Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I've tried all I can think to do. Now it's up to the professionals.


  • This topic is locked This topic is locked
30 replies to this topic

#1 Splatle

Splatle

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:42 AM

Posted 09 August 2012 - 07:06 PM

Thank you in advance for your assistance. As I think you can see, I've tried multiple programs with no success.



DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Jay at 19:54:29 on 2012-08-09
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3765.1757 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe
C:\Windows\system32\HPSIsvc.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Windows\system32\DRIVERS\o2flash.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
-netsvcs
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files\mcafee.com\agent\mcagent.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\unsecapp.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://yahoo.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120604164704.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [Ryozofm] C:\Users\Jay\AppData\Roaming\Lydied\ydod.exe
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
StartupFolder: C:\Users\Jay\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CONSTA~1.LNK - C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
LSP: mswsock.dll
Trusted Zone: intuit.com\ttlc
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {682C59F5-478C-4421-9070-AD170D143B77} - hxxp://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.5.0.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{02231629-7DDC-4D76-8B99-818DE295F62C} : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{6D69DD99-92DF-4A47-8D0E-692A5CDE1E8A} : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{6D69DD99-92DF-4A47-8D0E-692A5CDE1E8A}\140707C65602E4564777F627B602831356362666 : DhcpNameServer = 10.0.1.1
TCP: Interfaces\{6D69DD99-92DF-4A47-8D0E-692A5CDE1E8A}\34C6162796F6E60284F64756C6 : DhcpNameServer = 68.94.156.1 68.94.157.1 12.127.16.67
TCP: Interfaces\{6D69DD99-92DF-4A47-8D0E-692A5CDE1E8A}\34C65667562744F676 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6D69DD99-92DF-4A47-8D0E-692A5CDE1E8A}\452554E444E65647 : DhcpNameServer = 192.168.10.1
TCP: Interfaces\{6D69DD99-92DF-4A47-8D0E-692A5CDE1E8A}\8416A756C6D27657563747 : DhcpNameServer = 192.168.33.1 68.87.71.230 68.87.73.246
TCP: Interfaces\{9C57750A-E379-4CEE-8302-B1CDB1392B71} : NameServer = 0.0.0.0
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\msc\McSnIePl.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120604164704.dll
BHO-X64: scriptproxy - No File
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-8-8 44808]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 HPM1210RcvFaxSrvc;HP LaserJet Professional M1210 MFP Series Receive Fax Service;C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [2010-5-11 362296]
R2 HPSIService;HP SI Service;C:\Windows\system32\HPSIsvc.exe --> C:\Windows\system32\HPSIsvc.exe [?]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-8-17 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-8-17 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2010-7-8 199008]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2010-7-8 208272]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe [2010-7-8 158832]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-8-6 1153368]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-7-8 660800]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-7-8 2320920]
R2 vToolbarUpdater11.0.2;vToolbarUpdater11.0.2;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe [2012-4-29 932736]
R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Acceler.sys --> C:\Windows\system32\DRIVERS\Acceler.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
R3 O2MDGRDR;O2MDGRDR;C:\Windows\system32\DRIVERS\o2mdgx64.sys --> C:\Windows\system32\DRIVERS\o2mdgx64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-8-17 249936]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-28 250056]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 HP1210FAX;HP1210MFP FAX;C:\Windows\system32\Drivers\HPM1210FAX.sys --> C:\Windows\system32\Drivers\HPM1210FAX.sys [?]
S3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
S3 JLTECH0227;Dual Mode Camera;C:\Windows\system32\Drivers\jl2005c.sys --> C:\Windows\system32\Drivers\jl2005c.sys [?]
S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 mvusbews;USB EWS Device;C:\Windows\system32\Drivers\mvusbews.sys --> C:\Windows\system32\Drivers\mvusbews.sys [?]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2009-9-21 315664]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 SWDUMon;SWDUMon;C:\Windows\system32\DRIVERS\SWDUMon.sys --> C:\Windows\system32\DRIVERS\SWDUMon.sys [?]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\system32\DRIVERS\WSDScan.sys --> C:\Windows\system32\DRIVERS\WSDScan.sys [?]
S4 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]
S4 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-6 655944]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-8-17 249936]
.
=============== Created Last 30 ================
.
2012-08-09 23:13:39 208896 ----a-w- C:\Windows\MBR.exe
2012-08-09 23:13:38 98816 ----a-w- C:\Windows\sed.exe
2012-08-09 23:13:38 518144 ----a-w- C:\Windows\SWREG.exe
2012-08-09 23:13:38 256000 ----a-w- C:\Windows\PEV.exe
2012-08-09 23:13:23 -------- d-s---w- C:\ComboFix
2012-08-09 22:45:20 20480 ----a-w- C:\Windows\svchost.exe
2012-08-09 21:53:16 388096 ----a-r- C:\Users\Jay\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-08-09 21:53:16 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-08-09 01:17:39 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-08-09 01:17:35 958400 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-08-09 01:17:26 71064 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-08-09 01:17:02 41224 ----a-w- C:\Windows\avastSS.scr
2012-08-09 01:16:50 -------- d-----w- C:\ProgramData\AVAST Software
2012-08-09 01:16:50 -------- d-----w- C:\Program Files\AVAST Software
2012-08-08 20:37:41 -------- d-----w- C:\Users\Jay\AppData\Local\DataSafeOnline
2012-08-08 20:37:39 -------- d-----w- C:\Users\Jay\AppData\Local\Yahoo
2012-08-08 20:37:01 -------- d-----w- C:\Users\Jay\AppData\Local\Stardock_Corporation
2012-08-08 20:36:56 -------- d-----w- C:\Users\Jay\AppData\Local\Broadcom
2012-08-08 20:36:26 -------- d-----w- C:\Users\Jay\AppData\Local\SoftThinks
2012-08-06 22:34:55 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-08-05 18:27:54 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-08-05 18:27:54 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-08-05 15:17:02 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2012-08-05 15:14:32 -------- d--h--w- C:\$AVG
2012-08-05 15:14:32 -------- d-----w- C:\Windows\System32\drivers\AVG
2012-08-05 15:14:32 -------- d-----w- C:\ProgramData\AVG2012
2012-08-05 15:11:35 -------- d-----w- C:\Program Files (x86)\AVG
2012-08-05 15:04:55 -------- d-----w- C:\ProgramData\MFAData
2012-08-03 10:44:54 -------- d-----w- C:\Users\Jay\AppData\Roaming\Octoe
2012-08-03 10:44:54 -------- d-----w- C:\Users\Jay\AppData\Roaming\Lydied
2012-08-03 10:44:54 -------- d-----w- C:\Users\Jay\AppData\Roaming\Ivgus
2012-07-30 17:50:25 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-07-24 00:24:22 -------- d-----w- C:\Program Files\iTunes
2012-07-24 00:24:22 -------- d-----w- C:\Program Files\iPod
2012-07-24 00:19:12 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-07-24 00:19:12 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-07-24 00:19:12 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-07-24 00:19:12 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-07-24 00:19:12 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-07-24 00:19:12 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-07-24 00:19:12 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-07-19 03:34:24 3147264 ----a-w- C:\Windows\System32\win32k.sys
2012-07-18 23:08:51 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2012-07-18 23:08:50 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
2012-07-18 23:03:59 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-07-18 23:03:43 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-07-18 23:03:27 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-07-18 23:03:27 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-07-18 21:31:32 -------- d-----w- C:\ProgramData\GID
.
==================== Find3M ====================
.
2012-08-03 15:02:07 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-03 15:02:07 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-06 05:50:50 2003968 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 05:50:50 1880064 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 05:09:46 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:09:46 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-04 00:24:08 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2012-06-04 00:24:08 265088 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2012-06-04 00:24:08 144384 ----a-w- C:\Windows\System32\cdd.dll
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:38:26 95088 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:38:24 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:37:45 459216 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:27:02 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:27:00 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:48:39 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:48:35 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:47:31 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:42:51 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 19:56:45.61 ===============

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:42 AM

Posted 14 August 2012 - 09:30 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Open your Task Manager (CTRL+ALT+DEL) and stop this process in bold.

uRun: [Ryozofm] C:\Users\Jay\AppData\Roaming\Lydied\ydod.exe

Restart the computer in Safe Mode.

How to boot to Safe Mode, Vista - Windows 7
http://www.computerhope.com/issues/chsafe.htm#03

Delete these folders in bold.
C:\Users\Jay\AppData\Roaming\Octoe
C:\Users\Jay\AppData\Roaming\Lydied
C:\Users\Jay\AppData\Roaming\Ivgus

Restart the computer normally.

Your Hosts file was compromised and must be reset back to the default.
How To:
http://support.microsoft.com/kb/972034

Use the Fix it button on the page.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html


Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

Please post the logs for my review.

Please let me know what problem persists.

#3 Splatle

Splatle
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:42 AM

Posted 15 August 2012 - 06:57 AM

Thank you for the help. I'm part way through the list and should have everything done tonight. One side note, I'm up to the combofix line and every time I try to run it I get hte Blue screen of death. It tried running it in safe mode with the same results.

#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:42 AM

Posted 15 August 2012 - 10:10 AM

Run These tools and when completed restart the computer.
Try to run ComboFix and post the log if you can.

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#5 Splatle

Splatle
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:42 AM

Posted 15 August 2012 - 06:05 PM

Thank you for the updated to do list. Everything seemed to run as it should. Below are my logs. I have attached the txt files if that's any easier.



ComboFix 12-08-15.01 - Jay 08/15/2012 18:27:00.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3765.1988 [GMT -4:00]
Running from: C:\Users\Jay\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\install.exe
C:\ProgramData\PCDr\5907\Downloads\f0fc9c9c-10ba-435b-8365-dadb523644ff.dll
C:\Windows\svchost.exe
C:\Windows\SysWow64\URTTemp
C:\Windows\SysWow64\URTTemp\regtlib.exe


((((((((((((((((((((((((( Files Created from 2012-07-15 to 2012-08-15 )))))))))))))))))))))))))))))))


2012-08-15 22:37:34 . 2012-08-15 22:37:34 -------- d-----w- C:\Users\Default\AppData\Local\temp
2012-08-15 21:58:58 . 2012-08-15 21:58:58 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-14 22:03:53 . 2012-08-14 22:04:33 -------- d-----w- C:\Users\Jay\AppData\Local\Adobe
2012-08-12 12:32:06 . 2012-08-12 12:32:06 -------- d-----w- C:\Users\Jay\AppData\Local\Apple Computer
2012-08-11 20:23:01 . 2012-08-11 20:23:01 -------- d-----w- C:\Users\Jay\AppData\Local\Apple
2012-08-09 21:53:16 . 2012-08-09 21:53:17 388096 ----a-r- C:\Users\Jay\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-08-09 21:53:16 . 2012-08-09 21:53:16 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-08-09 01:17:45 . 2012-07-03 16:21:52 355856 ----a-w- C:\Windows\system32\drivers\aswSP.sys
2012-08-09 01:17:45 . 2012-07-03 16:21:51 25232 ----a-w- C:\Windows\system32\drivers\aswFsBlk.sys
2012-08-09 01:17:39 . 2012-07-03 16:21:52 54072 ----a-w- C:\Windows\system32\drivers\aswRdr2.sys
2012-08-09 01:17:37 . 2012-07-03 16:21:52 59728 ----a-w- C:\Windows\system32\drivers\aswTdi.sys
2012-08-09 01:17:35 . 2012-07-03 16:21:52 958400 ----a-w- C:\Windows\system32\drivers\aswSnx.sys
2012-08-09 01:17:26 . 2012-07-03 16:21:52 71064 ----a-w- C:\Windows\system32\drivers\aswMonFlt.sys
2012-08-09 01:17:26 . 2012-07-03 16:21:18 285328 ----a-w- C:\Windows\system32\aswBoot.exe
2012-08-09 01:17:02 . 2012-07-03 16:21:32 41224 ----a-w- C:\Windows\avastSS.scr
2012-08-09 01:17:01 . 2012-07-03 16:21:28 227648 ----a-w- C:\Windows\SysWow64\aswBoot.exe
2012-08-09 01:16:50 . 2012-08-09 01:16:50 -------- d-----w- C:\ProgramData\AVAST Software
2012-08-09 01:16:50 . 2012-08-09 01:16:50 -------- d-----w- C:\Program Files\AVAST Software
2012-08-08 20:37:41 . 2012-08-08 20:37:41 -------- d-----w- C:\Users\Jay\AppData\Local\DataSafeOnline
2012-08-08 20:37:39 . 2012-08-08 20:37:39 -------- d-----w- C:\Users\Jay\AppData\Local\Yahoo
2012-08-08 20:37:01 . 2012-08-08 20:37:01 -------- d-----w- C:\Users\Jay\AppData\Local\Stardock_Corporation
2012-08-08 20:36:56 . 2012-08-08 20:36:56 -------- d-----w- C:\Users\Jay\AppData\Local\Broadcom
2012-08-08 20:36:26 . 2012-08-15 22:37:34 -------- d-----w- C:\Users\Jay\AppData\Local\SoftThinks
2012-08-06 22:34:55 . 2012-07-03 17:46:44 24904 ----a-w- C:\Windows\system32\drivers\mbam.sys
2012-08-05 18:27:54 . 2012-08-09 22:43:30 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-08-05 18:27:54 . 2012-08-07 12:15:20 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-08-05 15:17:02 . 2012-08-06 21:32:47 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2012-08-05 15:14:32 . 2012-08-06 21:33:19 -------- d-----w- C:\Windows\system32\drivers\AVG
2012-08-05 15:14:32 . 2012-08-05 16:41:13 -------- d-----w- C:\ProgramData\AVG2012
2012-08-05 15:14:32 . 2012-08-05 15:14:32 -------- d-----w- C:\$AVG
2012-08-05 15:11:35 . 2012-08-06 21:26:03 -------- d-----w- C:\Program Files (x86)\AVG
2012-08-05 15:04:55 . 2012-08-06 21:26:18 -------- d-----w- C:\ProgramData\MFAData
2012-07-30 21:52:13 . 2012-07-30 21:52:13 103904 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-07-30 17:50:25 . 2012-08-06 21:29:14 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-07-24 00:24:22 . 2012-08-06 21:26:12 -------- d-----w- C:\Program Files\iTunes
2012-07-24 00:24:22 . 2012-08-06 21:26:12 -------- d-----w- C:\Program Files\iPod
2012-07-24 00:19:12 . 2012-07-24 00:19:12 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-07-24 00:19:12 . 2012-07-24 00:19:12 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-07-24 00:19:12 . 2012-07-24 00:19:12 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-07-24 00:19:12 . 2012-07-24 00:19:12 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-07-24 00:19:12 . 2012-07-24 00:19:12 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-07-24 00:19:12 . 2012-07-24 00:19:12 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-07-24 00:19:12 . 2012-07-24 00:19:12 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-07-24 00:18:55 . 2012-08-06 21:26:09 -------- d-----w- C:\Program Files (x86)\QuickTime
2012-07-19 03:34:24 . 2012-06-12 03:02:52 3147264 ----a-w- C:\Windows\system32\win32k.sys
2012-07-19 03:29:58 . 2012-06-02 12:49:39 17807360 ----a-w- C:\Windows\system32\mshtml.dll
2012-07-19 03:29:57 . 2012-06-02 12:17:39 10924032 ----a-w- C:\Windows\system32\ieframe.dll
2012-07-18 23:08:51 . 2012-06-06 05:50:28 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2012-07-18 23:08:50 . 2012-06-06 05:09:25 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
2012-07-18 23:04:00 . 2012-06-02 22:19:42 57880 ----a-w- C:\Windows\system32\wuauclt.exe
2012-07-18 23:04:00 . 2012-06-02 22:19:42 44056 ----a-w- C:\Windows\system32\wups2.dll
2012-07-18 23:03:59 . 2012-06-02 22:19:43 2428952 ----a-w- C:\Windows\system32\wuaueng.dll
2012-07-18 23:03:59 . 2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\system32\wucltux.dll
2012-07-18 23:03:43 . 2012-06-02 22:19:46 38424 ----a-w- C:\Windows\system32\wups.dll
2012-07-18 23:03:43 . 2012-06-02 22:19:23 701976 ----a-w- C:\Windows\system32\wuapi.dll
2012-07-18 23:03:43 . 2012-06-02 22:15:08 99840 ----a-w- C:\Windows\system32\wudriver.dll
2012-07-18 23:03:27 . 2012-06-02 19:19:42 186752 ----a-w- C:\Windows\system32\wuwebv.dll
2012-07-18 23:03:27 . 2012-06-02 19:15:12 36864 ----a-w- C:\Windows\system32\wuapp.exe
2012-07-18 21:31:32 . 2012-07-18 21:31:32 -------- d-----w- C:\ProgramData\GID
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-08-15 22:04:46 . 2009-07-13 23:19:46 328704 ----a-w- C:\Windows\system32\services.exe
2012-08-15 00:02:25 . 2012-03-28 23:53:10 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-15 00:02:25 . 2012-03-28 23:53:10 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-19 03:30:59 . 2010-07-18 22:59:45 59701280 ----a-w- C:\Windows\system32\MRT.exe
2012-06-04 00:25:30 . 2012-06-04 00:25:30 91648 ----a-w- C:\Windows\system32\SetIEInstalledDate.exe
2012-06-04 00:25:30 . 2012-06-04 00:25:30 89088 ----a-w- C:\Windows\system32\RegisterIEPKEYs.exe
2012-06-04 00:25:30 . 2012-06-04 00:25:30 89088 ----a-w- C:\Windows\system32\ie4uinit.exe
2012-06-04 00:25:30 . 2012-06-04 00:25:30 86528 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2012-06-04 00:25:30 . 2012-06-04 00:25:30 85504 ----a-w- C:\Windows\system32\iesetup.dll
2012-06-04 00:25:30 . 2012-06-04 00:25:30 82432 ----a-w- C:\Windows\system32\icardie.dll
2012-06-04 00:25:30 . 2012-06-04 00:25:30 76800 ----a-w- C:\Windows\SysWow64\SetIEInstalledDate.exe
2012-06-04 00:25:30 . 2012-06-04 00:25:30 76800 ----a-w- C:\Windows\system32\tdc.ocx
2012-06-04 00:25:30 . 2012-06-04 00:25:30 74752 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2012-06-04 00:25:30 . 2012-06-04 00:25:30 74752 ----a-w- C:\Windows\SysWow64\iesetup.dll
2012-06-04 00:25:30 . 2012-06-04 00:25:30 697344 ----a-w- C:\Windows\system32\msfeeds.dll
2012-06-04 00:25:30 . 2012-06-04 00:25:30 65024 ----a-w- C:\Windows\system32\pngfilt.dll
2012-06-04 00:25:30 . 2012-06-04 00:25:30 63488 ----a-w- C:\Windows\SysWow64\tdc.ocx
2012-06-04 00:25:30 . 2012-06-04 00:25:30 603648 ----a-w- C:\Windows\system32\vbscript.dll
2012-06-04 00:25:30 . 2012-06-04 00:25:30 55296 ----a-w- C:\Windows\system32\msfeedsbs.dll
2012-06-04 00:25:30 . 2012-06-04 00:25:30 534528 ----a-w- C:\Windows\system32\ieapfltr.dll
2012-06-04 00:25:30 . 2012-06-04 00:25:30 49664 ----a-w- C:\Windows\system32\imgutil.dll
2012-06-04 00:25:30 . 2012-06-04 00:25:30 48640 ----a-w- C:\Windows\SysWow64\mshtmler.dll
2012-06-04 00:25:30 . 2012-06-04 00:25:30 48640 ----a-w- C:\Windows\system32\mshtmler.dll
2012-06-04 00:25:30 . 2012-06-04 00:25:30 452608 ----a-w- C:\Windows\system32\dxtmsft.dll
2012-06-04 00:25:30 . 2012-06-04 00:25:30 448512 ----a-w- C:\Windows\system32\html.iec
2012-06-04 00:25:30 . 2012-06-04 00:25:30 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-06-04 00:25:30 . 2012-06-04 00:25:30 403248 ----a-w- C:\Windows\system32\iedkcs32.dll
2012-06-04 00:25:30 . 2012-06-04 00:25:30 39936 ----a-w- C:\Windows\system32\iernonce.dll
2012-06-04 00:25:30 . 2012-06-04 00:25:30 3695416 ----a-w- C:\Windows\system32\ieapfltr.dat
2012-06-04 00:25:30 . 2012-06-04 00:25:30 367104 ----a-w- C:\Windows\SysWow64\html.iec
2012-06-04 00:25:30 . 2012-06-04 00:25:30 35840 ----a-w- C:\Windows\SysWow64\imgutil.dll
2012-06-04 00:25:30 . 2012-06-04 00:25:30 30720 ----a-w- C:\Windows\system32\licmgr10.dll
2012-06-04 00:25:30 . 2012-06-04 00:25:30 282112 ----a-w- C:\Windows\system32\dxtrans.dll
2012-06-04 00:25:30 . 2012-06-04 00:25:30 267776 ----a-w- C:\Windows\system32\ieaksie.dll
2012-06-04 00:25:30 . 2012-06-04 00:25:30 249344 ----a-w- C:\Windows\system32\webcheck.dll
2012-06-04 00:25:30 . 2012-06-04 00:25:30 23552 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2012-06-04 00:25:30 . 2012-06-04 00:25:30 222208 ----a-w- C:\Windows\system32\msls31.dll
2012-06-04 00:25:30 . 2012-06-04 00:25:30 197120 ----a-w- C:\Windows\system32\msrating.dll
2012-06-04 00:25:30 . 2012-06-04 00:25:30 165888 ----a-w- C:\Windows\system32\iexpress.exe
2012-06-04 00:25:30 . 2012-06-04 00:25:30 163840 ----a-w- C:\Windows\system32\ieakui.dll
2012-06-04 00:25:30 . 2012-06-04 00:25:30 161792 ----a-w- C:\Windows\SysWow64\msls31.dll
2012-06-04 00:25:30 . 2012-06-04 00:25:30 160256 ----a-w- C:\Windows\system32\wextract.exe
2012-06-04 00:25:30 . 2012-06-04 00:25:30 160256 ----a-w- C:\Windows\system32\ieakeng.dll
2012-06-04 00:25:30 . 2012-06-04 00:25:30 152064 ----a-w- C:\Windows\SysWow64\wextract.exe
2012-06-04 00:25:30 . 2012-06-04 00:25:30 150528 ----a-w- C:\Windows\SysWow64\iexpress.exe
2012-06-04 00:25:30 . 2012-06-04 00:25:30 149504 ----a-w- C:\Windows\system32\occache.dll
2012-06-04 00:25:30 . 2012-06-04 00:25:30 145920 ----a-w- C:\Windows\system32\iepeers.dll
2012-06-04 00:25:30 . 2012-06-04 00:25:30 135168 ----a-w- C:\Windows\system32\IEAdvpack.dll
2012-06-04 00:25:30 . 2012-06-04 00:25:30 12288 ----a-w- C:\Windows\system32\mshta.exe
2012-06-04 00:25:30 . 2012-06-04 00:25:30 11776 ----a-w- C:\Windows\SysWow64\mshta.exe
2012-06-04 00:25:30 . 2012-06-04 00:25:30 114176 ----a-w- C:\Windows\system32\admparse.dll
2012-06-04 00:25:30 . 2012-06-04 00:25:30 111616 ----a-w- C:\Windows\system32\iesysprep.dll
2012-06-04 00:25:30 . 2012-06-04 00:25:30 110592 ----a-w- C:\Windows\SysWow64\IEAdvpack.dll
2012-06-04 00:25:30 . 2012-06-04 00:25:30 10752 ----a-w- C:\Windows\system32\msfeedssync.exe
2012-06-04 00:25:30 . 2012-06-04 00:25:30 103936 ----a-w- C:\Windows\system32\inseng.dll
2012-06-04 00:25:30 . 2012-06-04 00:25:30 101888 ----a-w- C:\Windows\SysWow64\admparse.dll
2012-06-04 00:24:08 . 2012-06-04 00:24:08 982912 ----a-w- C:\Windows\system32\drivers\dxgkrnl.sys
2012-06-04 00:24:08 . 2012-06-04 00:24:08 265088 ----a-w- C:\Windows\system32\drivers\dxgmms1.sys
2012-06-04 00:24:08 . 2012-06-04 00:24:08 144384 ----a-w- C:\Windows\system32\cdd.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 14:17:48 5252408]
"SpybotSD TeaTimer"="C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 20:07:20 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell DataSafe Online"="C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 18:34:00 1807680]
"Dell Webcam Central"="C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 21:21:38 409744]
"mcui_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2011-09-16 22:38:42 1674896]
"Microsoft Default Manager"="C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 18:12:28 439568]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 17:06:06 254696]
"Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 11:20:01 38872]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 19:00:46 919008]
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe" [2012-04-19 00:56:22 421888]
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 00:06:18 59280]
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 23:33:22 421776]
"avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe" [2012-07-03 16:21:30 4273976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-09-30 21:12:12 560128]
"Launcher"="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe" [2010-02-11 16:56:00 165184]

C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - C:\Program Files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-17 1080096]
Constant Guard.lnk - C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe [N/A]

