Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with multiple trojans & google redirects


  • This topic is locked This topic is locked
18 replies to this topic

#1 mortol2

mortol2

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:21 PM

Posted 02 September 2012 - 11:04 AM

Hi!

First off, thanks to all taking the time to look at this post.

My problem is that AVAST us telling me I have multiple trojans, notably variants of Sirefef. I usually run AVG, and was shocked when I switched to AVAST and all this came up. I am also receiving Google redirects, and am having trouble turning on windows firewall to the recommended settings. I am proficient with a computer, but this solution is evading me.

So, in a nutshell:

1)Windows Firewall wont turn on the recommended settings
2)AVAST! is reporting the following trojans:
Win32:Sirefef-AHF [Trj] (multiple variants in the "AHF" suffix)
generic28.ANIC
Backdoor.Generic15.AXLA

3) my google searches are regularly being redirected.


I am currently running windows 7 64x. Note that I originally bought the computer with Windows Vista, and was sent an installation cd for windows 7, which was promptly executed.

I have run the following programs unsuccessfully to try and rid myself of these virsuses/trojans:
Super-antispyware
Malwarebytes
AVG
Avast

I did commit a newbie faux-pas, and I apologise. A site told me that to fix my problem, to download Combo-fix (i didnt install it) and drag a text doc into it that would fix my problem (I should be smarter than this I know!) The text doc read:

c:\windows\system32\winupdate.exe
c:\windows\system32\winhelper.dll
c:\windows\system32\AVR09.exe
c:\Program Files\AdvancedVirusRemover\PAVRM.exe

I did it and saw the dos screen pop up for about 5 seconds that went really fast with text. (Apologies!)
Thats it, nothing else happened.

Can anyone help get rid of the problems I listed above?! Per the forum guide, I have copy/pasted my DDS log below.
I am at your disposal and again appreciate the time you are putting in.


