroot - ok
22:19:46.0513 2676 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
22:19:46.0529 2676 vds - ok
22:19:46.0560 2676 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
22:19:46.0576 2676 vga - ok
22:19:46.0607 2676 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
22:19:46.0607 2676 VgaSave - ok
22:19:46.0685 2676 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
22:19:46.0685 2676 vhdmp - ok
22:19:46.0700 2676 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
22:19:46.0716 2676 viaide - ok
22:19:46.0747 2676 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
22:19:46.0747 2676 volmgr - ok
22:19:46.0826 2676 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
22:19:46.0826 2676 volmgrx - ok
22:19:46.0873 2676 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\windows\system32\drivers\volsnap.sys
22:19:46.0889 2676 volsnap - ok
22:19:46.0935 2676 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
22:19:46.0935 2676 vsmraid - ok
22:19:47.0123 2676 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
22:19:47.0154 2676 VSS - ok
22:19:47.0325 2676 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
22:19:47.0325 2676 vwifibus - ok
22:19:47.0341 2676 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
22:19:47.0341 2676 vwififlt - ok
22:19:47.0403 2676 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
22:19:47.0419 2676 W32Time - ok
22:19:47.0450 2676 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
22:19:47.0466 2676 WacomPen - ok
22:19:47.0497 2676 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
22:19:47.0497 2676 WANARP - ok
22:19:47.0497 2676 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
22:19:47.0513 2676 Wanarpv6 - ok
22:19:47.0715 2676 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
22:19:47.0747 2676 WatAdminSvc - ok
22:19:47.0919 2676 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
22:19:47.0935 2676 wbengine - ok
22:19:48.0465 2676 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
22:19:48.0465 2676 WbioSrvc - ok
22:19:48.0528 2676 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
22:19:48.0543 2676 wcncsvc - ok
22:19:48.0574 2676 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
22:19:48.0574 2676 WcsPlugInService - ok
22:19:48.0637 2676 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
22:19:48.0637 2676 Wd - ok
22:19:48.0730 2676 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
22:19:48.0730 2676 Wdf01000 - ok
22:19:48.0777 2676 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
22:19:48.0793 2676 WdiServiceHost - ok
22:19:48.0793 2676 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
22:19:48.0808 2676 WdiSystemHost - ok
22:19:48.0855 2676 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
22:19:48.0855 2676 WebClient - ok
22:19:48.0918 2676 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
22:19:48.0918 2676 Wecsvc - ok
22:19:48.0949 2676 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
22:19:48.0964 2676 wercplsupport - ok
22:19:48.0980 2676 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
22:19:48.0996 2676 WerSvc - ok
22:19:49.0042 2676 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
22:19:49.0042 2676 WfpLwf - ok
22:19:49.0058 2676 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
22:19:49.0058 2676 WIMMount - ok
22:19:49.0089 2676 WinHttpAutoProxySvc - ok
22:19:49.0167 2676 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
22:19:49.0167 2676 Winmgmt - ok
22:19:49.0386 2676 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
22:19:49.0417 2676 WinRM - ok
22:19:49.0760 2676 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
22:19:49.0776 2676 Wlansvc - ok
22:19:49.0869 2676 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
22:19:49.0869 2676 wlcrasvc - ok
22:19:50.0056 2676 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:19:50.0088 2676 wlidsvc - ok
22:19:50.0244 2676 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
22:19:50.0259 2676 WmiAcpi - ok
22:19:50.0337 2676 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
22:19:50.0353 2676 wmiApSrv - ok
22:19:50.0400 2676 WMPNetworkSvc - ok
22:19:50.0431 2676 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
22:19:50.0431 2676 WPCSvc - ok
22:19:50.0493 2676 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
22:19:50.0493 2676 WPDBusEnum - ok
22:19:50.0524 2676 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
22:19:50.0524 2676 ws2ifsl - ok
22:19:50.0556 2676 WSearch - ok
22:19:50.0602 2676 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
22:19:50.0602 2676 WudfPf - ok
22:19:50.0665 2676 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
22:19:50.0665 2676 WUDFRd - ok
22:19:50.0712 2676 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
22:19:50.0712 2676 wudfsvc - ok
22:19:50.0758 2676 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
22:19:50.0774 2676 WwanSvc - ok
22:19:50.0805 2676 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
22:19:51.0710 2676 \Device\Harddisk0\DR0 - ok
22:19:51.0741 2676 Boot (0x1200) (0e8181833307af9717ce06ca6178d97c) \Device\Harddisk0\DR0\Partition0
22:19:51.0741 2676 \Device\Harddisk0\DR0\Partition0 - ok
22:19:51.0741 2676 ============================================================
22:19:51.0741 2676 Scan finished
22:19:51.0741 2676 ============================================================
22:19:51.0772 4480 Detected object count: 0
22:19:51.0772 4480 Actual detected object count: 0