C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - C:\Program Files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 18:27:14 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 00:02:26 250056]
R3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 17:59:12 206072]
R3 HP1210FAX;HP1210MFP FAX;C:\Windows\system32\Drivers\HPM1210FAX.sys [2010-04-28 15:49:50 16384]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 05:38:32 271872]
R3 JLTECH0227;Dual Mode Camera;C:\Windows\system32\Drivers\jl2005c.sys [2010-05-28 15:25:22 76528]
R3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys [2012-07-03 17:46:44 24904]
R3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys [2011-08-15 14:00:06 100904]
R3 mvusbews;USB EWS Device;C:\Windows\system32\Drivers\mvusbews.sys [2010-04-28 15:49:50 20480]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2009-09-21 20:03:06 315664]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 01:34:24 4925184]
R3 SWDUMon;SWDUMon;C:\Windows\system32\DRIVERS\SWDUMon.sys [2012-04-07 03:08:03 15672]
R3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 16:48:18 126352]
R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [2010-07-16 01:49:35 1255736]
R3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 00:39:20 23040]
R3 WSDScan;WSD Scan Support via UMB;C:\Windows\system32\DRIVERS\WSDScan.sys [2009-07-14 00:35:37 25088]
R4 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 22:53:00 13672]
R4 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 17:46:44 655944]
R4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 22:28:20 249936]
R4 sptd;sptd;C:\Windows\System32\Drivers\sptd.sys [2010-09-06 12:23:59 834544]
S0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys [2011-08-15 14:00:06 283744]
S0 PxHlpa64;PxHlpa64;C:\Windows\System32\Drivers\PxHlpa64.sys [2009-07-09 08:00:00 55280]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys [2011-08-15 14:00:06 75672]
S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 00:07:22 59904]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;C:\Windows\system32\drivers\aswMonFlt.sys [2012-07-03 16:21:52 71064]
S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 19:22:40 822624]
S2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-06-09 14:11:14 155648]
S2 HPM1210RcvFaxSrvc;HP LaserJet Professional M1210 MFP Series Receive Fax Service;C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [2010-05-11 20:05:40 362296]
S2 HPSIService;HP SI Service;C:\Windows\system32\HPSIsvc.exe [2010-04-29 17:10:40 127800]
S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 22:28:20 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 22:28:20 249936]
S2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-08-19 19:50:56 208272]
S2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2011-08-19 19:59:28 158832]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 19:31:10 1153368]
S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 13:30:18 508776]
S2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-02-11 16:53:00 660800]
S2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys [2009-11-02 16:48:02 13784]
S2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 04:01:32 2320920]
S2 vToolbarUpdater11.0.2;vToolbarUpdater11.0.2;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe [2012-04-30 01:09:16 932736]
S3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Acceler.sys [2009-09-17 18:33:00 23912]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 07:33:08 35104]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys [2011-08-15 14:00:06 65128]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 18:06:42 172704]
S3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys [2009-09-17 20:54:54 56344]
S3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys [2010-02-26 15:32:14 158976]
S3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys [2011-08-15 14:00:06 481504]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 16:40:42 6952960]
S3 O2MDGRDR;O2MDGRDR;C:\Windows\system32\DRIVERS\o2mdgx64.sys [2009-11-13 06:42:52 74272]
S3 Point64;Microsoft IntelliPoint Filter Driver;C:\Windows\system32\DRIVERS\point64.sys [2011-08-01 19:59:06 45416]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 10:34:52 539240]
S3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 13:30:10 764264]
S3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 13:30:18 268648]
S3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 13:30:18 25960]
S3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 13:30:22 22376]
S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 13:30:22 219496]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys [2012-02-15 15:01:50 52736]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 00:07:28 17920]


--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01

Contents of the 'Scheduled Tasks' folder

2012-08-15 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-28 23:53:10 . 2012-08-15 00:02:26]

2012-07-21 C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
- C:\Program Files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11:58 . 2012-04-13 06:11:58]

2012-08-15 C:\Windows\Tasks\SystemToolsDailyTest.job
- C:\Program Files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11:58 . 2012-04-13 06:11:58]


--------- X64 Entries -----------


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21:16 133400 ----a-w- C:\Program Files\AVAST Software\Avast\ashShA64.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickSet"="C:\Program Files\Dell\QuickSet\QuickSet.exe" [2009-11-03 22:56:10 3168336]
"IntelWireless"="C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-09-21 20:04:08 1926928]
"IntelliPoint"="c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 19:59:06 2417032]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2010-04-07 03:29:10 166424]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2010-04-07 03:29:00 391192]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2010-04-07 03:29:06 413720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0

------- Supplementary Scan -------

uLocal Page = C:\Windows\system32\blank.htm
uStart Page = hxxp://yahoo.com/
mLocal Page = C:\Windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{9C57750A-E379-4CEE-8302-B1CDB1392B71}: NameServer = 0.0.0.0
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll
DPF: {682C59F5-478C-4421-9070-AD170D143B77} - hxxp://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

- - - - ORPHANS REMOVED - - - -

BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll
Toolbar-Locked - (no file)
Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll
Wow6432Node-HKCU-Run-Ryozofm - C:\Users\Jay\AppData\Roaming\Lydied\ydod.exe
Notify-GoToAssist - (no file)
Notify-igfxcui - (no file)
SafeBoot-21021145.sys
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-SynTPEnh - C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe