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_29
Run by Mike at 11:17:11 on 2012-09-02
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.9207.7276 [GMT -4:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
C:\Windows\Explorer.EXE
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\lxeacoms.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe
C:\PROGRA~1\HEWLET~1\HPREMO~1\HPREMO~1.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Windows\splwow64.exe
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
uSearch Page =
uStart Page = hxxp://www.excite.com/
uSearch Bar =
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg32.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Advertising Cookie Opt-out: {8e425eb4-adbd-4816-b1e8-49bb9decf034} - C:\Program Files (x86)\Google\Advertising Cookie Opt-out\opt_out.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Updater For XFIN_PORTAL: {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll
BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1107\7.5.1107\TmBpIe32.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
TB: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Desktop Software] "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun: [UpdateLBPShortCut] "c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [UpdatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
mRun: [UpdatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE
mRun: [Lexmark S300-S400 Series] "C:\Program Files (x86)\Lexmark S300-S400 Series\fm3032.exe" /s
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2DEF4530-8CE6-41C9-84B6-A54536C90213} - hxxp://64.144.224.251/crystalreportviewers/activeXViewer/activexviewer.cab
DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} - hxxps://www.hpwindows7upgrade.arvato.com/north_america/Endcustomer/HPProdDetect.cab
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxps://wimpro2.cce.hp.com/ChatEntry/downloads/sysinfo.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} - hxxps://ediagnostics.lexmark.com/serval.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://attwm.webex.com/client/T25L10NSP41EP15-attwm/webex/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{635AE008-F15B-43EC-BB0C-DDEF4F4CAED0} : DhcpNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} -
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} -
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg32.dll
BHO-X64: Trend Micro NSC BHO - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Advertising Cookie Opt-out: {8E425EB4-ADBD-4816-B1E8-49BB9DECF034} - C:\Program Files (x86)\Google\Advertising Cookie Opt-out\opt_out.dll
BHO-X64: Advertising Cookie Opt-out - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Updater For XFIN_PORTAL: {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll
BHO-X64: Updater For XFIN_PORTAL - No File
BHO-X64: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1107\7.5.1107\TmBpIe32.dll
BHO-X64: TmBpIeBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB-X64: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
TB-X64: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun-x64: [UpdateLBPShortCut] "c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun-x64: [UpdateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [UpdatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
mRun-x64: [UpdatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE
mRun-x64: [Lexmark S300-S400 Series] "C:\Program Files (x86)\Lexmark S300-S400 Series\fm3032.exe" /s
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\qj17lozr.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.excite.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AntiSpywareService;Comcast AntiSpyware;C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [2009-6-17 616408]
R2 HPBtnSrv;HP Easy Backup Button Service;C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [2009-9-9 192512]
R2 lxea_device;lxea_device;C:\Windows\system32\lxeacoms.exe -service --> C:\Windows\system32\lxeacoms.exe -service [?]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y62x64.sys --> C:\Windows\system32\DRIVERS\e1y62x64.sys [?]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
R3 LVUVC64;Logitech QuickCam Pro 9000(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-9-27 133104]
S2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;C:\Windows\System32\spool\drivers\x64\3\lxeaserv.exe [2011-7-4 45736]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-3 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-31 250056]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-9-27 133104]
S3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-7-21 113120]
S3 PCPitstop Scheduling;PCPitstop Scheduling;C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe [2012-3-31 91816]
S3 SWDUMon;SWDUMon;C:\Windows\system32\DRIVERS\SWDUMon.sys --> C:\Windows\system32\DRIVERS\SWDUMon.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
.
=============== Created Last 30 ================
.
2012-09-01 03:50:23 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-09-01 03:50:23 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-09-01 03:35:14 -------- d-----w- C:\Program Files (x86)\PC Tools
2012-09-01 03:33:35 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2012-09-01 03:32:58 -------- d-----w- C:\Users\Mike\AppData\Roaming\TestApp
2012-09-01 03:32:58 -------- d-----w- C:\ProgramData\PC Tools
2012-09-01 03:28:32 -------- d-----w- C:\Program Files (x86)\Trojan Guarder
2012-09-01 03:28:20 -------- d-----w- C:\ProgramData\Tarma Installer
2012-09-01 03:20:59 -------- d-----w- C:\TEMP
2012-09-01 03:08:19 -------- d-----w- C:\Users\Mike\AppData\Local\adaware
2012-09-01 03:08:18 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection
2012-09-01 03:08:05 -------- d-----w- C:\Program Files (x86)\Ad-Aware Antivirus
2012-09-01 03:07:12 -------- d-----w- C:\Users\Mike\AppData\Roaming\Ad-Aware Antivirus
2012-09-01 03:06:30 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-09-01 02:08:04 46392 ----a-w- C:\Windows\System32\drivers\TMEBC64.sys
2012-09-01 02:07:13 59 ----a-w- C:\Windows\System32\SupportTool.exe.bat
2012-09-01 02:07:05 -------- d-----w- C:\ProgramData\Trend Micro
2012-09-01 02:01:57 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-08-26 13:14:17 -------- d-----w- C:\ProgramData\AVAST Software
2012-08-26 13:14:17 -------- d-----w- C:\Program Files\AVAST Software
2012-08-19 23:20:31 15712 ----a-w- C:\Windows\System32\drivers\SWDUMon.sys
2012-08-19 23:20:28 -------- d-----w- C:\Users\Mike\AppData\Local\SlimWare Utilities Inc
2012-08-19 23:20:21 -------- d-----w- C:\Program Files (x86)\DriverUpdate
2012-08-19 16:31:40 -------- d-----w- C:\ProgramData\GFI Software
2012-08-19 13:24:15 -------- d-----w- C:\Users\Mike\AppData\Local\Downloaded Installations
2012-08-18 14:33:14 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
.
==================== Find3M ====================
.
2012-08-15 01:33:11 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-15 01:33:11 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll
2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-06-27 07:06:53 1188864 ----a-w- C:\Windows\System32\wininet.dll
2012-06-27 05:53:07 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-27 04:53:10 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-27 04:10:55 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-16 05:16:04 609792 ----a-w- C:\Windows\System32\vbscript.dll
2012-06-16 04:26:57 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-06-07 00:59:42 1070152 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
.
============= FINISH: 11:17:23.27 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:21 AM