aswMBR:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-06 22:14:46
-----------------------------
22:14:46.949 OS Version: Windows x64 6.1.7601 Service Pack 1
22:14:46.949 Number of processors: 2 586 0x200
22:14:46.961 ComputerName: JOHNTRAN UserName:
22:14:54.529 Initialize success
22:34:00.347 AVAST engine defs: 12080601
22:35:24.468 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005f
22:35:24.468 Disk 0 Vendor: TOSHIBA_ GT00 Size: 305245MB BusType: 11
22:35:24.484 Disk 0 MBR read successfully
22:35:24.484 Disk 0 MBR scan
22:35:24.515 Disk 0 Windows VISTA default MBR code
22:35:24.530 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
22:35:24.562 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 289710 MB offset 3074048
22:35:24.593 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 14034 MB offset 596400128
22:35:24.640 Disk 0 scanning C:\windows\system32\drivers
22:35:39.990 Service scanning
22:36:43.530 Modules scanning
22:36:43.546 Disk 0 trace - called modules:
22:36:43.593 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
22:36:43.608 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800411b060]
22:36:43.624 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa8003c05040]
22:36:43.640 5 amd_xata.sys[fffff880010cf8b4] -> nt!IofCallDriver -> \Device\0000005f[0xfffffa8003c00290]
22:36:51.551 AVAST engine scan C:\windows
22:37:05.093 AVAST engine scan C:\windows\system32
22:40:32.538 File: C:\windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
22:40:35.705 File: C:\windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
22:42:48.997 AVAST engine scan C:\windows\system32\drivers
22:43:10.186 AVAST engine scan C:\Users\John Tran
22:43:32.874 Disk 0 MBR has been saved successfully to "C:\Users\John Tran\Documents\MBR.dat"
22:43:32.874 The log file has been saved successfully to "C:\Users\John Tran\Documents\aswMBR.txt"

Eset online scanner:

C:\Windows\Installer\{1124a725-e7eb-82f4-e978-28044d39f9dc}\U\00000008.@ Win64/Agent.BA trojan
C:\Windows\Installer\{1124a725-e7eb-82f4-e978-28044d39f9dc}\U\000000cb.@ Win64/Conedex.B trojan
C:\Windows\Installer\{1124a725-e7eb-82f4-e978-28044d39f9dc}\U\80000000.@ Win64/Sirefef.AP trojan
C:\Windows\Installer\{1124a725-e7eb-82f4-e978-28044d39f9dc}\U\80000032.@ a variant of Win32/Sirefef.FD trojan
Operating memory multiple threats



Thanks for the help.

Edited by Orange Blossom, 07 August 2012 - 09:25 AM.
Revealed link. ~ OB


BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:03 AM

Posted 08 August 2012 - 05:05 PM

Please do the following:

download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:
services.exe
[*]now press the search button
[*]when the search is complete, search.txt will also be written to your USB
[*]type exit and reboot the computer normally
[*]please copy and paste both logs in your reply.(FRST.txt and Search.txt)[/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 americanjohn500

americanjohn500
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:03 AM

Posted 08 August 2012 - 05:51 PM

FRST

Scan result of Farbar Recovery Scan Tool Version: 08-08-2012 02
Ran by SYSTEM at 08-08-2012 15:44:25
Running from F:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [] [x]
HKLM\...\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe [2588456 2010-11-11] (ELAN Microelectronics Corp.)
HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-05-17] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [972672 2011-04-27] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-09] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-06-07] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 [1298816 2011-07-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED [3218864 2011-06-22] (Toshiba)
HKLM-x32\...\Run: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" [x]
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
HKLM-x32\...\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1073312 2012-03-09] (Adobe Systems Incorporated)
HKU\John Tran\...\Run: [Google Update] "C:\Users\John Tran\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-05-06] (Google Inc.)
HKU\John Tran\...\Run: [AdobeBridge] [x]
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

==================== Services (Whitelisted) ======

3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
2 PCCUJobMgr; "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe" /s "PCCUJobMgr" /m "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll" /prefetch:1 [132984 2011-07-19] (Symantec Corporation)
2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe" [x]

