Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pls help: AVG finds Trojan horse Dropper.Generic_c.MMI in services.exe


  • This topic is locked This topic is locked
16 replies to this topic

#1 aragonian

aragonian

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 10 August 2012 - 08:14 AM

Dear gurus,

I desperately need your help. I tried to remove a trojan that was first detected by Avira with no luck. Then I tried AVG, no luck. I tried to follow some of the posts here but they seem to be personalized. Please help.

AVG reports:

"";"C:\Windows\System32\services.exe";"Trojan horse Dropper.Generic_c.MMI";"Object is white-listed (critical/system file that should not be removed)"

Running:
Microsoft Windows 7 Enterprise
Motherboard: ASUSTeK Computer INC. | | SABERTOOTH P67
Processor: Intel® Core™ i7-2600K CPU @ 3.40GHz | LGA1155 | 3401/100mhz


DDS:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_32
Run by H at 15:56:08 on 2012-08-10
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.358.1033.18.8169.5355 [GMT 3:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\IProsetMonitor.exe
C:\Windows\SysWOW64\nPStarterSVC.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\SysWOW64\npnj5Agent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Users\H\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
E:\Adobe\Acrobat 9\Acrobat\acrotray.exe
E:\Mionix\NAOS_Monitor.EXE
E:\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
E:\Cyberlink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
E:\Logitech\LWS\Webcam Software\LWS.exe
E:\Cyberlink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
E:\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\H\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Users\H\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LULnchr.exe
C:\Users\H\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LogitechUpdate.exe
E:\ESET\x86\ekrn.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG\AVG2012\avgui.exe
C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=localhost:8118
uURLSearchHooks: SearchHook Class: {bc86e1ab-eda5-4059-938f-ce307b0c6f0a} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - E:\Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - E:\Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [BCSSync] "E:\Office\Office14\BCSSync.exe" /DelayServices
mRun: [Adobe Acrobat Speed Launcher] "E:\Adobe\Acrobat 9\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "E:\Adobe\Acrobat 9\Acrobat\Acrotray.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Mionix NAOS 5000] "E:\Mionix\NAOS_Monitor.EXE"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [VirtualCloneDrive] "E:\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [UpdatePSTShortCut] "E:\Cyberlink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "E:\Cyberlink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [UpdatePPShortCut] "E:\Cyberlink\PowerProducer\MUITransfer\MUIStartMenu.exe" "E:\Cyberlink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
mRun: [UpdateP2GoShortCut] "E:\Cyberlink\Power2Go\MUITransfer\MUIStartMenu.exe" "E:\Cyberlink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [UCam_Menu] "E:\Cyberlink\YouCam\MUITransfer\MUIStartMenu.exe" "E:\Cyberlink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\1.0"
mRun: [RemoteControl9] E:\Cyberlink\PowerDVD9\PDVD9Serv.exe
mRun: [MDS_Menu] "E:\Cyberlink\MediaShow4\MUITransfer\MUIStartMenu.exe" "E:\Cyberlink\MediaShow4" UpdateWithCreateOnce "Software\CyberLink\MediaShow\4.1"
mRun: [LWS] E:\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [CLMLServer] "E:\Cyberlink\Power2Go\CLMLSvc.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
StartupFolder: C:\Users\H\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\H\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\H\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - E:\Logitech\Ereg\eReg.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - E:\Office\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - E:\Office\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - E:\Office\Office14\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - E:\Office\Office14\ONBttnIELinkedNotes.dll
LSP: mswsock.dll
DPF: {39FC0CF9-86F3-4502-B773-D16706EDEC83} - hxxp://www.softcamp.co.kr/scsk/cab/SCSK4_WOW64.cab
DPF: {477D5B9A-6479-44F8-9718-9340119B0308} - hxxp://www.hanabank.com/resource/download/veraport/down/veraport20.cab
DPF: {51B1D5ED-67DC-43F0-A3F8-8502F1A5E404} - hxxp://update.nprotect.net/nprotect2007/samsungcard/npstarter_77111.cab
DPF: {62076E39-043C-4A5A-BF17-D8A2128ACD93} - hxxp://pib.wooribank.com/com/installer/interezen/WRebw.cab
DPF: {646232F1-8C70-4806-9499-BA01A59FDA74} - hxxps://www.yessign.or.kr/main/yessignCert/yessign7.cab
DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38} - hxxp://bank.keb.co.kr/XecureObject/CKKeyPro3026_32k.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {77CDF0B2-CDD6-4624-8BC5-0673695457D3} - hxxps://www.yessign.or.kr/main/yessignCert/yessign7CMP.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {967386A1-409E-431A-A93A-FB5FEFF86A58} - hxxp://bank.keb.co.kr/veraport/veraport.cab
DPF: {B33FEBDC-FF38-4D0F-9C76-58C4733947AD} - hxxp://bank.keb.co.kr/activex/AxSignGATE_vista.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - hxxp://update.nprotect.net/keycrypt/samsungcard/npkcx_1106141.cab
DPF: {F939FEB8-9518-4A4A-BE60-D10FFB9557F2} - hxxp://download.kbstar.com/security/nprotect/netizenv55/npenkIEInstall5.cab
TCP: DhcpNameServer = 192.168.0.254
TCP: Interfaces\{B0CBCF43-C27E-4EB5-A2B4-02B85EFB2E1F} : DhcpNameServer = 192.168.0.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: s-http - {D37E6C5F-1C0F-47C0-A3B6-403EEC555402} - C:\Program Files (x86)\Initech\SHTTP\InitechSHTTPInterface.11010.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Name-Space Handler: http\s-http - {D37E6C5F-1C0F-47C0-A3B6-403EEC555402} - C:\Program Files (x86)\Initech\SHTTP\InitechSHTTPInterface.11010.dll
AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - E:\Office\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
BHO-X64: uTorrentControl2 - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Office\Office14\GROOVEEX.DLL
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - E:\Office\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun-x64: [BCSSync] "E:\Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [Adobe Acrobat Speed Launcher] "E:\Adobe\Acrobat 9\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "E:\Adobe\Acrobat 9\Acrobat\Acrotray.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Mionix NAOS 5000] "E:\Mionix\NAOS_Monitor.EXE"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [VirtualCloneDrive] "E:\VirtualCloneDrive\VCDDaemon.exe" /s
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [UpdatePSTShortCut] "E:\Cyberlink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "E:\Cyberlink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun-x64: [UpdatePPShortCut] "E:\Cyberlink\PowerProducer\MUITransfer\MUIStartMenu.exe" "E:\Cyberlink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
mRun-x64: [UpdateP2GoShortCut] "E:\Cyberlink\Power2Go\MUITransfer\MUIStartMenu.exe" "E:\Cyberlink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [UCam_Menu] "E:\Cyberlink\YouCam\MUITransfer\MUIStartMenu.exe" "E:\Cyberlink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\1.0"
mRun-x64: [RemoteControl9] E:\Cyberlink\PowerDVD9\PDVD9Serv.exe
mRun-x64: [MDS_Menu] "E:\Cyberlink\MediaShow4\MUITransfer\MUIStartMenu.exe" "E:\Cyberlink\MediaShow4" UpdateWithCreateOnce "Software\CyberLink\MediaShow\4.1"
mRun-x64: [LWS] E:\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun-x64: [CLMLServer] "E:\Cyberlink\Power2Go\CLMLSvc.exe"
mRun-x64: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun-x64: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
AppInit_DLLs-X64: C:\Windows\SysWOW64\guard32.dll
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - E:\Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\H\AppData\Roaming\Mozilla\Firefox\Profiles\02bpcrnz.default\
FF - prefs.js: browser.startup.homepage - hxxps://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=http://mail.google.com/mail/&scc=1&ltmpl=default&ltmplcache=2
FF - plugin: C:\Program Files (x86)\AhnLab\ASP\Components\aosmgr\npaosmgr.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Interezen\Plugins\NPI3GManager.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\SoftForum\XecureWeb\ActiveX\npxwebplugin.dll
FF - plugin: C:\Program Files (x86)\SoftForum\XecureWeb\ActiveX\npxwebplugin_file.dll
FF - plugin: C:\Program Files (x86)\Wizvera\Delfino\npdelfinoplugin.dll
FF - plugin: C:\Program Files (x86)\Wizvera\Veraport20\npveraport20.dll
FF - plugin: C:\Users\H\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Users\H\AppData\Local\nProtect\npEfdsWCtrl\npEfdsWPlugin.dll
FF - plugin: C:\Users\H\AppData\Local\nProtect\npEfdsWCtrl\npLogCollectorw.dll
FF - plugin: C:\Users\H\AppData\Roaming\Mozilla\Firefox\Profiles\02bpcrnz.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\plugins\np-mswmp.dll
FF - plugin: C:\Users\H\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\H\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\system32\npCmn.dll
FF - plugin: C:\Windows\system32\npdeployJava1.dll
FF - plugin: C:\Windows\system32\npEfdsWCtrl.dll
FF - plugin: C:\Windows\system32\npeutilex.dll
FF - plugin: C:\Windows\system32\nPFW.dll
FF - plugin: C:\Windows\system32\nPFWFlt.dll
FF - plugin: C:\Windows\system32\nPFWFltU.dll
FF - plugin: C:\Windows\system32\nPFWU.dll
FF - plugin: C:\Windows\system32\npidsx.dll
FF - plugin: C:\Windows\system32\npidsxU.dll
FF - plugin: C:\Windows\system32\npkcrypt.dll
FF - plugin: C:\Windows\system32\npKeyPro.dll
FF - plugin: C:\Windows\system32\npkpdb.dll
FF - plugin: C:\Windows\system32\npmproxy.dll
FF - plugin: C:\Windows\system32\npOrdInstruct.dll
FF - plugin: C:\Windows\system32\npstarterctrl.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
FF - plugin: C:\Windows\SysWOW64\npCmn.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npEfdsWCtrl.dll
FF - plugin: C:\Windows\SysWOW64\npeutilex.dll
FF - plugin: C:\Windows\SysWOW64\nPFW.dll
FF - plugin: C:\Windows\SysWOW64\nPFWFlt.dll
FF - plugin: C:\Windows\SysWOW64\nPFWFltU.dll
FF - plugin: C:\Windows\SysWOW64\nPFWU.dll
FF - plugin: C:\Windows\SysWOW64\npidsx.dll
FF - plugin: C:\Windows\SysWOW64\npidsxU.dll
FF - plugin: C:\Windows\SysWOW64\npkcrypt.dll
FF - plugin: C:\Windows\SysWOW64\npKeyPro.dll
FF - plugin: C:\Windows\SysWOW64\npkpdb.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - plugin: C:\Windows\SysWOW64\npOrdInstruct.dll
FF - plugin: C:\Windows\SysWOW64\npstarterctrl.dll
FF - plugin: E:\Adobe\Acrobat 9\Acrobat\Air\nppdf32.dll
FF - plugin: E:\Adobe\Acrobat 9\Acrobat\browser\nppdf32.dll
FF - plugin: E:\Office\Office14\NPAUTHZ.DLL
FF - plugin: E:\Office\Office14\NPSPWRAP.DLL
FF - plugin: E:\Picasa\Picasa3\npPicasa3.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 mv91xx;mv91xx;C:\Windows\system32\DRIVERS\mv91xx.sys --> C:\Windows\system32\DRIVERS\mv91xx.sys [?]
R1 AMonTDLH;AMonTDLH;\??\C:\Windows\system32\Drivers\AMonTDLH.sys --> C:\Windows\system32\Drivers\AMonTDLH.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys --> C:\Windows\system32\DRIVERS\cmdguard.sys [?]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys --> C:\Windows\system32\DRIVERS\cmdhlp.sys [?]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-7-4 5160568]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]
R2 ekrn;ESET Service;"C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe" --> C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [?]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-10-24 13336]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe --> C:\Windows\system32\IProsetMonitor.exe [?]
R2 nPStarterSVC;nProtect Starter;C:\Windows\System32\npstartersvc.exe [2011-10-26 250145]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-2-24 2348352]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-9 382272]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-8-19 450848]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]
R3 JRSUKD25;JRSUKD25;\??\C:\Windows\system32\JRSUKD25.SYS --> C:\Windows\system32\JRSUKD25.SYS [?]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
R3 LVUVC64;Logitech HD Webcam C270(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\Windows\system32\DRIVERS\ManyCam_x64.sys --> C:\Windows\system32\DRIVERS\ManyCam_x64.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
S?4 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\system32\DRIVERS\EpfwLWF.sys --> C:\Windows\system32\DRIVERS\EpfwLWF.sys [?]
S0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
S2 CLKMSVC10_6B71DF9C;CyberLink Product - 2011/11/13 22:17:26;E:\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe [2010-5-14 246256]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;E:\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-15 250056]
S3 CdmDrvNt;CdmDrvNt;\??\C:\Windows\system32\Drivers\CdmDrvNt.sys --> C:\Windows\system32\Drivers\CdmDrvNt.sys [?]
S3 kcrtx64;kcrtx64;\??\C:\Windows\system32\kcrtx64.sys --> C:\Windows\system32\kcrtx64.sys [?]
S3 MfFWEnt;MfFWEnt;C:\Program Files\AhnLab\ASP\MyFirewall 4.0\mffwent.sys [2011-11-21 126072]
S3 MfIPSEnt;MfIPSEnt;C:\Program Files\AhnLab\ASP\MyFirewall 4.0\mfipsent.sys [2011-11-21 155256]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;E:\Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-26 113120]
S3 NPIDS;NPIDS;C:\Windows\System32\NPIdsVt64.sys [2011-10-25 54880]
S3 npkcft64;npkcft64;C:\Windows\SysWOW64\npkcft64.sys [2012-8-1 48960]
S3 npkuft64;npkuft64;C:\Windows\SysWOW64\npkuft64.sys [2012-8-1 47936]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 FreemakeVideoCapture;FreemakeVideoCapture;E:\Freemake\CaptureLib\CaptureLibService.exe [2011-12-1 8704]
.
=============== Created Last 30 ================
.
2012-08-10 12:00:54 -------- d-----w- C:\Users\H\AppData\Roaming\AVG2012
2012-08-10 12:00:24 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2012-08-10 12:00:21 -------- d--h--w- C:\$AVG
2012-08-10 12:00:21 -------- d-----w- C:\Windows\System32\drivers\AVG
2012-08-10 12:00:21 -------- d-----w- C:\ProgramData\AVG2012
2012-08-10 12:00:12 -------- d-----w- C:\Program Files (x86)\AVG
2012-08-10 11:58:23 -------- d--h--w- C:\ProgramData\Common Files
2012-08-10 11:58:23 -------- d-----w- C:\ProgramData\MFAData
2012-08-10 11:36:18 -------- d-----w- C:\Program Files\ESET
2012-08-10 10:47:28 -------- d-----w- C:\Program Files (x86)\ESET
2012-08-10 10:42:28 -------- d-----w- C:\Users\H\AppData\Roaming\f-secure
2012-08-10 10:42:23 -------- d-----w- C:\ProgramData\F-Secure
2012-08-10 10:31:01 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-10 10:24:38 278 ----a-w- C:\fix.bat
2012-08-09 07:12:42 138320 ----a-r- C:\Windows\SysWow64\CKAgent.exe
2012-08-09 07:12:42 137128 ----a-r- C:\Windows\System32\CKAgent.exe
2012-08-01 09:20:49 209216 ----a-w- C:\Windows\SysWow64\npkcmsvc.exe
2012-08-01 09:20:48 48960 ----a-w- C:\Windows\SysWow64\npkcft64.sys
2012-08-01 09:20:48 47936 ----a-w- C:\Windows\SysWow64\npkuft64.sys
2012-08-01 09:20:48 214624 ----a-w- C:\Windows\SysWow64\npkcbk64.exe
2012-07-28 17:18:26 -------- d-----w- C:\Program Files (x86)\VideoLAN
2012-07-28 17:04:51 -------- d-----w- C:\Users\H\AppData\Local\Macromedia
2012-07-28 16:04:59 -------- d-----w- C:\Users\H\AppData\Roaming\xsecva
2012-07-28 15:21:48 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-07-28 15:21:45 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-07-28 15:21:45 186752 ----a-w- C:\Windows\System32\wuwebv.dll
.
==================== Find3M ====================
.
2012-08-09 07:16:08 373640 ----a-w- C:\Windows\SysWow64\SCSKUSB64Restarter.exe
2012-08-09 07:15:42 40848 ----a-w- C:\Windows\SysWow64\drivers\scskusbs.sys
2012-08-09 07:15:42 18832 ----a-w- C:\Windows\SysWow64\drivers\scskusbf.sys
2012-08-09 07:12:42 19016 ----a-w- C:\Windows\System32\JRSUKD25.SYS
2012-08-09 07:12:42 141848 ----a-w- C:\Windows\System32\kcrtx64.sys
2012-08-03 14:30:08 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-03 14:30:08 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
.
============= FINISH: 15:59:06,79 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:11 AM

Posted 11 August 2012 - 01:26 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 aragonian

aragonian
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 11 August 2012 - 04:27 AM

Hi Gringo,

thanks for your quick response! I really appreciate it.

I followed your instructions and below are the reports.

The computer is running OK, more or less as usually. There have been some random hitches. A lag here or there but nothing that I thought was completely untypical for M$...

To let you know, I used to have Avira but uninstalled it. When I ran Combofix it detected that Avira real time protection was enabled. I tried to disable it but since I didn't it find it anywhere, I had to proceed with Combofix scan. (How to get rid off it? and which software to use?)

Oh, and the strange language in the Combofix log is Finnish... It detected language automatically but I assume you know what's what, but in case I should translate something, let me know.