Posted 03 September 2012 - 12:07 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 mortol2

mortol2
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:21 PM

Posted 03 September 2012 - 07:11 AM

Thanks for the reply Gringo. I followed the instructions and Combofix has been runing for about 7 hours now. I think it has stalled. When I ran it, a black dos screen ran script for about 20 seconds and then the desktop went blank with no icons or start menu. I didn't make any clicks or distract the run in any way. How shall I proceed?

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:21 AM

Posted 03 September 2012 - 09:35 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 mortol2

mortol2
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:21 PM

Posted 03 September 2012 - 10:40 AM

Thanks Gringo. I manually rebooted and ran TDSSkiller and aswMBR, respectively. Please see the results below. I will kindly await your reply.

11:19:50.0660 5036 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
11:19:50.0972 5036 ============================================================
11:19:50.0972 5036 Current date / time: 2012/09/03 11:19:50.0972
11:19:50.0972 5036 SystemInfo:
11:19:50.0972 5036
11:19:50.0972 5036 OS Version: 6.1.7601 ServicePack: 1.0
11:19:50.0972 5036 Product type: Workstation
11:19:50.0972 5036 ComputerName: MIKEOHOME
11:19:50.0972 5036 UserName: Mike
11:19:50.0972 5036 Windows directory: C:\Windows
11:19:50.0972 5036 System windows directory: C:\Windows
11:19:50.0972 5036 Running under WOW64
11:19:50.0972 5036 Processor architecture: Intel x64
11:19:50.0972 5036 Number of processors: 8
11:19:50.0972 5036 Page size: 0x1000
11:19:50.0972 5036 Boot type: Normal boot
11:19:50.0972 5036 ============================================================
11:19:51.0331 5036 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:19:51.0378 5036 ============================================================
11:19:51.0378 5036 \Device\Harddisk0\DR0:
11:19:51.0378 5036 MBR partitions:
11:19:51.0378 5036 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x72939129
11:19:51.0378 5036 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x72939168, BlocksNum 0x1DCC859
11:19:51.0378 5036 ============================================================
11:19:51.0409 5036 C: <-> \Device\Harddisk0\DR0\Partition1
11:19:51.0456 5036 D: <-> \Device\Harddisk0\DR0\Partition2
11:19:51.0456 5036 ============================================================
11:19:51.0456 5036 Initialize success
11:19:51.0456 5036 ============================================================
11:20:03.0640 4276 ============================================================
11:20:03.0640 4276 Scan started
11:20:03.0640 4276 Mode: Manual;
11:20:03.0640 4276 ============================================================
11:20:03.0983 4276 ================ Scan system memory ========================
11:20:03.0983 4276 System memory - ok
11:20:03.0983 4276 ================ Scan services =============================
11:20:04.0123 4276 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
11:20:04.0123 4276 1394ohci - ok
11:20:04.0154 4276 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
11:20:04.0154 4276 ACPI - ok
11:20:04.0186 4276 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
11:20:04.0186 4276 AcpiPmi - ok
11:20:04.0264 4276 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:20:04.0264 4276 AdobeFlashPlayerUpdateSvc - ok
11:20:04.0310 4276 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
11:20:04.0310 4276 adp94xx - ok
11:20:04.0326 4276 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
11:20:04.0326 4276 adpahci - ok
11:20:04.0342 4276 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
11:20:04.0342 4276 adpu320 - ok
11:20:04.0373 4276 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
11:20:04.0373 4276 AeLookupSvc - ok
11:20:04.0404 4276 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
11:20:04.0404 4276 AFD - ok
11:20:04.0435 4276 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
11:20:04.0435 4276 agp440 - ok
11:20:04.0451 4276 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
11:20:04.0466 4276 ALG - ok
11:20:04.0498 4276 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
11:20:04.0498 4276 aliide - ok
11:20:04.0529 4276 [ C6F7A4E77158AF1B937F872392FF1B13 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