========================== Drivers (Whitelisted) =============


========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-08-08 15:44 - 2012-08-08 15:44 - 00000000 ____D C:\FRST
2012-08-08 11:27 - 2012-08-08 11:55 - 00000000 ____D C:\Users\John Tran\Downloads\Season 9
2012-08-06 23:50 - 2012-08-06 23:50 - 00000437 ____A C:\Users\John Tran\Documents\hi.txt
2012-08-06 21:43 - 2012-08-06 21:43 - 00002124 ____A C:\Users\John Tran\Documents\aswMBR.txt
2012-08-06 21:43 - 2012-08-06 21:43 - 00000512 ____A C:\Users\John Tran\Documents\MBR.dat
2012-08-06 21:20 - 2012-08-06 21:20 - 00000000 ____D C:\Program Files (x86)\ESET
2012-08-06 21:17 - 2012-08-06 21:20 - 02322184 ____A (ESET) C:\Users\John Tran\Downloads\esetsmartinstaller_enu.exe
2012-08-06 21:14 - 2012-08-06 21:14 - 00000000 ____D C:\Windows\SysWOW64\Drivers\AVG
2012-08-06 21:13 - 2012-08-06 21:35 - 00000000 ____D C:\Users\All Users\AVG2012
2012-08-06 21:12 - 2012-08-06 21:14 - 04731392 ____A (AVAST Software) C:\Users\John Tran\Downloads\aswMBR.exe
2012-08-06 21:12 - 2012-08-06 21:12 - 00000000 ____D C:\Program Files (x86)\AVG
2012-08-06 20:57 - 2012-08-06 21:36 - 00000000 ____D C:\Users\All Users\MFAData
2012-08-06 20:55 - 2012-08-06 20:57 - 03879800 ____A (AVG Technologies) C:\Users\John Tran\Downloads\avg_free_stb_all_2012_2197_cnet.exe
2012-08-06 20:52 - 2012-08-06 21:00 - 00000000 ____D C:\Users\All Users\SecTaskMan
2012-08-06 20:50 - 2012-08-06 20:52 - 02095024 ____A C:\Users\John Tran\Downloads\SecurityTaskManager_Setup.exe
2012-08-06 20:50 - 2012-07-03 02:13 - 57442464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe
2012-08-06 20:46 - 2012-08-06 20:50 - 16373192 ____A (Microsoft Corporation) C:\Users\John Tran\Downloads\Windows-KB890830-V4.10 (1).exe
2012-08-06 20:41 - 2012-08-06 20:41 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-08-06 20:38 - 2012-08-06 20:40 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\John Tran\Downloads\tdsskiller.exe
2012-08-06 20:28 - 2012-08-06 20:31 - 12621696 ____A (Microsoft Corporation) C:\Users\John Tran\Downloads\mseinstall.exe
2012-08-06 20:17 - 2012-08-06 20:17 - 00000000 ____D C:\Users\All Users\Stardock
2012-08-06 20:13 - 2012-08-06 20:13 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-06 20:13 - 2012-08-06 20:13 - 00000000 ____D C:\Windows\System32\Macromed
2012-08-06 20:05 - 2012-08-06 20:05 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-08-06 19:46 - 2012-08-06 19:52 - 00000000 ____D C:\Users\John Tran\AppData\Roaming\DAEMON Tools Lite
2012-08-06 19:44 - 2012-08-06 19:48 - 00000000 ____D C:\Users\All Users\DAEMON Tools Lite
2012-08-06 17:43 - 2012-08-07 21:38 - 00000000 ____D C:\Users\John Tran\AppData\Local\Microsoft Games
2012-08-04 22:15 - 2012-08-06 10:49 - 00000000 ____D C:\Users\John Tran\AppData\Roaming\WildTangent
2012-08-02 13:47 - 2012-08-02 15:50 - 00000000 ____D C:\Users\John Tran\Downloads\Season 8
2012-08-01 22:42 - 2012-08-01 22:52 - 00000000 ____D C:\Users\John Tran\Downloads\CSETS
2012-08-01 19:12 - 2012-08-07 23:36 - 00000911 ____A C:\Users\John Tran\Documents\august2012.txt
2012-07-29 12:37 - 2012-07-29 12:45 - 00000000 ____D C:\Users\John Tran\Downloads\Pokemon Ruby
2012-07-27 17:58 - 2012-07-27 18:08 - 00000000 ____D C:\Users\All Users\Symantec
2012-07-24 14:04 - 2012-07-24 14:08 - 00000000 ____D C:\Users\John Tran\Downloads\VisualBoyAdvance-1.8.0-beta3
2012-07-21 16:26 - 2012-07-21 16:26 - 00000008 ____A C:\Users\John Tran\Documents\freeredbox.txt
2012-07-10 14:12 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-10 11:39 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-10 11:39 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-10 11:39 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-10 11:39 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-10 11:39 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-10 11:39 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-10 11:39 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-10 11:39 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-10 11:39 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-10 11:39 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-10 11:39 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-10 11:39 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-10 11:39 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-10 11:39 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-10 11:39 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-10 11:39 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-10 11:39 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-10 11:39 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-10 11:39 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-10 11:39 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-10 11:38 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-10 11:38 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-10 11:38 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-10 11:38 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-10 11:38 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-10 11:38 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-10 11:38 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-10 11:38 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-10 11:25 - 2012-07-13 05:31 - 00000000 ____D C:\Users\John Tran\AppData\Local\Tific
2012-07-10 09:58 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-10 09:58 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-10 09:58 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-10 09:58 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-10 09:58 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-07-10 09:58 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2012-07-10 09:57 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-10 09:57 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-10 09:57 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-10 09:57 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-10 09:57 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-10 09:57 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-10 09:57 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-10 09:57 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-10 09:57 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-10 09:57 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-10 09:57 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-07-10 09:44 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-07-10 09:44 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-07-09 10:24 - 2012-07-09 10:25 - 00000038 ____A C:\Users\John Tran\Documents\anaheimymca.txt