17:57:47.0743 4356 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
17:57:48.0173 4356 ============================================================
17:57:48.0173 4356 Current date / time: 2012/08/15 17:57:48.0163
17:57:48.0173 4356 SystemInfo:
17:57:48.0173 4356
17:57:48.0173 4356 OS Version: 6.1.7600 ServicePack: 0.0
17:57:48.0173 4356 Product type: Workstation
17:57:48.0173 4356 ComputerName: COMPUTER
17:57:48.0173 4356 UserName: Jay
17:57:48.0173 4356 Windows directory: C:\Windows
17:57:48.0173 4356 System windows directory: C:\Windows
17:57:48.0173 4356 Running under WOW64
17:57:48.0173 4356 Processor architecture: Intel x64
17:57:48.0173 4356 Number of processors: 4
17:57:48.0173 4356 Page size: 0x1000
17:57:48.0173 4356 Boot type: Normal boot
17:57:48.0173 4356 ============================================================
17:57:51.0206 4356 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:57:51.0266 4356 ============================================================
17:57:51.0266 4356 \Device\Harddisk0\DR0:
17:57:51.0286 4356 MBR partitions:
17:57:51.0286 4356 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
17:57:51.0286 4356 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x38625830
17:57:51.0286 4356 ============================================================
17:57:51.0306 4356 C: <-> \Device\Harddisk0\DR0\Partition2
17:57:51.0306 4356 ============================================================
17:57:51.0306 4356 Initialize success
17:57:51.0306 4356 ============================================================
17:58:04.0127 6768 ============================================================
17:58:04.0127 6768 Scan started
17:58:04.0127 6768 Mode: Manual;
17:58:04.0127 6768 ============================================================
17:58:09.0948 6768 ================ Scan services =============================
17:58:10.0438 6768 [ 69aa89a20dee08bfa650aab6ce37bd10 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
17:58:10.0438 6768 1394ohci - ok
17:58:10.0488 6768 [ c49c56b35bfc6cda8d1fdcad2885568f ] Acceler C:\Windows\system32\DRIVERS\Acceler.sys
17:58:10.0488 6768 Acceler - ok
17:58:10.0558 6768 [ 6f11e88748cdefd2f76aa215f97ddfe5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
17:58:10.0568 6768 ACPI - ok
17:58:10.0638 6768 [ 63b05a0420ce4bf0e4af6dcc7cada254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
17:58:10.0638 6768 AcpiPmi - ok
17:58:10.0808 6768 [ a9d3b95e8466bd58eeb8a1154654e162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:58:10.0818 6768 AdobeFlashPlayerUpdateSvc - ok
17:58:10.0918 6768 [ 2f6b34b83843f0c5118b63ac634f5bf4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
17:58:10.0918 6768 adp94xx - ok
17:58:10.0938 6768 [ 597f78224ee9224ea1a13d6350ced962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
17:58:10.0948 6768 adpahci - ok
17:58:10.0968 6768 [ e109549c90f62fb570b9540c4b148e54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
17:58:10.0968 6768 adpu320 - ok
17:58:11.0008 6768 [ 4b78b431f225fd8624c5655cb1de7b61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:58:11.0008 6768 AeLookupSvc - ok
17:58:11.0078 6768 [ db9d6c6b2cd95a9ca414d045b627422e ] AFD C:\Windows\system32\drivers\afd.sys
17:58:11.0088 6768 AFD - ok
17:58:11.0148 6768 [ 608c14dba7299d8cb6ed035a68a15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
17:58:11.0148 6768 agp440 - ok
17:58:11.0168 6768 [ 3290d6946b5e30e70414990574883ddb ] ALG C:\Windows\System32\alg.exe
17:58:11.0168 6768 ALG - ok
17:58:11.0188 6768 [ 5812713a477a3ad7363c7438ca2ee038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
17:58:11.0188 6768 aliide - ok
17:58:11.0198 6768 [ 1ff8b4431c353ce385c875f194924c0c ] amdide C:\Windows\system32\DRIVERS\amdide.sys
17:58:11.0198 6768 amdide - ok
17:58:11.0248 6768 [ 7024f087cff1833a806193ef9d22cda9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
17:58:11.0248 6768 AmdK8 - ok
17:58:11.0258 6768 [ 1e56388b3fe0d031c44144eb8c4d6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
17:58:11.0268 6768 AmdPPM - ok
17:58:11.0328 6768 [ ec7ebab00a4d8448bab68d1e49b4beb9 ] amdsata C:\Windows\system32\drivers\amdsata.sys
17:58:11.0328 6768 amdsata - ok
17:58:11.0389 6768 [ f67f933e79241ed32ff46a4f29b5120b ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
17:58:11.0389 6768 amdsbs - ok
17:58:11.0409 6768 [ db27766102c7bf7e95140a2aa81d042e ] amdxata C:\Windows\system32\drivers\amdxata.sys
17:58:11.0409 6768 amdxata - ok
17:58:11.0459 6768 [ 42fd751b27fa0e9c69bb39f39e409594 ] AppID C:\Windows\system32\drivers\appid.sys
17:58:11.0459 6768 AppID - ok
17:58:11.0489 6768 [ 0bc381a15355a3982216f7172f545de1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
17:58:11.0499 6768 AppIDSvc - ok
17:58:11.0549 6768 [ d065be66822847b7f127d1f90158376e ] Appinfo C:\Windows\System32\appinfo.dll
17:58:11.0549 6768 Appinfo - ok
17:58:11.0789 6768 [ f401929ee0cc92bfe7f15161ca535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:58:11.0789 6768 Apple Mobile Device - ok
17:58:11.0949 6768 [ c484f8ceb1717c540242531db7845c4e ] arc C:\Windows\system32\DRIVERS\arc.sys
17:58:11.0949 6768 arc - ok
17:58:11.0999 6768 [ 019af6924aefe7839f61c830227fe79c ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
17:58:11.0999 6768 arcsas - ok
17:58:12.0109 6768 [ df59b8e8df0bd2e0e303778a3806a17d ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
17:58:12.0119 6768 aswFsBlk - ok
17:58:12.0239 6768 [ f8e6ab4f876feff69250f2e0c29ef004 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
17:58:12.0239 6768 aswMonFlt - ok
17:58:12.0279 6768 [ aa92bc4bcba40ca3aa3ffd1be24f0c09 ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
17:58:12.0279 6768 aswRdr - ok
17:58:12.0379 6768 [ f06e230e1e8ca9437a6474b7b551cd37 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
17:58:12.0389 6768 aswSnx - ok
17:58:12.0449 6768 [ 3610ca74a69e380424f0452dec5c1317 ] aswSP C:\Windows\system32\drivers\aswSP.sys
17:58:12.0459 6768 aswSP - ok
17:58:12.0479 6768 [ 87de3e31cb0091d22351349869324065 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
17:58:12.0479 6768 aswTdi - ok
17:58:12.0539 6768 [ 769765ce2cc62867468cea93969b2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:58:12.0549 6768 AsyncMac - ok
17:58:12.0609 6768 [ 02062c0b390b7729edc9e69c680a6f3c ] atapi C:\Windows\system32\DRIVERS\atapi.sys
17:58:12.0609 6768 atapi - ok
17:58:12.0699 6768 [ 07721a77180edd4d39ccb865bf63c7fd ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:58:12.0709 6768 AudioEndpointBuilder - ok
17:58:12.0719 6768 [ 07721a77180edd4d39ccb865bf63c7fd ] AudioSrv C:\Windows\System32\Audiosrv.dll
17:58:12.0729 6768 AudioSrv - ok
17:58:12.0849 6768 [ 2f7c0f3e39c45e0127fb78b2f18a41f3 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
17:58:12.0849 6768 avast! Antivirus - ok
17:58:12.0909 6768 [ b20b5fa5ca050e9926e4d1db81501b32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
17:58:12.0919 6768 AxInstSV - ok
17:58:13.0009 6768 [ 3e5b191307609f7514148c6832bb0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
17:58:13.0009 6768 b06bdrv - ok
17:58:13.0059 6768 [ b5ace6968304a3900eeb1ebfd9622df2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
17:58:13.0069 6768 b57nd60a - ok
17:58:13.0099 6768 [ fde360167101b4e45a96f939f388aeb0 ] BDESVC C:\Windows\System32\bdesvc.dll
17:58:13.0099 6768 BDESVC - ok
17:58:13.0119 6768 [ 16a47ce2decc9b099349a5f840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
17:58:13.0119 6768 Beep - ok
17:58:13.0179 6768 [ 61583ee3c3a17003c4acd0475646b4d3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
17:58:13.0189 6768 blbdrive - ok
17:58:13.0309 6768 [ ebbcd5dfbb1de70e8f4af8fa59e401fd ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:58:13.0319 6768 Bonjour Service - ok
17:58:13.0379 6768 [ 19d20159708e152267e53b66677a4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:58:13.0379 6768 bowser - ok
17:58:13.0449 6768 [ f09eee9edc320b5e1501f749fde686c8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:58:13.0449 6768 BrFiltLo - ok
17:58:13.0469 6768 [ b114d3098e9bdb8bea8b053685831be6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:58:13.0469 6768 BrFiltUp - ok
17:58:13.0529 6768 [ 5c2f352a4e961d72518261257aae204b ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
17:58:13.0539 6768 BridgeMP - ok
17:58:13.0579 6768 [ 94fbc06f294d58d02361918418f996e3 ] Browser C:\Windows\System32\browser.dll
17:58:13.0579 6768 Browser - ok
17:58:13.0599 6768 [ 43bea8d483bf1870f018e2d02e06a5bd ] Brserid C:\Windows\System32\Drivers\Brserid.sys
17:58:13.0609 6768 Brserid - ok
17:58:13.0639 6768 [ a6eca2151b08a09caceca35c07f05b42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
17:58:13.0639 6768 BrSerWdm - ok
17:58:13.0659 6768 [ b79968002c277e869cf38bd22cd61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
17:58:13.0659 6768 BrUsbMdm - ok
17:58:13.0669 6768 [ a87528880231c54e75ea7a44943b38bf ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
17:58:13.0669 6768 BrUsbSer - ok
17:58:13.0739 6768 [ cf98190a94f62e405c8cb255018b2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
17:58:13.0739 6768 BthEnum - ok
17:58:13.0759 6768 [ 9da669f11d1f894ab4eb69bf546a42e8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
17:58:13.0769 6768 BTHMODEM - ok
17:58:13.0799 6768 [ 02dd601b708dd0667e1331fa8518e9ff ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
17:58:13.0799 6768 BthPan - ok
17:58:13.0869 6768 [ 21084ceb85280468c9aca3c805c0f8cf ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
17:58:13.0879 6768 BTHPORT - ok
17:58:13.0949 6768 [ 95f9c2976059462cbbf227f7aab10de9 ] bthserv C:\Windows\system32\bthserv.dll
17:58:13.0949 6768 bthserv - ok
17:58:13.0989 6768 [ 8504842634dd144c075b6b0c982ccec4 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
17:58:13.0989 6768 BTHUSB - ok
17:58:14.0009 6768 [ 6bcfdc2b5b7f66d484486d4bd4b39a6b ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
17:58:14.0009 6768 btwaudio - ok
17:58:14.0069 6768 [ 82dc8b7c626e526681c1bebed2bc3ff9 ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
17:58:14.0079 6768 btwavdt - ok
17:58:14.0169 6768 [ 6dde1e97be4d50253dfb9090a6a62524 ] btwdins c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
17:58:14.0179 6768 btwdins - ok
17:58:14.0199 6768 [ 6149301dc3f81d6f9667a3fbac410975 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
17:58:14.0199 6768 btwl2cap - ok
17:58:14.0219 6768 [ 28e105ad3b79f440bf94780f507bf66a ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
17:58:14.0219 6768 btwrchid - ok
17:58:14.0259 6768 [ b8bd2bb284668c84865658c77574381a ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:58:14.0269 6768 cdfs - ok
17:58:14.0339 6768 [ 83d2d75e1efb81b3450c18131443f7db ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
17:58:14.0339 6768 cdrom - ok
17:58:14.0399 6768 [ 312e2f82af11e79906898ac3e3d58a1f ] CertPropSvc C:\Windows\System32\certprop.dll
17:58:14.0399 6768 CertPropSvc - ok
17:58:14.0509 6768 [ 75f91554e5fa6e962b880405fecc97a1 ] cfwids C:\Windows\system32\drivers\cfwids.sys
17:58:14.0509 6768 cfwids - ok
17:58:14.0519 6768 [ d7cd5c4e1b71fa62050515314cfb52cf ] circlass C:\Windows\system32\DRIVERS\circlass.sys
17:58:14.0529 6768 circlass - ok
17:58:14.0539 6768 [ fe1ec06f2253f691fe36217c592a0206 ] CLFS C:\Windows\system32\CLFS.sys
17:58:14.0549 6768 CLFS - ok
17:58:14.0619 6768 [ d88040f816fda31c3b466f0fa0918f29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:58:14.0629 6768 clr_optimization_v2.0.50727_32 - ok
17:58:14.0699 6768 [ d1ceea2b47cb998321c579651ce3e4f8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:58:14.0709 6768 clr_optimization_v2.0.50727_64 - ok
17:58:14.0809 6768 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:58:14.0809 6768 clr_optimization_v4.0.30319_32 - ok
17:58:14.0869 6768 [ c6f9af94dcd58122a4d7e89db6bed29d ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:58:14.0879 6768 clr_optimization_v4.0.30319_64 - ok
17:58:14.0949 6768 [ 0840155d0bddf1190f84a663c284bd33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
17:58:14.0949 6768 CmBatt - ok
17:58:14.0959 6768 [ e19d3f095812725d88f9001985b94edd ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
17:58:14.0959 6768 cmdide - ok
17:58:14.0999 6768 [ ca7720b73446fddec5c69519c1174c98 ] CNG C:\Windows\system32\Drivers\cng.sys
17:58:15.0009 6768 CNG - ok
17:58:15.0029 6768 [ 102de219c3f61415f964c88e9085ad14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
17:58:15.0029 6768 Compbatt - ok
17:58:15.0069 6768 [ f26b3a86f6fa87ca360b879581ab4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
17:58:15.0069 6768 CompositeBus - ok
17:58:15.0099 6768 COMSysApp - ok
17:58:15.0129 6768 [ 1c827878a998c18847245fe1f34ee597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
17:58:15.0129 6768 crcdisk - ok
17:58:15.0209 6768 [ f02786b66375292e58c8777082d4396d ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:58:15.0209 6768 CryptSvc - ok
17:58:15.0269 6768 [ ed5cf92396a62f4c15110dcdb5e854d9 ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys
17:58:15.0269 6768 CtClsFlt - ok
17:58:15.0779 6768 [ 72794d112cbaff3bc0c29bf7350d4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
17:58:15.0789 6768 cvhsvc - ok
17:58:15.0969 6768 [ 7266972e86890e2b30c0c322e906b027 ] DcomLaunch C:\Windows\system32\rpcss.dll
17:58:15.0979 6768 DcomLaunch - ok
17:58:16.0219 6768 [ 3cec7631a84943677aa8fa8ee5b6b43d ] defragsvc C:\Windows\System32\defragsvc.dll
17:58:16.0219 6768 defragsvc - ok
17:58:16.0299 6768 [ 9c253ce7311ca60fc11c774692a13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:58:16.0299 6768 DfsC - ok
17:58:16.0370 6768 [ ce3b9562d997f69b330d181a8875960f ] Dhcp C:\Windows\system32\dhcpcore.dll
17:58:16.0370 6768 Dhcp - ok
17:58:16.0410 6768 [ 13096b05847ec78f0977f2c0f79e9ab3 ] discache C:\Windows\system32\drivers\discache.sys
17:58:16.0410 6768 discache - ok
17:58:16.0470 6768 [ 9819eee8b5ea3784ec4af3b137a5244c ] Disk C:\Windows\system32\DRIVERS\disk.sys
17:58:16.0470 6768 Disk - ok
17:58:16.0500 6768 [ 85cf424c74a1d5ec33533e1dbff9920a ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:58:16.0510 6768 Dnscache - ok
17:58:16.0610 6768 [ 0840abbbdf438691ee65a20040635cbe ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
17:58:16.0620 6768 DockLoginService - ok
17:58:16.0660 6768 [ 14452acdb09b70964c8c21bf80a13acb ] dot3svc C:\Windows\System32\dot3svc.dll
17:58:16.0670 6768 dot3svc - ok
17:58:16.0680 6768 [ 8c2ba6bea949ee6e68385f5692bafb94 ] DPS C:\Windows\system32\dps.dll
17:58:16.0680 6768 DPS - ok
17:58:16.0770 6768 [ 9b19f34400d24df84c858a421c205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:58:16.0770 6768 drmkaud - ok
17:58:16.0850 6768 [ 1633b9abf52784a1331476397a48cbef ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:58:16.0860 6768 DXGKrnl - ok
17:58:16.0910 6768 [ e2dda8726da9cb5b2c4000c9018a9633 ] EapHost C:\Windows\System32\eapsvc.dll
17:58:16.0910 6768 EapHost - ok
17:58:17.0010 6768 [ dc5d737f51be844d8c82c695eb17372f ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
17:58:17.0050 6768 ebdrv - ok
17:58:17.0080 6768 [ 156f6159457d0aa7e59b62681b56eb90 ] EFS C:\Windows\System32\lsass.exe
17:58:17.0090 6768 EFS - ok
17:58:17.0160 6768 [ 47c071994c3f649f23d9cd075ac9304a ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:58:17.0160 6768 ehRecvr - ok
17:58:17.0210 6768 [ 4705e8ef9934482c5bb488ce28afc681 ] ehSched C:\Windows\ehome\ehsched.exe
17:58:17.0220 6768 ehSched - ok
17:58:17.0300 6768 [ 0e5da5369a0fcaea12456dd852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
17:58:17.0300 6768 elxstor - ok
17:58:17.0390 6768 [ abdd5ad016affd34ad40e944ce94bf59 ] EpsonBidirectionalService C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
17:58:17.0390 6768 EpsonBidirectionalService - ok
17:58:17.0450 6768 [ 34a3c54752046e79a126e15c51db409b ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
17:58:17.0450 6768 ErrDev - ok
17:58:17.0500 6768 [ 4166f82be4d24938977dd1746be9b8a0 ] EventSystem C:\Windows\system32\es.dll
17:58:17.0500 6768 EventSystem - ok
17:58:17.0780 6768 [ 51643ee2712d9212e1e53ca7e8d8eb4a ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
17:58:17.0800 6768 EvtEng - ok
17:58:17.0850 6768 [ a510c654ec00c1e9bdd91eeb3a59823b ] exfat C:\Windows\system32\drivers\exfat.sys
17:58:17.0850 6768 exfat - ok
17:58:17.0920 6768 [ 0adc83218b66a6db380c330836f3e36d ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:58:17.0920 6768 fastfat - ok
17:58:18.0020 6768 [ d607b2f1bee3992aa6c2c92c0a2f0855 ] Fax C:\Windows\system32\fxssvc.exe
17:58:18.0030 6768 Fax - ok
17:58:18.0050 6768 [ d765d19cd8ef61f650c384f62fac00ab ] fdc C:\Windows\system32\DRIVERS\fdc.sys
17:58:18.0050 6768 fdc - ok
17:58:18.0100 6768 [ 0438cab2e03f4fb61455a7956026fe86 ] fdPHost C:\Windows\system32\fdPHost.dll
17:58:18.0110 6768 fdPHost - ok
17:58:18.0130 6768 [ 802496cb59a30349f9a6dd22d6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
17:58:18.0140 6768 FDResPub - ok
17:58:18.0170 6768 [ 655661be46b5f5f3fd454e2c3095b930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:58:18.0170 6768 FileInfo - ok
17:58:18.0200 6768 [ 5f671ab5bc87eea04ec38a6cd5962a47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:58:18.0200 6768 Filetrace - ok
17:58:18.0210 6768 [ c172a0f53008eaeb8ea33fe10e177af5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
17:58:18.0220 6768 flpydisk - ok
17:58:18.0240 6768 [ f7866af72abbaf84b1fa5aa195378c59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:58:18.0240 6768 FltMgr - ok
17:58:18.0390 6768 [ cb5e4b9c319e3c6bb363eb7e58a4a051 ] FontCache C:\Windows\system32\FntCache.dll
17:58:18.0410 6768 FontCache - ok
17:58:18.0540 6768 [ 8d89e3131c27fdd6932189cb785e1b7a ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:58:18.0550 6768 FontCache3.0.0.0 - ok
17:58:18.0600 6768 [ d43703496149971890703b4b1b723eac ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
17:58:18.0600 6768 FsDepends - ok
17:58:18.0650 6768 [ d3e3f93d67821a2db2b3d9fac2dc2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:58:18.0660 6768 Fs_Rec - ok
17:58:18.0710 6768 [ ae87ba80d0ec3b57126ed2cdc15b24ed ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
17:58:18.0720 6768 fvevol - ok
17:58:18.0770 6768 [ 8c778d335c9d272cfd3298ab02abe3b6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
17:58:18.0770 6768 gagp30kx - ok
17:58:18.0850 6768 [ c403c5db49a0f9aaf4f2128edc0106d8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
17:58:18.0850 6768 GamesAppService - ok
17:58:18.0880 6768 [ e403aacf8c7bb11375122d2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:58:18.0880 6768 GEARAspiWDM - ok
17:58:18.0940 6768 [ d3316f6e3c011435f36e3d6e49b3196c ] GoToAssist C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
17:58:18.0940 6768 GoToAssist - ok
17:58:19.0000 6768 [ fe5ab4525bc2ec68b9119a6e5d40128b ] gpsvc C:\Windows\System32\gpsvc.dll
17:58:19.0010 6768 gpsvc - ok
17:58:19.0060 6768 [ f2523ef6460fc42405b12248338ab2f0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
17:58:19.0060 6768 hcw85cir - ok
17:58:19.0150 6768 [ 6410f6f415b2a5a9037224c41da8bf12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:58:19.0160 6768 HdAudAddService - ok
17:58:19.0210 6768 [ 0a49913402747a0b67de940fb42cbdbb ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
17:58:19.0210 6768 HDAudBus - ok
17:58:19.0280 6768 [ b6ac71aaa2b10848f57fc49d55a651af ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
17:58:19.0280 6768 HECIx64 - ok
17:58:19.0300 6768 [ 78e86380454a7b10a5eb255dc44a355f ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
17:58:19.0300 6768 HidBatt - ok
17:58:19.0320 6768 [ 7fd2a313f7afe5c4dab14798c48dd104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
17:58:19.0330 6768 HidBth - ok
17:58:19.0350 6768 [ 0a77d29f311b88cfae3b13f9c1a73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
17:58:19.0350 6768 HidIr - ok
17:58:19.0370 6768 [ bd9eb3958f213f96b97b1d897dee006d ] hidserv C:\Windows\System32\hidserv.dll
17:58:19.0380 6768 hidserv - ok
17:58:19.0500 6768 [ b3bf6b5b50006def50b66306d99fcf6f ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
17:58:19.0500 6768 HidUsb - ok
17:58:19.0520 6768 [ efa58ede58dd74388ffd04cb32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:58:19.0530 6768 hkmsvc - ok
17:58:19.0920 6768 [ 046b2673767ca626e2cfb7fdf735e9e8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:58:19.0950 6768 HomeGroupListener - ok
17:58:20.0000 6768 [ 06a7422224d9865a5613710a089987df ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:58:20.0000 6768 HomeGroupProvider - ok
17:58:20.0060 6768 [ 0570a17a2e5001b97e20c15b4fc516ae ] HP1210FAX C:\Windows\system32\Drivers\HPM1210FAX.sys
17:58:20.0060 6768 HP1210FAX - ok
17:58:20.0140 6768 [ f8f686d62121549377d9e1cdf6bc3441 ] HPM1210RcvFaxSrvc C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe
17:58:20.0150 6768 HPM1210RcvFaxSrvc - ok
17:58:20.0180 6768 [ 0886d440058f203eba0e1825e4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
17:58:20.0190 6768 HpSAMD - ok
17:58:20.0220 6768 [ 4e9cae3200a46135de01ce22baf832be ] HPSIService C:\Windows\system32\HPSIsvc.exe
17:58:20.0220 6768 HPSIService - ok
17:58:20.0290 6768 [ cee049cac4efa7f4e1e4ad014414a5d4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:58:20.0300 6768 HTTP - ok
17:58:20.0320 6768 [ f17766a19145f111856378df337a5d79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
17:58:20.0320 6768 hwpolicy - ok
17:58:20.0390 6768 [ fa55c73d4affa7ee23ac4be53b4592d3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
17:58:20.0390 6768 i8042prt - ok
17:58:20.0450 6768 [ b75e45c564e944a2657167d197ab29da ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
17:58:20.0460 6768 iaStorV - ok
17:58:20.0560 6768 [ 1cf03c69b49acb70c722df92755c0c8c ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
17:58:20.0560 6768 IDriverT - ok
17:58:20.0680 6768 [ 2f2be70d3e02b6fa877921ab9516d43c ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:58:20.0690 6768 idsvc - ok
17:58:21.0721 6768 [ 09ce164afa8483e41808784d7fca154e ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
17:58:21.0901 6768 igfx - ok
17:58:22.0021 6768 [ 5c18831c61933628f5bb0ea2675b9d21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
17:58:22.0021 6768 iirsp - ok
17:58:22.0121 6768 [ c5b4683680df085b57bc53e5ef34861f ] IKEEXT C:\Windows\System32\ikeext.dll
17:58:22.0131 6768 IKEEXT - ok
17:58:22.0181 6768 [ dd587a55390ed2295bce6d36ad567da9 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
17:58:22.0181 6768 Impcd - ok
17:58:22.0251 6768 [ 58cf58dee26c909bd6f977b61d246295 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
17:58:22.0251 6768 IntcDAud - ok
17:58:22.0281 6768 [ f00f20e70c6ec3aa366910083a0518aa ] intelide C:\Windows\system32\DRIVERS\intelide.sys
17:58:22.0281 6768 intelide - ok
17:58:22.0341 6768 [ ada036632c664caa754079041cf1f8c1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:58:22.0341 6768 intelppm - ok
17:58:22.0441 6768 [ 3dc635b66dd7412e1c9c3a77b8d78f25 ] IntuitUpdateService C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
17:58:22.0441 6768 IntuitUpdateService - ok
17:58:22.0541 6768 [ 1663a135865f0ba6e853353e98e67f2a ] IntuitUpdateServiceV4 C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
17:58:22.0541 6768 IntuitUpdateServiceV4 - ok
17:58:22.0601 6768 [ 098a91c54546a3b878dad6a7e90a455b ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:58:22.0601 6768 IPBusEnum - ok
17:58:22.0641 6768 [ 722dd294df62483cecaae6e094b4d695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:58:22.0641 6768 IpFilterDriver - ok
17:58:22.0681 6768 [ e2b4a4494db7cb9b89b55ca268c337c5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
17:58:22.0681 6768 IPMIDRV - ok
17:58:22.0741 6768 [ af9b39a7e7b6caa203b3862582e9f2d0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
17:58:22.0741 6768 IPNAT - ok
17:58:22.0881 6768 [ a9ab99ee7d39725eafec82732d2b3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
17:58:22.0891 6768 iPod Service - ok
17:58:22.0941 6768 [ 3abf5e7213eb28966d55d58b515d5ce9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:58:22.0941 6768 IRENUM - ok
17:58:22.0961 6768 [ 2f7b28dc3e1183e5eb418df55c204f38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
17:58:22.0961 6768 isapnp - ok
17:58:22.0981 6768 [ fa4d2557de56d45b0a346f93564be6e1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
17:58:22.0981 6768 iScsiPrt - ok
17:58:23.0041 6768 [ d2788bd344280e416502fce52450d66f ] JLTECH0227 C:\Windows\system32\Drivers\jl2005c.sys
17:58:23.0041 6768 JLTECH0227 - ok
17:58:23.0091 6768 [ bc02336f1cba7dcc7d1213bb588a68a5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
17:58:23.0101 6768 kbdclass - ok
17:58:23.0151 6768 [ 6def98f8541e1b5dceb2c822a11f7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
17:58:23.0151 6768 kbdhid - ok
17:58:23.0171 6768 [ 156f6159457d0aa7e59b62681b56eb90 ] KeyIso C:\Windows\system32\lsass.exe
17:58:23.0171 6768 KeyIso - ok
17:58:23.0211 6768 [ 4f4b5fde429416877de7143044582eb5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:58:23.0211 6768 KSecDD - ok
17:58:23.0251 6768 [ 6f40465a44ecdc1731befafec5bdd03c ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
17:58:23.0251 6768 KSecPkg - ok
17:58:23.0281 6768 [ 6869281e78cb31a43e969f06b57347c4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
17:58:23.0291 6768 ksthunk - ok
17:58:23.0351 6768 [ 6ab66e16aa859232f64deb66887a8c9c ] KtmRm C:\Windows\system32\msdtckrm.dll
17:58:23.0371 6768 KtmRm - ok
17:58:23.0461 6768 [ 81f1d04d4d0e433099365127375fd501 ] LanmanServer C:\Windows\System32\srvsvc.dll
17:58:23.0461 6768 LanmanServer - ok
17:58:23.0511 6768 [ 27026eac8818e8a6c00a1cad2f11d29a ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:58:23.0511 6768 LanmanWorkstation - ok
17:58:23.0571 6768 [ 1538831cf8ad2979a04c423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:58:23.0581 6768 lltdio - ok
17:58:23.0611 6768 [ c1185803384ab3feed115f79f109427f ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:58:23.0621 6768 lltdsvc - ok
17:58:23.0631 6768 [ f993a32249b66c9d622ea5592a8b76b8 ] lmhosts C:\Windows\System32\lmhsvc.dll
17:58:23.0631 6768 lmhosts - ok
17:58:23.0721 6768 [ 7485fbcef9136f530953575e2977859d ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
17:58:23.0721 6768 LMS - ok
17:58:23.0791 6768 [ 1a93e54eb0ece102495a51266dcdb6a6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
17:58:23.0791 6768 LSI_FC - ok
17:58:23.0811 6768 [ 1047184a9fdc8bdbff857175875ee810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
17:58:23.0821 6768 LSI_SAS - ok
17:58:23.0861 6768 [ 30f5c0de1ee8b5bc9306c1f0e4a75f93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:58:23.0871 6768 LSI_SAS2 - ok
17:58:23.0881 6768 [ 0504eacaff0d3c8aed161c4b0d369d4a ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:58:23.0891 6768 LSI_SCSI - ok
17:58:23.0921 6768 [ 43d0f98e1d56ccddb0d5254cff7b356e ] luafv C:\Windows\system32\drivers\luafv.sys
17:58:23.0931 6768 luafv - ok
17:58:24.0001 6768 [ dc8490812a3b72811ae534f423b4c206 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
17:58:24.0011 6768 MBAMProtector - ok
17:58:24.0161 6768 [ 43683e970f008c93c9429ef428147a54 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
17:58:24.0171 6768 MBAMService - ok
17:58:24.0281 6768 [ acb01bf1a905356ab7f978c7fe852209 ] McMPFSvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
17:58:24.0291 6768 McMPFSvc - ok
17:58:24.0291 6768 [ acb01bf1a905356ab7f978c7fe852209 ] mcmscsvc C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
17:58:24.0301 6768 mcmscsvc - ok
17:58:24.0311 6768 [ acb01bf1a905356ab7f978c7fe852209 ] McNaiAnn C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
17:58:24.0311 6768 McNaiAnn - ok
17:58:24.0341 6768 [ acb01bf1a905356ab7f978c7fe852209 ] McNASvc C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
17:58:24.0341 6768 McNASvc - ok
17:58:24.0431 6768 [ 07b89e7de2f7971cf7eef0262207c4de ] McODS C:\Program Files\mcafee\VirusScan\mcods.exe
17:58:24.0431 6768 McODS - ok
17:58:24.0441 6768 [ acb01bf1a905356ab7f978c7fe852209 ] McOobeSv C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
17:58:24.0441 6768 McOobeSv - ok
17:58:24.0451 6768 [ acb01bf1a905356ab7f978c7fe852209 ] McProxy C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
17:58:24.0451 6768 McProxy - ok
17:58:24.0511 6768 [ 634084d6fa08a1a95b1ce3291debc237 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
17:58:24.0521 6768 McShield - ok
17:58:24.0561 6768 [ f84c8f1000bc11e3b7b23cbd3baff111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:58:24.0571 6768 Mcx2Svc - ok
17:58:24.0601 6768 [ a55805f747c6edb6a9080d7c633bd0f4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
17:58:24.0611 6768 megasas - ok
17:58:24.0641 6768 [ baf74ce0072480c3b6b7c13b2a94d6b3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
17:58:24.0641 6768 MegaSR - ok
17:58:24.0691 6768 [ eac376dd77ec9e95d38108a27c261dca ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys
17:58:24.0691 6768 mfeapfk - ok
17:58:24.0731 6768 [ f55f50b11d635658f346db0457bb2b79 ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys
17:58:24.0741 6768 mfeavfk - ok
17:58:24.0791 6768 mfeavfk01 - ok
17:58:24.0831 6768 [ c1bb6e71830e029aba38a2e34449d5e0 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
17:58:24.0841 6768 mfefire - ok
17:58:24.0931 6768 [ 33b8e35c5839a83d6700aab3e464553b ] mfefirek C:\Windows\system32\drivers\mfefirek.sys
17:58:24.0931 6768 mfefirek - ok
17:58:24.0991 6768 [ ada8c105c8f9a61284c75157c170585b ] mfehidk C:\Windows\system32\drivers\mfehidk.sys
17:58:25.0001 6768 mfehidk - ok
17:58:25.0041 6768 [ c52ee6d1e1e5a69c989acc478051964e ] mfenlfk C:\Windows\system32\DRIVERS\mfenlfk.sys
17:58:25.0051 6768 mfenlfk - ok
17:58:25.0111 6768 [ b000720e19ef733f938a6269d630f5dd ] mferkdet C:\Windows\system32\drivers\mferkdet.sys
17:58:25.0111 6768 mferkdet - ok
17:58:25.0141 6768 [ 6293c0c086f3c3efb663b3d1281df4b8 ] mfevtp C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
17:58:25.0141 6768 mfevtp - ok
17:58:25.0161 6768 [ 62717ab68b38efee54678b85e19b0538 ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys
17:58:25.0171 6768 mfewfpk - ok
17:58:25.0211 6768 [ e40e80d0304a73e8d269f7141d77250b ] MMCSS C:\Windows\system32\mmcss.dll
17:58:25.0211 6768 MMCSS - ok
17:58:25.0251 6768 [ 800ba92f7010378b09f9ed9270f07137 ] Modem C:\Windows\system32\drivers\modem.sys
17:58:25.0251 6768 Modem - ok
17:58:25.0301 6768 [ b03d591dc7da45ece20b3b467e6aadaa ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:58:25.0301 6768 monitor - ok
17:58:25.0351 6768 [ 7d27ea49f3c1f687d357e77a470aea99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
17:58:25.0351 6768 mouclass - ok
17:58:25.0412 6768 [ d3bf052c40b0c4166d9fd86a4288c1e6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:58:25.0412 6768 mouhid - ok
17:58:25.0422 6768 [ 791af66c4d0e7c90a3646066386fb571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
17:58:25.0422 6768 mountmgr - ok
17:58:25.0442 6768 [ 609d1d87649ecc19796f4d76d4c15cea ] mpio C:\Windows\system32\DRIVERS\mpio.sys
17:58:25.0452 6768 mpio - ok
17:58:25.0462 6768 [ 6c38c9e45ae0ea2fa5e551f2ed5e978f ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:58:25.0462 6768 mpsdrv - ok
17:58:25.0482 6768 [ 30524261bb51d96d6fcbac20c810183c ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:58:25.0492 6768 MRxDAV - ok
17:58:25.0532 6768 [ 040d62a9d8ad28922632137acdd984f2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:58:25.0542 6768 mrxsmb - ok
17:58:25.0582 6768 [ f0067552f8f9b33d7c59403ab808a3cb ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:58:25.0592 6768 mrxsmb10 - ok
17:58:25.0622 6768 [ 3c142d31de9f2f193218a53fe2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:58:25.0622 6768 mrxsmb20 - ok
17:58:25.0682 6768 [ bccf16d5fb1109162380e3e28dc9e4e5 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
17:58:25.0682 6768 msahci - ok
17:58:25.0702 6768 [ 8d27b597229aed79430fb9db3bcbfbd0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
17:58:25.0702 6768 msdsm - ok
17:58:25.0732 6768 [ de0ece52236cfa3ed2dbfc03f28253a8 ] MSDTC C:\Windows\System32\msdtc.exe
17:58:25.0732 6768 MSDTC - ok
17:58:25.0762 6768 [ aa3fb40e17ce1388fa1bedab50ea8f96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:58:25.0772 6768 Msfs - ok
17:58:25.0832 6768 [ f9d215a46a8b9753f61767fa72a20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
17:58:25.0832 6768 mshidkmdf - ok
17:58:25.0882 6768 [ d916874bbd4f8b07bfb7fa9b3ccae29d ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
17:58:25.0882 6768 msisadrv - ok
17:58:25.0932 6768 [ 808e98ff49b155c522e6400953177b08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:58:25.0932 6768 MSiSCSI - ok
17:58:25.0942 6768 msiserver - ok
17:58:25.0992 6768 [ 49ccf2c4fea34ffad8b1b59d49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:58:25.0992 6768 MSKSSRV - ok
17:58:26.0012 6768 [ bdd71ace35a232104ddd349ee70e1ab3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:58:26.0012 6768 MSPCLOCK - ok
17:58:26.0022 6768 [ 4ed981241db27c3383d72092b618a1d0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:58:26.0022 6768 MSPQM - ok
17:58:26.0042 6768 [ 89cb141aa8616d8c6a4610fa26c60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:58:26.0052 6768 MsRPC - ok
17:58:26.0072 6768 [ 0eed230e37515a0eaee3c2e1bc97b288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
17:58:26.0072 6768 mssmbios - ok
17:58:26.0082 6768 [ 2e66f9ecb30b4221a318c92ac2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:58:26.0092 6768 MSTEE - ok
17:58:26.0102 6768 [ 7ea404308934e675bffde8edf0757bcd ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
17:58:26.0102 6768 MTConfig - ok
17:58:26.0152 6768 [ f9a18612fd3526fe473c1bda678d61c8 ] Mup C:\Windows\system32\Drivers\mup.sys
17:58:26.0152 6768 Mup - ok
17:58:26.0212 6768 [ 09818558c2579b45d78ab18a759b0ca8 ] mvusbews C:\Windows\system32\Drivers\mvusbews.sys
17:58:26.0212 6768 mvusbews - ok
17:58:26.0242 6768 [ d285d0539016be299a55ff997b44da33 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
17:58:26.0252 6768 MyWiFiDHCPDNS - ok
17:58:26.0292 6768 [ 4987e079a4530fa737a128be54b63b12 ] napagent C:\Windows\system32\qagentRT.dll
17:58:26.0302 6768 napagent - ok
17:58:26.0382 6768 [ 1ea3749c4114db3e3161156ffffa6b33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:58:26.0382 6768 NativeWifiP - ok
17:58:26.0472 6768 [ cad515dbd07d082bb317d9928ce8962c ] NDIS C:\Windows\system32\drivers\ndis.sys
17:58:26.0482 6768 NDIS - ok
17:58:26.0502 6768 [ 9f9a1f53aad7da4d6fef5bb73ab811ac ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
17:58:26.0502 6768 NdisCap - ok
17:58:26.0552 6768 [ 30639c932d9fef22b31268fe25a1b6e5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:58:26.0552 6768 NdisTapi - ok
17:58:26.0632 6768 [ f105ba1e22bf1f2ee8f005d4305e4bec ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:58:26.0652 6768 Ndisuio - ok
17:58:26.0722 6768 [ 557dfab9ca1fcb036ac77564c010dad3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:58:26.0732 6768 NdisWan - ok