11:20:04.0544 4276 AMD External Events Utility - ok
11:20:04.0560 4276 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
11:20:04.0560 4276 amdide - ok
11:20:04.0576 4276 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
11:20:04.0576 4276 AmdK8 - ok
11:20:04.0716 4276 [ 21D749E3C8140B16C40A8273FD747899 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
11:20:04.0841 4276 amdkmdag - ok
11:20:04.0872 4276 [ 1AA6F50A8E7F8413377C979CEF5218A5 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
11:20:04.0872 4276 amdkmdap - ok
11:20:04.0872 4276 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
11:20:04.0872 4276 AmdPPM - ok
11:20:04.0903 4276 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
11:20:04.0903 4276 amdsata - ok
11:20:04.0919 4276 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
11:20:04.0919 4276 amdsbs - ok
11:20:04.0934 4276 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
11:20:04.0934 4276 amdxata - ok
11:20:05.0075 4276 [ F9DAC844B1D370DA4C984D4C22F5E696 ] AntiSpywareService C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
11:20:05.0075 4276 AntiSpywareService - ok
11:20:05.0106 4276 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
11:20:05.0106 4276 AppID - ok
11:20:05.0137 4276 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
11:20:05.0137 4276 AppIDSvc - ok
11:20:05.0184 4276 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
11:20:05.0184 4276 Appinfo - ok
11:20:05.0278 4276 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:20:05.0278 4276 Apple Mobile Device - ok
11:20:05.0324 4276 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
11:20:05.0324 4276 arc - ok
11:20:05.0340 4276 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
11:20:05.0340 4276 arcsas - ok
11:20:05.0356 4276 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
11:20:05.0356 4276 AsyncMac - ok
11:20:05.0387 4276 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
11:20:05.0402 4276 atapi - ok
11:20:05.0418 4276 [ 04A5815DF7E8B037DF674D3CCACC0C31 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
11:20:05.0418 4276 AtiHdmiService - ok
11:20:05.0543 4276 [ 21D749E3C8140B16C40A8273FD747899 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
11:20:05.0558 4276 atikmdag - ok
11:20:05.0621 4276 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:20:05.0621 4276 AudioEndpointBuilder - ok
11:20:05.0636 4276 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
11:20:05.0636 4276 AudioSrv - ok
11:20:05.0699 4276 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
11:20:05.0699 4276 AxInstSV - ok
11:20:05.0714 4276 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
11:20:05.0714 4276 b06bdrv - ok
11:20:05.0746 4276 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
11:20:05.0746 4276 b57nd60a - ok
11:20:05.0761 4276 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
11:20:05.0761 4276 BDESVC - ok
11:20:05.0792 4276 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
11:20:05.0792 4276 Beep - ok
11:20:05.0855 4276 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
11:20:05.0870 4276 BFE - ok
11:20:05.0886 4276 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
11:20:05.0886 4276 blbdrive - ok
11:20:05.0933 4276 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
11:20:05.0933 4276 Bonjour Service - ok
11:20:05.0980 4276 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
11:20:05.0980 4276 bowser - ok
11:20:05.0995 4276 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:20:05.0995 4276 BrFiltLo - ok
11:20:06.0011 4276 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:20:06.0011 4276 BrFiltUp - ok
11:20:06.0042 4276 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
11:20:06.0042 4276 BridgeMP - ok
11:20:06.0073 4276 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
11:20:06.0073 4276 Browser - ok
11:20:06.0089 4276 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
11:20:06.0104 4276 Brserid - ok
11:20:06.0120 4276 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
11:20:06.0120 4276 BrSerWdm - ok
11:20:06.0136 4276 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
11:20:06.0136 4276 BrUsbMdm - ok
11:20:06.0136 4276 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
11:20:06.0151 4276 BrUsbSer - ok