============ 3 Months Modified Files ========================

2012-08-08 14:38 - 2009-07-13 20:45 - 00024608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-08 14:38 - 2009-07-13 20:45 - 00024608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-08 14:31 - 2009-07-13 21:13 - 00782096 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-08 14:31 - 2009-07-13 20:51 - 00050750 ____A C:\Windows\setupact.log
2012-08-08 14:29 - 2012-06-30 18:13 - 00000924 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3895676546-2500714157-3448633648-1000UA.job
2012-08-08 14:29 - 2012-03-18 17:53 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-08-08 11:14 - 2012-03-18 17:53 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-08-08 09:47 - 2010-11-20 19:47 - 00480168 ____A C:\Windows\PFRO.log
2012-08-08 09:47 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-07 23:36 - 2012-08-01 19:12 - 00000911 ____A C:\Users\John Tran\Documents\august2012.txt
2012-08-07 19:29 - 2012-06-30 18:13 - 00000872 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3895676546-2500714157-3448633648-1000Core.job
2012-08-06 23:50 - 2012-08-06 23:50 - 00000437 ____A C:\Users\John Tran\Documents\hi.txt
2012-08-06 21:43 - 2012-08-06 21:43 - 00002124 ____A C:\Users\John Tran\Documents\aswMBR.txt
2012-08-06 21:43 - 2012-08-06 21:43 - 00000512 ____A C:\Users\John Tran\Documents\MBR.dat
2012-08-06 21:20 - 2012-08-06 21:17 - 02322184 ____A (ESET) C:\Users\John Tran\Downloads\esetsmartinstaller_enu.exe
2012-08-06 21:14 - 2012-08-06 21:12 - 04731392 ____A (AVAST Software) C:\Users\John Tran\Downloads\aswMBR.exe
2012-08-06 20:57 - 2012-08-06 20:55 - 03879800 ____A (AVG Technologies) C:\Users\John Tran\Downloads\avg_free_stb_all_2012_2197_cnet.exe
2012-08-06 20:52 - 2012-08-06 20:50 - 02095024 ____A C:\Users\John Tran\Downloads\SecurityTaskManager_Setup.exe
2012-08-06 20:50 - 2012-08-06 20:46 - 16373192 ____A (Microsoft Corporation) C:\Users\John Tran\Downloads\Windows-KB890830-V4.10 (1).exe
2012-08-06 20:40 - 2012-08-06 20:38 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\John Tran\Downloads\tdsskiller.exe
2012-08-06 20:32 - 2012-05-06 20:30 - 00002198 ____A C:\Windows\epplauncher.mif
2012-08-06 20:31 - 2012-08-06 20:28 - 12621696 ____A (Microsoft Corporation) C:\Users\John Tran\Downloads\mseinstall.exe
2012-08-06 20:13 - 2012-08-06 20:13 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-06 20:13 - 2011-10-30 19:37 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-08-06 20:11 - 2011-10-30 19:39 - 00236978 ____A C:\Windows\DirectX.log
2012-08-06 19:59 - 2012-03-18 16:49 - 01652008 ____A C:\Windows\WindowsUpdate.log
2012-07-31 18:06 - 2012-05-13 10:55 - 00029285 ____A C:\Users\John Tran\Documents\friendpoints.xlsx
2012-07-23 08:58 - 2009-07-13 21:08 - 00032626 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-21 16:26 - 2012-07-21 16:26 - 00000008 ____A C:\Users\John Tran\Documents\freeredbox.txt
2012-07-10 16:54 - 2012-07-06 19:43 - 00000132 ____A C:\Users\John Tran\AppData\Roaming\Adobe PNG Format CS6 Prefs
2012-07-10 14:16 - 2009-07-13 20:45 - 05033568 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-10 14:05 - 2012-05-12 05:12 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-09 10:25 - 2012-07-09 10:24 - 00000038 ____A C:\Users\John Tran\Documents\anaheimymca.txt
2012-07-06 15:05 - 2012-05-06 20:04 - 00108840 ____A C:\Users\John Tran\AppData\Local\GDIPFONTCACHEV1.DAT
2012-07-03 02:13 - 2012-08-06 20:50 - 57442464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe
2012-06-11 22:38 - 2012-05-08 16:07 - 00001118 ___AH C:\IPH.PH
2012-06-11 19:08 - 2012-07-10 14:12 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-10 10:59 - 2012-06-10 10:59 - 00000009 ____A C:\Users\John Tran\Documents\campuswide.txt
2012-06-08 21:43 - 2012-07-10 09:57 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:41 - 2012-07-10 09:57 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-05 22:06 - 2012-07-10 09:58 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 22:06 - 2012-07-10 09:58 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 22:02 - 2012-07-10 09:44 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-05 21:05 - 2012-07-10 09:58 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:05 - 2012-07-10 09:58 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 21:03 - 2012-07-10 09:44 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-02 14:19 - 2012-06-21 07:49 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-21 07:49 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-21 07:49 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-21 07:48 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-21 07:48 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 14:19 - 2012-06-21 07:48 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-21 07:49 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-21 07:48 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 14:15 - 2012-06-21 07:48 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 04:49 - 2012-07-10 11:38 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 04:17 - 2012-07-10 11:38 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 04:12 - 2012-07-10 11:39 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 04:05 - 2012-07-10 11:39 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 04:05 - 2012-07-10 11:39 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 04:04 - 2012-07-10 11:39 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 04:04 - 2012-07-10 11:39 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 04:03 - 2012-07-10 11:39 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 04:01 - 2012-07-10 11:39 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 04:00 - 2012-07-10 11:38 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 03:59 - 2012-07-10 11:39 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 03:57 - 2012-07-10 11:39 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 03:57 - 2012-07-10 11:39 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 03:54 - 2012-07-10 11:39 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 01:07 - 2012-07-10 11:38 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 00:43 - 2012-07-10 11:38 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 00:33 - 2012-07-10 11:38 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 00:26 - 2012-07-10 11:39 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 00:25 - 2012-07-10 11:39 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 00:25 - 2012-07-10 11:39 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 00:23 - 2012-07-10 11:39 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 00:21 - 2012-07-10 11:38 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 00:20 - 2012-07-10 11:39 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 00:19 - 2012-07-10 11:39 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 00:19 - 2012-07-10 11:38 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 00:17 - 2012-07-10 11:39 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 00:16 - 2012-07-10 11:39 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 00:14 - 2012-07-10 11:39 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-01 21:50 - 2012-07-10 09:57 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:48 - 2012-07-10 09:57 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:48 - 2012-07-10 09:57 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:45 - 2012-07-10 09:57 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:44 - 2012-07-10 09:57 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:40 - 2012-07-10 09:57 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:40 - 2012-07-10 09:57 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:39 - 2012-07-10 09:57 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:34 - 2012-07-10 09:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-05-12 14:27 - 2012-05-06 20:09 - 06380400 ____A (BitTorrent, Inc.) C:\Users\John Tran\Documents\BitTorrent.exe