Security check log

Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Avira Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java™ 6 Update 32
Java version out of Date!
Mozilla Firefox (14.0.1)
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgtray.exe
Comodo Firewall cmdagent.exe
Comodo Firewall cfp.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 47% Defragment your hard drive soon!
````````````````````End of Log``````````````````````



Combofix log

ComboFix 12-08-09.01 - H 11.08.2012 12:10:59.1.8 - x64
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.358.1033.18.8169.6349 [GMT 3:00]
Sijainti: e:\[desk]\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\H\AppData\Local\TempDIR
c:\users\H\AppData\Local\TempDIR\BetterInstaller.exe
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\SysWow64\CKAgent.dat
c:\windows\SysWow64\npkpdb.dll
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
Saastunut kopio tiedostosta c:\windows\system32\Services.exe löytyi ja poistettiin
Puhdas kopio palautettiin paikasta - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ajurit/Palvelut )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
.
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2012-07-11 to 2012-08-11 )))))))))))))))))
.
.
2012-08-11 09:13 . 2012-08-11 09:13 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-08-11 09:13 . 2012-08-11 09:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-10 16:27 . 2012-08-11 09:04 41527 ----a-w- c:\windows\SysWow64\epfwdata.bin
2012-08-10 12:00 . 2012-08-10 12:00 -------- d-----w- c:\users\H\AppData\Roaming\AVG2012
2012-08-10 12:00 . 2012-08-10 12:00 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-08-10 12:00 . 2012-08-11 08:38 -------- d-----w- c:\windows\system32\drivers\AVG
2012-08-10 12:00 . 2012-08-10 12:12 -------- d-----w- c:\programdata\AVG2012
2012-08-10 12:00 . 2012-08-10 12:00 -------- d-----w- C:\$AVG
2012-08-10 12:00 . 2012-08-10 12:00 -------- d-----w- c:\program files (x86)\AVG
2012-08-10 11:58 . 2012-08-11 08:38 -------- d-----w- c:\programdata\MFAData
2012-08-10 11:58 . 2012-08-10 11:58 -------- d--h--w- c:\programdata\Common Files
2012-08-10 11:36 . 2012-08-10 11:36 -------- d-----w- c:\program files\ESET
2012-08-10 10:47 . 2012-08-10 10:47 -------- d-----w- c:\program files (x86)\ESET
2012-08-10 10:42 . 2012-08-10 10:42 -------- d-----w- c:\users\H\AppData\Roaming\f-secure
2012-08-10 10:42 . 2012-08-10 10:42 -------- d-----w- c:\programdata\F-Secure
2012-08-10 10:31 . 2012-08-10 10:31 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-10 10:24 . 2012-08-10 10:24 278 ----a-w- C:\fix.bat
2012-08-09 07:12 . 2012-08-09 07:12 138320 ----a-r- c:\windows\SysWow64\CKAgent.exe
2012-08-09 07:12 . 2012-08-09 07:12 137128 ----a-r- c:\windows\system32\CKAgent.exe
2012-08-01 09:20 . 2012-08-01 09:20 209216 ----a-w- c:\windows\SysWow64\npkcmsvc.exe
2012-08-01 09:20 . 2012-08-01 09:20 48960 ----a-w- c:\windows\SysWow64\npkcft64.sys
2012-08-01 09:20 . 2012-08-01 09:20 47936 ----a-w- c:\windows\SysWow64\npkuft64.sys
2012-08-01 09:20 . 2012-08-01 09:20 214624 ----a-w- c:\windows\SysWow64\npkcbk64.exe
2012-07-28 17:18 . 2012-07-28 17:18 -------- d-----w- c:\program files (x86)\VideoLAN
2012-07-28 17:04 . 2012-07-28 17:04 -------- d-----w- c:\users\H\AppData\Local\Macromedia
2012-07-28 16:04 . 2012-08-09 06:39 -------- d-----w- c:\users\H\AppData\Roaming\xsecva
2012-07-28 15:21 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-07-28 15:21 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-07-28 15:21 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-07-28 15:21 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-07-28 15:21 . 2012-06-02 12:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-07-28 15:21 . 2012-06-02 12:15 36864 ----a-w- c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-09 07:16 . 2011-10-26 18:31 373640 ----a-w- c:\windows\SysWow64\SCSKUSB64Restarter.exe
2012-08-09 07:15 . 2012-05-06 20:49 40848 ----a-w- c:\windows\SysWow64\drivers\scskusbs.sys
2012-08-09 07:15 . 2012-05-06 20:49 18832 ----a-w- c:\windows\SysWow64\drivers\scskusbf.sys
2012-08-09 07:12 . 2011-10-25 06:34 19016 ----a-w- c:\windows\system32\JRSUKD25.SYS
2012-08-09 07:12 . 2011-10-25 06:34 141848 ----a-w- c:\windows\system32\kcrtx64.sys
2012-08-03 14:30 . 2012-04-15 08:24 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-03 14:30 . 2011-10-24 15:57 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\uTorrentControl2\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\H\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\H\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\H\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\H\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-07-28 1193176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-05 283160]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"BCSSync"="e:\office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe Acrobat Speed Launcher"="e:\adobe\Acrobat 9\Acrobat\Acrobat_sl.exe" [2012-03-27 40376]
"Acrobat Assistant 8.0"="e:\adobe\Acrobat 9\Acrobat\Acrotray.exe" [2012-03-26 640440]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Mionix NAOS 5000"="e:\mionix\NAOS_Monitor.EXE" [2010-01-05 184320]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-07 421736]
"VirtualCloneDrive"="e:\virtualclonedrive\VCDDaemon.exe" [2011-03-07 89456]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"UpdatePSTShortCut"="e:\cyberlink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" [2010-06-02 222504]
"UpdatePPShortCut"="e:\cyberlink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"UpdateP2GoShortCut"="e:\cyberlink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"UCam_Menu"="e:\cyberlink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-17 218408]
"RemoteControl9"="e:\cyberlink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"MDS_Menu"="e:\cyberlink\MediaShow4\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"LWS"="e:\logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336]
"CLMLServer"="e:\cyberlink\Power2Go\CLMLSvc.exe" [2009-12-15 103720]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2010-05-14 75048]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-26 375000]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
.
c:\users\H\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\H\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
Logitech . Tuotteen rekisteröinti.lnk - e:\logitech\Ereg\eReg.exe [2009-11-16 517384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 CLKMSVC10_6B71DF9C;CyberLink Product - 2011/11/13 22:17;e:\cyberlink\PowerDVD9\NavFilter\kmsvc.exe [2010-05-14 246256]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-10 2348352]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 250056]
R3 JRSKD24;JRSKD24;c:\windows\system32\JRSKD24.SYS [x]
R3 kcrtx64;kcrtx64;c:\windows\system32\kcrtx64.sys [2012-08-09 141848]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;e:\office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-02 113120]
R3 NPIDS;NPIDS;c:\windows\system32\NpIdsVt64.sys [2010-09-07 54880]
R3 npkcft64;npkcft64;c:\windows\SysWOW64\npkcft64.sys [2012-08-01 48960]
R3 npkuft64;npkuft64;c:\windows\SysWOW64\npkuft64.sys [2012-08-01 47936]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 scskusbs;USB SCSK Driver Service;syswow64\drivers\scskusbs.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-25 1255736]
R4 FreemakeVideoCapture;FreemakeVideoCapture;e:\freemake\CaptureLib\CaptureLibService.exe [2011-11-24 8704]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [2010-11-22 303408]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2011-12-19 577824]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2011-12-19 43248]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-07-04 5160568]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2010-08-12 133800]
S2 nPStarterSVC;nProtect Starter;c:\windows\system32\nPStarterSVC.exe [x]
S2 SkypeUpdate;Skype Updater;e:\skype\Updater\Updater.exe [2012-07-13 160944]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-09 382272]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-08-19 450848]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [2010-09-21 313520]
S3 JRSUKD25;JRSUKD25;c:\windows\system32\JRSUKD25.SYS [2012-08-09 19016]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2011-08-19 351136]
S3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2011-08-19 4869024]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [2008-03-13 27136]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-01-17 188224]
S3 scskusbf;USB SCSK Filter Driver Service;syswow64\drivers\scskusbf.sys [x]
.
.
--- Muut muistissa olevat ajurit/palvelut ---
.
*NewlyCreated* - AVGIDSHA
*NewlyCreated* - WS2IFSL
*Deregistered* - CLKMDRV10_6B71DF9C
.
'Ajoitetut tehtävät'-kansion sisältö
.
2012-08-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 14:30]
.
2012-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2251180479-1136751103-97254505-1000Core.job
- c:\users\H\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-20 08:54]
.
2012-08-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2251180479-1136751103-97254505-1000UA.job
- c:\users\H\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-20 08:54]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\H\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\H\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\H\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\H\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11545192]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-12-21 9454920]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"combofix"="c:\combofix\CF5147.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Täydentävä tarkistus -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=localhost:8118
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - e:\office\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - e:\office\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.254
DPF: {477D5B9A-6479-44F8-9718-9340119B0308} - hxxp://www.hanabank.com/resource/download/veraport/down/veraport20.cab
DPF: {51B1D5ED-67DC-43F0-A3F8-8502F1A5E404} - hxxp://update.nprotect.net/nprotect2007/samsungcard/npstarter_77111.cab
DPF: {62076E39-043C-4A5A-BF17-D8A2128ACD93} - hxxp://pib.wooribank.com/com/installer/interezen/WRebw.cab
DPF: {646232F1-8C70-4806-9499-BA01A59FDA74} - hxxps://www.yessign.or.kr/main/yessignCert/yessign7.cab
DPF: {77CDF0B2-CDD6-4624-8BC5-0673695457D3} - hxxps://www.yessign.or.kr/main/yessignCert/yessign7CMP.cab
DPF: {967386A1-409E-431A-A93A-FB5FEFF86A58} - hxxp://bank.keb.co.kr/veraport/veraport.cab
DPF: {B33FEBDC-FF38-4D0F-9C76-58C4733947AD} - hxxp://bank.keb.co.kr/activex/AxSignGATE_vista.cab
DPF: {F939FEB8-9518-4A4A-BE60-D10FFB9557F2} - hxxp://download.kbstar.com/security/nprotect/netizenv55/npenkIEInstall5.cab
FF - ProfilePath - c:\users\H\AppData\Roaming\Mozilla\Firefox\Profiles\02bpcrnz.default\
FF - prefs.js: browser.startup.homepage - hxxps://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=http://mail.google.com/mail/&scc=1&ltmpl=default&ltmplcache=2
.
- - - - POISTETUT JÄMÄRIVIT - - - -
.
SafeBoot-51059349.sys
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
AddRemove-AxSignGATE - c:\windows\system32\uninst.exe
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
AddRemove-npn5 - c:\windows\system32\npn5uninst.exe
AddRemove-SoftcampSCSK - c:\windows\system32\UnSCSK.exe
AddRemove-UnINISafeWeb7 - c:\windows\system32\UnINIS70.exe
AddRemove-VeraPort - c:\windows\system32\VeraPortUninstall.exe
AddRemove-XecureCK - c:\windows\system32\CKSetup32.exe
AddRemove-yessign7ActiveX - c:\windows\system32\yessign7Clear.exe
AddRemove-Ekapeli-Sujuvuus - c:\windows\system32\javaws.exe
.
.
.
--------------------- LUKITUT REKISTERIAVAIMET ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Muut prosessit ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\nPStarterSVC.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\npnj5Agent.exe
.
**************************************************************************
.
Valmistumisajankohta: 2012-08-11 12:16:02 - kone käynnistettiin uudelleen
ComboFix-quarantined-files.txt 2012-08-11 09:16
.
Ennen ajoa: 6 825 533 440 bytes free
Ajon jälkeen: 8 328 052 736 bytes free
.
- - End Of File - - 79061EABD25523BD4424A587FA4D79D6

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:11 AM

Posted 11 August 2012 - 04:58 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 aragonian

aragonian
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 11 August 2012 - 06:06 AM

Hi there,

I followed your instructions and below the results. With awsMBR I ran quick scan and also separately C drive (windows and some programs) as well as E drive (some programs). Below are all logs. Seems some problem in C drive.


TDDSKiller

13:40:30.0887 5580 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
13:40:30.0902 5580 ============================================================
13:40:30.0902 5580 Current date / time: 2012/08/11 13:40:30.0902
13:40:30.0902 5580 SystemInfo:
13:40:30.0902 5580
13:40:30.0902 5580 OS Version: 6.1.7601 ServicePack: 1.0
13:40:30.0902 5580 Product type: Workstation
13:40:30.0902 5580 ComputerName: H-PC
13:40:30.0902 5580 UserName: H
13:40:30.0902 5580 Windows directory: C:\Windows
13:40:30.0902 5580 System windows directory: C:\Windows
13:40:30.0902 5580 Running under WOW64
13:40:30.0902 5580 Processor architecture: Intel x64
13:40:30.0902 5580 Number of processors: 8
13:40:30.0902 5580 Page size: 0x1000
13:40:30.0902 5580 Boot type: Normal boot
13:40:30.0902 5580 ============================================================
13:40:37.0142 5580 Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000048
13:40:37.0142 5580 Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:40:37.0158 5580 Drive \Device\Harddisk1\DR1 - Size: 0x950AF4DE00 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:40:37.0158 5580 ============================================================
13:40:37.0158 5580 \Device\Harddisk2\DR2:
13:40:37.0158 5580 MBR partitions:
13:40:37.0158 5580 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
13:40:37.0158 5580 \Device\Harddisk0\DR0:
13:40:37.0158 5580 MBR partitions:
13:40:37.0158 5580 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
13:40:37.0158 5580 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xEE49000
13:40:37.0158 5580 \Device\Harddisk1\DR1:
13:40:37.0158 5580 MBR partitions:
13:40:37.0158 5580 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x61A7000
13:40:37.0173 5580 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x61A79A5, BlocksNum 0xC43E68A
13:40:37.0173 5580 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x125E606E, BlocksNum 0x186A241A
13:40:37.0189 5580 \Device\Harddisk1\DR1\Partition3: MBR, Type 0x7, StartLBA 0x2AC884C7, BlocksNum 0x1FBCE9FA
13:40:37.0189 5580 ============================================================
13:40:37.0205 5580 C: <-> \Device\Harddisk0\DR0\Partition1
13:40:37.0251 5580 F: <-> \Device\Harddisk1\DR1\Partition1
13:40:37.0283 5580 G: <-> \Device\Harddisk1\DR1\Partition2
13:40:37.0298 5580 H: <-> \Device\Harddisk1\DR1\Partition3
13:40:37.0314 5580 I: <-> \Device\Harddisk2\DR2\Partition0
13:40:37.0361 5580 E: <-> \Device\Harddisk1\DR1\Partition0
13:40:37.0361 5580 ============================================================
13:40:37.0361 5580 Initialize success
13:40:37.0361 5580 ============================================================
13:40:42.0212 6104 ============================================================
13:40:42.0212 6104 Scan started
13:40:42.0212 6104 Mode: Manual;
13:40:42.0212 6104 ============================================================
13:40:42.0353 6104 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
13:40:42.0368 6104 1394ohci - ok
13:40:42.0368 6104 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
13:40:42.0384 6104 ACPI - ok
13:40:42.0384 6104 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
13:40:42.0384 6104 AcpiPmi - ok
13:40:42.0415 6104 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:40:42.0431 6104 AdobeFlashPlayerUpdateSvc - ok
13:40:42.0446 6104 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
13:40:42.0446 6104 adp94xx - ok
13:40:42.0462 6104 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
13:40:42.0462 6104 adpahci - ok
13:40:42.0477 6104 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
13:40:42.0477 6104 adpu320 - ok
13:40:42.0493 6104 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
13:40:42.0493 6104 AeLookupSvc - ok
13:40:42.0509 6104 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
13:40:42.0509 6104 AFD - ok
13:40:42.0524 6104 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
13:40:42.0524 6104 agp440 - ok
13:40:42.0524 6104 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
13:40:42.0524 6104 ALG - ok
13:40:42.0524 6104 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
13:40:42.0524 6104 aliide - ok
13:40:42.0540 6104 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
13:40:42.0540 6104 amdide - ok
13:40:42.0540 6104 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
13:40:42.0540 6104 AmdK8 - ok
13:40:42.0540 6104 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
13:40:42.0540 6104 AmdPPM - ok
13:40:42.0555 6104 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
13:40:42.0555 6104 amdsata - ok
13:40:42.0555 6104 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
13:40:42.0571 6104 amdsbs - ok
13:40:42.0571 6104 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
13:40:42.0571 6104 amdxata - ok
13:40:42.0571 6104 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
13:40:42.0571 6104 AppID - ok
13:40:42.0587 6104 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
13:40:42.0587 6104 AppIDSvc - ok
13:40:42.0587 6104 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
13:40:42.0587 6104 Appinfo - ok
13:40:42.0602 6104 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:40:42.0602 6104 Apple Mobile Device - ok
13:40:42.0618 6104 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
13:40:42.0618 6104 AppMgmt - ok
13:40:42.0618 6104 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
13:40:42.0618 6104 arc - ok
13:40:42.0618 6104 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
13:40:42.0618 6104 arcsas - ok
13:40:42.0633 6104 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
13:40:42.0633 6104 AsyncMac - ok
13:40:42.0633 6104 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
13:40:42.0633 6104 atapi - ok
13:40:42.0649 6104 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:40:42.0649 6104 AudioEndpointBuilder - ok
13:40:42.0665 6104 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:40:42.0665 6104 AudioSrv - ok
13:40:42.0821 6104 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
13:40:42.0836 6104 AVGIDSAgent - ok
13:40:42.0867 6104 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys
13:40:42.0867 6104 AVGIDSDriver - ok
13:40:42.0867 6104 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys
13:40:42.0883 6104 AVGIDSFilter - ok
13:40:42.0883 6104 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys
13:40:42.0883 6104 AVGIDSHA - ok
13:40:42.0883 6104 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
13:40:42.0899 6104 Avgldx64 - ok
13:40:42.0899 6104 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
13:40:42.0899 6104 Avgmfx64 - ok
13:40:42.0899 6104 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
13:40:42.0899 6104 Avgrkx64 - ok
13:40:42.0914 6104 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS\avgtdia.sys
13:40:42.0914 6104 Avgtdia - ok
13:40:42.0930 6104 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
13:40:42.0930 6104 avgwd - ok
13:40:42.0945 6104 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
13:40:42.0945 6104 AxInstSV - ok
13:40:42.0961 6104 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
13:40:42.0961 6104 b06bdrv - ok
13:40:42.0977 6104 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
13:40:42.0977 6104 b57nd60a - ok
13:40:42.0977 6104 BCUService (7ed4e1d2e124ad4e6a287cf49dbc9bba) C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
13:40:42.0977 6104 BCUService - ok
13:40:42.0992 6104 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
13:40:42.0992 6104 BDESVC - ok
13:40:42.0992 6104 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
13:40:42.0992 6104 Beep - ok
13:40:43.0008 6104 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
13:40:43.0023 6104 BFE - ok
13:40:43.0023 6104 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
13:40:43.0023 6104 blbdrive - ok
13:40:43.0039 6104 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
13:40:43.0039 6104 Bonjour Service - ok
13:40:43.0055 6104 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