17:58:26.0782 6768 [ 659b74fb74b86228d6338d643cd3e3cf ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:58:26.0822 6768 NDProxy - ok
17:58:26.0862 6768 [ 86743d9f5d2b1048062b14b1d84501c4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:58:26.0862 6768 NetBIOS - ok
17:58:26.0892 6768 [ 9162b273a44ab9dce5b44362731d062a ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
17:58:26.0892 6768 NetBT - ok
17:58:26.0912 6768 [ 156f6159457d0aa7e59b62681b56eb90 ] Netlogon C:\Windows\system32\lsass.exe
17:58:26.0912 6768 Netlogon - ok
17:58:26.0982 6768 [ 847d3ae376c0817161a14a82c8922a9e ] Netman C:\Windows\System32\netman.dll
17:58:26.0992 6768 Netman - ok
17:58:27.0022 6768 [ 5f28111c648f1e24f7dbc87cdeb091b8 ] netprofm C:\Windows\System32\netprofm.dll
17:58:27.0032 6768 netprofm - ok
17:58:27.0082 6768 [ 3e5a36127e201ddf663176b66828fafe ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:58:27.0082 6768 NetTcpPortSharing - ok
17:58:27.0472 6768 [ 4d85a450edef10c38882182753a49aae ] NETw5s64 C:\Windows\system32\DRIVERS\NETw5s64.sys
17:58:27.0562 6768 NETw5s64 - ok
17:58:27.0622 6768 [ 77889813be4d166cdab78ddba990da92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
17:58:27.0622 6768 nfrd960 - ok
17:58:27.0692 6768 [ d9a0ce66046d6efa0c61baa885cba0a8 ] NlaSvc C:\Windows\System32\nlasvc.dll
17:58:27.0702 6768 NlaSvc - ok
17:58:27.0732 6768 [ 1e4c4ab5c9b8dd13179bbdc75a2a01f7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:58:27.0732 6768 Npfs - ok
17:58:27.0742 6768 [ d54bfdf3e0c953f823b3d0bfe4732528 ] nsi C:\Windows\system32\nsisvc.dll
17:58:27.0742 6768 nsi - ok
17:58:27.0762 6768 [ e7f5ae18af4168178a642a9247c63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:58:27.0762 6768 nsiproxy - ok
17:58:27.0882 6768 [ 378e0e0dfea67d98ae6ea53adbbd76bc ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:58:27.0902 6768 Ntfs - ok
17:58:27.0922 6768 [ 9899284589f75fa8724ff3d16aed75c1 ] Null C:\Windows\system32\drivers\Null.sys
17:58:27.0922 6768 Null - ok
17:58:27.0992 6768 [ a4d9c9a608a97f59307c2f2600edc6a4 ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:58:27.0992 6768 nvraid - ok
17:58:28.0012 6768 [ 6c1d5f70e7a6a3fd1c90d840edc048b9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:58:28.0022 6768 nvstor - ok
17:58:28.0042 6768 [ 270d7cd42d6e3979f6dd0146650f0e05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
17:58:28.0042 6768 nv_agp - ok
17:58:28.0142 6768 [ d955d5de998db2476bf0892be3a96c26 ] O2FLASH C:\Windows\system32\DRIVERS\o2flash.exe
17:58:28.0152 6768 O2FLASH - ok
17:58:28.0172 6768 [ 8c2953537ca19dfaa67d612407e0f33e ] O2MDGRDR C:\Windows\system32\DRIVERS\o2mdgx64.sys
17:58:28.0172 6768 O2MDGRDR - ok
17:58:28.0222 6768 [ 3589478e4b22ce21b41fa1bfc0b8b8a0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
17:58:28.0222 6768 ohci1394 - ok
17:58:28.0262 6768 [ 9d10f99a6712e28f8acd5641e3a7ea6b ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:58:28.0262 6768 ose - ok
17:58:28.0642 6768 [ 61bffb5f57ad12f83ab64b7181829b34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:58:28.0732 6768 osppsvc - ok
17:58:28.0852 6768 [ 3eac4455472cc2c97107b5291e0dcafe ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
17:58:28.0872 6768 p2pimsvc - ok
17:58:28.0932 6768 [ 927463ecb02179f88e4b9a17568c63c3 ] p2psvc C:\Windows\system32\p2psvc.dll
17:58:28.0942 6768 p2psvc - ok
17:58:28.0992 6768 [ 0086431c29c35be1dbc43f52cc273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
17:58:28.0992 6768 Parport - ok
17:58:29.0032 6768 [ 90061b1acfe8ccaa5345750ffe08d8b8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:58:29.0032 6768 partmgr - ok
17:58:29.0052 6768 [ 3aeaa8b561e63452c655dc0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
17:58:29.0052 6768 PcaSvc - ok
17:58:29.0092 6768 [ f36f6504009f2fb0dfd1b17a116ad74b ] pci C:\Windows\system32\DRIVERS\pci.sys17:58:29.0092 6768 pci - ok
17:58:29.0122 6768 [ b5b8b5ef2e5cb34df8dcf8831e3534fa ] pciide C:\Windows\system32\DRIVERS\pciide.sys
17:58:29.0122 6768 pciide - ok
17:58:29.0162 6768 [ b2e81d4e87ce48589f98cb8c05b01f2f ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
17:58:29.0162 6768 pcmcia - ok
17:58:29.0192 6768 [ d6b9c2e1a11a3a4b26a182ffef18f603 ] pcw C:\Windows\system32\drivers\pcw.sys
17:58:29.0192 6768 pcw - ok
17:58:29.0252 6768 [ 68769c3356b3be5d1c732c97b9a80d6e ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:58:29.0262 6768 PEAUTH - ok
17:58:29.0402 6768 [ e495e408c93141e8fc72dc0c6046ddfa ] PerfHost C:\Windows\SysWow64\perfhost.exe
17:58:29.0402 6768 PerfHost - ok
17:58:29.0532 6768 [ 557e9a86f65f0de18c9b6751dfe9d3f1 ] pla C:\Windows\system32\pla.dll
17:58:29.0552 6768 pla - ok
17:58:29.0992 6768 [ 98b1721b8718164293b9701b98c52d77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:58:30.0002 6768 PlugPlay - ok
17:58:30.0022 6768 [ 7195581cec9bb7d12abe54036acc2e38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
17:58:30.0032 6768 PNRPAutoReg - ok
17:58:30.0052 6768 [ 3eac4455472cc2c97107b5291e0dcafe ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
17:58:30.0062 6768 PNRPsvc - ok
17:58:30.0122 6768 [ 4f0878fd62d5f7444c5f1c4c66d9d293 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
17:58:30.0132 6768 Point64 - ok
17:58:30.0192 6768 [ 166eb40d1f5b47e615de3d0fffe5f243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:58:30.0202 6768 PolicyAgent - ok
17:58:30.0262 6768 [ 6ba9d927dded70bd1a9caded45f8b184 ] Power C:\Windows\system32\umpo.dll
17:58:30.0272 6768 Power - ok
17:58:30.0322 6768 [ 27cc19e81ba5e3403c48302127bda717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:58:30.0332 6768 PptpMiniport - ok
17:58:30.0342 6768 [ 0d922e23c041efb1c3fac2a6f943c9bf ] Processor C:\Windows\system32\DRIVERS\processr.sys
17:58:30.0352 6768 Processor - ok
17:58:30.0382 6768 [ 97293447431311c06703368ad0f6c4be ] ProfSvc C:\Windows\system32\profsvc.dll
17:58:30.0392 6768 ProfSvc - ok
17:58:30.0412 6768 [ 156f6159457d0aa7e59b62681b56eb90 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:58:30.0412 6768 ProtectedStorage - ok
17:58:30.0452 6768 [ ee992183bd8eaefd9973f352e587a299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
17:58:30.0462 6768 Psched - ok
17:58:30.0522 6768 [ 4712cc14e720ecccc0aa16949d18aaf1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
17:58:30.0522 6768 PxHlpa64 - ok
17:58:30.0662 6768 [ a53a15a11ebfd21077463ee2c7afeef0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
17:58:30.0672 6768 ql2300 - ok
17:58:30.0712 6768 [ 4f6d12b51de1aaeff7dc58c4d75423c8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
17:58:30.0722 6768 ql40xx - ok
17:58:30.0752 6768 [ 906191634e99aea92c4816150bda3732 ] QWAVE C:\Windows\system32\qwave.dll
17:58:30.0762 6768 QWAVE - ok
17:58:30.0792 6768 [ 76707bb36430888d9ce9d705398adb6c ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:58:30.0792 6768 QWAVEdrv - ok
17:58:30.0812 6768 [ 5a0da8ad5762fa2d91678a8a01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:58:30.0812 6768 RasAcd - ok
17:58:30.0872 6768 [ 7ecff9b22276b73f43a99a15a6094e90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
17:58:30.0872 6768 RasAgileVpn - ok
17:58:30.0892 6768 [ 8f26510c5383b8dbe976de1cd00fc8c7 ] RasAuto C:\Windows\System32\rasauto.dll
17:58:30.0902 6768 RasAuto - ok
17:58:30.0922 6768 [ 87a6e852a22991580d6d39adc4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:58:30.0922 6768 Rasl2tp - ok
17:58:30.0972 6768 [ 47394ed3d16d053f5906efe5ab51cc83 ] RasMan C:\Windows\System32\rasmans.dll
17:58:30.0982 6768 RasMan - ok
17:58:30.0992 6768 [ 855c9b1cd4756c5e9a2aa58a15f58c25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:58:31.0002 6768 RasPppoe - ok
17:58:31.0012 6768 [ e8b1e447b008d07ff47d016c2b0eeecb ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:58:31.0012 6768 RasSstp - ok
17:58:31.0032 6768 [ 3bac8142102c15d59a87757c1d41dce5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:58:31.0042 6768 rdbss - ok
17:58:31.0052 6768 [ 302da2a0539f2cf54d7c6cc30c1f2d8d ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
17:58:31.0052 6768 rdpbus - ok
17:58:31.0062 6768 [ cea6cc257fc9b7715f1c2b4849286d24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:58:31.0062 6768 RDPCDD - ok
17:58:31.0122 6768 [ bb5971a4f00659529a5c44831af22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:58:31.0122 6768 RDPENCDD - ok
17:58:31.0142 6768 [ 216f3fa57533d98e1f74ded70113177a ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
17:58:31.0142 6768 RDPREFMP - ok
17:58:31.0182 6768 [ 447de7e3dea39d422c1504f245b668b1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:58:31.0182 6768 RDPWD - ok
17:58:31.0202 6768 [ 634b9a2181d98f15941236886164ec8b ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
17:58:31.0212 6768 rdyboost - ok
17:58:31.0372 6768 [ 3b71b5b91e7dca93585d5a86c897adc4 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
17:58:31.0402 6768 RegSrvc - ok
17:58:31.0992 6768 [ 254fb7a22d74e5511c73a3f6d802f192 ] RemoteAccess C:\Windows\System32\mprdim.dll
17:58:32.0012 6768 RemoteAccess - ok
17:58:32.0222 6768 [ e4d94f24081440b5fc5aa556c7c62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:58:32.0282 6768 RemoteRegistry - ok
17:58:32.0423 6768 [ 3dd798846e2c28102b922c56e71b7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
17:58:32.0423 6768 RFCOMM - ok
17:58:32.0453 6768 [ e4dc58cf7b3ea515ae917ff0d402a7bb ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
17:58:32.0453 6768 RpcEptMapper - ok
17:58:32.0483 6768 [ d5ba242d4cf8e384db90e6a8ed850b8c ] RpcLocator C:\Windows\system32\locator.exe
17:58:32.0483 6768 RpcLocator - ok
17:58:32.0513 6768 [ 7266972e86890e2b30c0c322e906b027 ] RpcSs C:\Windows\system32\rpcss.dll
17:58:32.0523 6768 RpcSs - ok
17:58:32.0593 6768 [ ddc86e4f8e7456261e637e3552e804ff ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:58:32.0593 6768 rspndr - ok
17:58:32.0693 6768 [ ee082e06a82ff630351d1e0ebbd3d8d0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
17:58:32.0703 6768 RTL8167 - ok
17:58:32.0713 6768 [ 156f6159457d0aa7e59b62681b56eb90 ] SamSs C:\Windows\system32\lsass.exe
17:58:32.0723 6768 SamSs - ok
17:58:32.0743 6768 [ e3bbb89983daf5622c1d50cf49f28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
17:58:32.0743 6768 sbp2port - ok
17:58:32.0903 6768 [ 794d4b48dfb6e999537c7c3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
17:58:32.0913 6768 SBSDWSCService - ok
17:58:32.0943 6768 [ 9b7395789e3791a3b6d000fe6f8b131e ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:58:32.0953 6768 SCardSvr - ok
17:58:32.0973 6768 [ c94da20c7e3ba1dca269bc8460d98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
17:58:32.0973 6768 scfilter - ok
17:58:33.0023 6768 [ 624d0f5ff99428bb90a5b8a4123e918e ] Schedule C:\Windows\system32\schedsvc.dll
17:58:33.0033 6768 Schedule - ok
17:58:33.0083 6768 [ 312e2f82af11e79906898ac3e3d58a1f ] SCPolicySvc C:\Windows\System32\certprop.dll
17:58:33.0083 6768 SCPolicySvc - ok
17:58:33.0163 6768 [ 84e00908975faf79e91282ed8fb88c2f ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
17:58:33.0163 6768 sdbus - ok
17:58:33.0183 6768 [ 765a27c3279ce11d14cb9e4f5869fca5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:58:33.0193 6768 SDRSVC - ok
17:58:33.0263 6768 [ 3ea8a16169c26afbeb544e0e48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:58:33.0263 6768 secdrv - ok
17:58:33.0283 6768 [ 463b386ebc70f98da5dff85f7e654346 ] seclogon C:\Windows\system32\seclogon.dll
17:58:33.0283 6768 seclogon - ok
17:58:33.0333 6768 [ c32ab8fa018ef34c0f113bd501436d21 ] SENS C:\Windows\System32\sens.dll
17:58:33.0333 6768 SENS - ok
17:58:33.0363 6768 [ 0336cffafaab87a11541f1cf1594b2b2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
17:58:33.0363 6768 SensrSvc - ok
17:58:33.0423 6768 [ cb624c0035412af0debec78c41f5ca1b ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
17:58:33.0433 6768 Serenum - ok
17:58:33.0463 6768 [ c1d8e28b2c2adfaec4ba89e9fda69bd6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
17:58:33.0463 6768 Serial - ok
17:58:33.0513 6768 [ 1c545a7d0691cc4a027396535691c3e3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
17:58:33.0523 6768 sermouse - ok
17:58:33.0543 6768 [ c3bc61ce47ff6f4e88ab8a3b429a36af ] SessionEnv C:\Windows\system32\sessenv.dll
17:58:33.0553 6768 SessionEnv - ok
17:58:33.0873 6768 [ a554811bcd09279536440c964ae35bbf ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
17:58:33.0873 6768 sffdisk - ok
17:58:33.0913 6768 [ ff414f0baefeba59bc6c04b3db0b87bf ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
17:58:33.0923 6768 sffp_mmc - ok
17:58:33.0943 6768 [ 178298f767fe638c9fedcbdef58bb5e4 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
17:58:33.0943 6768 sffp_sd - ok
17:58:33.0953 6768 [ a9d601643a1647211a1ee2ec4e433ff4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
17:58:33.0953 6768 sfloppy - ok
17:58:34.0063 6768 [ c6cc9297bd53e5229653303e556aa539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
17:58:34.0073 6768 Sftfs - ok
17:58:34.0153 6768 [ 13693b6354dd6e72dc5131da7d764b90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
17:58:34.0153 6768 sftlist - ok
17:58:34.0203 6768 [ 390aa7bc52cee43f6790cdea1e776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
17:58:34.0213 6768 Sftplay - ok
17:58:34.0223 6768 [ 617e29a0b0a2807466560d4c4e338d3e ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
17:58:34.0223 6768 Sftredir - ok
17:58:34.0263 6768 [ beb504962e36d6f368ebfc702a659e09 ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
17:58:34.0273 6768 SftService - ok
17:58:34.0283 6768 [ 8f571f016fa1976f445147e9e6c8ae9b ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
17:58:34.0283 6768 Sftvol - ok
17:58:34.0303 6768 [ c3cddd18f43d44ab713cf8c4916f7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
17:58:34.0303 6768 sftvsa - ok
17:58:34.0383 6768 [ 0298ac45d0efffb2db4baa7dd186e7bf ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:58:34.0383 6768 ShellHWDetection - ok
17:58:34.0443 6768 [ 843caf1e5fde1ffd5ff768f23a51e2e1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:58:34.0453 6768 SiSRaid2 - ok
17:58:34.0463 6768 [ 6a6c106d42e9ffff8b9fcb4f754f6da4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
17:58:34.0463 6768 SiSRaid4 - ok
17:58:34.0523 6768 [ 548260a7b8654e024dc30bf8a7c5baa4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:58:34.0523 6768 Smb - ok
17:58:34.0573 6768 [ 6313f223e817cc09aa41811daa7f541d ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:58:34.0583 6768 SNMPTRAP - ok
17:58:34.0623 6768 [ b9e31e5cacdfe584f34f730a677803f9 ] spldr C:\Windows\system32\drivers\spldr.sys
17:58:34.0623 6768 spldr - ok
17:58:34.0663 6768 [ f8e1fa03cb70d54a9892ac88b91d1e7b ] Spooler C:\Windows\System32\spoolsv.exe
17:58:34.0673 6768 Spooler - ok
17:58:34.0793 6768 [ 913d843498553a1bc8f8dbad6358e49f ] sppsvc C:\Windows\system32\sppsvc.exe
17:58:34.0833 6768 sppsvc - ok
17:58:34.0853 6768 [ 93d7d61317f3d4bc4f4e9f8a96a7de45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
17:58:34.0853 6768 sppuinotify - ok
17:58:34.0943 6768 [ 602884696850c86434530790b110e8eb ] sptd C:\Windows\System32\Drivers\sptd.sys
17:58:34.0953 6768 sptd - ok
17:58:34.0993 6768 [ 2408c0366d96bcdf63e8f1c78e4a29c5 ] srv C:\Windows\system32\DRIVERS\srv.sys
17:58:35.0003 6768 srv - ok
17:58:35.0073 6768 [ 76548f7b818881b47d8d1ae1be9c11f8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:58:35.0073 6768 srv2 - ok
17:58:35.0113 6768 [ 0af6e19d39c70844c5caa8fb0183c36e ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:58:35.0113 6768 srvnet - ok
17:58:35.0173 6768 [ 51b52fbd583cde8aa9ba62b8b4298f33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:58:35.0183 6768 SSDPSRV - ok
17:58:35.0203 6768 [ ab7aebf58dad8daab7a6c45e6a8885cb ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:58:35.0213 6768 SstpSvc - ok
17:58:35.0243 6768 [ f3817967ed533d08327dc73bc4d5542a ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
17:58:35.0243 6768 stexstor - ok
17:58:35.0333 6768 [ caf5a9708671b14b9670260735b22c4e ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
17:58:35.0333 6768 STHDA - ok
17:58:35.0473 6768 [ 52d0e33b681bd0f33fdc08812fee4f7d ] stisvc C:\Windows\System32\wiaservc.dll
17:58:35.0483 6768 stisvc - ok
17:58:35.0913 6768 [ 6525ee4b66cd3ba7a7e8122900ff23f1 ] SWDUMon C:\Windows\system32\DRIVERS\SWDUMon.sys
17:58:35.0923 6768 SWDUMon - ok
17:58:35.0943 6768 [ d01ec09b6711a5f8e7e6564a4d0fbc90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
17:58:35.0943 6768 swenum - ok
17:58:36.0003 6768 [ e08e46fdd841b7184194011ca1955a0b ] swprv C:\Windows\System32\swprv.dll
17:58:36.0013 6768 swprv - ok
17:58:36.0053 6768 [ 39d4b4343ba70e4b32c4531bd075b9f6 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
17:58:36.0053 6768 SynTP - ok
17:58:36.0203 6768 [ 3c1284516a62078fb68f768de4f1a7be ] SysMain C:\Windows\system32\sysmain.dll
17:58:36.0233 6768 SysMain - ok
17:58:36.0283 6768 [ 238935c3cf2854886dc7cbb2a0e2cc66 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:58:36.0283 6768 TabletInputService - ok
17:58:36.0333 6768 [ 884264ac597b690c5707c89723bb8e7b ] TapiSrv C:\Windows\System32\tapisrv.dll
17:58:36.0343 6768 TapiSrv - ok
17:58:36.0373 6768 [ 1be03ac720f4d302ea01d40f588162f6 ] TBS C:\Windows\System32\tbssvc.dll
17:58:36.0383 6768 TBS - ok
17:58:36.0553 6768 [ 624c5b3aa4c99b3184bb922d9ece3ff0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:58:36.0573 6768 Tcpip - ok
17:58:36.0623 6768 [ 624c5b3aa4c99b3184bb922d9ece3ff0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
17:58:36.0633 6768 TCPIP6 - ok
17:58:36.0673 6768 [ 76d078af6f587b162d50210f761eb9ed ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:58:36.0683 6768 tcpipreg - ok
17:58:36.0703 6768 [ 3371d21011695b16333a3934340c4e7c ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:58:36.0703 6768 TDPIPE - ok
17:58:36.0763 6768 [ 7518f7bcfd4b308abc9192bacaf6c970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:58:36.0773 6768 TDTCP - ok
17:58:36.0803 6768 [ 079125c4b17b01fcaeebce0bcb290c0f ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:58:36.0803 6768 tdx - ok
17:58:36.0853 6768 [ c448651339196c0e869a355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
17:58:36.0853 6768 TermDD - ok
17:58:36.0953 6768 [ 0f05ec2887bfe197ad82a13287d2f404 ] TermService C:\Windows\System32\termsrv.dll
17:58:36.0963 6768 TermService - ok
17:58:36.0983 6768 [ f0344071948d1a1fa732231785a0664c ] Themes C:\Windows\system32\themeservice.dll
17:58:37.0003 6768 Themes - ok
17:58:37.0043 6768 [ e40e80d0304a73e8d269f7141d77250b ] THREADORDER C:\Windows\system32\mmcss.dll
17:58:37.0043 6768 THREADORDER - ok
17:58:37.0063 6768 [ 7e7afd841694f6ac397e99d75cead49d ] TrkWks C:\Windows\System32\trkwks.dll
17:58:37.0063 6768 TrkWks - ok
17:58:37.0113 6768 [ 840f7fb849f5887a49ba18c13b2da920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:58:37.0113 6768 TrustedInstaller - ok
17:58:37.0133 6768 [ 61b96c26131e37b24e93327a0bd1fb95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:58:37.0133 6768 tssecsrv - ok
17:58:37.0203 6768 [ 3836171a2cdf3af8ef10856db9835a70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:58:37.0203 6768 tunnel - ok
17:58:37.0273 6768 [ 825e7a1f48fb8bcfba27c178aab4e275 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys
17:58:37.0283 6768 TurboB - ok
17:58:37.0343 6768 [ b206be1174d5964d49a56bb6c4e0524a ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe
17:58:37.0353 6768 TurboBoost - ok
17:58:37.0413 6768 [ b4dd609bd7e282bfc683cec7eaaaad67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
17:58:37.0544 6768 uagp35 - ok
17:58:37.0794 6768 [ 31ba4a33afab6a69ea092b18017f737f ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:58:37.0794 6768 udfs - ok
17:58:37.0834 6768 [ 3cbdec8d06b9968aba702eba076364a1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:58:37.0844 6768 UI0Detect - ok
17:58:37.0864 6768 [ 4bfe1bc28391222894cbf1e7d0e42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
17:58:37.0864 6768 uliagpkx - ok
17:58:37.0974 6768 [ eab6c35e62b1b0db0d1b48b671d3a117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
17:58:37.0974 6768 umbus - ok
17:58:38.0014 6768 [ b2e8e8cb557b156da5493bbddcc1474d ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
17:58:38.0014 6768 UmPass - ok
17:58:38.0784 6768 [ 765f2dd351ba064f657751d8d75e58c0 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
17:58:38.0804 6768 UNS - ok
17:58:38.0864 6768 [ d47ec6a8e81633dd18d2436b19baf6de ] upnphost C:\Windows\System32\upnphost.dll
17:58:38.0874 6768 upnphost - ok
17:58:38.0964 6768 [ fb251567f41bc61988b26731dec19e4b ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
17:58:38.0964 6768 USBAAPL64 - ok
17:58:39.0004 6768 [ 537a4e03d7103c12d42dfd8ffdb5bdc9 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:58:39.0004 6768 usbccgp - ok
17:58:39.0084 6768 [ af0892a803fdda7492f595368e3b68e7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
17:58:39.0084 6768 usbcir - ok
17:58:39.0114 6768 [ fbb21ebe49f6d560db37ac25fbc68e66 ] usbehci C:\Windows\system32\drivers\usbehci.sys
17:58:39.0114 6768 usbehci - ok
17:58:39.0174 6768 [ 6b7a8a99c4a459e73c286a6763ea24cc ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:58:39.0174 6768 usbhub - ok
17:58:39.0204 6768 [ 8c88aa7617b4cbc2e4bed61d26b33a27 ] usbohci C:\Windows\system32\drivers\usbohci.sys
17:58:39.0214 6768 usbohci - ok
17:58:39.0254 6768 [ 73188f58fb384e75c4063d29413cee3d ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
17:58:39.0254 6768 usbprint - ok
17:58:39.0294 6768 [ aaa2513c8aed8b54b189fd0c6b1634c0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
17:58:39.0294 6768 usbscan - ok
17:58:39.0324 6768 [ f39983647bc1f3e6100778ddfe9dce29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:58:39.0324 6768 USBSTOR - ok
17:58:39.0364 6768 [ 0b5b3b2df3fd1709618acfa50b8392b0 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
17:58:39.0364 6768 usbuhci - ok
17:58:39.0724 6768 [ 7cb8c573c6e4a2714402cc0a36eab4fe ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
17:58:39.0724 6768 usbvideo - ok
17:58:39.0754 6768 [ edbb23cbcf2cdf727d64ff9b51a6070e ] UxSms C:\Windows\System32\uxsms.dll
17:58:39.0764 6768 UxSms - ok
17:58:39.0784 6768 [ 156f6159457d0aa7e59b62681b56eb90 ] VaultSvc C:\Windows\system32\lsass.exe
17:58:39.0784 6768 VaultSvc - ok
17:58:39.0854 6768 [ c5c876ccfc083ff3b128f933823e87bd ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
17:58:39.0864 6768 vdrvroot - ok
17:58:39.0924 6768 [ 44d73e0bbc1d3c8981304ba15135c2f2 ] vds C:\Windows\System32\vds.exe
17:58:39.0934 6768 vds - ok
17:58:39.0964 6768 [ da4da3f5e02943c2dc8c6ed875de68dd ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:58:39.0964 6768 vga - ok
17:58:39.0984 6768 [ 53e92a310193cb3c03bea963de7d9cfc ] VgaSave C:\Windows\System32\drivers\vga.sys
17:58:39.0984 6768 VgaSave - ok
17:58:40.0014 6768 [ c82e748660f62a242b2dfac1442f22a4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
17:58:40.0014 6768 vhdmp - ok
17:58:40.0064 6768 [ e5689d93ffe4e5d66c0178761240dd54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
17:58:40.0064 6768 viaide - ok
17:58:40.0114 6768 [ 2b1a3dae2b4e70dbba822b7a03fbd4a3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
17:58:40.0114 6768 volmgr - ok
17:58:40.0144 6768 [ 99b0cbb569ca79acaed8c91461d765fb ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:58:40.0154 6768 volmgrx - ok
17:58:40.0184 6768 [ 58f82eed8ca24b461441f9c3e4f0bf5c ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
17:58:40.0184 6768 volsnap - ok
17:58:40.0284 6768 [ 5e2016ea6ebaca03c04feac5f330d997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
17:58:40.0294 6768 vsmraid - ok
17:58:40.0374 6768 [ 787898bf9fb6d7bd87a36e2d95c899ba ] VSS C:\Windows\system32\vssvc.exe
17:58:40.0394 6768 VSS - ok
17:58:40.0674 6768 [ 56e1e4442e4613fb2039a6b7421f4e58 ] vToolbarUpdater11.0.2 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
17:58:40.0684 6768 vToolbarUpdater11.0.2 - ok
17:58:40.0734 6768 [ 36d4720b72b5c5d9cb2b9c29e9df67a1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
17:58:40.0734 6768 vwifibus - ok
17:58:40.0794 6768 [ 6a3d66263414ff0d6fa754c646612f3f ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
17:58:40.0794 6768 vwififlt - ok
17:58:40.0864 6768 [ 6a638fc4bfddc4d9b186c28c91bd1a01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
17:58:40.0864 6768 vwifimp - ok
17:58:40.0904 6768 [ 1c9d80cc3849b3788048078c26486e1a ] W32Time C:\Windows\system32\w32time.dll
17:58:40.0914 6768 W32Time - ok
17:58:40.0934 6768 [ 4e9440f4f152a7b944cb1663d3935a3e ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
17:58:40.0934 6768 WacomPen - ok
17:58:40.0994 6768 [ 47ca49400643effd3f1c9a27e1d69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
17:58:40.0994 6768 WANARP - ok
17:58:41.0004 6768 [ 47ca49400643effd3f1c9a27e1d69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:58:41.0004 6768 Wanarpv6 - ok
17:58:41.0064 6768 [ 3cec96de223e49eaae3651fcf8faea6c ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
17:58:41.0084 6768 WatAdminSvc - ok
17:58:41.0164 6768 [ 5ab1bb85bd8b5089cc5d64200dedae68 ] wbengine C:\Windows\system32\wbengine.exe
17:58:41.0184 6768 wbengine - ok
17:58:41.0204 6768 [ 3aa101e8edab2db4131333f4325c76a3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
17:58:41.0214 6768 WbioSrvc - ok
17:58:41.0254 6768 [ dd1bae8ebfc653824d29ccf8c9054d68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:58:41.0264 6768 wcncsvc - ok
17:58:41.0294 6768 [ 20f7441334b18cee52027661df4a6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:58:41.0304 6768 WcsPlugInService - ok
17:58:41.0334 6768 [ 72889e16ff12ba0f235467d6091b17dc ] Wd C:\Windows\system32\DRIVERS\wd.sys
17:58:41.0334 6768 Wd - ok
17:58:41.0354 6768 [ 441bd2d7b4f98134c3a4f9fa570fd250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:58:41.0364 6768 Wdf01000 - ok
17:58:41.0424 6768 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:58:41.0434 6768 WdiServiceHost - ok
17:58:41.0434 6768 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:58:41.0444 6768 WdiSystemHost - ok
17:58:42.0074 6768 [ 733006127f235be7c35354ebee7b9a7b ] WebClient C:\Windows\System32\webclnt.dll
17:58:42.0084 6768 WebClient - ok
17:58:42.0404 6768 [ c749025a679c5103e575e3b48e092c43 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:58:42.0404 6768 Wecsvc - ok
17:58:42.0455 6768 [ 7e591867422dc788b9e5bd337a669a08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:58:42.0465 6768 wercplsupport - ok
17:58:42.0535 6768 [ 6d137963730144698cbd10f202e9f251 ] WerSvc C:\Windows\System32\WerSvc.dll
17:58:42.0545 6768 WerSvc - ok
17:58:42.0615 6768 [ 611b23304bf067451a9fdee01fbdd725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
17:58:42.0615 6768 WfpLwf - ok
17:58:42.0685 6768 [ b14ef15bd757fa488f9c970eee9c0d35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
17:58:42.0695 6768 WimFltr - ok
17:58:42.0735 6768 [ 05ecaec3e4529a7153b3136ceb49f0ec ] WIMMount C:\Windows\system32\drivers\wimmount.sys
17:58:42.0735 6768 WIMMount - ok
17:58:42.0745 6768 WinHttpAutoProxySvc - ok
17:58:42.0825 6768 [ 19b07e7e8915d701225da41cb3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:58:42.0835 6768 Winmgmt - ok
17:58:42.0955 6768 [ 41fbb751936b387f9179e7f03a74fe29 ] WinRM C:\Windows\system32\WsmSvc.dll
17:58:42.0985 6768 WinRM - ok
17:58:43.0085 6768 [ 4d52c872018af7e18d078978dcc3f6f2 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
17:58:43.0085 6768 WinUsb - ok
17:58:43.0155 6768 [ 4fada86e62f18a1b2f42ba18ae24e6aa ] Wlansvc C:\Windows\System32\wlansvc.dll
17:58:43.0175 6768 Wlansvc - ok
17:58:43.0425 6768 [ 2bacd71123f42cea603f4e205e1ae337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:58:43.0445 6768 wlidsvc - ok
17:58:43.0525 6768 [ f6ff8944478594d0e414d3f048f0d778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
17:58:43.0535 6768 WmiAcpi - ok
17:58:43.0585 6768 [ 38b84c94c5a8af291adfea478ae54f93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:58:43.0585 6768 wmiApSrv - ok
17:58:43.0665 6768 WMPNetworkSvc - ok
17:58:43.0715 6768 [ 96c6e7100d724c69fcf9e7bf590d1dca ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:58:43.0725 6768 WPCSvc - ok
17:58:43.0735 6768 [ 2e57ddf2880a7e52e76f41c7e96d327b ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:58:43.0745 6768 WPDBusEnum - ok
17:58:43.0765 6768 [ 6bcc1d7d2fd2453957c5479a32364e52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:58:43.0765 6768 ws2ifsl - ok
17:58:43.0825 6768 [ 8d918b1db190a4d9b1753a66fa8c96e8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
17:58:43.0825 6768 WSDPrintDevice - ok
17:58:43.0895 6768 [ 4a2a5c50dd1a63577d3aca94269fbc7f ] WSDScan C:\Windows\system32\DRIVERS\WSDScan.sys
17:58:43.0895 6768 WSDScan - ok
17:58:43.0895 6768 WSearch - ok
17:58:43.0935 6768 [ c63907207b837a5c05cf6d1606aa0008 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
17:58:43.0935 6768 WudfPf - ok
17:58:44.0015 6768 [ d885a873d733020f8b9b9ff4b1666158 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:58:44.0015 6768 WUDFRd - ok
17:58:44.0045 6768 [ 27b9bee5aac00139e3a3af5d6227a0dc ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:58:44.0045 6768 wudfsvc - ok
17:58:44.0065 6768 [ 9a3452b3c2a46c073166c5cf49fad1ae ] WwanSvc C:\Windows\System32\wwansvc.dll
17:58:44.0065 6768 WwanSvc - ok
17:58:44.0155 6768 ================ Scan global ===============================
17:58:44.0195 6768 (ba0cd8c393e8c9f83354106093832c7b) C:\Windows\system32\basesrv.dll
17:58:44.0225 6768 (0cb6ebf4b461a6043353c570bd72a1e1) C:\Windows\system32\winsrv.dll
17:58:44.0245 6768 (0cb6ebf4b461a6043353c570bd72a1e1) C:\Windows\system32\winsrv.dll
17:58:44.0275 6768 (d6160f9d869ba3af0b787f971db56368) C:\Windows\system32\sxssrv.dll
17:58:44.0305 6768 (014a9cb92514e27c0107614df764bc06) C:\Windows\system32\services.exe
17:58:44.0315 6768 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.b ) - infected
17:58:44.0315 6768 C:\Windows\system32\services.exe - detected Virus.Win64.ZAccess.b (0)
17:58:44.0315 6768 ================ Scan MBR ==================================
17:58:44.0315 6768 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
17:58:44.0325 6768 Suspicious mbr (Forged): \Device\Harddisk0\DR0
17:58:44.0395 6768 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
17:58:44.0395 6768 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
17:58:44.0395 6768 ================ Scan VBR ==================================
17:58:44.0405 6768 Boot (0x1200) (4c86d15fb6933e12f9da362e34d26775) \Device\Harddisk0\DR0\Partition1
17:58:44.0405 6768 \Device\Harddisk0\DR0\Partition1 - ok
17:58:44.0425 6768 Boot (0x1200) (430bb04e6dca26796bf795f5dd285463) \Device\Harddisk0\DR0\Partition2
17:58:44.0435 6768 \Device\Harddisk0\DR0\Partition2 - ok
17:58:44.0435 6768 ============================================================
17:58:44.0435 6768 Scan finished
17:58:44.0435 6768 ============================================================
17:58:44.0445 5420 Detected object count: 2
17:58:44.0445 5420 Actual detected object count: 2
17:58:58.0587 5420 C:\Windows\system32\services.exe - copied to quarantine
17:59:00.0197 5420 C:\Windows\assembly\GAC_32\desktop.ini - copied to quarantine
17:59:00.0217 5420 C:\Windows\assembly\GAC_64\desktop.ini - copied to quarantine
17:59:00.0538 5420 C:\Windows\installer\{fdd118ab-4e8d-91a2-83c5-236e9b2dbffb}\@ - copied to quarantine
17:59:00.0558 5420 C:\Windows\installer\{fdd118ab-4e8d-91a2-83c5-236e9b2dbffb}\L\00000004.@ - copied to quarantine
17:59:00.0588 5420 C:\Windows\installer\{fdd118ab-4e8d-91a2-83c5-236e9b2dbffb}\n - copied to quarantine
17:59:00.0588 5420 C:\Windows\installer\{fdd118ab-4e8d-91a2-83c5-236e9b2dbffb}\U\00000004.@ - copied to quarantine
17:59:00.0588 5420 C:\Windows\installer\{fdd118ab-4e8d-91a2-83c5-236e9b2dbffb}\U\00000008.@ - copied to quarantine
17:59:00.0598 5420 C:\Windows\installer\{fdd118ab-4e8d-91a2-83c5-236e9b2dbffb}\U\000000cb.@ - copied to quarantine
17:59:00.0598 5420 C:\Windows\installer\{fdd118ab-4e8d-91a2-83c5-236e9b2dbffb}\U\80000000.@ - copied to quarantine
17:59:00.0598 5420 C:\Windows\installer\{fdd118ab-4e8d-91a2-83c5-236e9b2dbffb}\U\80000032.@ - copied to quarantine
17:59:00.0608 5420 C:\Windows\installer\{fdd118ab-4e8d-91a2-83c5-236e9b2dbffb}\U\80000064.@ - copied to quarantine
17:59:26.0264 5420 Backup copy found, using it..
17:59:26.0334 5420 C:\Windows\assembly\GAC_32\desktop.ini - will be deleted on reboot
17:59:26.0334 5420 C:\Windows\assembly\GAC_64\desktop.ini - will be deleted on reboot
17:59:26.0344 5420 C:\Windows\installer\{fdd118ab-4e8d-91a2-83c5-236e9b2dbffb}\@ - will be deleted on reboot
17:59:26.0344 5420 C:\Windows\installer\{fdd118ab-4e8d-91a2-83c5-236e9b2dbffb}\n - will be deleted on reboot
17:59:26.0344 5420 C:\Windows\installer\{fdd118ab-4e8d-91a2-83c5-236e9b2dbffb}\U\00000004.@ - will be deleted on reboot
17:59:26.0344 5420 C:\Windows\installer\{fdd118ab-4e8d-91a2-83c5-236e9b2dbffb}\U\00000008.@ - will be deleted on reboot
17:59:26.0344 5420 C:\Windows\installer\{fdd118ab-4e8d-91a2-83c5-236e9b2dbffb}\U\000000cb.@ - will be deleted on reboot
17:59:26.0344 5420 C:\Windows\installer\{fdd118ab-4e8d-91a2-83c5-236e9b2dbffb}\U\80000000.@ - will be deleted on reboot
17:59:26.0344 5420 C:\Windows\installer\{fdd118ab-4e8d-91a2-83c5-236e9b2dbffb}\U\80000032.@ - will be deleted on reboot
17:59:26.0344 5420 C:\Windows\installer\{fdd118ab-4e8d-91a2-83c5-236e9b2dbffb}\U\80000064.@ - will be deleted on reboot
17:59:26.0344 5420 C:\Windows\system32\services.exe - will be cured on reboot
17:59:26.0344 5420 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.b ) - User select action: Cure
17:59:28.0305 5420 \Device\Harddisk0\DR0\# - copied to quarantine
17:59:28.0315 5420 \Device\Harddisk0\DR0 - copied to quarantine
17:59:30.0015 5420 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
17:59:30.0025 5420 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
17:59:30.0025 5420 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
17:59:30.0105 5420 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
17:59:30.0135 5420 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
17:59:30.0155 5420 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
17:59:30.0155 5420 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
17:59:30.0155 5420 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
17:59:30.0155 5420 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
17:59:30.0165 5420 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
17:59:30.0165 5420 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
17:59:30.0165 5420 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
17:59:30.0175 5420 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
17:59:30.0175 5420 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
17:59:30.0255 5420 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
17:59:30.0295 5420 \Device\Harddisk0\DR0 - ok
17:59:30.0985 5420 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure





aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-15 18:13:18
-----------------------------
18:13:18.804 OS Version: Windows x64 6.1.7600
18:13:18.804 Number of processors: 4 586 0x2502
18:13:18.806 ComputerName: COMPUTER UserName: Jay
18:13:20.305 Initialize success
18:13:20.398 AVAST engine defs: 12081503
18:13:24.504 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:13:24.506 Disk 0 Vendor: TOSHIBA_MK5056GSY LH003D Size: 476940MB BusType: 11
18:13:24.508 Device \Driver\atapi -> MajorFunction fffffa80054795e8
18:13:24.561 Disk 0 MBR read successfully
18:13:24.563 Disk 0 MBR scan
18:13:24.567 Disk 0 Windows VISTA default MBR code
18:13:24.570 Disk 0 MBR hidden
18:13:24.577 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
18:13:24.587 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 81920
18:13:24.601 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461899 MB offset 30801920
18:13:24.614 Disk 0 scanning C:\Windows\system32\drivers
18:13:32.052 Service scanning
18:13:54.696 Modules scanning
18:13:54.706 Disk 0 trace - called modules:
18:13:54.713 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80054795e8]<<
18:13:54.719 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004cba060]
18:13:54.724 3 CLASSPNP.SYS[fffff880019cc43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80049b0060]
18:13:54.728 \Driver\atapi[0xfffffa80053a0d40] -> IRP_MJ_CREATE -> 0xfffffa80054795e8
18:13:55.756 AVAST engine scan C:\Windows
18:13:58.223 AVAST engine scan C:\Windows\system32
18:16:40.106 AVAST engine scan C:\Windows\system32\drivers
18:16:49.589 AVAST engine scan C:\Users\Jay
18:24:02.678 Disk 0 MBR has been saved successfully to "C:\Users\Jay\Desktop\MBR.dat"
18:24:02.686 The log file has been saved successfully to "C:\Users\Jay\Desktop\aswMBR.txt"