ZeroAccess:
C:\Windows\Installer\{1124a725-e7eb-82f4-e978-28044d39f9dc}
C:\Windows\Installer\{1124a725-e7eb-82f4-e978-28044d39f9dc}\@
C:\Windows\Installer\{1124a725-e7eb-82f4-e978-28044d39f9dc}\L
C:\Windows\Installer\{1124a725-e7eb-82f4-e978-28044d39f9dc}\U
C:\Windows\Installer\{1124a725-e7eb-82f4-e978-28044d39f9dc}\L\00000004.@
C:\Windows\Installer\{1124a725-e7eb-82f4-e978-28044d39f9dc}\L\201d3dde
C:\Windows\Installer\{1124a725-e7eb-82f4-e978-28044d39f9dc}\U\00000004.@
C:\Windows\Installer\{1124a725-e7eb-82f4-e978-28044d39f9dc}\U\00000008.@
C:\Windows\Installer\{1124a725-e7eb-82f4-e978-28044d39f9dc}\U\000000cb.@
C:\Windows\Installer\{1124a725-e7eb-82f4-e978-28044d39f9dc}\U\80000000.@
C:\Windows\Installer\{1124a725-e7eb-82f4-e978-28044d39f9dc}\U\80000032.@
C:\Windows\Installer\{1124a725-e7eb-82f4-e978-28044d39f9dc}\U\80000064.@

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 50BEA589F7D7958BDD2528A8F69D05CC ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 14%
Total physical RAM: 3686.87 MB
Available physical RAM: 3148.27 MB
Total Pagefile: 3685.07 MB
Available Pagefile: 3136.24 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (TI106302W0C) (Fixed) (Total:282.92 GB) (Free:206.11 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (System) (Fixed) (Total:1.46 GB) (Free:1.27 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: (JOHN TRAN) (Removable) (Total:7.45 GB) (Free:7.45 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 7640 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 1500 MB 1024 KB
Partition 2 Primary 282 GB 1501 MB
Partition 3 Primary 13 GB 284 GB

==================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D System NTFS Partition 1500 MB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C TI106302W0C NTFS Partition 282 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 17 (Suspicious Type)
Hidden: Yes
Active: No

There is no volume associated with this partition.

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7636 MB 4032 KB

==================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F JOHN TRAN FAT32 Removable 7636 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-08-07 11:57

======================= End Of Log ==========================


Search

Farbar Recovery Scan Tool Version: 08-08-2012 02
Ran by SYSTEM at 2012-08-08 15:47:05
Running from F:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0329216 ____A (Microsoft Corporation) 50BEA589F7D7958BDD2528A8F69D05CC

====== End Of Search ======




Thanks.

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:03 AM

Posted 08 August 2012 - 06:17 PM

Please do the following:


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
HKLM\...\Run: [] [x]
C:\Windows\Installer\{1124a725-e7eb-82f4-e978-28044d39f9dc}
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally.


NEXT


Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 americanjohn500

americanjohn500
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:03 AM

Posted 08 August 2012 - 06:53 PM

Fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 08-08-2012 02
Ran by SYSTEM at 2012-08-08 16:26:19 Run:1
Running from Y:\

==============================================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.
C:\Windows\Installer\{1124a725-e7eb-82f4-e978-28044d39f9dc} moved successfully.
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====