13:40:43.0055 6104 bowser - ok
13:40:43.0055 6104 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:40:43.0055 6104 BrFiltLo - ok
13:40:43.0055 6104 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:40:43.0055 6104 BrFiltUp - ok
13:40:43.0055 6104 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
13:40:43.0055 6104 BridgeMP - ok
13:40:43.0070 6104 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
13:40:43.0070 6104 Browser - ok
13:40:43.0086 6104 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
13:40:43.0086 6104 Brserid - ok
13:40:43.0086 6104 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
13:40:43.0086 6104 BrSerWdm - ok
13:40:43.0086 6104 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:40:43.0086 6104 BrUsbMdm - ok
13:40:43.0086 6104 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
13:40:43.0086 6104 BrUsbSer - ok
13:40:43.0101 6104 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
13:40:43.0101 6104 BTHMODEM - ok
13:40:43.0101 6104 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
13:40:43.0101 6104 bthserv - ok
13:40:43.0133 6104 Cardex (2bd001601496ae87f7cb86f1fcd6f1ec) C:\Windows\SysWOW64\drivers\TBPANELX64.SYS
13:40:43.0133 6104 Cardex - ok
13:40:43.0133 6104 catchme - ok
13:40:43.0133 6104 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
13:40:43.0133 6104 cdfs - ok
13:40:43.0148 6104 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
13:40:43.0148 6104 cdrom - ok
13:40:43.0164 6104 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
13:40:43.0164 6104 CertPropSvc - ok
13:40:43.0164 6104 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
13:40:43.0164 6104 circlass - ok
13:40:43.0179 6104 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
13:40:43.0179 6104 CLFS - ok
13:40:43.0257 6104 CLKMSVC10_6B71DF9C (fe1c81a049e5c5d67c4ab7c31c899f6f) E:\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe
13:40:43.0257 6104 CLKMSVC10_6B71DF9C - ok
13:40:43.0273 6104 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:40:43.0273 6104 clr_optimization_v2.0.50727_32 - ok
13:40:43.0289 6104 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:40:43.0289 6104 clr_optimization_v2.0.50727_64 - ok
13:40:43.0289 6104 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:40:43.0289 6104 clr_optimization_v4.0.30319_32 - ok
13:40:43.0304 6104 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:40:43.0304 6104 clr_optimization_v4.0.30319_64 - ok
13:40:43.0320 6104 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
13:40:43.0320 6104 CmBatt - ok
13:40:43.0398 6104 cmdAgent (30c4806eafd05f84a3b1323c49bd82d8) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
13:40:43.0413 6104 cmdAgent - ok
13:40:43.0460 6104 cmdGuard (efd76d1c9a28b75ff05b23cb0e7f79cd) C:\Windows\system32\DRIVERS\cmdguard.sys
13:40:43.0460 6104 cmdGuard - ok
13:40:43.0460 6104 cmdHlp (4b5b1688ab86ebced4bef8d337e9a722) C:\Windows\system32\DRIVERS\cmdhlp.sys
13:40:43.0460 6104 cmdHlp - ok
13:40:43.0476 6104 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
13:40:43.0476 6104 cmdide - ok
13:40:43.0491 6104 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
13:40:43.0491 6104 CNG - ok
13:40:43.0491 6104 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
13:40:43.0491 6104 Compbatt - ok
13:40:43.0491 6104 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
13:40:43.0491 6104 CompositeBus - ok
13:40:43.0491 6104 COMSysApp - ok
13:40:43.0507 6104 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
13:40:43.0507 6104 crcdisk - ok
13:40:43.0507 6104 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
13:40:43.0507 6104 CryptSvc - ok
13:40:43.0523 6104 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
13:40:43.0523 6104 CSC - ok
13:40:43.0554 6104 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
13:40:43.0554 6104 CscService - ok
13:40:43.0569 6104 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
13:40:43.0569 6104 DcomLaunch - ok
13:40:43.0585 6104 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
13:40:43.0585 6104 defragsvc - ok
13:40:43.0601 6104 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
13:40:43.0601 6104 DfsC - ok
13:40:43.0616 6104 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
13:40:43.0616 6104 Dhcp - ok
13:40:43.0616 6104 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
13:40:43.0616 6104 discache - ok
13:40:43.0616 6104 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
13:40:43.0616 6104 Disk - ok
13:40:43.0632 6104 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
13:40:43.0632 6104 Dnscache - ok
13:40:43.0647 6104 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
13:40:43.0647 6104 dot3svc - ok
13:40:43.0647 6104 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
13:40:43.0647 6104 DPS - ok
13:40:43.0647 6104 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
13:40:43.0647 6104 drmkaud - ok
13:40:43.0679 6104 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
13:40:43.0679 6104 DXGKrnl - ok
13:40:43.0694 6104 e1cexpress (6bafd9819d9fec2edbaebc8493c711a4) C:\Windows\system32\DRIVERS\e1c62x64.sys
13:40:43.0694 6104 e1cexpress - ok
13:40:43.0710 6104 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
13:40:43.0710 6104 EapHost - ok
13:40:43.0803 6104 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
13:40:43.0850 6104 ebdrv - ok
13:40:43.0881 6104 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
13:40:43.0881 6104 EFS - ok
13:40:43.0897 6104 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
13:40:43.0913 6104 ehRecvr - ok
13:40:43.0928 6104 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
13:40:43.0928 6104 ehSched - ok
13:40:43.0928 6104 ekrn - ok
13:40:43.0944 6104 ElbyCDIO (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
13:40:43.0944 6104 ElbyCDIO - ok
13:40:43.0959 6104 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
13:40:43.0959 6104 elxstor - ok
13:40:43.0975 6104 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
13:40:43.0975 6104 ErrDev - ok
13:40:43.0991 6104 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
13:40:43.0991 6104 EventSystem - ok
13:40:44.0006 6104 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
13:40:44.0006 6104 exfat - ok
13:40:44.0022 6104 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
13:40:44.0022 6104 fastfat - ok
13:40:44.0037 6104 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
13:40:44.0053 6104 Fax - ok
13:40:44.0053 6104 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
13:40:44.0053 6104 fdc - ok
13:40:44.0053 6104 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
13:40:44.0069 6104 fdPHost - ok
13:40:44.0069 6104 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
13:40:44.0069 6104 FDResPub - ok
13:40:44.0069 6104 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
13:40:44.0069 6104 FileInfo - ok
13:40:44.0069 6104 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
13:40:44.0069 6104 Filetrace - ok
13:40:44.0084 6104 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
13:40:44.0084 6104 flpydisk - ok
13:40:44.0084 6104 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
13:40:44.0084 6104 FltMgr - ok
13:40:44.0131 6104 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
13:40:44.0131 6104 FontCache - ok
13:40:44.0147 6104 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:40:44.0147 6104 FontCache3.0.0.0 - ok
13:40:44.0178 6104 FreemakeVideoCapture (93b5cd0ac126be95f65b28af3d9542dc) E:\Freemake\CaptureLib\CaptureLibService.exe
13:40:44.0178 6104 FreemakeVideoCapture - ok
13:40:44.0193 6104 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
13:40:44.0193 6104 FsDepends - ok
13:40:44.0193 6104 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
13:40:44.0193 6104 Fs_Rec - ok
13:40:44.0209 6104 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
13:40:44.0209 6104 fvevol - ok
13:40:44.0209 6104 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:40:44.0225 6104 gagp30kx - ok
13:40:44.0225 6104 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:40:44.0225 6104 GEARAspiWDM - ok
13:40:44.0256 6104 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
13:40:44.0256 6104 gpsvc - ok
13:40:44.0271 6104 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
13:40:44.0271 6104 gusvc - ok
13:40:44.0271 6104 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
13:40:44.0271 6104 hcw85cir - ok
13:40:44.0287 6104 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
13:40:44.0303 6104 HdAudAddService - ok
13:40:44.0303 6104 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
13:40:44.0303 6104 HDAudBus - ok
13:40:44.0303 6104 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
13:40:44.0318 6104 HidBatt - ok
13:40:44.0318 6104 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
13:40:44.0318 6104 HidBth - ok
13:40:44.0318 6104 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
13:40:44.0318 6104 HidIr - ok
13:40:44.0318 6104 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
13:40:44.0318 6104 hidserv - ok
13:40:44.0334 6104 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
13:40:44.0334 6104 HidUsb - ok
13:40:44.0334 6104 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
13:40:44.0334 6104 hkmsvc - ok
13:40:44.0349 6104 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
13:40:44.0349 6104 HomeGroupListener - ok
13:40:44.0349 6104 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
13:40:44.0365 6104 HomeGroupProvider - ok
13:40:44.0365 6104 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
13:40:44.0365 6104 HpSAMD - ok
13:40:44.0381 6104 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
13:40:44.0396 6104 HTTP - ok
13:40:44.0396 6104 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
13:40:44.0396 6104 hwpolicy - ok
13:40:44.0396 6104 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
13:40:44.0412 6104 i8042prt - ok
13:40:44.0412 6104 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\DRIVERS\iaStor.sys
13:40:44.0412 6104 iaStor - ok
13:40:44.0427 6104 IAStorDataMgrSvc (8fff9083252c16fe3960173722605e9e) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
13:40:44.0427 6104 IAStorDataMgrSvc - ok
13:40:44.0443 6104 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
13:40:44.0443 6104 iaStorV - ok
13:40:44.0474 6104 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:40:44.0490 6104 idsvc - ok
13:40:44.0490 6104 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
13:40:44.0490 6104 iirsp - ok
13:40:44.0521 6104 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
13:40:44.0537 6104 IKEEXT - ok
13:40:44.0537 6104 inspect (efff0afd27cc97bf0e5e0bab78419de7) C:\Windows\system32\DRIVERS\inspect.sys
13:40:44.0537 6104 inspect - ok
13:40:44.0630 6104 IntcAzAudAddService (dab7318ccfa8081200d5b7b486793f74) C:\Windows\system32\drivers\RTKVHD64.sys
13:40:44.0646 6104 IntcAzAudAddService - ok
13:40:44.0677 6104 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
13:40:44.0677 6104 intelide - ok
13:40:44.0677 6104 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
13:40:44.0677 6104 intelppm - ok
13:40:44.0693 6104 Intel® PROSet Monitoring Service (068ec06f3b6dd7b81b365d8fd2ce27e6) C:\Windows\system32\IProsetMonitor.exe
13:40:44.0693 6104 Intel® PROSet Monitoring Service - ok
13:40:44.0693 6104 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
13:40:44.0693 6104 IPBusEnum - ok
13:40:44.0708 6104 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:40:44.0708 6104 IpFilterDriver - ok
13:40:44.0724 6104 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
13:40:44.0724 6104 iphlpsvc - ok
13:40:44.0739 6104 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
13:40:44.0739 6104 IPMIDRV - ok
13:40:44.0739 6104 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
13:40:44.0739 6104 IPNAT - ok
13:40:44.0771 6104 iPod Service (46d249f9db7844cc01050a9345f0f61b) C:\Program Files\iPod\bin\iPodService.exe
13:40:44.0786 6104 iPod Service - ok
13:40:44.0786 6104 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
13:40:44.0786 6104 IRENUM - ok
13:40:44.0786 6104 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
13:40:44.0786 6104 isapnp - ok
13:40:44.0802 6104 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
13:40:44.0802 6104 iScsiPrt - ok
13:40:44.0802 6104 JRAID (a577f5db30f70eca9708c07c2eacbd9d) C:\Windows\system32\DRIVERS\jraid.sys
13:40:44.0802 6104 JRAID - ok
13:40:44.0802 6104 JRSKD24 - ok
13:40:44.0817 6104 JRSUKD25 (2394a1e91c924d638d496879b9b6b38e) C:\Windows\system32\JRSUKD25.SYS
13:40:44.0817 6104 JRSUKD25 - ok
13:40:44.0817 6104 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
13:40:44.0817 6104 kbdclass - ok
13:40:44.0817 6104 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
13:40:44.0817 6104 kbdhid - ok
13:40:44.0833 6104 kcrtx64 (b2023b8c0aca7a4ff75a69e877dfb2d4) C:\Windows\system32\kcrtx64.sys
13:40:44.0833 6104 kcrtx64 - ok
13:40:44.0833 6104 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:40:44.0833 6104 KeyIso - ok
13:40:44.0833 6104 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
13:40:44.0833 6104 KSecDD - ok
13:40:44.0849 6104 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
13:40:44.0849 6104 KSecPkg - ok
13:40:44.0849 6104 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
13:40:44.0849 6104 ksthunk - ok
13:40:44.0864 6104 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
13:40:44.0864 6104 KtmRm - ok
13:40:44.0880 6104 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
13:40:44.0880 6104 LanmanServer - ok
13:40:44.0880 6104 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
13:40:44.0880 6104 LanmanWorkstation - ok
13:40:44.0880 6104 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
13:40:44.0895 6104 lltdio - ok
13:40:44.0895 6104 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
13:40:44.0895 6104 lltdsvc - ok
13:40:44.0911 6104 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
13:40:44.0911 6104 lmhosts - ok
13:40:44.0911 6104 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:40:44.0911 6104 LSI_FC - ok
13:40:44.0911 6104 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:40:44.0911 6104 LSI_SAS - ok
13:40:44.0927 6104 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:40:44.0927 6104 LSI_SAS2 - ok
13:40:44.0927 6104 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:40:44.0927 6104 LSI_SCSI - ok
13:40:44.0942 6104 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
13:40:44.0942 6104 luafv - ok
13:40:44.0942 6104 LVRS64 (ef2be2f45d4f06410a3bd2a3467325b0) C:\Windows\system32\DRIVERS\lvrs64.sys
13:40:44.0942 6104 LVRS64 - ok
13:40:45.0098 6104 LVUVC64 (ac22f92c6078640fe8a70d662a2f3ad5) C:\Windows\system32\DRIVERS\lvuvc64.sys
13:40:45.0114 6104 LVUVC64 - ok
13:40:45.0145 6104 ManyCam (d33e2b74cf8b3a652bf0a9fbd068e87a) C:\Windows\system32\DRIVERS\ManyCam_x64.sys
13:40:45.0161 6104 ManyCam - ok
13:40:45.0161 6104 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
13:40:45.0161 6104 Mcx2Svc - ok
13:40:45.0161 6104 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
13:40:45.0176 6104 megasas - ok
13:40:45.0176 6104 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
13:40:45.0192 6104 MegaSR - ok
13:40:45.0192 6104 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
13:40:45.0192 6104 MEIx64 - ok
13:40:45.0223 6104 Microsoft SharePoint Workspace Audit Service - ok
13:40:45.0223 6104 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:40:45.0239 6104 MMCSS - ok
13:40:45.0239 6104 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
13:40:45.0239 6104 Modem - ok
13:40:45.0239 6104 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
13:40:45.0239 6104 monitor - ok
13:40:45.0254 6104 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
13:40:45.0254 6104 mouclass - ok
13:40:45.0254 6104 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
13:40:45.0254 6104 mouhid - ok
13:40:45.0254 6104 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
13:40:45.0254 6104 mountmgr - ok
13:40:45.0270 6104 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:40:45.0270 6104 MozillaMaintenance - ok
13:40:45.0270 6104 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
13:40:45.0270 6104 mpio - ok
13:40:45.0285 6104 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
13:40:45.0285 6104 mpsdrv - ok
13:40:45.0301 6104 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
13:40:45.0317 6104 MpsSvc - ok
13:40:45.0317 6104 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
13:40:45.0317 6104 MRxDAV - ok
13:40:45.0332 6104 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:40:45.0332 6104 mrxsmb - ok
13:40:45.0348 6104 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:40:45.0348 6104 mrxsmb10 - ok
13:40:45.0348 6104 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:40:45.0348 6104 mrxsmb20 - ok
13:40:45.0348 6104 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
13:40:45.0348 6104 msahci - ok
13:40:45.0363 6104 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
13:40:45.0363 6104 msdsm - ok
13:40:45.0363 6104 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
13:40:45.0363 6104 MSDTC - ok
13:40:45.0379 6104 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
13:40:45.0379 6104 Msfs - ok
13:40:45.0379 6104 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
13:40:45.0379 6104 mshidkmdf - ok
13:40:45.0379 6104 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
13:40:45.0379 6104 msisadrv - ok
13:40:45.0395 6104 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
13:40:45.0395 6104 MSiSCSI - ok
13:40:45.0395 6104 msiserver - ok
13:40:45.0395 6104 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
13:40:45.0395 6104 MSKSSRV - ok
13:40:45.0395 6104 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
13:40:45.0395 6104 MSPCLOCK - ok
13:40:45.0395 6104 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
13:40:45.0395 6104 MSPQM - ok
13:40:45.0410 6104 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
13:40:45.0410 6104 MsRPC - ok
13:40:45.0426 6104 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
13:40:45.0426 6104 mssmbios - ok
13:40:45.0426 6104 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
13:40:45.0426 6104 MSTEE - ok
13:40:45.0426 6104 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
13:40:45.0426 6104 MTConfig - ok
13:40:45.0426 6104 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
13:40:45.0426 6104 Mup - ok
13:40:45.0441 6104 mv91xx (38b4c95e821528fb91df16a78e04450f) C:\Windows\system32\DRIVERS\mv91xx.sys
13:40:45.0441 6104 mv91xx - ok
13:40:45.0457 6104 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
13:40:45.0457 6104 napagent - ok
13:40:45.0473 6104 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
13:40:45.0473 6104 NativeWifiP - ok
13:40:45.0504 6104 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
13:40:45.0504 6104 NDIS - ok
13:40:45.0504 6104 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
13:40:45.0504 6104 NdisCap - ok
13:40:45.0519 6104 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
13:40:45.0519 6104 NdisTapi - ok
13:40:45.0519 6104 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
13:40:45.0519 6104 Ndisuio - ok
13:40:45.0519 6104 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
13:40:45.0535 6104 NdisWan - ok
13:40:45.0535 6104 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
13:40:45.0535 6104 NDProxy - ok
13:40:45.0535 6104 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
13:40:45.0535 6104 NetBIOS - ok
13:40:45.0551 6104 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
13:40:45.0551 6104 NetBT - ok
13:40:45.0551 6104 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:40:45.0551 6104 Netlogon - ok
13:40:45.0566 6104 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
13:40:45.0566 6104 Netman - ok
13:40:45.0582 6104 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
13:40:45.0582 6104 netprofm - ok
13:40:45.0597 6104 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:40:45.0597 6104 NetTcpPortSharing - ok
13:40:45.0597 6104 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
13:40:45.0597 6104 nfrd960 - ok
13:40:45.0613 6104 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
13:40:45.0613 6104 NlaSvc - ok
13:40:45.0629 6104 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
13:40:45.0629 6104 Npfs - ok
13:40:45.0629 6104 NPIDS (0c32b82eab680dd4845bcf01cdc2468c) C:\Windows\system32\NpIdsVt64.sys
13:40:45.0629 6104 NPIDS - ok
13:40:45.0660 6104 npkcft64 (f2a3b2c14899dd0fed0b9d06897b8475) C:\Windows\SysWOW64\npkcft64.sys
13:40:45.0660 6104 npkcft64 - ok
13:40:45.0660 6104 npkcmsvc (f8d8800042de7d33a79dfeed2bebc36d) C:\Windows\SysWOW64\npkcmsvc.exe
13:40:45.0660 6104 npkcmsvc - ok
13:40:45.0675 6104 npkuft64 (75a55b89fe55a7cb0c344c0650aecb2d) C:\Windows\SysWOW64\npkuft64.sys
13:40:45.0675 6104 npkuft64 - ok
13:40:45.0675 6104 nPStarterSVC - ok
13:40:45.0675 6104 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