11:20:06.0151 4276 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
11:20:06.0151 4276 BTHMODEM - ok
11:20:06.0167 4276 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
11:20:06.0182 4276 bthserv - ok
11:20:06.0182 4276 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
11:20:06.0198 4276 cdfs - ok
11:20:06.0229 4276 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
11:20:06.0229 4276 cdrom - ok
11:20:06.0260 4276 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
11:20:06.0260 4276 CertPropSvc - ok
11:20:06.0276 4276 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
11:20:06.0276 4276 circlass - ok
11:20:06.0276 4276 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
11:20:06.0292 4276 CLFS - ok
11:20:06.0354 4276 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:20:06.0354 4276 clr_optimization_v2.0.50727_32 - ok
11:20:06.0401 4276 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:20:06.0401 4276 clr_optimization_v2.0.50727_64 - ok
11:20:06.0463 4276 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:20:06.0510 4276 clr_optimization_v4.0.30319_32 - ok
11:20:06.0526 4276 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:20:06.0526 4276 clr_optimization_v4.0.30319_64 - ok
11:20:06.0541 4276 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
11:20:06.0541 4276 CmBatt - ok
11:20:06.0588 4276 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
11:20:06.0588 4276 cmdide - ok
11:20:06.0619 4276 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
11:20:06.0619 4276 CNG - ok
11:20:06.0635 4276 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
11:20:06.0635 4276 Compbatt - ok
11:20:06.0666 4276 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
11:20:06.0666 4276 CompositeBus - ok
11:20:06.0666 4276 COMSysApp - ok
11:20:06.0682 4276 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
11:20:06.0682 4276 crcdisk - ok
11:20:06.0728 4276 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
11:20:06.0728 4276 CryptSvc - ok
11:20:06.0775 4276 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
11:20:06.0775 4276 DcomLaunch - ok
11:20:06.0822 4276 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
11:20:06.0822 4276 defragsvc - ok
11:20:06.0853 4276 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
11:20:06.0853 4276 DfsC - ok
11:20:06.0869 4276 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
11:20:06.0869 4276 Dhcp - ok
11:20:06.0884 4276 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
11:20:06.0884 4276 discache - ok
11:20:06.0916 4276 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
11:20:06.0916 4276 Disk - ok
11:20:06.0931 4276 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
11:20:06.0931 4276 Dnscache - ok
11:20:06.0978 4276 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
11:20:06.0994 4276 dot3svc - ok
11:20:06.0994 4276 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
11:20:06.0994 4276 DPS - ok
11:20:07.0040 4276 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
11:20:07.0040 4276 drmkaud - ok
11:20:07.0072 4276 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
11:20:07.0072 4276 DXGKrnl - ok
11:20:07.0103 4276 [ 761B9EDD97A021AA1922501B7A056635 ] e1yexpress C:\Windows\system32\DRIVERS\e1y62x64.sys
11:20:07.0103 4276 e1yexpress - ok
11:20:07.0118 4276 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
11:20:07.0118 4276 EapHost - ok
11:20:07.0181 4276 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
11:20:07.0243 4276 ebdrv - ok
11:20:07.0290 4276 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
11:20:07.0290 4276 EFS - ok
11:20:07.0337 4276 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
11:20:07.0337 4276 ehRecvr - ok
11:20:07.0368 4276 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
11:20:07.0368 4276 ehSched - ok
11:20:07.0384 4276 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
11:20:07.0399 4276 elxstor - ok
11:20:07.0430 4276 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
11:20:07.0430 4276 ErrDev - ok
11:20:07.0446 4276 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
11:20:07.0446 4276 EventSystem - ok
11:20:07.0477 4276 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
11:20:07.0477 4276 exfat - ok
11:20:07.0493 4276 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
11:20:07.0493 4276 fastfat - ok
11:20:07.0524 4276 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