Combofix Log

ComboFix 12-08-08.01 - John Tran 08/08/2012 16:33:02.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3687.2514 [GMT -7:00]
Running from: c:\users\John Tran\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\John Tran\AppData\Local\Microsoft\Windows\Temporary Internet Files\{0B871EDA-EE3F-4F17-B75A-B687F8B09F3E}.xps
c:\users\John Tran\AppData\Local\Microsoft\Windows\Temporary Internet Files\{191697E8-5432-4176-B572-DC7C07B6C3BA}.xps
c:\users\John Tran\AppData\Local\Microsoft\Windows\Temporary Internet Files\{77A3E792-5CD5-4AB8-8334-A7BCE412D2CF}.xps
c:\users\John Tran\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8E3D7CD7-3442-49B4-A293-04B8BFEEDD23}.xps
c:\users\John Tran\AppData\Local\Microsoft\Windows\Temporary Internet Files\{EB39BA31-1518-40B3-90E8-103C60306DAD}.xps
.
.
((((((((((((((((((((((((( Files Created from 2012-07-08 to 2012-08-08 )))))))))))))))))))))))))))))))
.
.
2012-08-07 05:20 . 2012-08-07 05:20 -------- d-----w- c:\program files (x86)\ESET
2012-08-07 05:14 . 2012-08-07 05:14 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-08-07 05:13 . 2012-08-07 05:35 -------- d-----w- c:\programdata\AVG2012
2012-08-07 05:12 . 2012-08-07 05:12 -------- d-----w- c:\program files (x86)\AVG
2012-08-07 04:57 . 2012-08-07 05:36 -------- d-----w- c:\programdata\MFAData
2012-08-07 04:57 . 2012-08-07 04:57 -------- d--h--w- c:\programdata\Common Files
2012-08-07 04:52 . 2012-08-07 05:00 -------- d-----w- c:\programdata\SecTaskMan
2012-08-07 04:41 . 2012-08-07 04:41 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-07 04:17 . 2012-08-07 04:17 -------- d-----w- c:\programdata\Stardock
2012-08-07 04:13 . 2012-08-07 04:13 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-07 04:13 . 2012-08-07 04:13 -------- d-----w- c:\windows\system32\Macromed
2012-08-07 04:05 . 2012-08-07 04:05 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-08-07 03:46 . 2012-08-07 03:52 -------- d-----w- c:\users\John Tran\AppData\Roaming\DAEMON Tools Lite
2012-08-07 03:44 . 2012-08-07 03:48 -------- d-----w- c:\programdata\DAEMON Tools Lite
2012-08-07 01:43 . 2012-08-08 05:38 -------- d-----w- c:\users\John Tran\AppData\Local\Microsoft Games
2012-08-06 02:44 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9C401C61-BDF9-4023-81A9-A61EEC8AA9DD}\mpengine.dll
2012-08-05 06:15 . 2012-08-06 18:49 -------- d-----w- c:\users\John Tran\AppData\Roaming\WildTangent
2012-08-04 20:22 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-28 02:05 . 2012-07-28 02:05 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2012-07-28 01:58 . 2012-07-28 02:08 -------- d-----w- c:\programdata\Symantec
2012-07-20 02:33 . 2012-07-20 02:33 -------- d-----w- c:\users\John Tran\AppData\Roaming\PCCUStubInstaller
2012-07-10 22:12 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-10 19:38 . 2012-06-02 08:33 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-07-10 19:38 . 2012-06-02 12:00 818688 ----a-w- c:\windows\system32\jscript.dll
2012-07-10 19:38 . 2012-06-02 12:06 499200 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
2012-07-10 19:38 . 2012-06-02 08:26 387584 ----a-w- c:\program files (x86)\Internet Explorer\jsdbgui.dll
2012-07-10 19:38 . 2012-06-02 12:07 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-07-10 19:38 . 2012-06-02 08:27 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll
2012-07-10 19:38 . 2012-06-02 12:49 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-07-10 19:38 . 2012-06-02 12:17 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-07-10 19:25 . 2012-07-13 13:31 -------- d-----w- c:\users\John Tran\AppData\Local\Tific
2012-07-10 17:58 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-10 17:58 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-07-10 17:58 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-07-10 17:58 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-07-10 17:58 . 2010-06-26 03:55 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-07-10 17:58 . 2010-06-26 03:24 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2012-07-10 17:57 . 2012-06-09 05:43 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-07-10 17:57 . 2012-06-02 05:50 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-07-10 17:57 . 2012-06-02 05:48 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-07-10 17:57 . 2012-06-02 05:45 340992 ----a-w- c:\windows\system32\schannel.dll
2012-07-10 17:57 . 2012-06-02 05:44 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-10 17:57 . 2012-06-02 04:40 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-07-10 17:57 . 2012-06-02 04:39 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-07-10 17:57 . 2012-06-02 05:48 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-10 17:57 . 2012-06-02 04:40 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-07-10 17:57 . 2012-06-02 04:34 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-07 04:13 . 2011-10-31 03:37 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-10 22:05 . 2012-05-12 13:12 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-02 22:19 . 2012-06-21 15:48 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 15:49 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 15:49 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 15:49 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 15:48 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-21 15:48 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 15:49 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 15:48 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:15 . 2012-06-21 15:48 99840 ----a-w- c:\windows\system32\wudriver.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-06-08 336384]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816]
"NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2011-06-22 3218864]
"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-19 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-19 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-08 243712]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-06-10 138152]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-08 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-11-05 75904]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-11-05 38016]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-06-08 204288]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-07-19 126392]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-06-08 9360896]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-06-08 309760]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-11-11 137512]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 9216]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-09-27 76912]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-01-05 1109096]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-19 01:53]
.
2012-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-19 01:53]
.
2012-08-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3895676546-2500714157-3448633648-1000Core.job
- c:\users\John Tran\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-01 03:58]
.
2012-08-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3895676546-2500714157-3448633648-1000UA.job
- c:\users\John Tran\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-01 03:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.toshiba.com/?cid=C001B2Y
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-WinampAgent - c:\program files (x86)\Winamp\winampa.exe
Wow6432Node-HKLM-Run-SwitchBoard - c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
SafeBoot-97356364.sys
SafeBoot-MsMpSvc
Toolbar-Locked - (no file)
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Completion time: 2012-08-08 16:51:34 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-08 23:51
.
Pre-Run: 221,279,416,320 bytes free
Post-Run: 221,910,626,304 bytes free
.
- - End Of File - - 7AF9C686F8CA540CAC07507A4AFB55B7