13:40:45.0675 6104 nsi - ok
13:40:45.0675 6104 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
13:40:45.0675 6104 nsiproxy - ok
13:40:45.0738 6104 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
13:40:45.0738 6104 Ntfs - ok
13:40:45.0785 6104 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
13:40:45.0785 6104 Null - ok
13:40:45.0785 6104 nusb3hub (158ad24745bd85ba9be3c51c38f48c32) C:\Windows\system32\DRIVERS\nusb3hub.sys
13:40:45.0785 6104 nusb3hub - ok
13:40:45.0800 6104 nusb3xhc (d40a13b2c0891e218f9523b376955db6) C:\Windows\system32\DRIVERS\nusb3xhc.sys
13:40:45.0800 6104 nusb3xhc - ok
13:40:45.0800 6104 NVHDA (8d4aac74b571fc356560e5b308955e93) C:\Windows\system32\drivers\nvhda64v.sys
13:40:45.0816 6104 NVHDA - ok
13:40:46.0190 6104 nvlddmkm (9c1996dd3c0469bc8933321f15709f5a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:40:46.0237 6104 nvlddmkm - ok
13:40:46.0268 6104 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
13:40:46.0284 6104 nvraid - ok
13:40:46.0284 6104 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
13:40:46.0284 6104 nvstor - ok
13:40:46.0315 6104 nvsvc (34e5498528bb3d5a951f889f8756ad26) C:\Windows\system32\nvvsvc.exe
13:40:46.0315 6104 nvsvc - ok
13:40:46.0393 6104 nvUpdatusService (cd0bfaa6872cfe38c908d313ae17c350) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
13:40:46.0409 6104 nvUpdatusService - ok
13:40:46.0455 6104 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
13:40:46.0455 6104 nv_agp - ok
13:40:46.0455 6104 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
13:40:46.0455 6104 ohci1394 - ok
13:40:46.0471 6104 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:40:46.0471 6104 ose - ok
13:40:46.0627 6104 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:40:46.0658 6104 osppsvc - ok
13:40:46.0705 6104 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:40:46.0705 6104 p2pimsvc - ok
13:40:46.0721 6104 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
13:40:46.0736 6104 p2psvc - ok
13:40:46.0736 6104 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
13:40:46.0736 6104 Parport - ok
13:40:46.0752 6104 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
13:40:46.0752 6104 partmgr - ok
13:40:46.0767 6104 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
13:40:46.0767 6104 PcaSvc - ok
13:40:46.0767 6104 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
13:40:46.0767 6104 pci - ok
13:40:46.0783 6104 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
13:40:46.0783 6104 pciide - ok
13:40:46.0783 6104 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
13:40:46.0783 6104 pcmcia - ok
13:40:46.0799 6104 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
13:40:46.0799 6104 pcw - ok
13:40:46.0814 6104 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
13:40:46.0814 6104 PEAUTH - ok
13:40:46.0861 6104 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
13:40:46.0877 6104 PeerDistSvc - ok
13:40:46.0908 6104 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
13:40:46.0908 6104 PerfHost - ok
13:40:46.0986 6104 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
13:40:47.0001 6104 pla - ok
13:40:47.0017 6104 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
13:40:47.0017 6104 PlugPlay - ok
13:40:47.0017 6104 PnkBstrA - ok
13:40:47.0033 6104 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
13:40:47.0033 6104 PNRPAutoReg - ok
13:40:47.0048 6104 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:40:47.0048 6104 PNRPsvc - ok
13:40:47.0064 6104 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
13:40:47.0064 6104 Point64 - ok
13:40:47.0079 6104 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
13:40:47.0079 6104 PolicyAgent - ok
13:40:47.0095 6104 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
13:40:47.0095 6104 Power - ok
13:40:47.0111 6104 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
13:40:47.0111 6104 PptpMiniport - ok
13:40:47.0111 6104 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
13:40:47.0111 6104 Processor - ok
13:40:47.0126 6104 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
13:40:47.0126 6104 ProfSvc - ok
13:40:47.0126 6104 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:40:47.0142 6104 ProtectedStorage - ok
13:40:47.0142 6104 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
13:40:47.0142 6104 Psched - ok
13:40:47.0189 6104 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
13:40:47.0220 6104 ql2300 - ok
13:40:47.0251 6104 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
13:40:47.0251 6104 ql40xx - ok
13:40:47.0267 6104 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
13:40:47.0267 6104 QWAVE - ok
13:40:47.0282 6104 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
13:40:47.0282 6104 QWAVEdrv - ok
13:40:47.0282 6104 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
13:40:47.0282 6104 RasAcd - ok
13:40:47.0282 6104 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:40:47.0282 6104 RasAgileVpn - ok
13:40:47.0298 6104 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
13:40:47.0298 6104 RasAuto - ok
13:40:47.0313 6104 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:40:47.0313 6104 Rasl2tp - ok
13:40:47.0329 6104 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
13:40:47.0329 6104 RasMan - ok
13:40:47.0329 6104 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
13:40:47.0329 6104 RasPppoe - ok
13:40:47.0345 6104 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
13:40:47.0345 6104 RasSstp - ok
13:40:47.0345 6104 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
13:40:47.0360 6104 rdbss - ok
13:40:47.0360 6104 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
13:40:47.0360 6104 rdpbus - ok
13:40:47.0360 6104 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:40:47.0360 6104 RDPCDD - ok
13:40:47.0376 6104 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
13:40:47.0376 6104 RDPDR - ok
13:40:47.0376 6104 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
13:40:47.0376 6104 RDPENCDD - ok
13:40:47.0376 6104 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
13:40:47.0376 6104 RDPREFMP - ok
13:40:47.0376 6104 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
13:40:47.0376 6104 RdpVideoMiniport - ok
13:40:47.0391 6104 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
13:40:47.0391 6104 RDPWD - ok
13:40:47.0407 6104 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
13:40:47.0407 6104 rdyboost - ok
13:40:47.0407 6104 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
13:40:47.0407 6104 RemoteAccess - ok
13:40:47.0423 6104 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
13:40:47.0423 6104 RemoteRegistry - ok
13:40:47.0423 6104 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
13:40:47.0423 6104 RpcEptMapper - ok
13:40:47.0423 6104 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
13:40:47.0423 6104 RpcLocator - ok
13:40:47.0438 6104 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
13:40:47.0438 6104 RpcSs - ok
13:40:47.0454 6104 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
13:40:47.0454 6104 rspndr - ok
13:40:47.0454 6104 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
13:40:47.0454 6104 s3cap - ok
13:40:47.0454 6104 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:40:47.0454 6104 SamSs - ok
13:40:47.0469 6104 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
13:40:47.0469 6104 sbp2port - ok
13:40:47.0469 6104 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
13:40:47.0469 6104 SCardSvr - ok
13:40:47.0469 6104 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
13:40:47.0469 6104 scfilter - ok
13:40:47.0501 6104 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
13:40:47.0516 6104 Schedule - ok
13:40:47.0516 6104 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
13:40:47.0516 6104 SCPolicySvc - ok
13:40:47.0547 6104 scskusbf (35c94d8800e06518657aa36838671e89) C:\Windows\syswow64\drivers\scskusbf.sys
13:40:47.0547 6104 scskusbf - ok
13:40:47.0547 6104 scskusbs (33ad7e6ce0be966c0a017251c15aaa84) C:\Windows\syswow64\drivers\scskusbs.sys
13:40:47.0547 6104 scskusbs - ok
13:40:47.0563 6104 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
13:40:47.0563 6104 SDRSVC - ok
13:40:47.0563 6104 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:40:47.0563 6104 secdrv - ok
13:40:47.0579 6104 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
13:40:47.0579 6104 seclogon - ok
13:40:47.0579 6104 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
13:40:47.0579 6104 SENS - ok
13:40:47.0579 6104 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
13:40:47.0579 6104 SensrSvc - ok
13:40:47.0579 6104 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
13:40:47.0579 6104 Serenum - ok
13:40:47.0594 6104 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
13:40:47.0594 6104 Serial - ok
13:40:47.0594 6104 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
13:40:47.0594 6104 sermouse - ok
13:40:47.0610 6104 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
13:40:47.0610 6104 SessionEnv - ok
13:40:47.0610 6104 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
13:40:47.0610 6104 sffdisk - ok
13:40:47.0610 6104 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
13:40:47.0610 6104 sffp_mmc - ok
13:40:47.0610 6104 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
13:40:47.0610 6104 sffp_sd - ok
13:40:47.0625 6104 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
13:40:47.0625 6104 sfloppy - ok
13:40:47.0625 6104 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
13:40:47.0641 6104 SharedAccess - ok
13:40:47.0641 6104 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
13:40:47.0657 6104 ShellHWDetection - ok
13:40:47.0657 6104 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:40:47.0657 6104 SiSRaid2 - ok
13:40:47.0657 6104 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
13:40:47.0657 6104 SiSRaid4 - ok
13:40:47.0703 6104 SkypeUpdate (f07af60b152221472fbdb2fecec4896d) E:\Skype\Updater\Updater.exe
13:40:47.0703 6104 SkypeUpdate - ok
13:40:47.0703 6104 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
13:40:47.0703 6104 Smb - ok
13:40:47.0719 6104 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
13:40:47.0719 6104 SNMPTRAP - ok
13:40:47.0719 6104 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
13:40:47.0719 6104 spldr - ok
13:40:47.0750 6104 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
13:40:47.0750 6104 Spooler - ok
13:40:47.0859 6104 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
13:40:47.0875 6104 sppsvc - ok
13:40:47.0906 6104 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
13:40:47.0906 6104 sppuinotify - ok
13:40:47.0922 6104 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
13:40:47.0937 6104 srv - ok
13:40:47.0953 6104 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
13:40:47.0953 6104 srv2 - ok
13:40:47.0969 6104 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
13:40:47.0969 6104 srvnet - ok
13:40:47.0969 6104 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
13:40:47.0984 6104 SSDPSRV - ok
13:40:47.0984 6104 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
13:40:47.0984 6104 SstpSvc - ok
13:40:47.0984 6104 Steam Client Service - ok
13:40:48.0000 6104 Stereo Service (8544a200c40447e465f06e58687428bb) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
13:40:48.0000 6104 Stereo Service - ok
13:40:48.0015 6104 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
13:40:48.0015 6104 stexstor - ok
13:40:48.0031 6104 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
13:40:48.0031 6104 stisvc - ok
13:40:48.0047 6104 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
13:40:48.0047 6104 storflt - ok
13:40:48.0047 6104 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
13:40:48.0047 6104 StorSvc - ok
13:40:48.0047 6104 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
13:40:48.0047 6104 storvsc - ok
13:40:48.0047 6104 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
13:40:48.0062 6104 swenum - ok
13:40:48.0078 6104 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
13:40:48.0078 6104 swprv - ok
13:40:48.0078 6104 Synth3dVsc - ok
13:40:48.0140 6104 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
13:40:48.0156 6104 SysMain - ok
13:40:48.0187 6104 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
13:40:48.0187 6104 TabletInputService - ok
13:40:48.0203 6104 tap0901 (f0b9d3ed88e56d3cd713dff21e42aaf0) C:\Windows\system32\DRIVERS\tap0901.sys
13:40:48.0203 6104 tap0901 - ok
13:40:48.0218 6104 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
13:40:48.0218 6104 TapiSrv - ok
13:40:48.0218 6104 TBPanel - ok
13:40:48.0234 6104 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
13:40:48.0234 6104 TBS - ok
13:40:48.0281 6104 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
13:40:48.0296 6104 Tcpip - ok
13:40:48.0390 6104 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
13:40:48.0405 6104 TCPIP6 - ok
13:40:48.0452 6104 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
13:40:48.0452 6104 tcpipreg - ok
13:40:48.0452 6104 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
13:40:48.0452 6104 TDPIPE - ok
13:40:48.0468 6104 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
13:40:48.0468 6104 TDTCP - ok
13:40:48.0468 6104 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
13:40:48.0468 6104 tdx - ok
13:40:48.0483 6104 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
13:40:48.0483 6104 TermDD - ok
13:40:48.0499 6104 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
13:40:48.0499 6104 TermService - ok
13:40:48.0515 6104 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
13:40:48.0515 6104 Themes - ok
13:40:48.0515 6104 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:40:48.0515 6104 THREADORDER - ok
13:40:48.0515 6104 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
13:40:48.0515 6104 TrkWks - ok
13:40:48.0530 6104 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
13:40:48.0530 6104 TrustedInstaller - ok
13:40:48.0530 6104 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:40:48.0530 6104 tssecsrv - ok
13:40:48.0546 6104 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
13:40:48.0546 6104 TsUsbFlt - ok
13:40:48.0546 6104 tsusbhub - ok
13:40:48.0546 6104 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
13:40:48.0546 6104 tunnel - ok
13:40:48.0546 6104 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
13:40:48.0561 6104 uagp35 - ok
13:40:48.0561 6104 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
13:40:48.0577 6104 udfs - ok
13:40:48.0577 6104 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
13:40:48.0577 6104 UI0Detect - ok
13:40:48.0593 6104 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
13:40:48.0593 6104 uliagpkx - ok
13:40:48.0593 6104 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
13:40:48.0593 6104 umbus - ok
13:40:48.0593 6104 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
13:40:48.0593 6104 UmPass - ok
13:40:48.0608 6104 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
13:40:48.0608 6104 UmRdpService - ok
13:40:48.0624 6104 UMVPFSrv (927754abf077aeb5504be4e0f2c60c1b) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
13:40:48.0624 6104 UMVPFSrv - ok
13:40:48.0639 6104 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
13:40:48.0639 6104 upnphost - ok
13:40:48.0655 6104 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
13:40:48.0655 6104 usbaudio - ok
13:40:48.0655 6104 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
13:40:48.0655 6104 usbccgp - ok
13:40:48.0655 6104 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
13:40:48.0671 6104 usbcir - ok
13:40:48.0671 6104 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
13:40:48.0671 6104 usbehci - ok
13:40:48.0671 6104 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
13:40:48.0686 6104 usbhub - ok
13:40:48.0686 6104 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
13:40:48.0686 6104 usbohci - ok
13:40:48.0686 6104 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
13:40:48.0686 6104 usbprint - ok
13:40:48.0702 6104 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:40:48.0702 6104 USBSTOR - ok
13:40:48.0702 6104 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
13:40:48.0702 6104 usbuhci - ok
13:40:48.0702 6104 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
13:40:48.0702 6104 usbvideo - ok
13:40:48.0717 6104 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
13:40:48.0717 6104 UxSms - ok
13:40:48.0717 6104 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:40:48.0717 6104 VaultSvc - ok
13:40:48.0717 6104 VClone (fd911873c0bb6945fa38c16e9a2b58f9) C:\Windows\system32\DRIVERS\VClone.sys
13:40:48.0717 6104 VClone - ok
13:40:48.0733 6104 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
13:40:48.0733 6104 vdrvroot - ok
13:40:48.0749 6104 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
13:40:48.0749 6104 vds - ok
13:40:48.0749 6104 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
13:40:48.0749 6104 vga - ok
13:40:48.0749 6104 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
13:40:48.0749 6104 VgaSave - ok
13:40:48.0764 6104 VGPU - ok
13:40:48.0764 6104 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
13:40:48.0764 6104 vhdmp - ok
13:40:48.0764 6104 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
13:40:48.0780 6104 viaide - ok
13:40:48.0780 6104 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
13:40:48.0780 6104 vmbus - ok
13:40:48.0780 6104 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
13:40:48.0780 6104 VMBusHID - ok
13:40:48.0795 6104 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
13:40:48.0795 6104 volmgr - ok
13:40:48.0795 6104 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
13:40:48.0811 6104 volmgrx - ok
13:40:48.0811 6104 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
13:40:48.0811 6104 volsnap - ok
13:40:48.0827 6104 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
13:40:48.0827 6104 vsmraid - ok
13:40:48.0873 6104 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
13:40:48.0905 6104 VSS - ok
13:40:48.0936 6104 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
13:40:48.0936 6104 vwifibus - ok
13:40:48.0951 6104 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
13:40:48.0951 6104 W32Time - ok
13:40:48.0951 6104 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
13:40:48.0951 6104 WacomPen - ok
13:40:48.0967 6104 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:40:48.0967 6104 WANARP - ok
13:40:48.0967 6104 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:40:48.0967 6104 Wanarpv6 - ok
13:40:48.0998 6104 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
13:40:49.0014 6104 WatAdminSvc - ok
13:40:49.0061 6104 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
13:40:49.0076 6104 wbengine - ok
13:40:49.0123 6104 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
13:40:49.0123 6104 WbioSrvc - ok
13:40:49.0139 6104 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
13:40:49.0139 6104 wcncsvc - ok
13:40:49.0154 6104 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
13:40:49.0154 6104 WcsPlugInService - ok
13:40:49.0154 6104 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
13:40:49.0154 6104 Wd - ok
13:40:49.0185 6104 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
13:40:49.0185 6104 Wdf01000 - ok
13:40:49.0185 6104 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:40:49.0185 6104 WdiServiceHost - ok
13:40:49.0185 6104 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:40:49.0201 6104 WdiSystemHost - ok
13:40:49.0201 6104 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
13:40:49.0201 6104 WebClient - ok
13:40:49.0217 6104 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
13:40:49.0217 6104 Wecsvc - ok
13:40:49.0232 6104 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
13:40:49.0232 6104 wercplsupport - ok
13:40:49.0232 6104 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
13:40:49.0232 6104 WerSvc - ok
13:40:49.0248 6104 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
13:40:49.0248 6104 WfpLwf - ok
13:40:49.0248 6104 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
13:40:49.0248 6104 WIMMount - ok
13:40:49.0248 6104 WinDefend - ok
13:40:49.0248 6104 WinHttpAutoProxySvc - ok
13:40:49.0263 6104 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
13:40:49.0263 6104 Winmgmt - ok
13:40:49.0326 6104 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
13:40:49.0357 6104 WinRM - ok
13:40:49.0388 6104 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
13:40:49.0388 6104 WinUsb - ok
13:40:49.0419 6104 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
13:40:49.0435 6104 Wlansvc - ok
13:40:49.0497 6104 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:40:49.0513 6104 wlidsvc - ok
13:40:49.0544 6104 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
13:40:49.0544 6104 WmiAcpi - ok