Attached Files



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:42 AM

Posted 16 August 2012 - 09:54 AM

Looking good. Lets continue.

Third party programs if not up to date can be an open door for an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

Please post the logs and let me know what problem persists.

#7 Splatle

Splatle
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:42 AM

Posted 16 August 2012 - 04:48 PM

New Logs

Results of screen317's Security Check version 0.99.44
Windows 7 x64 (UAC is enabled)
Out of date service pack!!
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
McAfee Anti-Virus and Anti-Spyware
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.62.0.1300
Java™ 6 Update 29
Java version out of Date!
Adobe Reader 9 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
Spybot Teatimer.exe is disabled!
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````







# AdwCleaner v1.801 - Logfile created 08/16/2012 at 17:47:36
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Home Premium (64 bits)
# User : Jay - COMPUTER
# Boot Mode : Normal
# Running from : C:\Users\Jay\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\ProgramData\Trymedia
Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search

***** [Registry] *****

Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\IGearSettings
Key Found : HKLM\SOFTWARE\AVG Secure Search
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
[x64] Key Found : HKCU\Software\AVG Secure Search
[x64] Key Found : HKCU\Software\IGearSettings
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
[x64] Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
[x64] Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
[x64] Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
[x64] Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
[x64] Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
[x64] Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
[x64] Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
[x64] Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
[x64] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
[x64] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [6643 octets] - [16/08/2012 17:47:36]

########## EOF - C:\AdwCleaner[R1].txt - [6771 octets] ##########

#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:42 AM

Posted 17 August 2012 - 07:10 AM

Results of screen317's Security Check version 0.99.44
Windows 7 x64 (UAC is enabled)
Out of date service pack!!

Click on the link Out of date service pack!! and get the latest Service pack for Widows 7.

==

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 29


===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Include in your download" this is not required. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
===

If you do not use the AVG toolbar you can remove it by executing this fix.

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

Please let me know of any remaining issues with this computer.

#9 Splatle

Splatle
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:42 AM

Posted 17 August 2012 - 07:16 PM

I'm having issues downloading the updates. The windows update keeps giving me an error. I've tried several different fixes with no success. Java seems to be having issues as well. Avast keeps popping up on the desktop telling me that i'm being blocked from a harmful website. Onceagaincrap.com/s/1057/5005/.../

#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:42 AM

Posted 18 August 2012 - 07:54 AM

Avast keeps popping up on the desktop telling me that i'm being blocked from a harmful website. Onceagaincrap.com/s/1057/5005/.../

If Avast is doing it's thing then they must be a way in the programs settings to stop showing these messages.
Check it out.

===

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


#11 Splatle

Splatle
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:42 AM

Posted 18 August 2012 - 11:28 AM

Sorry I should have been more clear about the "Onceagaincrap.com/s/1057.." Avasti is stating that it is an infected URL and the Process is "\\.\globalroot\systemroot\svchost.exe. It pops up all the time regardless of the website i'm on.

Here is the log for FSS.

Farbar Service Scanner Version: 06-08-2012
Ran by Jay (administrator) on 18-08-2012 at 12:06:03
Running from "C:\Users\Jay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CA3CM1PD"
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============
BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend: "%ProgramFiles(x86)%\Windows Defender\mpsvc.dll".


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\mpssvc.dll
[2009-07-13 20:09] - [2009-07-13 21:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2009-07-13 19:36] - [2009-07-13 21:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2012-06-13 22:19] - [2012-04-24 01:59] - 0182272 ____A (Microsoft Corporation) F02786B66375292E58C8777082D4396D

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:42 AM

Posted 18 August 2012 - 01:32 PM

There was a bad process that ComboFix remove, C:\Windows\svchost.exe

Lets see if something is still lurking around.

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.


===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

Note: You may be asked if you want to download Avast Free Antivirus I suggest you deny this download unless you do not have any Antivirus protection on the computer.
===

Windows 7
Please download Seven.zip file from here: http://www.smartestc...y-network-keys/
Unzip the file to a temporary folder your desktop.

These files will be extracted:
afd.reg
bit.reg
bfe.reg
mpssvc.reg
nsiproxy.reg
sdrsvc.reg
tdx.reg
wscsvc.reg
windefend.reg
wuauserv.reg

legacy_afd.reg
legacy_bfe.reg
Legacy_bit.reg
legacy_mpssvc.reg
legacy_nsiproxy.reg
legacy_sdrsvc.reg
legacy_tdx.reg
Legacy_windefend.reg
legacy_wscsvc.reg
legacy_wuauserv.reg

start_services.bat


Double-click each one of the bit.reg and Legacy_bit.reg files in turn and click Yes to add it to the Registry
Allow registry merge.
When the 2 file have been executed.

Restart computer.

Please run the FSS.exe tool again and post a fresh log.
===

Please post the logs and let me know what problem persists.

#13 Splatle

Splatle
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:42 AM

Posted 19 August 2012 - 10:19 AM

I've completed my todo list. I was able to change the bits.reg but the Legacy_bits.reg would not complete. It says there was an error accessing the registry. Below are the logs you requested. Were you able to figure out why windows wasn't updating?