Thanks.

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:03 AM

Posted 08 August 2012 - 07:03 PM

Please do the following:

Please download Malwarebytes' Anti-Malware
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 americanjohn500

americanjohn500
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:03 AM

Posted 08 August 2012 - 09:08 PM

Malwarebytes' Anti-Malware

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.08.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
John Tran :: JOHNTRAN [administrator]

8/8/2012 5:11:39 PM
mbam-log-2012-08-08 (17-11-39).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 194375
Time elapsed: 3 minute(s), 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


ESET Scan

C:\FRST\Quarantine\services.exe Win64/Patched.A.Gen trojan
C:\FRST\Quarantine\{1124a725-e7eb-82f4-e978-28044d39f9dc}\U\00000008.@ Win64/Agent.BA trojan
C:\FRST\Quarantine\{1124a725-e7eb-82f4-e978-28044d39f9dc}\U\000000cb.@ Win64/Conedex.B trojan
C:\FRST\Quarantine\{1124a725-e7eb-82f4-e978-28044d39f9dc}\U\80000000.@ Win64/Sirefef.AP trojan
C:\FRST\Quarantine\{1124a725-e7eb-82f4-e978-28044d39f9dc}\U\80000032.@ a variant of Win32/Sirefef.FD trojan



Thanks.

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:03 AM

Posted 08 August 2012 - 10:42 PM

those items are in quarantine already so they can't hurt your computer, (we can delete that folder at the end)

we just need to make sure there are no broken services, please run the following:



  • Please download MiniToolBox and save it to your desktop and run it.

    Checkmark following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List installed programs.

Click Go and post the result (Result.txt) that pops up. A copy of result.txt will be saved in the same directory the tool is run.

NEXT


Please download Farbar Service Scanner to your desktop and run it.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 americanjohn500

americanjohn500
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:03 AM

Posted 08 August 2012 - 10:49 PM

Minitoolbox

MiniToolBox by Farbar Version: 23-07-2012
Ran by John Tran (administrator) on 08-08-2012 at 20:47:27
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================