13:40:49.0560 6104 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
13:40:49.0560 6104 wmiApSrv - ok
13:40:49.0560 6104 WMPNetworkSvc - ok
13:40:49.0575 6104 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
13:40:49.0575 6104 WPCSvc - ok
13:40:49.0575 6104 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
13:40:49.0575 6104 WPDBusEnum - ok
13:40:49.0575 6104 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
13:40:49.0591 6104 ws2ifsl - ok
13:40:49.0591 6104 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
13:40:49.0591 6104 wscsvc - ok
13:40:49.0591 6104 WSearch - ok
13:40:49.0669 6104 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
13:40:49.0685 6104 wuauserv - ok
13:40:49.0716 6104 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
13:40:49.0731 6104 WudfPf - ok
13:40:49.0731 6104 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:40:49.0731 6104 WUDFRd - ok
13:40:49.0747 6104 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
13:40:49.0747 6104 wudfsvc - ok
13:40:49.0747 6104 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
13:40:49.0747 6104 WwanSvc - ok
13:40:49.0763 6104 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2
13:40:49.0763 6104 \Device\Harddisk2\DR2 - ok
13:40:49.0763 6104 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
13:40:49.0825 6104 \Device\Harddisk0\DR0 - ok
13:40:49.0872 6104 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
13:40:49.0872 6104 \Device\Harddisk1\DR1 - ok
13:40:49.0872 6104 Boot (0x1200) (e5fe93ec76679b7ed5ac32beefb15126) \Device\Harddisk2\DR2\Partition0
13:40:49.0872 6104 \Device\Harddisk2\DR2\Partition0 - ok
13:40:49.0872 6104 Boot (0x1200) (914f484c919910b02683eaea9089dae6) \Device\Harddisk0\DR0\Partition0
13:40:49.0872 6104 \Device\Harddisk0\DR0\Partition0 - ok
13:40:49.0887 6104 Boot (0x1200) (d77dd9ba8b405be27260199ce0a92024) \Device\Harddisk0\DR0\Partition1
13:40:49.0887 6104 \Device\Harddisk0\DR0\Partition1 - ok
13:40:49.0887 6104 Boot (0x1200) (b75a7b0d0ff3ead9f97441de00e46f16) \Device\Harddisk1\DR1\Partition0
13:40:49.0887 6104 \Device\Harddisk1\DR1\Partition0 - ok
13:40:49.0903 6104 Boot (0x1200) (9cc41ba6b84bcb93e9caac656a25a565) \Device\Harddisk1\DR1\Partition1
13:40:49.0903 6104 \Device\Harddisk1\DR1\Partition1 - ok
13:40:49.0919 6104 Boot (0x1200) (30d9d1689b968b9b5aa66966da24c6aa) \Device\Harddisk1\DR1\Partition2
13:40:49.0919 6104 \Device\Harddisk1\DR1\Partition2 - ok
13:40:49.0934 6104 Boot (0x1200) (e72cd17969c1d34c6a02ab7340777b13) \Device\Harddisk1\DR1\Partition3
13:40:49.0934 6104 \Device\Harddisk1\DR1\Partition3 - ok
13:40:49.0934 6104 ============================================================
13:40:49.0934 6104 Scan finished
13:40:49.0934 6104 ============================================================
13:40:49.0950 5232 Detected object count: 0
13:40:49.0950 5232 Actual detected object count: 0
13:40:54.0692 5072 ============================================================
13:40:54.0692 5072 Scan started
13:40:54.0692 5072 Mode: Manual;
13:40:54.0692 5072 ============================================================
13:40:54.0801 5072 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
13:40:54.0801 5072 1394ohci - ok
13:40:54.0801 5072 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
13:40:54.0801 5072 ACPI - ok
13:40:54.0817 5072 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
13:40:54.0817 5072 AcpiPmi - ok
13:40:54.0848 5072 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:40:54.0848 5072 AdobeFlashPlayerUpdateSvc - ok
13:40:54.0864 5072 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
13:40:54.0864 5072 adp94xx - ok
13:40:54.0879 5072 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
13:40:54.0879 5072 adpahci - ok
13:40:54.0879 5072 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
13:40:54.0879 5072 adpu320 - ok
13:40:54.0895 5072 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
13:40:54.0895 5072 AeLookupSvc - ok
13:40:54.0911 5072 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
13:40:54.0911 5072 AFD - ok
13:40:54.0911 5072 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
13:40:54.0911 5072 agp440 - ok
13:40:54.0926 5072 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
13:40:54.0926 5072 ALG - ok
13:40:54.0926 5072 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
13:40:54.0926 5072 aliide - ok
13:40:54.0926 5072 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
13:40:54.0926 5072 amdide - ok
13:40:54.0926 5072 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
13:40:54.0926 5072 AmdK8 - ok
13:40:54.0926 5072 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
13:40:54.0926 5072 AmdPPM - ok
13:40:54.0942 5072 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
13:40:54.0942 5072 amdsata - ok
13:40:54.0942 5072 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
13:40:54.0942 5072 amdsbs - ok
13:40:54.0942 5072 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
13:40:54.0942 5072 amdxata - ok
13:40:54.0957 5072 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
13:40:54.0957 5072 AppID - ok
13:40:54.0957 5072 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
13:40:54.0957 5072 AppIDSvc - ok
13:40:54.0957 5072 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
13:40:54.0957 5072 Appinfo - ok
13:40:54.0973 5072 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:40:54.0973 5072 Apple Mobile Device - ok
13:40:54.0973 5072 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
13:40:54.0973 5072 AppMgmt - ok
13:40:54.0973 5072 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
13:40:54.0973 5072 arc - ok
13:40:54.0989 5072 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
13:40:54.0989 5072 arcsas - ok
13:40:54.0989 5072 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
13:40:54.0989 5072 AsyncMac - ok
13:40:54.0989 5072 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
13:40:54.0989 5072 atapi - ok
13:40:55.0004 5072 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:40:55.0004 5072 AudioEndpointBuilder - ok
13:40:55.0020 5072 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:40:55.0020 5072 AudioSrv - ok
13:40:55.0176 5072 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
13:40:55.0191 5072 AVGIDSAgent - ok
13:40:55.0223 5072 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys
13:40:55.0223 5072 AVGIDSDriver - ok
13:40:55.0223 5072 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys
13:40:55.0223 5072 AVGIDSFilter - ok
13:40:55.0238 5072 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys
13:40:55.0238 5072 AVGIDSHA - ok
13:40:55.0238 5072 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
13:40:55.0238 5072 Avgldx64 - ok
13:40:55.0254 5072 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
13:40:55.0254 5072 Avgmfx64 - ok
13:40:55.0254 5072 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
13:40:55.0254 5072 Avgrkx64 - ok
13:40:55.0269 5072 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS\avgtdia.sys
13:40:55.0269 5072 Avgtdia - ok
13:40:55.0269 5072 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
13:40:55.0285 5072 avgwd - ok
13:40:55.0285 5072 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
13:40:55.0285 5072 AxInstSV - ok
13:40:55.0301 5072 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
13:40:55.0301 5072 b06bdrv - ok
13:40:55.0316 5072 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
13:40:55.0316 5072 b57nd60a - ok
13:40:55.0316 5072 BCUService (7ed4e1d2e124ad4e6a287cf49dbc9bba) C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
13:40:55.0316 5072 BCUService - ok
13:40:55.0332 5072 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
13:40:55.0332 5072 BDESVC - ok
13:40:55.0332 5072 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
13:40:55.0332 5072 Beep - ok
13:40:55.0347 5072 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
13:40:55.0363 5072 BFE - ok
13:40:55.0363 5072 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
13:40:55.0363 5072 blbdrive - ok
13:40:55.0379 5072 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
13:40:55.0379 5072 Bonjour Service - ok
13:40:55.0379 5072 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
13:40:55.0379 5072 bowser - ok
13:40:55.0394 5072 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:40:55.0394 5072 BrFiltLo - ok
13:40:55.0394 5072 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:40:55.0394 5072 BrFiltUp - ok
13:40:55.0394 5072 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
13:40:55.0394 5072 BridgeMP - ok
13:40:55.0394 5072 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
13:40:55.0394 5072 Browser - ok
13:40:55.0410 5072 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
13:40:55.0410 5072 Brserid - ok
13:40:55.0410 5072 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
13:40:55.0410 5072 BrSerWdm - ok
13:40:55.0410 5072 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:40:55.0410 5072 BrUsbMdm - ok
13:40:55.0425 5072 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
13:40:55.0425 5072 BrUsbSer - ok
13:40:55.0425 5072 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
13:40:55.0425 5072 BTHMODEM - ok
13:40:55.0425 5072 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
13:40:55.0425 5072 bthserv - ok
13:40:55.0457 5072 Cardex (2bd001601496ae87f7cb86f1fcd6f1ec) C:\Windows\SysWOW64\drivers\TBPANELX64.SYS
13:40:55.0457 5072 Cardex - ok
13:40:55.0457 5072 catchme - ok
13:40:55.0457 5072 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
13:40:55.0457 5072 cdfs - ok
13:40:55.0472 5072 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
13:40:55.0472 5072 cdrom - ok
13:40:55.0472 5072 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
13:40:55.0472 5072 CertPropSvc - ok
13:40:55.0472 5072 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
13:40:55.0472 5072 circlass - ok
13:40:55.0488 5072 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
13:40:55.0488 5072 CLFS - ok
13:40:55.0488 5072 CLKMSVC10_6B71DF9C (fe1c81a049e5c5d67c4ab7c31c899f6f) E:\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe
13:40:55.0488 5072 CLKMSVC10_6B71DF9C - ok
13:40:55.0503 5072 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:40:55.0503 5072 clr_optimization_v2.0.50727_32 - ok
13:40:55.0503 5072 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:40:55.0503 5072 clr_optimization_v2.0.50727_64 - ok
13:40:55.0519 5072 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:40:55.0519 5072 clr_optimization_v4.0.30319_32 - ok
13:40:55.0519 5072 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:40:55.0519 5072 clr_optimization_v4.0.30319_64 - ok
13:40:55.0535 5072 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
13:40:55.0535 5072 CmBatt - ok
13:40:55.0613 5072 cmdAgent (30c4806eafd05f84a3b1323c49bd82d8) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
13:40:55.0628 5072 cmdAgent - ok
13:40:55.0675 5072 cmdGuard (efd76d1c9a28b75ff05b23cb0e7f79cd) C:\Windows\system32\DRIVERS\cmdguard.sys
13:40:55.0675 5072 cmdGuard - ok
13:40:55.0675 5072 cmdHlp (4b5b1688ab86ebced4bef8d337e9a722) C:\Windows\system32\DRIVERS\cmdhlp.sys
13:40:55.0691 5072 cmdHlp - ok
13:40:55.0691 5072 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
13:40:55.0691 5072 cmdide - ok
13:40:55.0706 5072 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
13:40:55.0706 5072 CNG - ok
13:40:55.0706 5072 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
13:40:55.0706 5072 Compbatt - ok
13:40:55.0706 5072 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
13:40:55.0706 5072 CompositeBus - ok
13:40:55.0706 5072 COMSysApp - ok
13:40:55.0706 5072 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
13:40:55.0706 5072 crcdisk - ok
13:40:55.0722 5072 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
13:40:55.0722 5072 CryptSvc - ok
13:40:55.0737 5072 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
13:40:55.0737 5072 CSC - ok
13:40:55.0753 5072 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
13:40:55.0769 5072 CscService - ok
13:40:55.0784 5072 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
13:40:55.0784 5072 DcomLaunch - ok
13:40:55.0800 5072 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
13:40:55.0800 5072 defragsvc - ok
13:40:55.0800 5072 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
13:40:55.0800 5072 DfsC - ok
13:40:55.0815 5072 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
13:40:55.0815 5072 Dhcp - ok
13:40:55.0815 5072 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
13:40:55.0815 5072 discache - ok
13:40:55.0831 5072 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
13:40:55.0831 5072 Disk - ok
13:40:55.0831 5072 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
13:40:55.0831 5072 Dnscache - ok
13:40:55.0847 5072 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
13:40:55.0847 5072 dot3svc - ok
13:40:55.0847 5072 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
13:40:55.0847 5072 DPS - ok
13:40:55.0847 5072 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
13:40:55.0847 5072 drmkaud - ok
13:40:55.0878 5072 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
13:40:55.0878 5072 DXGKrnl - ok
13:40:55.0893 5072 e1cexpress (6bafd9819d9fec2edbaebc8493c711a4) C:\Windows\system32\DRIVERS\e1c62x64.sys
13:40:55.0893 5072 e1cexpress - ok
13:40:55.0909 5072 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
13:40:55.0909 5072 EapHost - ok
13:40:56.0003 5072 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
13:40:56.0018 5072 ebdrv - ok
13:40:56.0049 5072 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
13:40:56.0049 5072 EFS - ok
13:40:56.0065 5072 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
13:40:56.0081 5072 ehRecvr - ok
13:40:56.0081 5072 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
13:40:56.0081 5072 ehSched - ok
13:40:56.0081 5072 ekrn - ok
13:40:56.0096 5072 ElbyCDIO (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
13:40:56.0096 5072 ElbyCDIO - ok
13:40:56.0112 5072 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
13:40:56.0112 5072 elxstor - ok
13:40:56.0112 5072 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
13:40:56.0112 5072 ErrDev - ok
13:40:56.0127 5072 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
13:40:56.0127 5072 EventSystem - ok
13:40:56.0143 5072 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
13:40:56.0143 5072 exfat - ok
13:40:56.0143 5072 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
13:40:56.0143 5072 fastfat - ok
13:40:56.0174 5072 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
13:40:56.0174 5072 Fax - ok
13:40:56.0174 5072 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
13:40:56.0174 5072 fdc - ok
13:40:56.0174 5072 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
13:40:56.0174 5072 fdPHost - ok
13:40:56.0190 5072 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
13:40:56.0190 5072 FDResPub - ok
13:40:56.0190 5072 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
13:40:56.0190 5072 FileInfo - ok
13:40:56.0190 5072 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
13:40:56.0190 5072 Filetrace - ok
13:40:56.0190 5072 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
13:40:56.0190 5072 flpydisk - ok
13:40:56.0205 5072 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
13:40:56.0205 5072 FltMgr - ok
13:40:56.0237 5072 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
13:40:56.0237 5072 FontCache - ok
13:40:56.0252 5072 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:40:56.0252 5072 FontCache3.0.0.0 - ok
13:40:56.0252 5072 FreemakeVideoCapture (93b5cd0ac126be95f65b28af3d9542dc) E:\Freemake\CaptureLib\CaptureLibService.exe
13:40:56.0252 5072 FreemakeVideoCapture - ok
13:40:56.0252 5072 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
13:40:56.0252 5072 FsDepends - ok
13:40:56.0252 5072 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
13:40:56.0252 5072 Fs_Rec - ok
13:40:56.0268 5072 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
13:40:56.0268 5072 fvevol - ok
13:40:56.0268 5072 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:40:56.0268 5072 gagp30kx - ok
13:40:56.0268 5072 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:40:56.0268 5072 GEARAspiWDM - ok
13:40:56.0299 5072 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
13:40:56.0299 5072 gpsvc - ok
13:40:56.0315 5072 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
13:40:56.0315 5072 gusvc - ok
13:40:56.0315 5072 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
13:40:56.0315 5072 hcw85cir - ok
13:40:56.0330 5072 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
13:40:56.0330 5072 HdAudAddService - ok
13:40:56.0330 5072 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
13:40:56.0330 5072 HDAudBus - ok
13:40:56.0330 5072 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
13:40:56.0330 5072 HidBatt - ok
13:40:56.0346 5072 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
13:40:56.0346 5072 HidBth - ok
13:40:56.0346 5072 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
13:40:56.0346 5072 HidIr - ok
13:40:56.0346 5072 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
13:40:56.0346 5072 hidserv - ok
13:40:56.0346 5072 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
13:40:56.0346 5072 HidUsb - ok
13:40:56.0361 5072 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
13:40:56.0361 5072 hkmsvc - ok
13:40:56.0361 5072 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
13:40:56.0361 5072 HomeGroupListener - ok
13:40:56.0377 5072 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
13:40:56.0377 5072 HomeGroupProvider - ok
13:40:56.0377 5072 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
13:40:56.0377 5072 HpSAMD - ok
13:40:56.0393 5072 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
13:40:56.0408 5072 HTTP - ok
13:40:56.0408 5072 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
13:40:56.0408 5072 hwpolicy - ok
13:40:56.0408 5072 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
13:40:56.0408 5072 i8042prt - ok
13:40:56.0424 5072 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\DRIVERS\iaStor.sys
13:40:56.0424 5072 iaStor - ok
13:40:56.0424 5072 IAStorDataMgrSvc (8fff9083252c16fe3960173722605e9e) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
13:40:56.0439 5072 IAStorDataMgrSvc - ok
13:40:56.0439 5072 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
13:40:56.0439 5072 iaStorV - ok
13:40:56.0471 5072 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:40:56.0471 5072 idsvc - ok
13:40:56.0486 5072 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
13:40:56.0486 5072 iirsp - ok
13:40:56.0502 5072 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
13:40:56.0517 5072 IKEEXT - ok
13:40:56.0517 5072 inspect (efff0afd27cc97bf0e5e0bab78419de7) C:\Windows\system32\DRIVERS\inspect.sys
13:40:56.0517 5072 inspect - ok
13:40:56.0595 5072 IntcAzAudAddService (dab7318ccfa8081200d5b7b486793f74) C:\Windows\system32\drivers\RTKVHD64.sys
13:40:56.0611 5072 IntcAzAudAddService - ok
13:40:56.0642 5072 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
13:40:56.0642 5072 intelide - ok
13:40:56.0642 5072 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
13:40:56.0642 5072 intelppm - ok
13:40:56.0658 5072 Intel® PROSet Monitoring Service (068ec06f3b6dd7b81b365d8fd2ce27e6) C:\Windows\system32\IProsetMonitor.exe
13:40:56.0658 5072 Intel® PROSet Monitoring Service - ok
13:40:56.0658 5072 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
13:40:56.0658 5072 IPBusEnum - ok
13:40:56.0658 5072 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:40:56.0658 5072 IpFilterDriver - ok
13:40:56.0689 5072 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
13:40:56.0689 5072 iphlpsvc - ok
13:40:56.0689 5072 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
13:40:56.0689 5072 IPMIDRV - ok
13:40:56.0689 5072 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
13:40:56.0689 5072 IPNAT - ok
13:40:56.0720 5072 iPod Service (46d249f9db7844cc01050a9345f0f61b) C:\Program Files\iPod\bin\iPodService.exe
13:40:56.0720 5072 iPod Service - ok
13:40:56.0736 5072 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
13:40:56.0736 5072 IRENUM - ok
13:40:56.0736 5072 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
13:40:56.0736 5072 isapnp - ok
13:40:56.0736 5072 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
13:40:56.0736 5072 iScsiPrt - ok
13:40:56.0751 5072 JRAID (a577f5db30f70eca9708c07c2eacbd9d) C:\Windows\system32\DRIVERS\jraid.sys
13:40:56.0751 5072 JRAID - ok
13:40:56.0751 5072 JRSKD24 - ok
13:40:56.0751 5072 JRSUKD25 (2394a1e91c924d638d496879b9b6b38e) C:\Windows\system32\JRSUKD25.SYS
13:40:56.0751 5072 JRSUKD25 - ok
13:40:56.0751 5072 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
13:40:56.0751 5072 kbdclass - ok
13:40:56.0751 5072 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
13:40:56.0751 5072 kbdhid - ok