11:20:07.0540 4276 Fax - ok
11:20:07.0555 4276 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
11:20:07.0555 4276 fdc - ok
11:20:07.0571 4276 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
11:20:07.0571 4276 fdPHost - ok
11:20:07.0571 4276 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
11:20:07.0571 4276 FDResPub - ok
11:20:07.0602 4276 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
11:20:07.0602 4276 FileInfo - ok
11:20:07.0602 4276 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
11:20:07.0602 4276 Filetrace - ok
11:20:07.0664 4276 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
11:20:07.0664 4276 FLEXnet Licensing Service - ok
11:20:07.0680 4276 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
11:20:07.0680 4276 flpydisk - ok
11:20:07.0696 4276 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
11:20:07.0696 4276 FltMgr - ok
11:20:07.0758 4276 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
11:20:07.0774 4276 FontCache - ok
11:20:07.0820 4276 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:20:07.0820 4276 FontCache3.0.0.0 - ok
11:20:07.0836 4276 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
11:20:07.0836 4276 FsDepends - ok
11:20:07.0867 4276 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
11:20:07.0867 4276 Fs_Rec - ok
11:20:07.0883 4276 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
11:20:07.0883 4276 fvevol - ok
11:20:07.0898 4276 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
11:20:07.0898 4276 gagp30kx - ok
11:20:07.0976 4276 [ 4FBCCBDD99A75C9EFBC90392CF32AF61 ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
11:20:07.0992 4276 GameConsoleService - ok
11:20:08.0054 4276 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:20:08.0054 4276 GEARAspiWDM - ok
11:20:08.0086 4276 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
11:20:08.0086 4276 gpsvc - ok
11:20:08.0132 4276 [ 626A24ED1228580B9518C01930936DF9 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:20:08.0132 4276 gupdate - ok
11:20:08.0164 4276 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:20:08.0164 4276 gupdatem - ok
11:20:08.0179 4276 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
11:20:08.0179 4276 hcw85cir - ok
11:20:08.0210 4276 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:20:08.0210 4276 HdAudAddService - ok
11:20:08.0273 4276 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
11:20:08.0273 4276 HDAudBus - ok
11:20:08.0288 4276 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
11:20:08.0288 4276 HidBatt - ok
11:20:08.0304 4276 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
11:20:08.0304 4276 HidBth - ok
11:20:08.0320 4276 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
11:20:08.0320 4276 HidIr - ok
11:20:08.0351 4276 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
11:20:08.0351 4276 hidserv - ok
11:20:08.0382 4276 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
11:20:08.0382 4276 HidUsb - ok
11:20:08.0429 4276 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
11:20:08.0429 4276 hkmsvc - ok
11:20:08.0460 4276 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
11:20:08.0460 4276 HomeGroupListener - ok
11:20:08.0491 4276 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
11:20:08.0491 4276 HomeGroupProvider - ok
11:20:08.0538 4276 [ AA9EF0B395097F24D289F64445B2FD2E ] HP Health Check Service c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
11:20:08.0538 4276 HP Health Check Service - ok
11:20:08.0554 4276 [ DEAB3BF5AEFBDC3F9AC0E020926EC81D ] HPBtnSrv C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
11:20:08.0554 4276 HPBtnSrv - ok
11:20:08.0585 4276 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
11:20:08.0585 4276 HpSAMD - ok
11:20:08.0632 4276 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
11:20:08.0632 4276 HTTP - ok
11:20:08.0647 4276 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
11:20:08.0647 4276 hwpolicy - ok
11:20:08.0678 4276 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
11:20:08.0678 4276 i8042prt - ok
11:20:08.0741 4276 [ F79525634B192F5A18DE503568F94EF3 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
11:20:08.0741 4276 IAANTMON - ok
11:20:08.0772 4276 [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
11:20:08.0772 4276 iaStor - ok