1st TDSS log

22:00:20.0481 5232 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
22:00:22.0502 5232 ============================================================
22:00:22.0502 5232 Current date / time: 2012/08/18 22:00:22.0502
22:00:22.0502 5232 SystemInfo:
22:00:22.0502 5232
22:00:22.0502 5232 OS Version: 6.1.7600 ServicePack: 0.0
22:00:22.0502 5232 Product type: Workstation
22:00:22.0502 5232 ComputerName: COMPUTER
22:00:22.0502 5232 UserName: Jay
22:00:22.0502 5232 Windows directory: C:\Windows
22:00:22.0502 5232 System windows directory: C:\Windows
22:00:22.0502 5232 Running under WOW64
22:00:22.0502 5232 Processor architecture: Intel x64
22:00:22.0502 5232 Number of processors: 4
22:00:22.0502 5232 Page size: 0x1000
22:00:22.0502 5232 Boot type: Normal boot
22:00:22.0502 5232 ============================================================
22:00:24.0164 5232 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:00:24.0231 5232 ============================================================
22:00:24.0231 5232 \Device\Harddisk0\DR0:
22:00:24.0246 5232 MBR partitions:
22:00:24.0246 5232 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
22:00:24.0246 5232 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x38625830
22:00:24.0246 5232 ============================================================
22:00:24.0267 5232 C: <-> \Device\Harddisk0\DR0\Partition2
22:00:24.0267 5232 ============================================================
22:00:24.0267 5232 Initialize success
22:00:24.0267 5232 ============================================================
22:00:33.0616 4076 ============================================================
22:00:33.0616 4076 Scan started
22:00:33.0616 4076 Mode: Manual;
22:00:33.0616 4076 ============================================================
22:00:34.0788 4076 ================ Scan services =============================
22:00:34.0987 4076 [ 69aa89a20dee08bfa650aab6ce37bd10 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
22:00:34.0989 4076 1394ohci - ok
22:00:35.0044 4076 [ c49c56b35bfc6cda8d1fdcad2885568f ] Acceler C:\Windows\system32\DRIVERS\Acceler.sys
22:00:35.0045 4076 Acceler - ok
22:00:35.0116 4076 [ 6f11e88748cdefd2f76aa215f97ddfe5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
22:00:35.0120 4076 ACPI - ok
22:00:35.0134 4076 [ 63b05a0420ce4bf0e4af6dcc7cada254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
22:00:35.0135 4076 AcpiPmi - ok
22:00:35.0304 4076 [ d19c4ee2ac7c47b8f5f84fff1a789d8a ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:00:35.0305 4076 AdobeARMservice - ok
22:00:35.0481 4076 [ a9d3b95e8466bd58eeb8a1154654e162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:00:35.0485 4076 AdobeFlashPlayerUpdateSvc - ok
22:00:35.0545 4076 [ 2f6b34b83843f0c5118b63ac634f5bf4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
22:00:35.0550 4076 adp94xx - ok
22:00:35.0620 4076 [ 597f78224ee9224ea1a13d6350ced962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
22:00:35.0624 4076 adpahci - ok
22:00:35.0644 4076 [ e109549c90f62fb570b9540c4b148e54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
22:00:35.0647 4076 adpu320 - ok
22:00:35.0700 4076 [ 4b78b431f225fd8624c5655cb1de7b61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:00:35.0701 4076 AeLookupSvc - ok
22:00:35.0769 4076 [ db9d6c6b2cd95a9ca414d045b627422e ] AFD C:\Windows\system32\drivers\afd.sys
22:00:35.0774 4076 AFD - ok
22:00:35.0829 4076 [ 608c14dba7299d8cb6ed035a68a15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
22:00:35.0831 4076 agp440 - ok
22:00:35.0846 4076 [ 3290d6946b5e30e70414990574883ddb ] ALG C:\Windows\System32\alg.exe
22:00:35.0848 4076 ALG - ok
22:00:35.0904 4076 [ 5812713a477a3ad7363c7438ca2ee038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
22:00:35.0905 4076 aliide - ok
22:00:35.0918 4076 [ 1ff8b4431c353ce385c875f194924c0c ] amdide C:\Windows\system32\DRIVERS\amdide.sys
22:00:35.0919 4076 amdide - ok
22:00:35.0972 4076 [ 7024f087cff1833a806193ef9d22cda9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
22:00:35.0974 4076 AmdK8 - ok
22:00:35.0991 4076 [ 1e56388b3fe0d031c44144eb8c4d6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
22:00:35.0993 4076 AmdPPM - ok
22:00:36.0028 4076 [ ec7ebab00a4d8448bab68d1e49b4beb9 ] amdsata C:\Windows\system32\drivers\amdsata.sys
22:00:36.0045 4076 amdsata - ok
22:00:36.0109 4076 [ f67f933e79241ed32ff46a4f29b5120b ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
22:00:36.0112 4076 amdsbs - ok
22:00:36.0131 4076 [ db27766102c7bf7e95140a2aa81d042e ] amdxata C:\Windows\system32\drivers\amdxata.sys
22:00:36.0133 4076 amdxata - ok
22:00:36.0182 4076 [ 42fd751b27fa0e9c69bb39f39e409594 ] AppID C:\Windows\system32\drivers\appid.sys
22:00:36.0183 4076 AppID - ok
22:00:36.0231 4076 [ 0bc381a15355a3982216f7172f545de1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
22:00:36.0232 4076 AppIDSvc - ok
22:00:36.0284 4076 [ d065be66822847b7f127d1f90158376e ] Appinfo C:\Windows\System32\appinfo.dll
22:00:36.0286 4076 Appinfo - ok
22:00:36.0450 4076 [ f401929ee0cc92bfe7f15161ca535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:00:36.0451 4076 Apple Mobile Device - ok
22:00:36.0522 4076 [ c484f8ceb1717c540242531db7845c4e ] arc C:\Windows\system32\DRIVERS\arc.sys
22:00:36.0524 4076 arc - ok
22:00:36.0543 4076 [ 019af6924aefe7839f61c830227fe79c ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
22:00:36.0545 4076 arcsas - ok
22:00:36.0608 4076 [ df59b8e8df0bd2e0e303778a3806a17d ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
22:00:36.0610 4076 aswFsBlk - ok
22:00:36.0666 4076 [ f8e6ab4f876feff69250f2e0c29ef004 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
22:00:36.0667 4076 aswMonFlt - ok
22:00:36.0728 4076 [ aa92bc4bcba40ca3aa3ffd1be24f0c09 ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
22:00:36.0730 4076 aswRdr - ok
22:00:36.0760 4076 [ f06e230e1e8ca9437a6474b7b551cd37 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
22:00:36.0770 4076 aswSnx - ok
22:00:36.0802 4076 [ 3610ca74a69e380424f0452dec5c1317 ] aswSP C:\Windows\system32\drivers\aswSP.sys
22:00:36.0806 4076 aswSP - ok
22:00:36.0831 4076 [ 87de3e31cb0091d22351349869324065 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
22:00:36.0833 4076 aswTdi - ok
22:00:36.0855 4076 [ 769765ce2cc62867468cea93969b2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:00:36.0857 4076 AsyncMac - ok
22:00:36.0911 4076 [ 02062c0b390b7729edc9e69c680a6f3c ] atapi C:\Windows\system32\DRIVERS\atapi.sys
22:00:36.0911 4076 atapi - ok
22:00:36.0981 4076 [ 07721a77180edd4d39ccb865bf63c7fd ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:00:36.0985 4076 AudioEndpointBuilder - ok
22:00:36.0996 4076 [ 07721a77180edd4d39ccb865bf63c7fd ] AudioSrv C:\Windows\System32\Audiosrv.dll
22:00:37.0000 4076 AudioSrv - ok
22:00:37.0136 4076 [ 2f7c0f3e39c45e0127fb78b2f18a41f3 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
22:00:37.0137 4076 avast! Antivirus - ok
22:00:37.0192 4076 [ b20b5fa5ca050e9926e4d1db81501b32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
22:00:37.0194 4076 AxInstSV - ok
22:00:37.0259 4076 [ 3e5b191307609f7514148c6832bb0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
22:00:37.0264 4076 b06bdrv - ok
22:00:37.0321 4076 [ b5ace6968304a3900eeb1ebfd9622df2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
22:00:37.0325 4076 b57nd60a - ok
22:00:37.0347 4076 [ fde360167101b4e45a96f939f388aeb0 ] BDESVC C:\Windows\System32\bdesvc.dll
22:00:37.0349 4076 BDESVC - ok
22:00:37.0368 4076 [ 16a47ce2decc9b099349a5f840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
22:00:37.0369 4076 Beep - ok
22:00:37.0439 4076 [ 4992c609a6315671463e30f6512bc022 ] BFE C:\Windows\System32\bfe.dll
22:00:37.0443 4076 BFE - ok
22:00:37.0496 4076 [ 61583ee3c3a17003c4acd0475646b4d3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
22:00:37.0497 4076 blbdrive - ok
22:00:37.0616 4076 [ ebbcd5dfbb1de70e8f4af8fa59e401fd ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:00:37.0619 4076 Bonjour Service - ok
22:00:37.0674 4076 [ 19d20159708e152267e53b66677a4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:00:37.0677 4076 bowser - ok
22:00:37.0739 4076 [ f09eee9edc320b5e1501f749fde686c8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:00:37.0741 4076 BrFiltLo - ok
22:00:37.0758 4076 [ b114d3098e9bdb8bea8b053685831be6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:00:37.0760 4076 BrFiltUp - ok
22:00:37.0828 4076 [ 5c2f352a4e961d72518261257aae204b ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
22:00:37.0831 4076 BridgeMP - ok
22:00:37.0985 4076 [ 94fbc06f294d58d02361918418f996e3 ] Browser C:\Windows\System32\browser.dll
22:00:37.0987 4076 Browser - ok
22:00:38.0197 4076 [ 43bea8d483bf1870f018e2d02e06a5bd ] Brserid C:\Windows\System32\Drivers\Brserid.sys
22:00:38.0265 4076 Brserid - ok
22:00:38.0318 4076 [ a6eca2151b08a09caceca35c07f05b42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
22:00:38.0320 4076 BrSerWdm - ok
22:00:38.0334 4076 [ b79968002c277e869cf38bd22cd61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
22:00:38.0336 4076 BrUsbMdm - ok
22:00:38.0348 4076 [ a87528880231c54e75ea7a44943b38bf ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
22:00:38.0349 4076 BrUsbSer - ok
22:00:38.0414 4076 [ cf98190a94f62e405c8cb255018b2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
22:00:38.0415 4076 BthEnum - ok
22:00:38.0425 4076 [ 9da669f11d1f894ab4eb69bf546a42e8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
22:00:38.0427 4076 BTHMODEM - ok
22:00:38.0459 4076 [ 02dd601b708dd0667e1331fa8518e9ff ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
22:00:38.0460 4076 BthPan - ok
22:00:38.0538 4076 [ 21084ceb85280468c9aca3c805c0f8cf ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
22:00:38.0544 4076 BTHPORT - ok
22:00:38.0599 4076 [ 95f9c2976059462cbbf227f7aab10de9 ] bthserv C:\Windows\system32\bthserv.dll
22:00:38.0600 4076 bthserv - ok
22:00:38.0655 4076 [ 8504842634dd144c075b6b0c982ccec4 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
22:00:38.0657 4076 BTHUSB - ok
22:00:38.0667 4076 [ 6bcfdc2b5b7f66d484486d4bd4b39a6b ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
22:00:38.0669 4076 btwaudio - ok
22:00:38.0735 4076 [ 82dc8b7c626e526681c1bebed2bc3ff9 ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
22:00:38.0737 4076 btwavdt - ok
22:00:38.0815 4076 [ 6dde1e97be4d50253dfb9090a6a62524 ] btwdins c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
22:00:38.0825 4076 btwdins - ok
22:00:38.0836 4076 [ 6149301dc3f81d6f9667a3fbac410975 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
22:00:38.0838 4076 btwl2cap - ok
22:00:38.0851 4076 [ 28e105ad3b79f440bf94780f507bf66a ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
22:00:38.0852 4076 btwrchid - ok
22:00:38.0927 4076 catchme - ok
22:00:38.0950 4076 [ b8bd2bb284668c84865658c77574381a ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:00:38.0952 4076 cdfs - ok
22:00:39.0013 4076 [ 83d2d75e1efb81b3450c18131443f7db ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
22:00:39.0016 4076 cdrom - ok
22:00:39.0121 4076 [ 312e2f82af11e79906898ac3e3d58a1f ] CertPropSvc C:\Windows\System32\certprop.dll
22:00:39.0123 4076 CertPropSvc - ok
22:00:39.0195 4076 [ 75f91554e5fa6e962b880405fecc97a1 ] cfwids C:\Windows\system32\drivers\cfwids.sys
22:00:39.0196 4076 cfwids - ok
22:00:39.0244 4076 [ d7cd5c4e1b71fa62050515314cfb52cf ] circlass C:\Windows\system32\DRIVERS\circlass.sys
22:00:39.0245 4076 circlass - ok
22:00:39.0271 4076 [ fe1ec06f2253f691fe36217c592a0206 ] CLFS C:\Windows\system32\CLFS.sys
22:00:39.0276 4076 CLFS - ok
22:00:39.0392 4076 [ d88040f816fda31c3b466f0fa0918f29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:00:39.0394 4076 clr_optimization_v2.0.50727_32 - ok
22:00:39.0463 4076 [ d1ceea2b47cb998321c579651ce3e4f8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:00:39.0466 4076 clr_optimization_v2.0.50727_64 - ok
22:00:39.0579 4076 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:00:39.0613 4076 clr_optimization_v4.0.30319_32 - ok
22:00:39.0662 4076 [ c6f9af94dcd58122a4d7e89db6bed29d ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:00:39.0664 4076 clr_optimization_v4.0.30319_64 - ok
22:00:39.0724 4076 [ 0840155d0bddf1190f84a663c284bd33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
22:00:39.0726 4076 CmBatt - ok
22:00:39.0737 4076 [ e19d3f095812725d88f9001985b94edd ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
22:00:39.0739 4076 cmdide - ok
22:00:39.0795 4076 [ ca7720b73446fddec5c69519c1174c98 ] CNG C:\Windows\system32\Drivers\cng.sys
22:00:39.0800 4076 CNG - ok
22:00:39.0827 4076 [ 102de219c3f61415f964c88e9085ad14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
22:00:39.0829 4076 Compbatt - ok
22:00:39.0899 4076 [ f26b3a86f6fa87ca360b879581ab4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
22:00:39.0901 4076 CompositeBus - ok
22:00:39.0925 4076 COMSysApp - ok
22:00:39.0949 4076 [ 1c827878a998c18847245fe1f34ee597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
22:00:39.0951 4076 crcdisk - ok
22:00:40.0009 4076 [ f02786b66375292e58c8777082d4396d ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:00:40.0011 4076 CryptSvc - ok
22:00:40.0069 4076 [ ed5cf92396a62f4c15110dcdb5e854d9 ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys
22:00:40.0072 4076 CtClsFlt - ok
22:00:40.0230 4076 [ 72794d112cbaff3bc0c29bf7350d4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
22:00:40.0238 4076 cvhsvc - ok
22:00:40.0300 4076 [ 7266972e86890e2b30c0c322e906b027 ] DcomLaunch C:\Windows\system32\rpcss.dll
22:00:40.0306 4076 DcomLaunch - ok
22:00:40.0360 4076 [ 3cec7631a84943677aa8fa8ee5b6b43d ] defragsvc C:\Windows\System32\defragsvc.dll
22:00:40.0365 4076 defragsvc - ok
22:00:40.0422 4076 [ 9c253ce7311ca60fc11c774692a13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:00:40.0425 4076 DfsC - ok
22:00:40.0444 4076 [ ce3b9562d997f69b330d181a8875960f ] Dhcp C:\Windows\system32\dhcpcore.dll
22:00:40.0447 4076 Dhcp - ok
22:00:40.0501 4076 [ 13096b05847ec78f0977f2c0f79e9ab3 ] discache C:\Windows\system32\drivers\discache.sys
22:00:40.0503 4076 discache - ok
22:00:40.0569 4076 [ 9819eee8b5ea3784ec4af3b137a5244c ] Disk C:\Windows\system32\DRIVERS\disk.sys
22:00:40.0570 4076 Disk - ok
22:00:40.0640 4076 [ 85cf424c74a1d5ec33533e1dbff9920a ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:00:40.0643 4076 Dnscache - ok
22:00:40.0792 4076 [ 0840abbbdf438691ee65a20040635cbe ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
22:00:40.0795 4076 DockLoginService - ok
22:00:40.0814 4076 [ 14452acdb09b70964c8c21bf80a13acb ] dot3svc C:\Windows\System32\dot3svc.dll
22:00:40.0820 4076 dot3svc - ok
22:00:40.0889 4076 [ 8c2ba6bea949ee6e68385f5692bafb94 ] DPS C:\Windows\system32\dps.dll
22:00:40.0891 4076 DPS - ok
22:00:40.0960 4076 [ 9b19f34400d24df84c858a421c205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:00:40.0962 4076 drmkaud - ok
22:00:41.0034 4076 [ 1633b9abf52784a1331476397a48cbef ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:00:41.0045 4076 DXGKrnl - ok
22:00:41.0101 4076 [ e2dda8726da9cb5b2c4000c9018a9633 ] EapHost C:\Windows\System32\eapsvc.dll
22:00:41.0103 4076 EapHost - ok
22:00:41.0284 4076 [ dc5d737f51be844d8c82c695eb17372f ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
22:00:41.0316 4076 ebdrv - ok
22:00:41.0361 4076 [ 156f6159457d0aa7e59b62681b56eb90 ] EFS C:\Windows\System32\lsass.exe
22:00:41.0364 4076 EFS - ok
22:00:41.0468 4076 [ 47c071994c3f649f23d9cd075ac9304a ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:00:41.0475 4076 ehRecvr - ok
22:00:41.0525 4076 [ 4705e8ef9934482c5bb488ce28afc681 ] ehSched C:\Windows\ehome\ehsched.exe
22:00:41.0528 4076 ehSched - ok
22:00:41.0581 4076 [ 0e5da5369a0fcaea12456dd852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
22:00:41.0587 4076 elxstor - ok
22:00:41.0684 4076 [ abdd5ad016affd34ad40e944ce94bf59 ] EpsonBidirectionalService C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
22:00:41.0687 4076 EpsonBidirectionalService - ok
22:00:41.0699 4076 [ 34a3c54752046e79a126e15c51db409b ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
22:00:41.0700 4076 ErrDev - ok
22:00:41.0756 4076 [ 4166f82be4d24938977dd1746be9b8a0 ] EventSystem C:\Windows\system32\es.dll
22:00:41.0759 4076 EventSystem - ok
22:00:41.0849 4076 [ 51643ee2712d9212e1e53ca7e8d8eb4a ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
22:00:41.0858 4076 EvtEng - ok
22:00:41.0879 4076 [ a510c654ec00c1e9bdd91eeb3a59823b ] exfat C:\Windows\system32\drivers\exfat.sys
22:00:41.0883 4076 exfat - ok
22:00:41.0938 4076 [ 0adc83218b66a6db380c330836f3e36d ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:00:41.0941 4076 fastfat - ok
22:00:42.0019 4076 [ d607b2f1bee3992aa6c2c92c0a2f0855 ] Fax C:\Windows\system32\fxssvc.exe
22:00:42.0025 4076 Fax - ok
22:00:42.0043 4076 [ d765d19cd8ef61f650c384f62fac00ab ] fdc C:\Windows\system32\DRIVERS\fdc.sys
22:00:42.0045 4076 fdc - ok
22:00:42.0099 4076 [ 0438cab2e03f4fb61455a7956026fe86 ] fdPHost C:\Windows\system32\fdPHost.dll
22:00:42.0101 4076 fdPHost - ok
22:00:42.0119 4076 [ 802496cb59a30349f9a6dd22d6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
22:00:42.0122 4076 FDResPub - ok
22:00:42.0139 4076 [ 655661be46b5f5f3fd454e2c3095b930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:00:42.0160 4076 FileInfo - ok
22:00:42.0180 4076 [ 5f671ab5bc87eea04ec38a6cd5962a47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:00:42.0182 4076 Filetrace - ok
22:00:42.0223 4076 [ c172a0f53008eaeb8ea33fe10e177af5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
22:00:42.0241 4076 flpydisk - ok
22:00:42.0299 4076 [ f7866af72abbaf84b1fa5aa195378c59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:00:42.0320 4076 FltMgr - ok
22:00:42.0483 4076 [ cb5e4b9c319e3c6bb363eb7e58a4a051 ] FontCache C:\Windows\system32\FntCache.dll
22:00:42.0504 4076 FontCache - ok
22:00:42.0655 4076 [ 8d89e3131c27fdd6932189cb785e1b7a ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:00:42.0697 4076 FontCache3.0.0.0 - ok
22:00:42.0765 4076 [ d43703496149971890703b4b1b723eac ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
22:00:42.0785 4076 FsDepends - ok
22:00:42.0848 4076 [ d3e3f93d67821a2db2b3d9fac2dc2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:00:42.0859 4076 Fs_Rec - ok
22:00:42.0994 4076 [ ae87ba80d0ec3b57126ed2cdc15b24ed ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
22:00:43.0015 4076 fvevol - ok
22:00:43.0094 4076 [ 8c778d335c9d272cfd3298ab02abe3b6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
22:00:43.0111 4076 gagp30kx - ok
22:00:43.0252 4076 [ c403c5db49a0f9aaf4f2128edc0106d8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
22:00:43.0291 4076 GamesAppService - ok
22:00:43.0358 4076 [ e403aacf8c7bb11375122d2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:00:43.0386 4076 GEARAspiWDM - ok
22:00:43.0613 4076 [ d3316f6e3c011435f36e3d6e49b3196c ] GoToAssist C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
22:00:43.0652 4076 GoToAssist - ok
22:00:43.0780 4076 [ fe5ab4525bc2ec68b9119a6e5d40128b ] gpsvc C:\Windows\System32\gpsvc.dll
22:00:43.0787 4076 gpsvc - ok
22:00:43.0877 4076 [ f2523ef6460fc42405b12248338ab2f0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
22:00:43.0879 4076 hcw85cir - ok
22:00:44.0082 4076 [ 6410f6f415b2a5a9037224c41da8bf12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:00:44.0124 4076 HdAudAddService - ok
22:00:44.0206 4076 [ 0a49913402747a0b67de940fb42cbdbb ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
22:00:44.0207 4076 HDAudBus - ok
22:00:44.0277 4076 [ b6ac71aaa2b10848f57fc49d55a651af ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
22:00:44.0282 4076 HECIx64 - ok
22:00:44.0345 4076 [ 78e86380454a7b10a5eb255dc44a355f ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
22:00:44.0365 4076 HidBatt - ok
22:00:44.0387 4076 [ 7fd2a313f7afe5c4dab14798c48dd104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
22:00:44.0407 4076 HidBth - ok
22:00:44.0448 4076 [ 0a77d29f311b88cfae3b13f9c1a73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
22:00:44.0468 4076 HidIr - ok
22:00:44.0509 4076 [ bd9eb3958f213f96b97b1d897dee006d ] hidserv C:\Windows\System32\hidserv.dll
22:00:44.0511 4076 hidserv - ok
22:00:44.0630 4076 [ b3bf6b5b50006def50b66306d99fcf6f ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
22:00:44.0670 4076 HidUsb - ok
22:00:44.0731 4076 [ efa58ede58dd74388ffd04cb32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:00:44.0751 4076 hkmsvc - ok
22:00:44.0814 4076 [ 046b2673767ca626e2cfb7fdf735e9e8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:00:44.0818 4076 HomeGroupListener - ok
22:00:44.0915 4076 [ 06a7422224d9865a5613710a089987df ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:00:44.0920 4076 HomeGroupProvider - ok
22:00:45.0054 4076 [ 0570a17a2e5001b97e20c15b4fc516ae ] HP1210FAX C:\Windows\system32\Drivers\HPM1210FAX.sys
22:00:45.0076 4076 HP1210FAX - ok
22:00:45.0230 4076 [ f8f686d62121549377d9e1cdf6bc3441 ] HPM1210RcvFaxSrvc C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe
22:00:45.0254 4076 HPM1210RcvFaxSrvc - ok
22:00:45.0336 4076 [ 0886d440058f203eba0e1825e4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
22:00:45.0374 4076 HpSAMD - ok
22:00:45.0439 4076 [ 4e9cae3200a46135de01ce22baf832be ] HPSIService C:\Windows\system32\HPSIsvc.exe
22:00:45.0443 4076 HPSIService - ok
22:00:45.0557 4076 [ cee049cac4efa7f4e1e4ad014414a5d4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:00:45.0584 4076 HTTP - ok
22:00:45.0631 4076 [ f17766a19145f111856378df337a5d79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
22:00:45.0633 4076 hwpolicy - ok
22:00:45.0737 4076 [ fa55c73d4affa7ee23ac4be53b4592d3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
22:00:45.0759 4076 i8042prt - ok
22:00:45.0901 4076 [ b75e45c564e944a2657167d197ab29da ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
22:00:45.0923 4076 iaStorV - ok
22:00:46.0133 4076 [ 1cf03c69b49acb70c722df92755c0c8c ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
22:00:46.0142 4076 IDriverT - ok
22:00:46.0332 4076 [ 2f2be70d3e02b6fa877921ab9516d43c ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:00:46.0373 4076 idsvc - ok
22:00:47.0234 4076 [ 09ce164afa8483e41808784d7fca154e ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
22:00:47.0421 4076 igfx - ok
22:00:47.0508 4076 [ 5c18831c61933628f5bb0ea2675b9d21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
22:00:47.0529 4076 iirsp - ok
22:00:47.0651 4076 [ c5b4683680df085b57bc53e5ef34861f ] IKEEXT C:\Windows\System32\ikeext.dll
22:00:47.0658 4076 IKEEXT - ok
22:00:47.0750 4076 [ dd587a55390ed2295bce6d36ad567da9 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
22:00:47.0787 4076 Impcd - ok
22:00:47.0887 4076 [ 58cf58dee26c909bd6f977b61d246295 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
22:00:47.0926 4076 IntcDAud - ok
22:00:48.0006 4076 [ f00f20e70c6ec3aa366910083a0518aa ] intelide C:\Windows\system32\DRIVERS\intelide.sys
22:00:48.0008 4076 intelide - ok
22:00:48.0058 4076 [ ada036632c664caa754079041cf1f8c1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:00:48.0059 4076 intelppm - ok
22:00:48.0252 4076 [ 3dc635b66dd7412e1c9c3a77b8d78f25 ] IntuitUpdateService C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
22:00:48.0254 4076 IntuitUpdateService - ok
22:00:48.0465 4076 [ 1663a135865f0ba6e853353e98e67f2a ] IntuitUpdateServiceV4 C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
22:00:48.0467 4076 IntuitUpdateServiceV4 - ok
22:00:48.0577 4076 [ 098a91c54546a3b878dad6a7e90a455b ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:00:48.0581 4076 IPBusEnum - ok
22:00:48.0604 4076 [ 722dd294df62483cecaae6e094b4d695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:00:48.0661 4076 IpFilterDriver - ok
22:00:49.0026 4076 [ f8e058d17363ec580e4b7232778b6cb5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:00:49.0032 4076 iphlpsvc - ok
22:00:49.0730 4076 [ e2b4a4494db7cb9b89b55ca268c337c5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
22:00:49.0733 4076 IPMIDRV - ok
22:00:49.0784 4076 [ af9b39a7e7b6caa203b3862582e9f2d0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
22:00:49.0786 4076 IPNAT - ok
22:00:49.0998 4076 [ a9ab99ee7d39725eafec82732d2b3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
22:00:50.0020 4076 iPod Service - ok
22:00:50.0101 4076 [ 3abf5e7213eb28966d55d58b515d5ce9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:00:50.0102 4076 IRENUM - ok
22:00:50.0122 4076 [ 2f7b28dc3e1183e5eb418df55c204f38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
22:00:50.0143 4076 isapnp - ok
22:00:50.0166 4076 [ fa4d2557de56d45b0a346f93564be6e1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
22:00:50.0188 4076 iScsiPrt - ok
22:00:50.0253 4076 [ d2788bd344280e416502fce52450d66f ] JLTECH0227 C:\Windows\system32\Drivers\jl2005c.sys
22:00:50.0293 4076 JLTECH0227 - ok
22:00:50.0382 4076 [ bc02336f1cba7dcc7d1213bb588a68a5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
22:00:50.0400 4076 kbdclass - ok
22:00:50.0483 4076 [ 6def98f8541e1b5dceb2c822a11f7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
22:00:50.0502 4076 kbdhid - ok
22:00:50.0541 4076 [ 156f6159457d0aa7e59b62681b56eb90 ] KeyIso C:\Windows\system32\lsass.exe
22:00:50.0545 4076 KeyIso - ok
22:00:50.0605 4076 [ 4f4b5fde429416877de7143044582eb5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:00:50.0608 4076 KSecDD - ok
22:00:50.0649 4076 [ 6f40465a44ecdc1731befafec5bdd03c ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
22:00:50.0672 4076 KSecPkg - ok
22:00:50.0705 4076 [ 6869281e78cb31a43e969f06b57347c4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
22:00:50.0718 4076 ksthunk - ok
22:00:50.0798 4076 [ 6ab66e16aa859232f64deb66887a8c9c ] KtmRm C:\Windows\system32\msdtckrm.dll
22:00:50.0818 4076 KtmRm - ok
22:00:50.0909 4076 [ 81f1d04d4d0e433099365127375fd501 ] LanmanServer C:\Windows\System32\srvsvc.dll
22:00:50.0915 4076 LanmanServer - ok
22:00:50.0996 4076 [ 27026eac8818e8a6c00a1cad2f11d29a ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:00:51.0002 4076 LanmanWorkstation - ok
22:00:51.0087 4076 [ 1538831cf8ad2979a04c423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:00:51.0108 4076 lltdio - ok
22:00:51.0211 4076 [ c1185803384ab3feed115f79f109427f ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:00:51.0232 4076 lltdsvc - ok
22:00:51.0252 4076 [ f993a32249b66c9d622ea5592a8b76b8 ] lmhosts C:\Windows\System32\lmhsvc.dll
22:00:51.0255 4076 lmhosts - ok
22:00:51.0372 4076 [ 7485fbcef9136f530953575e2977859d ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
22:00:51.0396 4076 LMS - ok
22:00:51.0475 4076 [ 1a93e54eb0ece102495a51266dcdb6a6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
22:00:51.0498 4076 LSI_FC - ok
22:00:51.0518 4076 [ 1047184a9fdc8bdbff857175875ee810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
22:00:51.0521 4076 LSI_SAS - ok
22:00:51.0568 4076 [ 30f5c0de1ee8b5bc9306c1f0e4a75f93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:00:51.0571 4076 LSI_SAS2 - ok
22:00:51.0601 4076 [ 0504eacaff0d3c8aed161c4b0d369d4a ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:00:51.0603 4076 LSI_SCSI - ok
22:00:51.0628 4076 [ 43d0f98e1d56ccddb0d5254cff7b356e ] luafv C:\Windows\system32\drivers\luafv.sys
22:00:51.0643 4076 luafv - ok
22:00:51.0750 4076 [ dc8490812a3b72811ae534f423b4c206 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
22:00:51.0771 4076 MBAMProtector - ok
22:00:51.0867 4076 [ 43683e970f008c93c9429ef428147a54 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
22:00:51.0875 4076 MBAMService - ok
22:00:51.0978 4076 [ acb01bf1a905356ab7f978c7fe852209 ] McMPFSvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
22:00:51.0980 4076 McMPFSvc - ok
22:00:51.0986 4076 [ acb01bf1a905356ab7f978c7fe852209 ] mcmscsvc C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
22:00:51.0988 4076 mcmscsvc - ok
22:00:51.0995 4076 [ acb01bf1a905356ab7f978c7fe852209 ] McNaiAnn C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
22:00:51.0997 4076 McNaiAnn - ok
22:00:52.0025 4076 [ acb01bf1a905356ab7f978c7fe852209 ] McNASvc C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
22:00:52.0027 4076 McNASvc - ok
22:00:52.0108 4076 [ 07b89e7de2f7971cf7eef0262207c4de ] McODS C:\Program Files\mcafee\VirusScan\mcods.exe
22:00:52.0112 4076 McODS - ok
22:00:52.0121 4076 [ acb01bf1a905356ab7f978c7fe852209 ] McOobeSv C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
22:00:52.0123 4076 McOobeSv - ok
22:00:52.0130 4076 [ acb01bf1a905356ab7f978c7fe852209 ] McProxy C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
22:00:52.0132 4076 McProxy - ok
22:00:52.0182 4076 [ 634084d6fa08a1a95b1ce3291debc237 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
22:00:52.0184 4076 McShield - ok
22:00:52.0250 4076 [ f84c8f1000bc11e3b7b23cbd3baff111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:00:52.0255 4076 Mcx2Svc - ok
22:00:52.0306 4076 [ a55805f747c6edb6a9080d7c633bd0f4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
22:00:52.0308 4076 megasas - ok
22:00:52.0323 4076 [ baf74ce0072480c3b6b7c13b2a94d6b3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
22:00:52.0327 4076 MegaSR - ok
22:00:52.0357 4076 [ eac376dd77ec9e95d38108a27c261dca ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys
22:00:52.0359 4076 mfeapfk - ok
22:00:52.0376 4076 [ f55f50b11d635658f346db0457bb2b79 ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys
22:00:52.0384 4076 mfeavfk - ok
22:00:52.0430 4076 mfeavfk01 - ok
22:00:52.0479 4076 [ c1bb6e71830e029aba38a2e34449d5e0 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
22:00:52.0481 4076 mfefire - ok
22:00:52.0554 4076 [ 33b8e35c5839a83d6700aab3e464553b ] mfefirek C:\Windows\system32\drivers\mfefirek.sys
22:00:52.0560 4076 mfefirek - ok
22:00:52.0617 4076 [ ada8c105c8f9a61284c75157c170585b ] mfehidk C:\Windows\system32\drivers\mfehidk.sys
22:00:52.0625 4076 mfehidk - ok
22:00:52.0640 4076 [ c52ee6d1e1e5a69c989acc478051964e ] mfenlfk C:\Windows\system32\DRIVERS\mfenlfk.sys
22:00:52.0656 4076 mfenlfk - ok
22:00:52.0682 4076 [ b000720e19ef733f938a6269d630f5dd ] mferkdet C:\Windows\system32\drivers\mferkdet.sys
22:00:52.0684 4076 mferkdet - ok
22:00:52.0710 4076 [ 6293c0c086f3c3efb663b3d1281df4b8 ] mfevtp C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
22:00:52.0712 4076 mfevtp - ok
22:00:52.0725 4076 [ 62717ab68b38efee54678b85e19b0538 ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys
22:00:52.0729 4076 mfewfpk - ok
22:00:52.0787 4076 [ e40e80d0304a73e8d269f7141d77250b ] MMCSS C:\Windows\system32\mmcss.dll
22:00:52.0791 4076 MMCSS - ok
22:00:52.0846 4076 [ 800ba92f7010378b09f9ed9270f07137 ] Modem C:\Windows\system32\drivers\modem.sys
22:00:52.0848 4076 Modem - ok
22:00:52.0900 4076 [ b03d591dc7da45ece20b3b467e6aadaa ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:00:52.0901 4076 monitor - ok
22:00:52.0954 4076 [ 7d27ea49f3c1f687d357e77a470aea99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
22:00:52.0956 4076 mouclass - ok
22:00:52.0968 4076 [ d3bf052c40b0c4166d9fd86a4288c1e6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:00:52.0970 4076 mouhid - ok
22:00:53.0015 4076 [ 791af66c4d0e7c90a3646066386fb571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
22:00:53.0017 4076 mountmgr - ok
22:00:53.0048 4076 [ 609d1d87649ecc19796f4d76d4c15cea ] mpio C:\Windows\system32\DRIVERS\mpio.sys
22:00:53.0051 4076 mpio - ok
22:00:53.0083 4076 [ 6c38c9e45ae0ea2fa5e551f2ed5e978f ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:00:53.0085 4076 mpsdrv - ok
22:00:53.0157 4076 [ aecab449567d1846dad63ece49e893e3 ] MpsSvc C:\Windows\system32\mpssvc.dll
22:00:53.0164 4076 MpsSvc - ok
22:00:53.0182 4076 [ 30524261bb51d96d6fcbac20c810183c ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:00:53.0185 4076 MRxDAV - ok
22:00:53.0238 4076 [ 040d62a9d8ad28922632137acdd984f2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:00:53.0241 4076 mrxsmb - ok
22:00:53.0305 4076 [ f0067552f8f9b33d7c59403ab808a3cb ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:00:53.0309 4076 mrxsmb10 - ok
22:00:53.0327 4076 [ 3c142d31de9f2f193218a53fe2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:00:53.0329 4076 mrxsmb20 - ok
22:00:53.0379 4076 [ bccf16d5fb1109162380e3e28dc9e4e5 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
22:00:53.0381 4076 msahci - ok
22:00:53.0437 4076 [ 8d27b597229aed79430fb9db3bcbfbd0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
22:00:53.0440 4076 msdsm - ok
22:00:53.0458 4076 [ de0ece52236cfa3ed2dbfc03f28253a8 ] MSDTC C:\Windows\System32\msdtc.exe
22:00:53.0463 4076 MSDTC - ok
22:00:53.0486 4076 [ aa3fb40e17ce1388fa1bedab50ea8f96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:00:53.0488 4076 Msfs - ok
22:00:53.0539 4076 [ f9d215a46a8b9753f61767fa72a20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
22:00:53.0541 4076 mshidkmdf - ok
22:00:53.0553 4076 [ d916874bbd4f8b07bfb7fa9b3ccae29d ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
22:00:53.0555 4076 msisadrv - ok
22:00:53.0608 4076 [ 808e98ff49b155c522e6400953177b08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:00:53.0650 4076 MSiSCSI - ok
22:00:53.0659 4076 msiserver - ok
22:00:53.0710 4076 [ 49ccf2c4fea34ffad8b1b59d49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:00:53.0712 4076 MSKSSRV - ok
22:00:53.0729 4076 [ bdd71ace35a232104ddd349ee70e1ab3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:00:53.0730 4076 MSPCLOCK - ok
22:00:53.0747 4076 [ 4ed981241db27c3383d72092b618a1d0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:00:53.0749 4076 MSPQM - ok
22:00:53.0771 4076 [ 89cb141aa8616d8c6a4610fa26c60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:00:53.0776 4076 MsRPC - ok
22:00:53.0804 4076 [ 0eed230e37515a0eaee3c2e1bc97b288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
22:00:53.0806 4076 mssmbios - ok
22:00:53.0824 4076 [ 2e66f9ecb30b4221a318c92ac2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:00:53.0825 4076 MSTEE - ok
22:00:53.0844 4076 [ 7ea404308934e675bffde8edf0757bcd ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
22:00:53.0845 4076 MTConfig - ok
22:00:53.0861 4076 [ f9a18612fd3526fe473c1bda678d61c8 ] Mup C:\Windows\system32\Drivers\mup.sys
22:00:53.0863 4076 Mup - ok
22:00:53.0905 4076 [ 09818558c2579b45d78ab18a759b0ca8 ] mvusbews C:\Windows\system32\Drivers\mvusbews.sys
22:00:53.0908 4076 mvusbews - ok
22:00:53.0940 4076 [ d285d0539016be299a55ff997b44da33 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
22:00:53.0946 4076 MyWiFiDHCPDNS - ok
22:00:53.0996 4076 [ 4987e079a4530fa737a128be54b63b12 ] napagent C:\Windows\system32\qagentRT.dll
22:00:54.0005 4076 napagent - ok
22:00:54.0072 4076 [ 1ea3749c4114db3e3161156ffffa6b33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:00:54.0076 4076 NativeWifiP - ok
22:00:54.0155 4076 [ cad515dbd07d082bb317d9928ce8962c ] NDIS C:\Windows\system32\drivers\ndis.sys
22:00:54.0165 4076 NDIS - ok
22:00:54.0181 4076 [ 9f9a1f53aad7da4d6fef5bb73ab811ac ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
22:00:54.0183 4076 NdisCap - ok
22:00:54.0231 4076 [ 30639c932d9fef22b31268fe25a1b6e5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:00:54.0233 4076 NdisTapi - ok
22:00:54.0278 4076 [ f105ba1e22bf1f2ee8f005d4305e4bec ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:00:54.0280 4076 Ndisuio - ok
22:00:54.0303 4076 [ 557dfab9ca1fcb036ac77564c010dad3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:00:54.0306 4076 NdisWan - ok
22:00:54.0324 4076 [ 659b74fb74b86228d6338d643cd3e3cf ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:00:54.0326 4076 NDProxy - ok
22:00:54.0337 4076 [ 86743d9f5d2b1048062b14b1d84501c4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:00:54.0339 4076 NetBIOS - ok
22:00:54.0353 4076 [ 9162b273a44ab9dce5b44362731d062a ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
22:00:54.0357 4076 NetBT - ok
22:00:54.0370 4076 [ 156f6159457d0aa7e59b62681b56eb90 ] Netlogon C:\Windows\system32\lsass.exe
22:00:54.0373 4076 Netlogon - ok
22:00:54.0441 4076 [ 847d3ae376c0817161a14a82c8922a9e ] Netman C:\Windows\System32\netman.dll
22:00:54.0448 4076 Netman - ok
22:00:54.0511 4076 [ 5f28111c648f1e24f7dbc87cdeb091b8 ] netprofm C:\Windows\System32\netprofm.dll
22:00:54.0516 4076 netprofm - ok
22:00:54.0566 4076 [ 3e5a36127e201ddf663176b66828fafe ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:00:54.0569 4076 NetTcpPortSharing - ok
22:00:54.0730 4076 [ 4d85a450edef10c38882182753a49aae ] NETw5s64 C:\Windows\system32\DRIVERS\NETw5s64.sys
22:00:54.0804 4076 NETw5s64 - ok
22:00:54.0860 4076 [ 77889813be4d166cdab78ddba990da92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
22:00:54.0862 4076 nfrd960 - ok
22:00:54.0929 4076 [ d9a0ce66046d6efa0c61baa885cba0a8 ] NlaSvc C:\Windows\System32\nlasvc.dll
22:00:54.0934 4076 NlaSvc - ok
22:00:54.0951 4076 [ 1e4c4ab5c9b8dd13179bbdc75a2a01f7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:00:54.0953 4076 Npfs - ok
22:00:54.0961 4076 [ d54bfdf3e0c953f823b3d0bfe4732528 ] nsi C:\Windows\system32\nsisvc.dll
22:00:54.0965 4076 nsi - ok
22:00:54.0978 4076 [ e7f5ae18af4168178a642a9247c63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:00:54.0980 4076 nsiproxy - ok
22:00:55.0098 4076 [ 378e0e0dfea67d98ae6ea53adbbd76bc ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:00:55.0118 4076 Ntfs - ok
22:00:55.0141 4076 [ 9899284589f75fa8724ff3d16aed75c1 ] Null C:\Windows\system32\drivers\Null.sys
22:00:55.0142 4076 Null - ok
22:00:55.0200 4076 [ a4d9c9a608a97f59307c2f2600edc6a4 ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:00:55.0203 4076 nvraid - ok
22:00:55.0220 4076 [ 6c1d5f70e7a6a3fd1c90d840edc048b9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:00:55.0224 4076 nvstor - ok
22:00:55.0241 4076 [ 270d7cd42d6e3979f6dd0146650f0e05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
22:00:55.0244 4076 nv_agp - ok
22:00:55.0309 4076 [ d955d5de998db2476bf0892be3a96c26 ] O2FLASH C:\Windows\system32\DRIVERS\o2flash.exe
22:00:55.0310 4076 O2FLASH - ok
22:00:55.0330 4076 [ 8c2953537ca19dfaa67d612407e0f33e ] O2MDGRDR C:\Windows\system32\DRIVERS\o2mdgx64.sys
22:00:55.0332 4076 O2MDGRDR - ok
22:00:55.0380 4076 [ 3589478e4b22ce21b41fa1bfc0b8b8a0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
22:00:55.0383 4076 ohci1394 - ok
22:00:55.0433 4076 [ 9d10f99a6712e28f8acd5641e3a7ea6b ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:00:55.0458 4076 ose - ok
22:00:55.0620 4076 [ 61bffb5f57ad12f83ab64b7181829b34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:00:55.0676 4076 osppsvc - ok
22:00:55.0738 4076 [ 3eac4455472cc2c97107b5291e0dcafe ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:00:55.0743 4076 p2pimsvc - ok
22:00:55.0764 4076 [ 927463ecb02179f88e4b9a17568c63c3 ] p2psvc C:\Windows\system32\p2psvc.dll
22:00:55.0769 4076 p2psvc - ok
22:00:55.0819 4076 [ 0086431c29c35be1dbc43f52cc273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
22:00:55.0821 4076 Parport - ok
22:00:55.0878 4076 [ 90061b1acfe8ccaa5345750ffe08d8b8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:00:55.0880 4076 partmgr - ok
22:00:55.0894 4076 [ 3aeaa8b561e63452c655dc0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
22:00:55.0899 4076 PcaSvc - ok
22:00:56.0003 4076 [ 7317a0b550f7ac0223b7070897670476 ] PCDSRVC{1E208CE0-FB7451FF-06020101}_0 c:\program files\dell support center\pcdsrvc_x64.pkms
22:00:56.0028 4076 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - ok
22:00:56.0076 4076 [ f36f6504009f2fb0dfd1b17a116ad74b ] pci C:\Windows\system32\DRIVERS\pci.sys
22:00:56.0079 4076 pci - ok
22:00:56.0094 4076 [ b5b8b5ef2e5cb34df8dcf8831e3534fa ] pciide C:\Windows\system32\DRIVERS\pciide.sys
22:00:56.0096 4076 pciide - ok
22:00:56.0116 4076 [ b2e81d4e87ce48589f98cb8c05b01f2f ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
22:00:56.0119 4076 pcmcia - ok
22:00:56.0139 4076 [ d6b9c2e1a11a3a4b26a182ffef18f603 ] pcw C:\Windows\system32\drivers\pcw.sys
22:00:56.0141 4076 pcw - ok
22:00:56.0166 4076 [ 68769c3356b3be5d1c732c97b9a80d6e ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:00:56.0174 4076 PEAUTH - ok
22:00:56.0306 4076 [ e495e408c93141e8fc72dc0c6046ddfa ] PerfHost C:\Windows\SysWow64\perfhost.exe
22:00:56.0310 4076 PerfHost - ok
22:00:56.0401 4076 [ 557e9a86f65f0de18c9b6751dfe9d3f1 ] pla C:\Windows\system32\pla.dll
22:00:56.0417 4076 pla - ok
22:00:56.0504 4076 [ 98b1721b8718164293b9701b98c52d77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:00:56.0511 4076 PlugPlay - ok
22:00:56.0527 4076 [ 7195581cec9bb7d12abe54036acc2e38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:00:56.0531 4076 PNRPAutoReg - ok
22:00:56.0546 4076 [ 3eac4455472cc2c97107b5291e0dcafe ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:00:56.0551 4076 PNRPsvc - ok
22:00:56.0630 4076 [ 4f0878fd62d5f7444c5f1c4c66d9d293 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
22:00:56.0631 4076 Point64 - ok
22:00:56.0751 4076 [ 166eb40d1f5b47e615de3d0fffe5f243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:00:56.0755 4076 PolicyAgent - ok
22:00:56.0808 4076 [ 6ba9d927dded70bd1a9caded45f8b184 ] Power C:\Windows\system32\umpo.dll
22:00:56.0812 4076 Power - ok
22:00:56.0878 4076 [ 27cc19e81ba5e3403c48302127bda717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:00:56.0881 4076 PptpMiniport - ok
22:00:56.0899 4076 [ 0d922e23c041efb1c3fac2a6f943c9bf ] Processor C:\Windows\system32\DRIVERS\processr.sys
22:00:56.0901 4076 Processor - ok
22:00:56.0955 4076 [ 97293447431311c06703368ad0f6c4be ] ProfSvc C:\Windows\system32\profsvc.dll
22:00:56.0959 4076 ProfSvc - ok
22:00:56.0970 4076 [ 156f6159457d0aa7e59b62681b56eb90 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:00:56.0974 4076 ProtectedStorage - ok
22:00:57.0051 4076 [ ee992183bd8eaefd9973f352e587a299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:00:57.0053 4076 Psched - ok
22:00:57.0114 4076 [ 4712cc14e720ecccc0aa16949d18aaf1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
22:00:57.0116 4076 PxHlpa64 - ok
22:00:57.0152 4076 [ a53a15a11ebfd21077463ee2c7afeef0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
22:00:57.0226 4076 ql2300 - ok
22:00:57.0243 4076 [ 4f6d12b51de1aaeff7dc58c4d75423c8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
22:00:57.0246 4076 ql40xx - ok
22:00:57.0302 4076 [ 906191634e99aea92c4816150bda3732 ] QWAVE C:\Windows\system32\qwave.dll
22:00:57.0309 4076 QWAVE - ok
22:00:57.0323 4076 [ 76707bb36430888d9ce9d705398adb6c ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:00:57.0325 4076 QWAVEdrv - ok
22:00:57.0351 4076 [ 5a0da8ad5762fa2d91678a8a01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:00:57.0353 4076 RasAcd - ok
22:00:57.0419 4076 [ 7ecff9b22276b73f43a99a15a6094e90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
22:00:57.0421 4076 RasAgileVpn - ok
22:00:57.0458 4076 [ 8f26510c5383b8dbe976de1cd00fc8c7 ] RasAuto C:\Windows\System32\rasauto.dll
22:00:57.0464 4076 RasAuto - ok
22:00:57.0521 4076 [ 87a6e852a22991580d6d39adc4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:00:57.0524 4076 Rasl2tp - ok
22:00:57.0592 4076 [ 47394ed3d16d053f5906efe5ab51cc83 ] RasMan C:\Windows\System32\rasmans.dll
22:00:57.0599 4076 RasMan - ok
22:00:57.0616 4076 [ 855c9b1cd4756c5e9a2aa58a15f58c25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:00:57.0618 4076 RasPppoe - ok
22:00:57.0639 4076 [ e8b1e447b008d07ff47d016c2b0eeecb ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:00:57.0642 4076 RasSstp - ok
22:00:57.0663 4076 [ 3bac8142102c15d59a87757c1d41dce5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:00:57.0667 4076 rdbss - ok
22:00:57.0723 4076 [ 302da2a0539f2cf54d7c6cc30c1f2d8d ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
22:00:57.0726 4076 rdpbus - ok
22:00:57.0752 4076 [ cea6cc257fc9b7715f1c2b4849286d24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:00:57.0754 4076 RDPCDD - ok
22:00:57.0823 4076 [ bb5971a4f00659529a5c44831af22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:00:57.0825 4076 RDPENCDD - ok
22:00:57.0848 4076 [ 216f3fa57533d98e1f74ded70113177a ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
22:00:57.0850 4076 RDPREFMP - ok
22:00:57.0910 4076 [ 447de7e3dea39d422c1504f245b668b1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:00:57.0915 4076 RDPWD - ok
22:00:57.0941 4076 [ 634b9a2181d98f15941236886164ec8b ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:00:57.0945 4076 rdyboost - ok
22:00:58.0053 4076 [ 3b71b5b91e7dca93585d5a86c897adc4 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
22:00:58.0059 4076 RegSrvc - ok
22:00:58.0134 4076 [ 254fb7a22d74e5511c73a3f6d802f192 ] RemoteAccess C:\Windows\System32\mprdim.dll
22:00:58.0137 4076 RemoteAccess - ok
22:00:58.0166 4076 [ e4d94f24081440b5fc5aa556c7c62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:00:58.0172 4076 RemoteRegistry - ok
22:00:58.0224 4076 [ 3dd798846e2c28102b922c56e71b7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
22:00:58.0228 4076 RFCOMM - ok
22:00:58.0244 4076 [ e4dc58cf7b3ea515ae917ff0d402a7bb ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:00:58.0248 4076 RpcEptMapper - ok
22:00:58.0305 4076 [ d5ba242d4cf8e384db90e6a8ed850b8c ] RpcLocator C:\Windows\system32\locator.exe
22:00:58.0309 4076 RpcLocator - ok
22:00:58.0334 4076 [ 7266972e86890e2b30c0c322e906b027 ] RpcSs C:\Windows\system32\rpcss.dll
22:00:58.0339 4076 RpcSs - ok
22:00:58.0409 4076 [ ddc86e4f8e7456261e637e3552e804ff ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:00:58.0412 4076 rspndr - ok
22:00:58.0495 4076 [ ee082e06a82ff630351d1e0ebbd3d8d0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
22:00:58.0501 4076 RTL8167 - ok
22:00:58.0512 4076 [ 156f6159457d0aa7e59b62681b56eb90 ] SamSs C:\Windows\system32\lsass.exe
22:00:58.0516 4076 SamSs - ok
22:00:58.0530 4076 [ e3bbb89983daf5622c1d50cf49f28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
22:00:58.0533 4076 sbp2port - ok
22:00:58.0645 4076 [ 794d4b48dfb6e999537c7c3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
22:00:58.0653 4076 SBSDWSCService - ok
22:00:58.0706 4076 [ 9b7395789e3791a3b6d000fe6f8b131e ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:00:58.0725 4076 SCardSvr - ok
22:00:58.0740 4076 [ c94da20c7e3ba1dca269bc8460d98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:00:58.0742 4076 scfilter - ok
22:00:58.0814 4076 [ 624d0f5ff99428bb90a5b8a4123e918e ] Schedule C:\Windows\system32\schedsvc.dll
22:00:58.0825 4076 Schedule - ok
22:00:58.0880 4076 [ 312e2f82af11e79906898ac3e3d58a1f ] SCPolicySvc C:\Windows\System32\certprop.dll
22:00:58.0882 4076 SCPolicySvc - ok
22:00:58.0944 4076 [ 84e00908975faf79e91282ed8fb88c2f ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
22:00:58.0946 4076 sdbus - ok
22:00:58.0967 4076 [ 765a27c3279ce11d14cb9e4f5869fca5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:00:58.0989 4076 SDRSVC - ok
22:00:59.0149 4076 [ 3ea8a16169c26afbeb544e0e48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:00:59.0177 4076 secdrv - ok
22:00:59.0277 4076 [ 463b386ebc70f98da5dff85f7e654346 ] seclogon C:\Windows\system32\seclogon.dll
22:00:59.0282 4076 seclogon - ok
22:00:59.0525 4076 [ c32ab8fa018ef34c0f113bd501436d21 ] SENS C:\Windows\system32\sens.dll
22:00:59.0530 4076 SENS - ok
22:00:59.0597 4076 [ 0336cffafaab87a11541f1cf1594b2b2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:00:59.0601 4076 SensrSvc - ok
22:00:59.0620 4076 [ cb624c0035412af0debec78c41f5ca1b ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
22:00:59.0622 4076 Serenum - ok
22:00:59.0640 4076 [ c1d8e28b2c2adfaec4ba89e9fda69bd6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
22:00:59.0642 4076 Serial - ok
22:00:59.0654 4076 [ 1c545a7d0691cc4a027396535691c3e3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
22:00:59.0655 4076 sermouse - ok
22:00:59.0682 4076 [ c3bc61ce47ff6f4e88ab8a3b429a36af ] SessionEnv C:\Windows\system32\sessenv.dll
22:00:59.0687 4076 SessionEnv - ok
22:00:59.0737 4076 [ a554811bcd09279536440c964ae35bbf ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
22:00:59.0739 4076 sffdisk - ok
22:00:59.0786 4076 [ ff414f0baefeba59bc6c04b3db0b87bf ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
22:00:59.0787 4076 sffp_mmc - ok
22:00:59.0802 4076 [ 178298f767fe638c9fedcbdef58bb5e4 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
22:00:59.0804 4076 sffp_sd - ok
22:00:59.0816 4076 [ a9d601643a1647211a1ee2ec4e433ff4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
22:00:59.0818 4076 sfloppy - ok
22:00:59.0905 4076 [ c6cc9297bd53e5229653303e556aa539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
22:00:59.0914 4076 Sftfs - ok
22:01:00.0019 4076 [ 13693b6354dd6e72dc5131da7d764b90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
22:01:00.0041 4076 sftlist - ok
22:01:00.0098 4076 [ 390aa7bc52cee43f6790cdea1e776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
22:01:00.0102 4076 Sftplay - ok
22:01:00.0114 4076 [ 617e29a0b0a2807466560d4c4e338d3e ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
22:01:00.0116 4076 Sftredir - ok
22:01:00.0158 4076 [ beb504962e36d6f368ebfc702a659e09 ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
22:01:00.0163 4076 SftService - ok
22:01:00.0179 4076 [ 8f571f016fa1976f445147e9e6c8ae9b ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
22:01:00.0185 4076 Sftvol - ok
22:01:00.0197 4076 [ c3cddd18f43d44ab713cf8c4916f7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
22:01:00.0201 4076 sftvsa - ok
22:01:00.0274 4076 [ b95f6501a2f8b2e78c697fec401970ce ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:01:00.0278 4076 SharedAccess - ok
22:01:00.0340 4076 [ 0298ac45d0efffb2db4baa7dd186e7bf ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:01:00.0346 4076 ShellHWDetection - ok
22:01:00.0399 4076 [ 843caf1e5fde1ffd5ff768f23a51e2e1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:01:00.0402 4076 SiSRaid2 - ok
22:01:00.0418 4076 [ 6a6c106d42e9ffff8b9fcb4f754f6da4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
22:01:00.0420 4076 SiSRaid4 - ok
22:01:00.0481 4076 [ 548260a7b8654e024dc30bf8a7c5baa4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:01:00.0483 4076 Smb - ok
22:01:00.0537 4076 [ 6313f223e817cc09aa41811daa7f541d ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:01:00.0541 4076 SNMPTRAP - ok
22:01:00.0551 4076 [ b9e31e5cacdfe584f34f730a677803f9 ] spldr C:\Windows\system32\drivers\spldr.sys
22:01:00.0553 4076 spldr - ok
22:01:00.0614 4076 [ f8e1fa03cb70d54a9892ac88b91d1e7b ] Spooler C:\Windows\System32\spoolsv.exe
22:01:00.0622 4076 Spooler - ok
22:01:00.0683 4076 [ 913d843498553a1bc8f8dbad6358e49f ] sppsvc C:\Windows\system32\sppsvc.exe
22:01:00.0740 4076 sppsvc - ok
22:01:00.0753 4076 [ 93d7d61317f3d4bc4f4e9f8a96a7de45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
22:01:00.0757 4076 sppuinotify - ok
22:01:00.0841 4076 [ 602884696850c86434530790b110e8eb ] sptd C:\Windows\System32\Drivers\sptd.sys
22:01:00.0862 4076 sptd - ok
22:01:00.0920 4076 [ 2408c0366d96bcdf63e8f1c78e4a29c5 ] srv C:\Windows\system32\DRIVERS\srv.sys
22:01:00.0925 4076 srv - ok
22:01:00.0995 4076 [ 76548f7b818881b47d8d1ae1be9c11f8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:01:01.0001 4076 srv2 - ok
22:01:01.0055 4076 [ 0af6e19d39c70844c5caa8fb0183c36e ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:01:01.0058 4076 srvnet - ok
22:01:01.0120 4076 [ 51b52fbd583cde8aa9ba62b8b4298f33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:01:01.0126 4076 SSDPSRV - ok
22:01:01.0182 4076 [ ab7aebf58dad8daab7a6c45e6a8885cb ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:01:01.0187 4076 SstpSvc - ok
22:01:01.0239 4076 [ f3817967ed533d08327dc73bc4d5542a ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
22:01:01.0242 4076 stexstor - ok
22:01:01.0308 4076 [ caf5a9708671b14b9670260735b22c4e ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
22:01:01.0315 4076 STHDA - ok
22:01:01.0368 4076 [ 52d0e33b681bd0f33fdc08812fee4f7d ] stisvc C:\Windows\System32\wiaservc.dll
22:01:01.0377 4076 stisvc - ok
22:01:01.0461 4076 [ 6525ee4b66cd3ba7a7e8122900ff23f1 ] SWDUMon C:\Windows\system32\DRIVERS\SWDUMon.sys
22:01:01.0463 4076 SWDUMon - ok
22:01:01.0483 4076 [ d01ec09b6711a5f8e7e6564a4d0fbc90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
22:01:01.0485 4076 swenum - ok
22:01:01.0508 4076 [ e08e46fdd841b7184194011ca1955a0b ] swprv C:\Windows\System32\swprv.dll
22:01:01.0534 4076 swprv - ok
22:01:01.0587 4076 [ 39d4b4343ba70e4b32c4531bd075b9f6 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
22:01:01.0592 4076 SynTP - ok
22:01:01.0683 4076 [ 3c1284516a62078fb68f768de4f1a7be ] SysMain C:\Windows\system32\sysmain.dll
22:01:01.0698 4076 SysMain - ok
22:01:01.0710 4076 [ 238935c3cf2854886dc7cbb2a0e2cc66 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:01:01.0716 4076 TabletInputService - ok
22:01:01.0732 4076 [ 884264ac597b690c5707c89723bb8e7b ] TapiSrv C:\Windows\System32\tapisrv.dll
22:01:01.0737 4076 TapiSrv - ok
22:01:01.0753 4076 [ 1be03ac720f4d302ea01d40f588162f6 ] TBS C:\Windows\System32\tbssvc.dll
22:01:01.0759 4076 TBS - ok
22:01:01.0853 4076 [ 624c5b3aa4c99b3184bb922d9ece3ff0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:01:01.0872 4076 Tcpip - ok
22:01:01.0915 4076 [ 624c5b3aa4c99b3184bb922d9ece3ff0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
22:01:01.0925 4076 TCPIP6 - ok
22:01:01.0971 4076 [ 76d078af6f587b162d50210f761eb9ed ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:01:01.0973 4076 tcpipreg - ok
22:01:01.0991 4076 [ 3371d21011695b16333a3934340c4e7c ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:01:01.0993 4076 TDPIPE - ok
22:01:02.0044 4076 [ 7518f7bcfd4b308abc9192bacaf6c970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:01:02.0046 4076 TDTCP - ok
22:01:02.0060 4076 [ 079125c4b17b01fcaeebce0bcb290c0f ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:01:02.0063 4076 tdx - ok
22:01:02.0077 4076 [ c448651339196c0e869a355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
22:01:02.0094 4076 TermDD - ok
22:01:02.0153 4076 [ 0f05ec2887bfe197ad82a13287d2f404 ] TermService C:\Windows\System32\termsrv.dll
22:01:02.0165 4076 TermService - ok
22:01:02.0182 4076 [ f0344071948d1a1fa732231785a0664c ] Themes C:\Windows\system32\themeservice.dll
22:01:02.0185 4076 Themes - ok
22:01:02.0237 4076 [ e40e80d0304a73e8d269f7141d77250b ] THREADORDER C:\Windows\system32\mmcss.dll
22:01:02.0240 4076 THREADORDER - ok
22:01:02.0257 4076 [ 7e7afd841694f6ac397e99d75cead49d ] TrkWks C:\Windows\System32\trkwks.dll
22:01:02.0262 4076 TrkWks - ok
22:01:02.0363 4076 [ 840f7fb849f5887a49ba18c13b2da920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:01:02.0366 4076 TrustedInstaller - ok
22:01:02.0386 4076 [ 61b96c26131e37b24e93327a0bd1fb95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:01:02.0389 4076 tssecsrv - ok
22:01:02.0450 4076 [ 3836171a2cdf3af8ef10856db9835a70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:01:02.0453 4076 tunnel - ok
22:01:02.0530 4076 [ 825e7a1f48fb8bcfba27c178aab4e275 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys
22:01:02.0532 4076 TurboB - ok
22:01:02.0574 4076 [ b206be1174d5964d49a56bb6c4e0524a ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe
22:01:02.0576 4076 TurboBoost - ok
22:01:02.0626 4076 [ b4dd609bd7e282bfc683cec7eaaaad67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
22:01:02.0630 4076 uagp35 - ok
22:01:02.0684 4076 [ 31ba4a33afab6a69ea092b18017f737f ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:01:02.0688 4076 udfs - ok
22:01:02.0744 4076 [ 3cbdec8d06b9968aba702eba076364a1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:01:02.0749 4076 UI0Detect - ok
22:01:02.0791 4076 [ 4bfe1bc28391222894cbf1e7d0e42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
22:01:02.0793 4076 uliagpkx - ok
22:01:02.0849 4076 [ eab6c35e62b1b0db0d1b48b671d3a117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
22:01:02.0851 4076 umbus - ok
22:01:02.0867 4076 [ b2e8e8cb557b156da5493bbddcc1474d ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
22:01:02.0869 4076 UmPass - ok
22:01:02.0974 4076 [ 765f2dd351ba064f657751d8d75e58c0 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
22:01:02.0989 4076 UNS - ok
22:01:03.0015 4076 [ d47ec6a8e81633dd18d2436b19baf6de ] upnphost C:\Windows\System32\upnphost.dll
22:01:03.0023 4076 upnphost - ok
22:01:03.0089 4076 [ fb251567f41bc61988b26731dec19e4b ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
22:01:03.0091 4076 USBAAPL64 - ok
22:01:03.0141 4076 [ 537a4e03d7103c12d42dfd8ffdb5bdc9 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:01:03.0143 4076 usbccgp - ok
22:01:03.0195 4076 [ af0892a803fdda7492f595368e3b68e7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
22:01:03.0198 4076 usbcir - ok
22:01:03.0212 4076 [ fbb21ebe49f6d560db37ac25fbc68e66 ] usbehci C:\Windows\system32\drivers\usbehci.sys
22:01:03.0214 4076 usbehci - ok
22:01:03.0267 4076 [ 6b7a8a99c4a459e73c286a6763ea24cc ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:01:03.0272 4076 usbhub - ok
22:01:03.0285 4076 [ 8c88aa7617b4cbc2e4bed61d26b33a27 ] usbohci C:\Windows\system32\drivers\usbohci.sys
22:01:03.0287 4076 usbohci - ok
22:01:03.0340 4076 [ 73188f58fb384e75c4063d29413cee3d ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
22:01:03.0343 4076 usbprint - ok
22:01:03.0393 4076 [ aaa2513c8aed8b54b189fd0c6b1634c0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
22:01:03.0395 4076 usbscan - ok
22:01:03.0422 4076 [ f39983647bc1f3e6100778ddfe9dce29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:01:03.0447 4076 USBSTOR - ok
22:01:03.0466 4076 [ 0b5b3b2df3fd1709618acfa50b8392b0 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
22:01:03.0468 4076 usbuhci - ok
22:01:03.0532 4076 [ 7cb8c573c6e4a2714402cc0a36eab4fe ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
22:01:03.0535 4076 usbvideo - ok
22:01:03.0587 4076 [ edbb23cbcf2cdf727d64ff9b51a6070e ] UxSms C:\Windows\System32\uxsms.dll
22:01:03.0593 4076 UxSms - ok
22:01:03.0603 4076 [ 156f6159457d0aa7e59b62681b56eb90 ] VaultSvc C:\Windows\system32\lsass.exe
22:01:03.0606 4076 VaultSvc - ok
22:01:03.0652 4076 [ c5c876ccfc083ff3b128f933823e87bd ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
22:01:03.0654 4076 vdrvroot - ok
22:01:03.0675 4076 [ 44d73e0bbc1d3c8981304ba15135c2f2 ] vds C:\Windows\System32\vds.exe
22:01:03.0685 4076 vds - ok
22:01:03.0739 4076 [ da4da3f5e02943c2dc8c6ed875de68dd ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:01:03.0741 4076 vga - ok
22:01:03.0762 4076 [ 53e92a310193cb3c03bea963de7d9cfc ] VgaSave C:\Windows\System32\drivers\vga.sys
22:01:03.0764 4076 VgaSave - ok
22:01:03.0783 4076 [ c82e748660f62a242b2dfac1442f22a4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
22:01:03.0787 4076 vhdmp - ok
22:01:03.0833 4076 [ e5689d93ffe4e5d66c0178761240dd54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
22:01:03.0835 4076 viaide - ok
22:01:03.0855 4076 [ 2b1a3dae2b4e70dbba822b7a03fbd4a3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
22:01:03.0857 4076 volmgr - ok
22:01:03.0874 4076 [ 99b0cbb569ca79acaed8c91461d765fb ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:01:03.0880 4076 volmgrx - ok
22:01:03.0893 4076 [ 58f82eed8ca24b461441f9c3e4f0bf5c ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
22:01:03.0898 4076 volsnap - ok
22:01:03.0949 4076 [ 5e2016ea6ebaca03c04feac5f330d997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
22:01:03.0952 4076 vsmraid - ok
22:01:03.0991 4076 [ 787898bf9fb6d7bd87a36e2d95c899ba ] VSS C:\Windows\system32\vssvc.exe
22:01:04.0012 4076 VSS - ok
22:01:04.0134 4076 [ 56e1e4442e4613fb2039a6b7421f4e58 ] vToolbarUpdater11.0.2 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
22:01:04.0140 4076 vToolbarUpdater11.0.2 - ok
22:01:04.0193 4076 [ 36d4720b72b5c5d9cb2b9c29e9df67a1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
22:01:04.0196 4076 vwifibus - ok
22:01:04.0260 4076 [ 6a3d66263414ff0d6fa754c646612f3f ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
22:01:04.0262 4076 vwififlt - ok
22:01:04.0275 4076 [ 6a638fc4bfddc4d9b186c28c91bd1a01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
22:01:04.0277 4076 vwifimp - ok
22:01:04.0331 4076 [ 1c9d80cc3849b3788048078c26486e1a ] W32Time C:\Windows\system32\w32time.dll
22:01:04.0340 4076 W32Time - ok
22:01:04.0359 4076 [ 4e9440f4f152a7b944cb1663d3935a3e ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
22:01:04.0361 4076 WacomPen - ok
22:01:04.0418 4076 [ 47ca49400643effd3f1c9a27e1d69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
22:01:04.0421 4076 WANARP - ok
22:01:04.0426 4076 [ 47ca49400643effd3f1c9a27e1d69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:01:04.0428 4076 Wanarpv6 - ok
22:01:04.0561 4076 [ 3cec96de223e49eaae3651fcf8faea6c ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
22:01:04.0573 4076 WatAdminSvc - ok
22:01:04.0616 4076 [ 5ab1bb85bd8b5089cc5d64200dedae68 ] wbengine C:\Windows\system32\wbengine.exe
22:01:04.0640 4076 wbengine - ok
22:01:04.0657 4076 [ 3aa101e8edab2db4131333f4325c76a3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
22:01:04.0663 4076 WbioSrvc - ok
22:01:04.0723 4076 [ dd1bae8ebfc653824d29ccf8c9054d68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:01:04.0730 4076 wcncsvc - ok
22:01:04.0742 4076 [ 20f7441334b18cee52027661df4a6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:01:04.0762 4076 WcsPlugInService - ok
22:01:04.0790 4076 [ 72889e16ff12ba0f235467d6091b17dc ] Wd C:\Windows\system32\DRIVERS\wd.sys
22:01:04.0792 4076 Wd - ok
22:01:04.0831 4076 [ 441bd2d7b4f98134c3a4f9fa570fd250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:01:04.0839 4076 Wdf01000 - ok
22:01:04.0885 4076 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:01:04.0889 4076 WdiServiceHost - ok
22:01:04.0894 4076 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:01:04.0898 4076 WdiSystemHost - ok
22:01:04.0954 4076 [ 733006127f235be7c35354ebee7b9a7b ] WebClient C:\Windows\System32\webclnt.dll
22:01:04.0961 4076 WebClient - ok
22:01:04.0996 4076 [ c749025a679c5103e575e3b48e092c43 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:01:05.0002 4076 Wecsvc - ok
22:01:05.0024 4076 [ 7e591867422dc788b9e5bd337a669a08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:01:05.0029 4076 wercplsupport - ok
22:01:05.0080 4076 [ 6d137963730144698cbd10f202e9f251 ] WerSvc C:\Windows\System32\WerSvc.dll
22:01:05.0084 4076 WerSvc - ok
22:01:05.0133 4076 [ 611b23304bf067451a9fdee01fbdd725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
22:01:05.0135 4076 WfpLwf - ok
22:01:05.0166 4076 [ b14ef15bd757fa488f9c970eee9c0d35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
22:01:05.0169 4076 WimFltr - ok
22:01:05.0185 4076 [ 05ecaec3e4529a7153b3136ceb49f0ec ] WIMMount C:\Windows\system32\drivers\wimmount.sys
22:01:05.0186 4076 WIMMount - ok
22:01:05.0271 4076 WinDefend - ok
22:01:05.0281 4076 WinHttpAutoProxySvc - ok
22:01:05.0381 4076 [ 19b07e7e8915d701225da41cb3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:01:05.0384 4076 Winmgmt - ok
22:01:05.0470 4076 [ 41fbb751936b387f9179e7f03a74fe29 ] WinRM C:\Windows\system32\WsmSvc.dll
22:01:05.0497 4076 WinRM - ok
22:01:05.0626 4076 [ 4d52c872018af7e18d078978dcc3f6f2 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
22:01:05.0628 4076 WinUsb - ok
22:01:05.0693 4076 [ 4fada86e62f18a1b2f42ba18ae24e6aa ] Wlansvc C:\Windows\System32\wlansvc.dll
22:01:05.0702 4076 Wlansvc - ok
22:01:05.0880 4076 [ 2bacd71123f42cea603f4e205e1ae337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:01:05.0902 4076 wlidsvc - ok
22:01:05.0966 4076 [ f6ff8944478594d0e414d3f048f0d778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
22:01:05.0967 4076 WmiAcpi - ok
22:01:06.0024 4076 [ 38b84c94c5a8af291adfea478ae54f93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:01:06.0027 4076 wmiApSrv - ok
22:01:06.0089 4076 WMPNetworkSvc - ok
22:01:06.0100 4076 [ 96c6e7100d724c69fcf9e7bf590d1dca ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:01:06.0104 4076 WPCSvc - ok
22:01:06.0114 4076 [ 2e57ddf2880a7e52e76f41c7e96d327b ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:01:06.0118 4076 WPDBusEnum - ok
22:01:06.0130 4076 [ 6bcc1d7d2fd2453957c5479a32364e52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:01:06.0131 4076 ws2ifsl - ok
22:01:06.0210 4076 [ 8f9f3969933c02da96eb0f84576db43e ] wscsvc C:\Windows\system32\wscsvc.dll
22:01:06.0214 4076 wscsvc - ok
22:01:06.0281 4076 [ 8d918b1db190a4d9b1753a66fa8c96e8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
22:01:06.0293 4076 WSDPrintDevice - ok
22:01:06.0352 4076 [ 4a2a5c50dd1a63577d3aca94269fbc7f ] WSDScan C:\Windows\system32\DRIVERS\WSDScan.sys
22:01:06.0354 4076 WSDScan - ok
22:01:06.0359 4076 WSearch - ok
22:01:06.0488 4076 [ d9ef901dca379cfe914e9fa13b73b4c4 ] wuauserv C:\Windows\system32\wuaueng.dll
22:01:06.0506 4076 wuauserv - ok
22:01:06.0577 4076 [ c63907207b837a5c05cf6d1606aa0008 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:01:06.0580 4076 WudfPf - ok
22:01:06.0643 4076 [ d885a873d733020f8b9b9ff4b1666158 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:01:06.0647 4076 WUDFRd - ok
22:01:06.0668 4076 [ 27b9bee5aac00139e3a3af5d6227a0dc ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:01:06.0672 4076 wudfsvc - ok
22:01:06.0731 4076 [ 9a3452b3c2a46c073166c5cf49fad1ae ] WwanSvc C:\Windows\System32\wwansvc.dll
22:01:06.0747 4076 WwanSvc - ok
22:01:06.0794 4076 ================ Scan global ===============================
22:01:06.0830 4076 (ba0cd8c393e8c9f83354106093832c7b) C:\Windows\system32\basesrv.dll
22:01:06.0887 4076 (0cb6ebf4b461a6043353c570bd72a1e1) C:\Windows\system32\winsrv.dll
22:01:06.0898 4076 (0cb6ebf4b461a6043353c570bd72a1e1) C:\Windows\system32\winsrv.dll
22:01:06.0953 4076 (d6160f9d869ba3af0b787f971db56368) C:\Windows\system32\sxssrv.dll
22:01:06.0983 4076 (24acb7e5be595468e3b9aa488b9b4fcb) C:\Windows\system32\services.exe
22:01:06.0988 4076 [Global] - ok
22:01:06.0988 4076 ================ Scan MBR ==================================
22:01:06.0991 4076 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
22:01:07.0005 4076 Suspicious mbr (Forged): \Device\Harddisk0\DR0
22:01:07.0088 4076 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
22:01:07.0088 4076 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
22:01:07.0089 4076 ================ Scan VBR ==================================
22:01:07.0091 4076 Boot (0x1200) (4c86d15fb6933e12f9da362e34d26775) \Device\Harddisk0\DR0\Partition1
22:01:07.0093 4076 \Device\Harddisk0\DR0\Partition1 - ok
22:01:07.0105 4076 Boot (0x1200) (430bb04e6dca26796bf795f5dd285463) \Device\Harddisk0\DR0\Partition2
22:01:07.0106 4076 \Device\Harddisk0\DR0\Partition2 - ok
22:01:07.0107 4076 ============================================================
22:01:07.0107 4076 Scan finished
22:01:07.0107 4076 ============================================================
22:01:07.0117 1304 Detected object count: 1
22:01:07.0117 1304 Actual detected object count: 1
22:01:18.0016 1304 \Device\Harddisk0\DR0\# - copied to quarantine
22:01:18.0018 1304 \Device\Harddisk0\DR0 - copied to quarantine
22:01:18.0732 1304 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
22:01:18.0742 1304 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
22:01:18.0759 1304 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
22:01:26.0211 1304 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
22:01:26.0326 1304 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
22:01:26.0426 1304 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
22:01:26.0514 1304 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
22:01:26.0516 1304 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
22:01:26.0520 1304 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
22:01:26.0525 1304 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
22:01:26.0624 1304 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
22:01:26.0718 1304 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
22:01:26.0722 1304 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
22:01:26.0726 1304 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
22:01:26.0793 1304 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
22:01:26.0808 1304 \Device\Harddisk0\DR0 - ok
22:01:27.0177 1304 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
22:01:41.0364 4672 Deinitialize success