13:40:56.0767 5072 kcrtx64 (b2023b8c0aca7a4ff75a69e877dfb2d4) C:\Windows\system32\kcrtx64.sys
13:40:56.0767 5072 kcrtx64 - ok
13:40:56.0767 5072 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:40:56.0767 5072 KeyIso - ok
13:40:56.0767 5072 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
13:40:56.0767 5072 KSecDD - ok
13:40:56.0783 5072 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
13:40:56.0783 5072 KSecPkg - ok
13:40:56.0783 5072 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
13:40:56.0783 5072 ksthunk - ok
13:40:56.0798 5072 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
13:40:56.0798 5072 KtmRm - ok
13:40:56.0798 5072 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
13:40:56.0814 5072 LanmanServer - ok
13:40:56.0814 5072 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
13:40:56.0814 5072 LanmanWorkstation - ok
13:40:56.0814 5072 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
13:40:56.0814 5072 lltdio - ok
13:40:56.0829 5072 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
13:40:56.0829 5072 lltdsvc - ok
13:40:56.0829 5072 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
13:40:56.0829 5072 lmhosts - ok
13:40:56.0829 5072 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:40:56.0845 5072 LSI_FC - ok
13:40:56.0845 5072 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:40:56.0845 5072 LSI_SAS - ok
13:40:56.0845 5072 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:40:56.0845 5072 LSI_SAS2 - ok
13:40:56.0845 5072 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:40:56.0845 5072 LSI_SCSI - ok
13:40:56.0861 5072 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
13:40:56.0861 5072 luafv - ok
13:40:56.0876 5072 LVRS64 (ef2be2f45d4f06410a3bd2a3467325b0) C:\Windows\system32\DRIVERS\lvrs64.sys
13:40:56.0876 5072 LVRS64 - ok
13:40:57.0017 5072 LVUVC64 (ac22f92c6078640fe8a70d662a2f3ad5) C:\Windows\system32\DRIVERS\lvuvc64.sys
13:40:57.0048 5072 LVUVC64 - ok
13:40:57.0079 5072 ManyCam (d33e2b74cf8b3a652bf0a9fbd068e87a) C:\Windows\system32\DRIVERS\ManyCam_x64.sys
13:40:57.0079 5072 ManyCam - ok
13:40:57.0079 5072 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
13:40:57.0079 5072 Mcx2Svc - ok
13:40:57.0079 5072 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
13:40:57.0079 5072 megasas - ok
13:40:57.0095 5072 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
13:40:57.0095 5072 MegaSR - ok
13:40:57.0095 5072 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
13:40:57.0095 5072 MEIx64 - ok
13:40:57.0095 5072 Microsoft SharePoint Workspace Audit Service - ok
13:40:57.0110 5072 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:40:57.0110 5072 MMCSS - ok
13:40:57.0110 5072 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
13:40:57.0110 5072 Modem - ok
13:40:57.0110 5072 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
13:40:57.0110 5072 monitor - ok
13:40:57.0110 5072 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
13:40:57.0110 5072 mouclass - ok
13:40:57.0126 5072 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
13:40:57.0126 5072 mouhid - ok
13:40:57.0126 5072 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
13:40:57.0126 5072 mountmgr - ok
13:40:57.0126 5072 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:40:57.0126 5072 MozillaMaintenance - ok
13:40:57.0141 5072 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
13:40:57.0141 5072 mpio - ok
13:40:57.0141 5072 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
13:40:57.0141 5072 mpsdrv - ok
13:40:57.0173 5072 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
13:40:57.0173 5072 MpsSvc - ok
13:40:57.0173 5072 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
13:40:57.0173 5072 MRxDAV - ok
13:40:57.0188 5072 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:40:57.0188 5072 mrxsmb - ok
13:40:57.0204 5072 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:40:57.0204 5072 mrxsmb10 - ok
13:40:57.0204 5072 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:40:57.0204 5072 mrxsmb20 - ok
13:40:57.0204 5072 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
13:40:57.0204 5072 msahci - ok
13:40:57.0219 5072 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
13:40:57.0219 5072 msdsm - ok
13:40:57.0219 5072 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
13:40:57.0219 5072 MSDTC - ok
13:40:57.0219 5072 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
13:40:57.0219 5072 Msfs - ok
13:40:57.0219 5072 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
13:40:57.0219 5072 mshidkmdf - ok
13:40:57.0235 5072 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
13:40:57.0235 5072 msisadrv - ok
13:40:57.0235 5072 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
13:40:57.0235 5072 MSiSCSI - ok
13:40:57.0235 5072 msiserver - ok
13:40:57.0235 5072 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
13:40:57.0235 5072 MSKSSRV - ok
13:40:57.0235 5072 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
13:40:57.0235 5072 MSPCLOCK - ok
13:40:57.0251 5072 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
13:40:57.0251 5072 MSPQM - ok
13:40:57.0251 5072 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
13:40:57.0251 5072 MsRPC - ok
13:40:57.0266 5072 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
13:40:57.0266 5072 mssmbios - ok
13:40:57.0266 5072 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
13:40:57.0266 5072 MSTEE - ok
13:40:57.0266 5072 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
13:40:57.0266 5072 MTConfig - ok
13:40:57.0266 5072 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
13:40:57.0266 5072 Mup - ok
13:40:57.0282 5072 mv91xx (38b4c95e821528fb91df16a78e04450f) C:\Windows\system32\DRIVERS\mv91xx.sys
13:40:57.0282 5072 mv91xx - ok
13:40:57.0297 5072 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
13:40:57.0297 5072 napagent - ok
13:40:57.0313 5072 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
13:40:57.0313 5072 NativeWifiP - ok
13:40:57.0344 5072 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
13:40:57.0344 5072 NDIS - ok
13:40:57.0344 5072 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
13:40:57.0344 5072 NdisCap - ok
13:40:57.0360 5072 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
13:40:57.0360 5072 NdisTapi - ok
13:40:57.0360 5072 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
13:40:57.0360 5072 Ndisuio - ok
13:40:57.0360 5072 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
13:40:57.0360 5072 NdisWan - ok
13:40:57.0375 5072 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
13:40:57.0375 5072 NDProxy - ok
13:40:57.0375 5072 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
13:40:57.0375 5072 NetBIOS - ok
13:40:57.0391 5072 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
13:40:57.0391 5072 NetBT - ok
13:40:57.0391 5072 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:40:57.0391 5072 Netlogon - ok
13:40:57.0407 5072 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
13:40:57.0407 5072 Netman - ok
13:40:57.0422 5072 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
13:40:57.0422 5072 netprofm - ok
13:40:57.0422 5072 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:40:57.0422 5072 NetTcpPortSharing - ok
13:40:57.0438 5072 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
13:40:57.0438 5072 nfrd960 - ok
13:40:57.0438 5072 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
13:40:57.0438 5072 NlaSvc - ok
13:40:57.0453 5072 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
13:40:57.0453 5072 Npfs - ok
13:40:57.0453 5072 NPIDS (0c32b82eab680dd4845bcf01cdc2468c) C:\Windows\system32\NpIdsVt64.sys
13:40:57.0453 5072 NPIDS - ok
13:40:57.0485 5072 npkcft64 (f2a3b2c14899dd0fed0b9d06897b8475) C:\Windows\SysWOW64\npkcft64.sys
13:40:57.0485 5072 npkcft64 - ok
13:40:57.0485 5072 npkcmsvc (f8d8800042de7d33a79dfeed2bebc36d) C:\Windows\SysWOW64\npkcmsvc.exe
13:40:57.0485 5072 npkcmsvc - ok
13:40:57.0500 5072 npkuft64 (75a55b89fe55a7cb0c344c0650aecb2d) C:\Windows\SysWOW64\npkuft64.sys
13:40:57.0500 5072 npkuft64 - ok
13:40:57.0500 5072 nPStarterSVC - ok
13:40:57.0500 5072 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
13:40:57.0500 5072 nsi - ok
13:40:57.0500 5072 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
13:40:57.0500 5072 nsiproxy - ok
13:40:57.0563 5072 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
13:40:57.0563 5072 Ntfs - ok
13:40:57.0609 5072 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
13:40:57.0609 5072 Null - ok
13:40:57.0609 5072 nusb3hub (158ad24745bd85ba9be3c51c38f48c32) C:\Windows\system32\DRIVERS\nusb3hub.sys
13:40:57.0609 5072 nusb3hub - ok
13:40:57.0625 5072 nusb3xhc (d40a13b2c0891e218f9523b376955db6) C:\Windows\system32\DRIVERS\nusb3xhc.sys
13:40:57.0625 5072 nusb3xhc - ok
13:40:57.0625 5072 NVHDA (8d4aac74b571fc356560e5b308955e93) C:\Windows\system32\drivers\nvhda64v.sys
13:40:57.0641 5072 NVHDA - ok
13:40:58.0015 5072 nvlddmkm (9c1996dd3c0469bc8933321f15709f5a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:40:58.0062 5072 nvlddmkm - ok
13:40:58.0093 5072 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
13:40:58.0093 5072 nvraid - ok
13:40:58.0109 5072 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
13:40:58.0109 5072 nvstor - ok
13:40:58.0124 5072 nvsvc (34e5498528bb3d5a951f889f8756ad26) C:\Windows\system32\nvvsvc.exe
13:40:58.0140 5072 nvsvc - ok
13:40:58.0202 5072 nvUpdatusService (cd0bfaa6872cfe38c908d313ae17c350) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
13:40:58.0218 5072 nvUpdatusService - ok
13:40:58.0265 5072 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
13:40:58.0265 5072 nv_agp - ok
13:40:58.0280 5072 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
13:40:58.0280 5072 ohci1394 - ok
13:40:58.0280 5072 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:40:58.0280 5072 ose - ok
13:40:58.0436 5072 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:40:58.0467 5072 osppsvc - ok
13:40:58.0514 5072 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:40:58.0514 5072 p2pimsvc - ok
13:40:58.0530 5072 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
13:40:58.0545 5072 p2psvc - ok
13:40:58.0545 5072 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
13:40:58.0545 5072 Parport - ok
13:40:58.0561 5072 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
13:40:58.0561 5072 partmgr - ok
13:40:58.0561 5072 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
13:40:58.0561 5072 PcaSvc - ok
13:40:58.0577 5072 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
13:40:58.0577 5072 pci - ok
13:40:58.0577 5072 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
13:40:58.0577 5072 pciide - ok
13:40:58.0592 5072 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
13:40:58.0592 5072 pcmcia - ok
13:40:58.0592 5072 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
13:40:58.0592 5072 pcw - ok
13:40:58.0608 5072 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
13:40:58.0623 5072 PEAUTH - ok
13:40:58.0655 5072 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
13:40:58.0670 5072 PeerDistSvc - ok
13:40:58.0701 5072 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
13:40:58.0701 5072 PerfHost - ok
13:40:58.0779 5072 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
13:40:58.0779 5072 pla - ok
13:40:58.0811 5072 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
13:40:58.0811 5072 PlugPlay - ok
13:40:58.0811 5072 PnkBstrA - ok
13:40:58.0811 5072 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
13:40:58.0811 5072 PNRPAutoReg - ok
13:40:58.0826 5072 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:40:58.0826 5072 PNRPsvc - ok
13:40:58.0842 5072 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
13:40:58.0842 5072 Point64 - ok
13:40:58.0857 5072 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
13:40:58.0857 5072 PolicyAgent - ok
13:40:58.0857 5072 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
13:40:58.0857 5072 Power - ok
13:40:58.0873 5072 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
13:40:58.0873 5072 PptpMiniport - ok
13:40:58.0873 5072 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
13:40:58.0873 5072 Processor - ok
13:40:58.0873 5072 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
13:40:58.0889 5072 ProfSvc - ok
13:40:58.0889 5072 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:40:58.0889 5072 ProtectedStorage - ok
13:40:58.0889 5072 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
13:40:58.0889 5072 Psched - ok
13:40:58.0935 5072 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
13:40:58.0951 5072 ql2300 - ok
13:40:58.0982 5072 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
13:40:58.0982 5072 ql40xx - ok
13:40:58.0998 5072 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
13:40:58.0998 5072 QWAVE - ok
13:40:59.0013 5072 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
13:40:59.0013 5072 QWAVEdrv - ok
13:40:59.0013 5072 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
13:40:59.0013 5072 RasAcd - ok
13:40:59.0013 5072 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:40:59.0013 5072 RasAgileVpn - ok
13:40:59.0013 5072 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
13:40:59.0013 5072 RasAuto - ok
13:40:59.0029 5072 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:40:59.0029 5072 Rasl2tp - ok
13:40:59.0045 5072 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
13:40:59.0045 5072 RasMan - ok
13:40:59.0045 5072 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
13:40:59.0045 5072 RasPppoe - ok
13:40:59.0060 5072 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
13:40:59.0060 5072 RasSstp - ok
13:40:59.0060 5072 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
13:40:59.0076 5072 rdbss - ok
13:40:59.0076 5072 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
13:40:59.0076 5072 rdpbus - ok
13:40:59.0076 5072 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:40:59.0076 5072 RDPCDD - ok
13:40:59.0076 5072 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
13:40:59.0076 5072 RDPDR - ok
13:40:59.0091 5072 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
13:40:59.0091 5072 RDPENCDD - ok
13:40:59.0091 5072 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
13:40:59.0091 5072 RDPREFMP - ok
13:40:59.0091 5072 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
13:40:59.0091 5072 RdpVideoMiniport - ok
13:40:59.0107 5072 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
13:40:59.0107 5072 RDPWD - ok
13:40:59.0107 5072 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
13:40:59.0107 5072 rdyboost - ok
13:40:59.0123 5072 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
13:40:59.0123 5072 RemoteAccess - ok
13:40:59.0123 5072 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
13:40:59.0123 5072 RemoteRegistry - ok
13:40:59.0123 5072 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
13:40:59.0138 5072 RpcEptMapper - ok
13:40:59.0138 5072 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
13:40:59.0138 5072 RpcLocator - ok
13:40:59.0154 5072 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
13:40:59.0154 5072 RpcSs - ok
13:40:59.0154 5072 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
13:40:59.0154 5072 rspndr - ok
13:40:59.0169 5072 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
13:40:59.0169 5072 s3cap - ok
13:40:59.0169 5072 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:40:59.0169 5072 SamSs - ok
13:40:59.0169 5072 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
13:40:59.0169 5072 sbp2port - ok
13:40:59.0185 5072 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
13:40:59.0185 5072 SCardSvr - ok
13:40:59.0185 5072 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
13:40:59.0185 5072 scfilter - ok
13:40:59.0216 5072 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
13:40:59.0216 5072 Schedule - ok
13:40:59.0232 5072 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
13:40:59.0232 5072 SCPolicySvc - ok
13:40:59.0247 5072 scskusbf (35c94d8800e06518657aa36838671e89) C:\Windows\syswow64\drivers\scskusbf.sys
13:40:59.0247 5072 scskusbf - ok
13:40:59.0263 5072 scskusbs (33ad7e6ce0be966c0a017251c15aaa84) C:\Windows\syswow64\drivers\scskusbs.sys
13:40:59.0263 5072 scskusbs - ok
13:40:59.0263 5072 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
13:40:59.0263 5072 SDRSVC - ok
13:40:59.0279 5072 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:40:59.0279 5072 secdrv - ok
13:40:59.0279 5072 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
13:40:59.0279 5072 seclogon - ok
13:40:59.0279 5072 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
13:40:59.0279 5072 SENS - ok
13:40:59.0294 5072 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
13:40:59.0294 5072 SensrSvc - ok
13:40:59.0294 5072 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
13:40:59.0294 5072 Serenum - ok
13:40:59.0294 5072 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
13:40:59.0294 5072 Serial - ok
13:40:59.0294 5072 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
13:40:59.0294 5072 sermouse - ok
13:40:59.0310 5072 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
13:40:59.0310 5072 SessionEnv - ok
13:40:59.0310 5072 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
13:40:59.0310 5072 sffdisk - ok
13:40:59.0310 5072 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
13:40:59.0310 5072 sffp_mmc - ok
13:40:59.0310 5072 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
13:40:59.0310 5072 sffp_sd - ok
13:40:59.0310 5072 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
13:40:59.0310 5072 sfloppy - ok
13:40:59.0325 5072 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
13:40:59.0325 5072 SharedAccess - ok
13:40:59.0341 5072 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
13:40:59.0341 5072 ShellHWDetection - ok
13:40:59.0357 5072 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:40:59.0357 5072 SiSRaid2 - ok
13:40:59.0357 5072 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
13:40:59.0357 5072 SiSRaid4 - ok
13:40:59.0357 5072 SkypeUpdate (f07af60b152221472fbdb2fecec4896d) E:\Skype\Updater\Updater.exe
13:40:59.0357 5072 SkypeUpdate - ok
13:40:59.0357 5072 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
13:40:59.0357 5072 Smb - ok
13:40:59.0372 5072 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
13:40:59.0372 5072 SNMPTRAP - ok
13:40:59.0372 5072 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
13:40:59.0372 5072 spldr - ok
13:40:59.0388 5072 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
13:40:59.0388 5072 Spooler - ok
13:40:59.0497 5072 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
13:40:59.0528 5072 sppsvc - ok
13:40:59.0559 5072 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
13:40:59.0559 5072 sppuinotify - ok
13:40:59.0575 5072 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
13:40:59.0575 5072 srv - ok
13:40:59.0591 5072 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
13:40:59.0591 5072 srv2 - ok
13:40:59.0606 5072 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
13:40:59.0606 5072 srvnet - ok
13:40:59.0606 5072 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
13:40:59.0606 5072 SSDPSRV - ok
13:40:59.0622 5072 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
13:40:59.0622 5072 SstpSvc - ok
13:40:59.0622 5072 Steam Client Service - ok
13:40:59.0637 5072 Stereo Service (8544a200c40447e465f06e58687428bb) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
13:40:59.0637 5072 Stereo Service - ok
13:40:59.0637 5072 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
13:40:59.0637 5072 stexstor - ok
13:40:59.0653 5072 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
13:40:59.0669 5072 stisvc - ok
13:40:59.0669 5072 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
13:40:59.0669 5072 storflt - ok
13:40:59.0669 5072 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
13:40:59.0669 5072 StorSvc - ok
13:40:59.0669 5072 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
13:40:59.0669 5072 storvsc - ok
13:40:59.0669 5072 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
13:40:59.0684 5072 swenum - ok
13:40:59.0700 5072 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
13:40:59.0700 5072 swprv - ok
13:40:59.0700 5072 Synth3dVsc - ok
13:40:59.0747 5072 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
13:40:59.0762 5072 SysMain - ok
13:40:59.0793 5072 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
13:40:59.0793 5072 TabletInputService - ok
13:40:59.0809 5072 tap0901 (f0b9d3ed88e56d3cd713dff21e42aaf0) C:\Windows\system32\DRIVERS\tap0901.sys
13:40:59.0809 5072 tap0901 - ok
13:40:59.0809 5072 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
13:40:59.0809 5072 TapiSrv - ok
13:40:59.0825 5072 TBPanel - ok
13:40:59.0825 5072 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
13:40:59.0825 5072 TBS - ok