127.0.0.1 localhost


=========================== Installed Programs ============================

Adobe AIR (Version: 2.6.0.19140)
Adobe Flash Player 10 Plugin (Version: 10.3.181.34)
Adobe Photoshop CS6 (Version: 13.0)
AIM 7
AMD Media Foundation Decoders (Version: 1.0.60607.2201)
AMD VISION Engine Control Center (Version: 2011.0607.2212.38019)
AOL Instant Messenger
AOL Messaging Toolbar
Apple Application Support (Version: 2.1.9)
Apple Mobile Device Support (Version: 5.2.0.6)
Apple Software Update (Version: 2.1.3.127)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (Version: 1.0.0.36)
ATI Catalyst Install Manager (Version: 3.0.829.0)
BitTorrent (Version: 7.6.1)
Bonjour (Version: 3.0.0.10)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2011.0607.2212.38019)
Catalyst Control Center InstallProxy (Version: 2011.0607.2212.38019)
Catalyst Control Center Localization All (Version: 2011.0607.2212.38019)
ccc-utility64 (Version: 2011.0607.2212.38019)
CCC Help Chinese Standard (Version: 2011.0607.2211.38019)
CCC Help Chinese Traditional (Version: 2011.0607.2211.38019)
CCC Help Czech (Version: 2011.0607.2211.38019)
CCC Help Danish (Version: 2011.0607.2211.38019)
CCC Help Dutch (Version: 2011.0607.2211.38019)
CCC Help English (Version: 2011.0607.2211.38019)
CCC Help Finnish (Version: 2011.0607.2211.38019)
CCC Help French (Version: 2011.0607.2211.38019)
CCC Help German (Version: 2011.0607.2211.38019)
CCC Help Greek (Version: 2011.0607.2211.38019)
CCC Help Hungarian (Version: 2011.0607.2211.38019)
CCC Help Italian (Version: 2011.0607.2211.38019)
CCC Help Japanese (Version: 2011.0607.2211.38019)
CCC Help Korean (Version: 2011.0607.2211.38019)
CCC Help Norwegian (Version: 2011.0607.2211.38019)
CCC Help Polish (Version: 2011.0607.2211.38019)
CCC Help Portuguese (Version: 2011.0607.2211.38019)
CCC Help Russian (Version: 2011.0607.2211.38019)
CCC Help Spanish (Version: 2011.0607.2211.38019)
CCC Help Swedish (Version: 2011.0607.2211.38019)
CCC Help Thai (Version: 2011.0607.2211.38019)
CCC Help Turkish (Version: 2011.0607.2211.38019)
Conexant HD Audio (Version: 8.54.1.0)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
ESET Online Scanner v3
ETDWare PS/2-X64 8.0.8.0_R01 (Version: 8.0.8.0)
FileZilla Client 3.5.3 (Version: 3.5.3)
Google Chrome (Version: 21.0.1180.60)
Google Talk Plugin (Version: 3.3.3.8675)
Google Update Helper (Version: 1.3.21.115)
iTunes (Version: 10.6.3.25)
Java Auto Updater (Version: 2.0.4.1)
Java™ 6 Update 25 (Version: 6.0.250)
Junk Mail filter update (Version: 15.4.3502.0922)
Label@Once 1.0 (Version: 1.0)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Silverlight (Version: 5.1.10516.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft VC9 runtime libraries (Version: 2.0.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
PDF Settings CS6 (Version: 11.0)
PlayReady PC Runtime amd64 (Version: 1.3.0)
PlayReady PC Runtime x86 (Version: 1.3.0)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30124)
Realtek WLAN Driver (Version: 2.00.0016)
Toshiba App Place (Version: 1.0.6.3)
TOSHIBA Application Installer (Version: 9.0.1.2)
Toshiba Book Place (Version: 3.0.9490)
TOSHIBA Disc Creator (Version: 2.1.0.11 for x64)
TOSHIBA Face Recognition (Version: 3.1.17.64)
TOSHIBA Hardware Setup (Version: 2.1.0.3)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.9)
Toshiba Laptop Checkup (Version: 2.0.13.11)
TOSHIBA Media Controller (Version: 1.0.87.4)
Toshiba Online Backup (Version: 2.0.0.31)
TOSHIBA Quality Application (Version: 1.0.4)
TOSHIBA Recovery Media Creator (Version: 2.1.5.5109a)
TOSHIBA ReelTime (Version: 1.7.21.64)
TOSHIBA Service Station (Version: 2.2.13)
TOSHIBA Supervisor Password (Version: 2.1.0.2)
TOSHIBA Value Added Package (Version: 1.6.1.64)
TOSHIBA Web Camera Application (Version: 2.0.3.3)
TOSHIBARegistration (Version: 1.0.7)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Viewpoint Media Player
VLC media player 2.0.1 (Version: 2.0.1)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WinRAR 4.11 (32-bit) (Version: 4.11.0)

**** End of log ****


FSS

Farbar Service Scanner Version: 06-08-2012
Ran by John Tran (administrator) on 08-08-2012 at 20:48:19
Running from "C:\Users\John Tran\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============
BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****



#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:03 AM

Posted 09 August 2012 - 07:51 AM

Your BITS service is not running, we need to fix the regisrty

Please download the attached reg fix and save it to your desktop, double click it and allow it to merge to your registry (then delete the file as you wont need it again)


[attachment=128235:bits7.reg]


NEXT



Your Java is out of date, so go to Start > Control Panel > Programs and Features > scroll down to the Java installation and Remove it, now download the latest Java version 7 update 5 and install it: http://java.com/en/download/index.jsp



NEXT


Please advise how the computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 americanjohn500

americanjohn500
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:03 AM

Posted 09 August 2012 - 02:01 PM

Computer seems to be running fine now, minus the fact that I can't start Microsoft Security Essentials and Windows Defender for some reason. Should I delete the files in the Quarantine folder now?

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:03 AM

Posted 09 August 2012 - 02:50 PM

I can't start Microsoft Security Essentials and Windows Defender


you will need to uninstall MSE, then download a fresh copy and re-install it as it has been corrupted.

Windows Defender is disabled by MSE on purpose as MSE has the same components, so that is expected.

Let me know if re-installing MSE resolves the issue, then we can clean up our tools

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 americanjohn500

americanjohn500
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:03 AM

Posted 09 August 2012 - 03:38 PM

Thanks, reinstalling the program (Microsoft Security Essentials) made it work. What next?

#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:03 AM

Posted 09 August 2012 - 03:59 PM

We just have some housekeeping to do now,

Please do the following:


You can delete all the Farbar and TDSSKiller logs and programs from your desktop. (you can delete the C:\FRST folder from your C:\ drive as well)


NEXT


Follow these steps to uninstall Combofix

  • Make sure your security programs are totally disabled.
  • Press the WinKey +R to open a run box
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Posted Image


If there are any logs/tools remaining on your desktop > right click and delete them.


NEXT


Below I have included a number of recommendations for how to protect your computer against malware infections.

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.

  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

  • Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean
    It's normal after running TFC cleaner that the PC will be slower to boot the first time.

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at this well written article:
    PC Safety and Security--What Do I Need?.


Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 americanjohn500

americanjohn500
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:03 AM

Posted 09 August 2012 - 04:09 PM

Perfect. Thank you for everything.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users