2nd TDS log

22:04:54.0090 5116 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
22:04:55.0494 5116 ============================================================
22:04:55.0494 5116 Current date / time: 2012/08/18 22:04:55.0494
22:04:55.0494 5116 SystemInfo:
22:04:55.0494 5116
22:04:55.0494 5116 OS Version: 6.1.7600 ServicePack: 0.0
22:04:55.0494 5116 Product type: Workstation
22:04:55.0494 5116 ComputerName: COMPUTER
22:04:55.0494 5116 UserName: Jay
22:04:55.0494 5116 Windows directory: C:\Windows
22:04:55.0494 5116 System windows directory: C:\Windows
22:04:55.0494 5116 Running under WOW64
22:04:55.0494 5116 Processor architecture: Intel x64
22:04:55.0494 5116 Number of processors: 4
22:04:55.0494 5116 Page size: 0x1000
22:04:55.0494 5116 Boot type: Normal boot
22:04:55.0494 5116 ============================================================
22:05:05.0970 5116 BG loaded
22:05:06.0585 5116 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:05:06.0731 5116 ============================================================
22:05:06.0731 5116 \Device\Harddisk0\DR0:
22:05:06.0733 5116 MBR partitions:
22:05:06.0733 5116 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
22:05:06.0733 5116 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x38625830
22:05:06.0733 5116 ============================================================
22:05:06.0808 5116 C: <-> \Device\Harddisk0\DR0\Partition2
22:05:06.0808 5116 ============================================================
22:05:06.0808 5116 Initialize success
22:05:06.0808 5116 ============================================================
22:07:22.0911 5072 Deinitialize success







aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-19 10:02:08
-----------------------------
10:02:08.577 OS Version: Windows x64 6.1.7600
10:02:08.577 Number of processors: 4 586 0x2502
10:02:08.579 ComputerName: COMPUTER UserName: Jay
10:02:11.197 Initialize success
10:02:11.372 AVAST engine defs: 12081900
10:02:32.424 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
10:02:32.426 Disk 0 Vendor: TOSHIBA_MK5056GSY LH003D Size: 476940MB BusType: 11
10:02:32.470 Disk 0 MBR read successfully
10:02:32.472 Disk 0 MBR scan
10:02:32.475 Disk 0 Windows VISTA default MBR code
10:02:32.478 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
10:02:32.489 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 81920
10:02:32.502 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461899 MB offset 30801920
10:02:32.515 Disk 0 scanning C:\Windows\system32\drivers
10:02:45.999 Service scanning
10:03:21.327 Modules scanning
10:03:21.334 Disk 0 trace - called modules:
10:03:21.372 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
10:03:21.722 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004ccf790]
10:03:21.736 3 CLASSPNP.SYS[fffff8800199243f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80049c71f0]
10:03:23.976 AVAST engine scan C:\Windows
10:03:28.942 AVAST engine scan C:\Windows\system32
10:06:32.517 AVAST engine scan C:\Windows\system32\drivers
10:06:48.801 AVAST engine scan C:\Users\Jay
10:32:48.867 AVAST engine scan C:\ProgramData
10:41:07.651 Scan finished successfully
10:49:13.827 Disk 0 MBR has been saved successfully to "C:\Users\Jay\Desktop\MBR.dat"
10:49:13.843 The log file has been saved successfully to "C:\Users\Jay\Desktop\aswMBR.txt"





Farbar Service Scanner Version: 06-08-2012
Ran by Jay (administrator) on 19-08-2012 at 11:08:39
Running from "C:\Users\Jay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LEZIK8YN"
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend: "%ProgramFiles(x86)%\Windows Defender\mpsvc.dll".


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2012-02-15 07:53] - [2011-12-27 23:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-10 19:22] - [2012-03-30 07:09] - 1895280 ____A (Microsoft Corporation) 624C5B3AA4C99B3184BB922D9ECE3FF0

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll
[2009-07-13 20:09] - [2009-07-13 21:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2009-07-13 19:36] - [2009-07-13 21:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2012-06-13 22:19] - [2012-04-24 01:59] - 0182272 ____A (Microsoft Corporation) F02786B66375292E58C8777082D4396D

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#14 Splatle

Splatle
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:42 AM

Posted 19 August 2012 - 12:49 PM

Small edit to the prior post. I was able to update windows.

#15 nasdaq

nasdaq

  • Malware Response Team
  • 39,202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:42 AM

Posted 19 August 2012 - 12:59 PM

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist.

BITS service (Background Intelligent Transfer Service) is required to run in order to update Windows. It's been fixed.

===

As requested in my first post please download and run these tools,
Security Check
AdwCleaner


Post the logs for my review.

Let me know what problem persists.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users