13:40:59.0887 5072 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
13:40:59.0887 5072 Tcpip - ok
13:40:59.0981 5072 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
13:40:59.0996 5072 TCPIP6 - ok
13:41:00.0027 5072 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
13:41:00.0027 5072 tcpipreg - ok
13:41:00.0027 5072 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
13:41:00.0027 5072 TDPIPE - ok
13:41:00.0043 5072 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
13:41:00.0043 5072 TDTCP - ok
13:41:00.0043 5072 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
13:41:00.0043 5072 tdx - ok
13:41:00.0043 5072 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
13:41:00.0043 5072 TermDD - ok
13:41:00.0074 5072 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
13:41:00.0074 5072 TermService - ok
13:41:00.0074 5072 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
13:41:00.0074 5072 Themes - ok
13:41:00.0090 5072 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:41:00.0090 5072 THREADORDER - ok
13:41:00.0090 5072 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
13:41:00.0090 5072 TrkWks - ok
13:41:00.0105 5072 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
13:41:00.0105 5072 TrustedInstaller - ok
13:41:00.0105 5072 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:41:00.0105 5072 tssecsrv - ok
13:41:00.0105 5072 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
13:41:00.0121 5072 TsUsbFlt - ok
13:41:00.0121 5072 tsusbhub - ok
13:41:00.0121 5072 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
13:41:00.0121 5072 tunnel - ok
13:41:00.0121 5072 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
13:41:00.0121 5072 uagp35 - ok
13:41:00.0137 5072 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
13:41:00.0137 5072 udfs - ok
13:41:00.0152 5072 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
13:41:00.0152 5072 UI0Detect - ok
13:41:00.0152 5072 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
13:41:00.0152 5072 uliagpkx - ok
13:41:00.0152 5072 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
13:41:00.0168 5072 umbus - ok
13:41:00.0168 5072 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
13:41:00.0168 5072 UmPass - ok
13:41:00.0168 5072 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
13:41:00.0168 5072 UmRdpService - ok
13:41:00.0183 5072 UMVPFSrv (927754abf077aeb5504be4e0f2c60c1b) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
13:41:00.0199 5072 UMVPFSrv - ok
13:41:00.0199 5072 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
13:41:00.0215 5072 upnphost - ok
13:41:00.0215 5072 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
13:41:00.0215 5072 usbaudio - ok
13:41:00.0215 5072 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
13:41:00.0215 5072 usbccgp - ok
13:41:00.0230 5072 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
13:41:00.0230 5072 usbcir - ok
13:41:00.0230 5072 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
13:41:00.0230 5072 usbehci - ok
13:41:00.0246 5072 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
13:41:00.0246 5072 usbhub - ok
13:41:00.0246 5072 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
13:41:00.0246 5072 usbohci - ok
13:41:00.0246 5072 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
13:41:00.0246 5072 usbprint - ok
13:41:00.0246 5072 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:41:00.0261 5072 USBSTOR - ok
13:41:00.0261 5072 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
13:41:00.0261 5072 usbuhci - ok
13:41:00.0261 5072 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
13:41:00.0261 5072 usbvideo - ok
13:41:00.0277 5072 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
13:41:00.0277 5072 UxSms - ok
13:41:00.0277 5072 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:41:00.0277 5072 VaultSvc - ok
13:41:00.0277 5072 VClone (fd911873c0bb6945fa38c16e9a2b58f9) C:\Windows\system32\DRIVERS\VClone.sys
13:41:00.0277 5072 VClone - ok
13:41:00.0277 5072 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
13:41:00.0277 5072 vdrvroot - ok
13:41:00.0293 5072 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
13:41:00.0308 5072 vds - ok
13:41:00.0308 5072 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
13:41:00.0308 5072 vga - ok
13:41:00.0308 5072 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
13:41:00.0308 5072 VgaSave - ok
13:41:00.0308 5072 VGPU - ok
13:41:00.0324 5072 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
13:41:00.0324 5072 vhdmp - ok
13:41:00.0324 5072 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
13:41:00.0324 5072 viaide - ok
13:41:00.0324 5072 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
13:41:00.0324 5072 vmbus - ok
13:41:00.0339 5072 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
13:41:00.0339 5072 VMBusHID - ok
13:41:00.0339 5072 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
13:41:00.0339 5072 volmgr - ok
13:41:00.0355 5072 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
13:41:00.0355 5072 volmgrx - ok
13:41:00.0371 5072 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
13:41:00.0371 5072 volsnap - ok
13:41:00.0371 5072 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
13:41:00.0371 5072 vsmraid - ok
13:41:00.0417 5072 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
13:41:00.0433 5072 VSS - ok
13:41:00.0464 5072 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
13:41:00.0464 5072 vwifibus - ok
13:41:00.0480 5072 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
13:41:00.0480 5072 W32Time - ok
13:41:00.0495 5072 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
13:41:00.0495 5072 WacomPen - ok
13:41:00.0495 5072 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:41:00.0495 5072 WANARP - ok
13:41:00.0495 5072 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:41:00.0495 5072 Wanarpv6 - ok
13:41:00.0527 5072 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
13:41:00.0542 5072 WatAdminSvc - ok
13:41:00.0589 5072 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
13:41:00.0589 5072 wbengine - ok
13:41:00.0636 5072 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
13:41:00.0636 5072 WbioSrvc - ok
13:41:00.0651 5072 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
13:41:00.0651 5072 wcncsvc - ok
13:41:00.0667 5072 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
13:41:00.0667 5072 WcsPlugInService - ok
13:41:00.0667 5072 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
13:41:00.0667 5072 Wd - ok
13:41:00.0698 5072 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
13:41:00.0698 5072 Wdf01000 - ok
13:41:00.0698 5072 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:41:00.0698 5072 WdiServiceHost - ok
13:41:00.0714 5072 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:41:00.0714 5072 WdiSystemHost - ok
13:41:00.0714 5072 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
13:41:00.0729 5072 WebClient - ok
13:41:00.0729 5072 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
13:41:00.0729 5072 Wecsvc - ok
13:41:00.0745 5072 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
13:41:00.0745 5072 wercplsupport - ok
13:41:00.0745 5072 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
13:41:00.0745 5072 WerSvc - ok
13:41:00.0761 5072 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
13:41:00.0761 5072 WfpLwf - ok
13:41:00.0761 5072 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
13:41:00.0761 5072 WIMMount - ok
13:41:00.0761 5072 WinDefend - ok
13:41:00.0761 5072 WinHttpAutoProxySvc - ok
13:41:00.0776 5072 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
13:41:00.0776 5072 Winmgmt - ok
13:41:00.0839 5072 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
13:41:00.0854 5072 WinRM - ok
13:41:00.0901 5072 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
13:41:00.0901 5072 WinUsb - ok
13:41:00.0932 5072 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
13:41:00.0932 5072 Wlansvc - ok
13:41:01.0010 5072 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:41:01.0026 5072 wlidsvc - ok
13:41:01.0057 5072 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
13:41:01.0057 5072 WmiAcpi - ok
13:41:01.0073 5072 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
13:41:01.0073 5072 wmiApSrv - ok
13:41:01.0073 5072 WMPNetworkSvc - ok
13:41:01.0088 5072 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
13:41:01.0088 5072 WPCSvc - ok
13:41:01.0088 5072 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
13:41:01.0088 5072 WPDBusEnum - ok
13:41:01.0088 5072 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
13:41:01.0088 5072 ws2ifsl - ok
13:41:01.0104 5072 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
13:41:01.0104 5072 wscsvc - ok
13:41:01.0104 5072 WSearch - ok
13:41:01.0182 5072 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
13:41:01.0197 5072 wuauserv - ok
13:41:01.0229 5072 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
13:41:01.0229 5072 WudfPf - ok
13:41:01.0244 5072 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:41:01.0244 5072 WUDFRd - ok
13:41:01.0244 5072 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
13:41:01.0244 5072 wudfsvc - ok
13:41:01.0260 5072 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
13:41:01.0260 5072 WwanSvc - ok
13:41:01.0260 5072 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2
13:41:01.0260 5072 \Device\Harddisk2\DR2 - ok
13:41:01.0260 5072 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
13:41:01.0338 5072 \Device\Harddisk0\DR0 - ok
13:41:01.0353 5072 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
13:41:01.0353 5072 \Device\Harddisk1\DR1 - ok
13:41:01.0353 5072 Boot (0x1200) (e5fe93ec76679b7ed5ac32beefb15126) \Device\Harddisk2\DR2\Partition0
13:41:01.0353 5072 \Device\Harddisk2\DR2\Partition0 - ok
13:41:01.0353 5072 Boot (0x1200) (914f484c919910b02683eaea9089dae6) \Device\Harddisk0\DR0\Partition0
13:41:01.0353 5072 \Device\Harddisk0\DR0\Partition0 - ok
13:41:01.0369 5072 Boot (0x1200) (d77dd9ba8b405be27260199ce0a92024) \Device\Harddisk0\DR0\Partition1
13:41:01.0369 5072 \Device\Harddisk0\DR0\Partition1 - ok
13:41:01.0369 5072 Boot (0x1200) (b75a7b0d0ff3ead9f97441de00e46f16) \Device\Harddisk1\DR1\Partition0
13:41:01.0369 5072 \Device\Harddisk1\DR1\Partition0 - ok
13:41:01.0385 5072 Boot (0x1200) (9cc41ba6b84bcb93e9caac656a25a565) \Device\Harddisk1\DR1\Partition1
13:41:01.0385 5072 \Device\Harddisk1\DR1\Partition1 - ok
13:41:01.0400 5072 Boot (0x1200) (30d9d1689b968b9b5aa66966da24c6aa) \Device\Harddisk1\DR1\Partition2
13:41:01.0400 5072 \Device\Harddisk1\DR1\Partition2 - ok
13:41:01.0416 5072 Boot (0x1200) (e72cd17969c1d34c6a02ab7340777b13) \Device\Harddisk1\DR1\Partition3
13:41:01.0416 5072 \Device\Harddisk1\DR1\Partition3 - ok
13:41:01.0416 5072 ============================================================
13:41:01.0416 5072 Scan finished
13:41:01.0416 5072 ============================================================
13:41:01.0431 6096 Detected object count: 0
13:41:01.0431 6096 Actual detected object count: 0


awsMBR quick

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-11 13:42:59
-----------------------------
13:42:59.389 OS Version: Windows x64 6.1.7601 Service Pack 1
13:42:59.389 Number of processors: 8 586 0x2A07
13:42:59.389 ComputerName: H-PC UserName: H
13:42:59.714 Initialize success
13:44:05.843 AVAST engine defs: 12081100
13:44:20.879 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
13:44:20.884 Disk 0 Vendor: KINGSTON CJRA Size: 122104MB BusType: 3
13:44:20.884 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
13:44:20.889 Disk 1 Vendor: WDC_WD64 01.0 Size: 610479MB BusType: 3
13:44:20.889 Disk 2 \Device\Harddisk2\DR2 -> \Device\Scsi\mv91xx1Port2Path0Target0Lun0
13:44:20.894 Disk 2 Vendor: ST310005 JC4B Size: 953869MB BusType: 11
13:44:20.899 Disk 0 MBR read successfully
13:44:20.899 Disk 0 MBR scan
13:44:20.904 Disk 0 Windows 7 default MBR code
13:44:20.909 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
13:44:20.914 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 122002 MB offset 206848
13:44:20.919 Disk 0 scanning C:\Windows\system32\drivers
13:44:22.934 Service scanning
13:44:29.025 Modules scanning
13:44:29.035 Disk 0 trace - called modules:
13:44:29.040 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
13:44:29.045 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008d14790]
13:44:29.045 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800762b050]
13:44:29.380 AVAST engine scan C:\Windows
13:44:30.065 AVAST engine scan C:\Windows\system32
13:45:24.444 AVAST engine scan C:\Windows\system32\drivers
13:45:26.994 AVAST engine scan C:\Users\H
13:45:52.261 AVAST engine scan C:\ProgramData
13:45:56.302 Scan finished successfully
13:46:20.440 Disk 0 MBR has been saved successfully to "E:\[Desk]\Desktop\MBR.dat"
13:46:20.440 The log file has been saved successfully to "E:\[Desk]\Desktop\aswMBR log.txt"


awsMBR C

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-11 13:46:44
-----------------------------
13:46:44.257 OS Version: Windows x64 6.1.7601 Service Pack 1
13:46:44.257 Number of processors: 8 586 0x2A07
13:46:44.257 ComputerName: H-PC UserName: H
13:46:44.647 Initialze error C000010E - driver not loaded
13:46:44.667 write error "aswCmnB.dll". The process cannot access the file because it is being used by another process.
13:46:47.413 AVAST engine defs: 12081100
13:47:00.304 Service scanning
13:47:06.359 Modules scanning
13:47:06.364 Disk 0 trace - called modules:
13:47:06.364
13:47:06.770 AVAST engine scan C:\
13:48:30.081 File: C:\Qoobox\Quarantine\C\Windows\assembly\GAC_32\Desktop.ini.vir **INFECTED** Win32:Sirefef-PL [Rtk]
13:48:30.091 File: C:\Qoobox\Quarantine\C\Windows\assembly\GAC_64\Desktop.ini.vir **INFECTED** Win32:Sirefef-PL [Rtk]
13:55:02.073 Scan finished successfully
13:55:25.060 The log file has been saved successfully to "E:\[Desk]\Desktop\aswMBR log C.txt"


awsMBR E

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-11 13:55:30
-----------------------------
13:55:30.968 OS Version: Windows x64 6.1.7601 Service Pack 1
13:55:30.968 Number of processors: 8 586 0x2A07
13:55:30.968 ComputerName: H-PC UserName: H
13:55:31.773 Initialize success
13:55:34.538 AVAST engine defs: 12081100
13:55:47.039 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
13:55:47.044 Disk 0 Vendor: KINGSTON CJRA Size: 122104MB BusType: 3
13:55:47.044 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
13:55:47.049 Disk 1 Vendor: WDC_WD64 01.0 Size: 610479MB BusType: 3
13:55:47.049 Disk 2 \Device\Harddisk2\DR2 -> \Device\Scsi\mv91xx1Port2Path0Target0Lun0
13:55:47.054 Disk 2 Vendor: ST310005 JC4B Size: 953869MB BusType: 11
13:55:47.059 Disk 0 MBR read successfully
13:55:47.064 Disk 0 MBR scan
13:55:47.069 Disk 0 Windows 7 default MBR code
13:55:47.069 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
13:55:47.074 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 122002 MB offset 206848
13:55:47.079 Disk 0 scanning C:\Windows\system32\drivers
13:55:49.169 Service scanning
13:55:55.245 Modules scanning
13:55:55.255 Disk 0 trace - called modules:
13:55:55.260 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
13:55:55.265 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008d14790]
13:55:55.270 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800762b050]
13:55:55.415 AVAST engine scan E:\
13:59:31.336 Scan finished successfully
14:00:07.665 Disk 0 MBR has been saved successfully to "E:\[Desk]\Desktop\MBR.dat"
14:00:07.670 The log file has been saved successfully to "E:\[Desk]\Desktop\aswMBR E.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:11 AM

Posted 11 August 2012 - 10:29 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\program files (x86)\uTorrentControl2

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 aragonian

aragonian
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 11 August 2012 - 11:14 AM

Hi there,

did as you requested. Below is the new Combofix log.

Computer is running fine. Perhaps not relevant, but so far I have not needed to restart it at all. In other words, it has been running throughout at least the last 2-3 procedures without restart or shut down.

Combofix log

ComboFix 12-08-09.01 - H 11.08.2012 19:04:46.2.8 - x64
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.358.1033.18.8169.5644 [GMT 3:00]
Sijainti: e:\[desk]\Desktop\ComboFix.exe
Käytetyt komentorivivalitsimet :: e:\[desk]\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: COMODO Firewall *Disabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\uTorrentControl2
c:\program files (x86)\uTorrentControl2\GottenAppsContextMenu.xml
c:\program files (x86)\uTorrentControl2\ldrtbuTor.dll
c:\program files (x86)\uTorrentControl2\OtherAppsContextMenu.xml
c:\program files (x86)\uTorrentControl2\prxtbuTor.dll
c:\program files (x86)\uTorrentControl2\SharedAppsContextMenu.xml
c:\program files (x86)\uTorrentControl2\tbuTor.dll
c:\program files (x86)\uTorrentControl2\toolbar.cfg
c:\program files (x86)\uTorrentControl2\ToolbarContextMenu.xml
c:\program files (x86)\uTorrentControl2\uninstall.exe
c:\program files (x86)\uTorrentControl2\uTorrentControl2ToolbarHelper.exe
.
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2012-07-11 to 2012-08-11 )))))))))))))))))
.
.
2012-08-11 16:06 . 2012-08-11 16:06 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-08-11 16:06 . 2012-08-11 16:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-10 16:27 . 2012-08-11 09:04 41527 ----a-w- c:\windows\SysWow64\epfwdata.bin
2012-08-10 12:00 . 2012-08-10 12:00 -------- d-----w- c:\users\H\AppData\Roaming\AVG2012
2012-08-10 12:00 . 2012-08-10 12:00 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-08-10 12:00 . 2012-08-11 14:03 -------- d-----w- c:\windows\system32\drivers\AVG
2012-08-10 12:00 . 2012-08-10 12:12 -------- d-----w- c:\programdata\AVG2012
2012-08-10 12:00 . 2012-08-10 12:00 -------- d-----w- C:\$AVG
2012-08-10 12:00 . 2012-08-10 12:00 -------- d-----w- c:\program files (x86)\AVG
2012-08-10 11:58 . 2012-08-11 14:03 -------- d-----w- c:\programdata\MFAData
2012-08-10 11:58 . 2012-08-10 11:58 -------- d--h--w- c:\programdata\Common Files
2012-08-10 11:36 . 2012-08-10 11:36 -------- d-----w- c:\program files\ESET
2012-08-10 10:47 . 2012-08-10 10:47 -------- d-----w- c:\program files (x86)\ESET
2012-08-10 10:42 . 2012-08-10 10:42 -------- d-----w- c:\users\H\AppData\Roaming\f-secure
2012-08-10 10:42 . 2012-08-10 10:42 -------- d-----w- c:\programdata\F-Secure
2012-08-10 10:31 . 2012-08-10 10:31 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-10 10:24 . 2012-08-10 10:24 278 ----a-w- C:\fix.bat
2012-08-09 07:12 . 2012-08-09 07:12 138320 ----a-r- c:\windows\SysWow64\CKAgent.exe
2012-08-09 07:12 . 2012-08-09 07:12 137128 ----a-r- c:\windows\system32\CKAgent.exe
2012-08-01 09:20 . 2012-08-01 09:20 209216 ----a-w- c:\windows\SysWow64\npkcmsvc.exe
2012-08-01 09:20 . 2012-08-01 09:20 48960 ----a-w- c:\windows\SysWow64\npkcft64.sys
2012-08-01 09:20 . 2012-08-01 09:20 47936 ----a-w- c:\windows\SysWow64\npkuft64.sys
2012-08-01 09:20 . 2012-08-01 09:20 214624 ----a-w- c:\windows\SysWow64\npkcbk64.exe
2012-07-28 17:18 . 2012-07-28 17:18 -------- d-----w- c:\program files (x86)\VideoLAN
2012-07-28 17:04 . 2012-07-28 17:04 -------- d-----w- c:\users\H\AppData\Local\Macromedia
2012-07-28 16:04 . 2012-08-09 06:39 -------- d-----w- c:\users\H\AppData\Roaming\xsecva
2012-07-28 15:21 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-07-28 15:21 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-07-28 15:21 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-07-28 15:21 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-07-28 15:21 . 2012-06-02 12:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-07-28 15:21 . 2012-06-02 12:15 36864 ----a-w- c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-09 07:16 . 2011-10-26 18:31 373640 ----a-w- c:\windows\SysWow64\SCSKUSB64Restarter.exe
2012-08-09 07:15 . 2012-05-06 20:49 40848 ----a-w- c:\windows\SysWow64\drivers\scskusbs.sys
2012-08-09 07:15 . 2012-05-06 20:49 18832 ----a-w- c:\windows\SysWow64\drivers\scskusbf.sys
2012-08-09 07:12 . 2011-10-25 06:34 19016 ----a-w- c:\windows\system32\JRSUKD25.SYS
2012-08-09 07:12 . 2011-10-25 06:34 141848 ----a-w- c:\windows\system32\kcrtx64.sys
2012-08-03 14:30 . 2012-04-15 08:24 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-03 14:30 . 2011-10-24 15:57 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-11_09.14.50 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-08-10 11:42 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-08-11 09:14 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-08-10 11:42 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-11 09:14 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-10 11:42 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-11 09:14 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 05:10 . 2012-08-11 09:16 33342 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-10-24 14:54 . 2012-08-11 09:14 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-10-24 14:54 . 2012-08-10 11:42 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-10-24 14:54 . 2012-08-11 09:14 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-10-24 14:54 . 2012-08-10 11:42 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-11 09:14 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-10 11:42 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-08-11 09:20 79560 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-10-24 15:08 . 2012-08-11 09:16 5718 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2251180479-1136751103-97254505-1000_UserData.bin
+ 2012-08-11 09:14 . 2012-08-11 09:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-07-14 04:45 . 2012-08-09 06:40 6818678 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2012-08-11 09:16 6818678 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\H\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\H\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\H\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\H\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-07-28 1193176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-05 283160]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"BCSSync"="e:\office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe Acrobat Speed Launcher"="e:\adobe\Acrobat 9\Acrobat\Acrobat_sl.exe" [2012-03-27 40376]
"Acrobat Assistant 8.0"="e:\adobe\Acrobat 9\Acrobat\Acrotray.exe" [2012-03-26 640440]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Mionix NAOS 5000"="e:\mionix\NAOS_Monitor.EXE" [2010-01-05 184320]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-07 421736]
"VirtualCloneDrive"="e:\virtualclonedrive\VCDDaemon.exe" [2011-03-07 89456]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"UpdatePSTShortCut"="e:\cyberlink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" [2010-06-02 222504]
"UpdatePPShortCut"="e:\cyberlink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"UpdateP2GoShortCut"="e:\cyberlink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"UCam_Menu"="e:\cyberlink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-17 218408]
"RemoteControl9"="e:\cyberlink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"MDS_Menu"="e:\cyberlink\MediaShow4\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"LWS"="e:\logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336]
"CLMLServer"="e:\cyberlink\Power2Go\CLMLSvc.exe" [2009-12-15 103720]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2010-05-14 75048]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-26 375000]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
.
c:\users\H\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\H\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
Logitech . Tuotteen rekisteröinti.lnk - e:\logitech\Ereg\eReg.exe [2009-11-16 517384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-07-04 5160568]
R2 CLKMSVC10_6B71DF9C;CyberLink Product - 2011/11/13 22:17;e:\cyberlink\PowerDVD9\NavFilter\kmsvc.exe [2010-05-14 246256]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]
R2 SkypeUpdate;Skype Updater;e:\skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 250056]
R3 JRSKD24;JRSKD24;c:\windows\system32\JRSKD24.SYS [x]
R3 kcrtx64;kcrtx64;c:\windows\system32\kcrtx64.sys [2012-08-09 141848]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;e:\office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-02 113120]
R3 NPIDS;NPIDS;c:\windows\system32\NpIdsVt64.sys [2010-09-07 54880]
R3 npkcft64;npkcft64;c:\windows\SysWOW64\npkcft64.sys [2012-08-01 48960]
R3 npkuft64;npkuft64;c:\windows\SysWOW64\npkuft64.sys [2012-08-01 47936]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 scskusbs;USB SCSK Driver Service;syswow64\drivers\scskusbs.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-25 1255736]
R4 FreemakeVideoCapture;FreemakeVideoCapture;e:\freemake\CaptureLib\CaptureLibService.exe [2011-11-24 8704]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [2010-11-22 303408]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2011-12-19 577824]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2011-12-19 43248]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2010-08-12 133800]
S2 nPStarterSVC;nProtect Starter;c:\windows\system32\nPStarterSVC.exe [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-10 2348352]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-09 382272]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-08-19 450848]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [2010-09-21 313520]
S3 JRSUKD25;JRSUKD25;c:\windows\system32\JRSUKD25.SYS [2012-08-09 19016]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2011-08-19 351136]
S3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2011-08-19 4869024]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [2008-03-13 27136]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-01-17 188224]
S3 scskusbf;USB SCSK Filter Driver Service;syswow64\drivers\scskusbf.sys [x]
.
.
--- Muut muistissa olevat ajurit/palvelut ---
.
*NewlyCreated* - 45475980
*NewlyCreated* - ASWMBR
*NewlyCreated* - AVGIDSHA
*NewlyCreated* - WS2IFSL
*Deregistered* - 45475980
*Deregistered* - aswMBR
*Deregistered* - CLKMDRV10_6B71DF9C
.
'Ajoitetut tehtävät'-kansion sisältö
.
2012-08-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 14:30]
.
2012-08-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2251180479-1136751103-97254505-1000Core.job
- c:\users\H\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-20 08:54]
.
2012-08-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2251180479-1136751103-97254505-1000UA.job
- c:\users\H\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-20 08:54]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\H\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\H\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\H\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\H\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11545192]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-12-21 9454920]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Täydentävä tarkistus -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=localhost:8118
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - e:\office\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - e:\office\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.254
DPF: {477D5B9A-6479-44F8-9718-9340119B0308} - hxxp://www.hanabank.com/resource/download/veraport/down/veraport20.cab
DPF: {51B1D5ED-67DC-43F0-A3F8-8502F1A5E404} - hxxp://update.nprotect.net/nprotect2007/samsungcard/npstarter_77111.cab
DPF: {62076E39-043C-4A5A-BF17-D8A2128ACD93} - hxxp://pib.wooribank.com/com/installer/interezen/WRebw.cab
DPF: {646232F1-8C70-4806-9499-BA01A59FDA74} - hxxps://www.yessign.or.kr/main/yessignCert/yessign7.cab
DPF: {77CDF0B2-CDD6-4624-8BC5-0673695457D3} - hxxps://www.yessign.or.kr/main/yessignCert/yessign7CMP.cab
DPF: {967386A1-409E-431A-A93A-FB5FEFF86A58} - hxxp://bank.keb.co.kr/veraport/veraport.cab
DPF: {B33FEBDC-FF38-4D0F-9C76-58C4733947AD} - hxxp://bank.keb.co.kr/activex/AxSignGATE_vista.cab
DPF: {F939FEB8-9518-4A4A-BE60-D10FFB9557F2} - hxxp://download.kbstar.com/security/nprotect/netizenv55/npenkIEInstall5.cab
FF - ProfilePath - c:\users\H\AppData\Roaming\Mozilla\Firefox\Profiles\02bpcrnz.default\
FF - prefs.js: browser.startup.homepage - hxxps://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=http://mail.google.com/mail/&scc=1&ltmpl=default&ltmplcache=2
.
- - - - POISTETUT JÄMÄRIVIT - - - -
.
URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files (x86)\uTorrentControl2\prxtbuTor.dll
BHO-{687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files (x86)\uTorrentControl2\prxtbuTor.dll
Toolbar-{687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files (x86)\uTorrentControl2\prxtbuTor.dll
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
AddRemove-uTorrentControl2 Toolbar - c:\program files (x86)\uTorrentControl2\uninstall.exe
.
.
.
--------------------- LUKITUT REKISTERIAVAIMET ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Valmistumisajankohta: 2012-08-11 19:08:10
ComboFix-quarantined-files.txt 2012-08-11 16:08
ComboFix2.txt 2012-08-11 09:16
.
Ennen ajoa: 7 792 791 552 bytes free
Ajon jälkeen: 7 720 144 896 bytes free
.
- - End Of File - - ECAB5BBC36F19DAC7DD6DD3EA5689F5F

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:11 AM

Posted 11 August 2012 - 11:45 AM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 aragonian

aragonian
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 11 August 2012 - 11:51 AM

Hi,

here you go!

There are some programs I don't recognize (like the LWS ones, erLT, npEfdsWCtrl...)

Adobe Acrobat 9 Pro
Adobe Acrobat 9.5.1 - CPSID_83708
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Apple Application Support
Apple Software Update
µTorrent
AxSignGATE 2.0
Battlefield 3™
Battlelog Web Plugins
Browser Configuration Utility
Call of Duty: Modern Warfare 3
Call of Duty: Modern Warfare 3 - Dedicated Server
Call of Duty: Modern Warfare 3 - Multiplayer
CameraHelperMsi
Cities XL 2011
CyberLink BD Advisor 2.0
CyberLink Blu-ray Disc Suite
CyberLink LG Burning Tool
CyberLink MediaShow
CyberLink PowerDVD 9
CyberLink PowerProducer
CyberLink YouCam
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Delfino-x86 version 1.0.5.12
Dropbox
EndNote X5
erLT
ESET Online Scanner v3
ESN Sonar
Fliqlo Screen Saver
Freemake Video Downloader
Google Talk Plugin
INISafeWeb 7.0 (SFilter v1.0)
Intel® Management Engine Components
Intel® Rapid Storage Technology
Java Auto Updater
Java™ 6 Update 32
JMicron JMB36X Driver
KaraFun Player
King's Quest I: Quest for the Crown (4.1c)
LG Tool Kit
Logitech Webcam Software
Logitech Vid HD
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Webcam Software
LWS Video Mask Maker
LWS WLM Plugin
LWS YouTube Plugin
ManyCam 2.6.65 (remove only)
marvell 91xx driver
Microsoft Flight
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Mionix NAOS 5000 Laser Gaming Mouse
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
npEfdsWCtrl
nProtect KeyCrypt
nProtect Netizen SVC (remove only)
nProtect Netizen v5.5
NVIDIA 3D Vision Controller Driver
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
Opera 12.01
Origin
Picasa 3
Pixlr-o-matic
Portal 2
PunkBuster Services
Realtek High Definition Audio Driver
Renesas Electronics USB 3.0 Host Controller Driver
ResearchSoft Direct Export Helper
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Sid Meier's Civilization V
Skype™ 5.10
SMRecorder 1.2.3
SoftCamp Secure KeyStroke 4.0
Spotify
Steam
Team Fortress 2
The Sims™ 3
TouchEn Key with E2E for 32bit
TreeSize Free V2.7
Ubisoft Game Launcher
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
uTorrentControl2 Toolbar
VASSAL (3.1.18)
VeraPort (º¸¾È¸ðµâ°ü¸® ÇÁ·Î±×·¥)
Veraport20(Security module management) - 2,5,1,1
WinPcap 4.1.2
VirtualCloneDrive
Wisdom-soft ScreenHunter 6.0 Free
Visual Studio 2008 x64 Redistributables
VLC media player 2.0.3
Vtune 7.20
XecureWeb Control
Xvid MPEG-4 Video Codec
yessign7 ActiveX Control

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:11 AM

Posted 11 August 2012 - 12:10 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

µTorrent
Java™ 6 Update 32
uTorrentControl2 Toolbar
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 aragonian

aragonian
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 11 August 2012 - 12:59 PM

Hi there,

followed your instructions. Here are the logs:

Computer is doing well and no alarms from AVG except cookie.Adtech in Opera folder. (Browsing beelingcomputer.com on Opera)

MBAM

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.11.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
H :: H-PC [administrator]

11.8.2012 20:47:43
mbam-log-2012-08-11 (20-47-43).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 215131
Time elapsed: 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


HijackThis

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:52:59, on 11.8.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\AVG\AVG2012\avgui.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Program Files (x86)\Opera\pluginwrapper\opera_plugin_wrapper.exe
C:\Users\H\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files (x86)\Opera\pluginwrapper\opera_plugin_wrapper.exe
C:\Users\H\AppData\Roaming\Spotify\spotify.exe
E:\[Desk]\Desktop\HijackThis.exe
C:\Users\H\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8118
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O2 - BHO: uTorrentControl2 - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Office\Office14\GROOVEEX.DLL
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - E:\Office\Office14\URLREDIR.DLL
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (file missing)
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [BCSSync] "E:\Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "E:\Adobe\Acrobat 9\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "E:\Adobe\Acrobat 9\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Mionix NAOS 5000] "E:\Mionix\NAOS_Monitor.EXE"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "E:\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [UpdatePSTShortCut] "E:\Cyberlink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "E:\Cyberlink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [UpdatePPShortCut] "E:\Cyberlink\PowerProducer\MUITransfer\MUIStartMenu.exe" "E:\Cyberlink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "E:\Cyberlink\Power2Go\MUITransfer\MUIStartMenu.exe" "E:\Cyberlink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UCam_Menu] "E:\Cyberlink\YouCam\MUITransfer\MUIStartMenu.exe" "E:\Cyberlink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [RemoteControl9] E:\Cyberlink\PowerDVD9\PDVD9Serv.exe
O4 - HKLM\..\Run: [MDS_Menu] "E:\Cyberlink\MediaShow4\MUITransfer\MUIStartMenu.exe" "E:\Cyberlink\MediaShow4" UpdateWithCreateOnce "Software\CyberLink\MediaShow\4.1"
O4 - HKLM\..\Run: [LWS] E:\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [CLMLServer] "E:\Cyberlink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
O4 - HKLM\..\Run: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] E:\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\H\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKUS\S-1-5-21-2251180479-1136751103-97254505-1004\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2251180479-1136751103-97254505-1004\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: Dropbox.lnk = H\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: Logitech . Tuotteen rekisteröinti.lnk = E:\Logitech\Ereg\eReg.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\Office\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://E:\Office\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Office\Office14\ONBttnIE.dll
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - E:\Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - E:\Office\Office14\ONBttnIELinkedNotes.dll
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\nwprovau.dll' missing
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {39FC0CF9-86F3-4502-B773-D16706EDEC83} (SCSK Control) - http://www.softcamp.co.kr/scsk/cab/SCSK4_WOW64.cab
O16 - DPF: {477D5B9A-6479-44F8-9718-9340119B0308} (Veraport20Ctl Class) - http://www.hanabank.com/resource/download/veraport/down/veraport20.cab
O16 - DPF: {51B1D5ED-67DC-43F0-A3F8-8502F1A5E404} (nPCom2 Control) - http://update.nprotect.net/nprotect2007/samsungcard/npstarter_77111.cab
O16 - DPF: {62076E39-043C-4A5A-BF17-D8A2128ACD93} (WRebw Module) - http://pib.wooribank.com/com/installer/interezen/WRebw.cab
O16 - DPF: {646232F1-8C70-4806-9499-BA01A59FDA74} (yessign7 Control) - https://www.yessign.or.kr/main/yessignCert/yessign7.cab
O16 - DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38} (XecureCKKB Class) - http://bank.keb.co.kr/XecureObject/CKKeyPro3026_32k.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {77CDF0B2-CDD6-4624-8BC5-0673695457D3} (yessign7 CMP Control) - https://www.yessign.or.kr/main/yessignCert/yessign7CMP.cab
O16 - DPF: {967386A1-409E-431A-A93A-FB5FEFF86A58} (AXMObjectCtl Class) - http://bank.keb.co.kr/veraport/veraport.cab
O16 - DPF: {B33FEBDC-FF38-4D0F-9C76-58C4733947AD} (SignGATE Class) - http://bank.keb.co.kr/activex/AxSignGATE_vista.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://update.nprotect.net/keycrypt/samsungcard/npkcx_1106141.cab
O16 - DPF: {F939FEB8-9518-4A4A-BE60-D10FFB9557F2} (nProtect Netizen v5.5) - http://download.kbstar.com/security/nprotect/netizenv55/npenkIEInstall5.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: s-http - {D37E6C5F-1C0F-47C0-A3B6-403EEC555402} - C:\Program Files (x86)\Initech\SHTTP\InitechSHTTPInterface.11010.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Product - 2011/11/13 22:17:26 (CLKMSVC10_6B71DF9C) - CyberLink - E:\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel® PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect Starter (nPStarterSVC) - INCA Internet Co., Ltd. - C:\Windows\system32\nPStarterSVC.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - E:\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 15405 bytes

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:11 AM

Posted 11 August 2012 - 01:10 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [BCSSync] "E:\Office\Office14\BCSSync.exe" /DelayServices
      O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "E:\Adobe\Acrobat 9\Acrobat\Acrobat_sl.exe"
      O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "E:\Adobe\Acrobat 9\Acrobat\Acrotray.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [VirtualCloneDrive] "E:\VirtualCloneDrive\VCDDaemon.exe" /s
      O4 - HKLM\..\Run: [UpdatePSTShortCut] "E:\Cyberlink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "E:\Cyberlink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
      O4 - HKLM\..\Run: [UpdatePPShortCut] "E:\Cyberlink\PowerProducer\MUITransfer\MUIStartMenu.exe" "E:\Cyberlink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
      O4 - HKLM\..\Run: [UpdateP2GoShortCut] "E:\Cyberlink\Power2Go\MUITransfer\MUIStartMenu.exe" "E:\Cyberlink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
      O4 - HKLM\..\Run: [RemoteControl9] E:\Cyberlink\PowerDVD9\PDVD9Serv.exe
      O4 - HKLM\..\Run: [MDS_Menu] "E:\Cyberlink\MediaShow4\MUITransfer\MUIStartMenu.exe" "E:\Cyberlink\MediaShow4" UpdateWithCreateOnce "Software\CyberLink\MediaShow\4.1"
      O4 - HKLM\..\Run: [CLMLServer] "E:\Cyberlink\Power2Go\CLMLSvc.exe"
      O4 - HKLM\..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
      O4 - HKLM\..\Run: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
      O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\H\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
      O4 - HKUS\S-1-5-21-2251180479-1136751103-97254505-1004\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
      O4 - HKUS\S-1-5-21-2251180479-1136751103-97254505-1004\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
      O4 - Startup: Dropbox.lnk = H\AppData\Roaming\Dropbox\bin\Dropbox.exe
      O4 - Startup: Logitech . Tuotteen rekisteröinti.lnk = E:\Logitech\Ereg\eReg.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 aragonian

aragonian
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 11 August 2012 - 02:12 PM

Hi there,

ESET found these:

C:\Qoobox\Quarantine\C\Users\H\AppData\Local\TempDIR\BetterInstaller.exe.vir a variant of Win32/Somoto.A application
C:\Qoobox\Quarantine\C\Windows\assembly\GAC_32\Desktop.ini.vir Win32/Sirefef.EZ trojan
C:\Qoobox\Quarantine\C\Windows\assembly\GAC_64\Desktop.ini.vir Win64/Sirefef.AD trojan
C:\Qoobox\Quarantine\C\Windows\System32\Services.exe.vir Win64/Patched.B.Gen trojan

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:11 AM

Posted 11 August 2012 - 02:29 PM

Hello

The Online scan looks very good!! It is only reporting backups created during the course of this fix!!


C:\Qoobox\Quarantine\<-- combofix


Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wrong time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.
:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standard today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.


  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)

    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 aragonian

aragonian
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 11 August 2012 - 02:54 PM

Hi Gringo,

your help was greatly appreciated! Thanks ever so much! I seems like all trouble solved and hopefully there won't be anything new in the horizon. I made a little donation as a sign of appreciation. Thanks again!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users