11:20:08.0803 4276 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
11:20:08.0819 4276 iaStorV - ok
11:20:08.0850 4276 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:20:08.0866 4276 idsvc - ok
11:20:08.0897 4276 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
11:20:08.0897 4276 iirsp - ok
11:20:08.0912 4276 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
11:20:08.0928 4276 IKEEXT - ok
11:20:09.0006 4276 [ 3C4B4EE54FEBB09F7E9F58776DE96DCA ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
11:20:09.0022 4276 IntcAzAudAddService - ok
11:20:09.0053 4276 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
11:20:09.0053 4276 intelide - ok
11:20:09.0068 4276 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
11:20:09.0068 4276 intelppm - ok
11:20:09.0115 4276 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
11:20:09.0115 4276 IPBusEnum - ok
11:20:09.0115 4276 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:20:09.0131 4276 IpFilterDriver - ok
11:20:09.0193 4276 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
11:20:09.0193 4276 iphlpsvc - ok
11:20:09.0224 4276 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
11:20:09.0224 4276 IPMIDRV - ok
11:20:09.0240 4276 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
11:20:09.0240 4276 IPNAT - ok
11:20:09.0302 4276 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
11:20:09.0318 4276 iPod Service - ok
11:20:09.0318 4276 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
11:20:09.0318 4276 IRENUM - ok
11:20:09.0334 4276 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
11:20:09.0334 4276 isapnp - ok
11:20:09.0365 4276 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
11:20:09.0365 4276 iScsiPrt - ok
11:20:09.0396 4276 [ 79A55E8907F34AB569029505418C35EF ] JRAID C:\Windows\system32\DRIVERS\jraid.sys
11:20:09.0396 4276 JRAID - ok
11:20:09.0427 4276 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
11:20:09.0427 4276 kbdclass - ok
11:20:09.0458 4276 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
11:20:09.0458 4276 kbdhid - ok
11:20:09.0474 4276 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
11:20:09.0474 4276 KeyIso - ok
11:20:09.0505 4276 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
11:20:09.0505 4276 KSecDD - ok
11:20:09.0536 4276 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
11:20:09.0536 4276 KSecPkg - ok
11:20:09.0536 4276 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
11:20:09.0536 4276 ksthunk - ok
11:20:09.0568 4276 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
11:20:09.0568 4276 KtmRm - ok
11:20:09.0599 4276 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
11:20:09.0599 4276 LanmanServer - ok
11:20:09.0630 4276 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:20:09.0630 4276 LanmanWorkstation - ok
11:20:09.0677 4276 [ 3C46290F7A5D45BA6EF32C248E22AA69 ] Lbd C:\Windows\system32\DRIVERS\Lbd.sys
11:20:09.0677 4276 Lbd - ok
11:20:09.0724 4276 [ DFEFF67508D3A9AEB1A85D7B0F513B24 ] LightScribeService c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
11:20:09.0724 4276 LightScribeService - ok
11:20:09.0755 4276 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
11:20:09.0755 4276 lltdio - ok
11:20:09.0786 4276 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
11:20:09.0786 4276 lltdsvc - ok
11:20:09.0786 4276 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
11:20:09.0786 4276 lmhosts - ok
11:20:09.0817 4276 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
11:20:09.0817 4276 LSI_FC - ok
11:20:09.0833 4276 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
11:20:09.0833 4276 LSI_SAS - ok
11:20:09.0848 4276 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:20:09.0848 4276 LSI_SAS2 - ok
11:20:09.0864 4276 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:20:09.0864 4276 LSI_SCSI - ok
11:20:09.0880 4276 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
11:20:09.0880 4276 luafv - ok
11:20:09.0895 4276 [ B3944D06EB4B64D57BD7E5FE89415F58 ] LVPr2M64 C:\Windows\system32\DRIVERS\LVPr2M64.sys
11:20:09.0911 4276 LVPr2M64 - ok
11:20:09.0911 4276 [ B3944D06EB4B64D57BD7E5FE89415F58 ] LVPr2Mon C:\Windows\system32\DRIVERS\LVPr2M64.sys
11:20:09.0911 4276 LVPr2Mon - ok
11:20:09.0958 4276 [ 0C85B2B6FB74B36A251792D45E0EF860 ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys
11:20:09.0958 4276 LVRS64 - ok
11:20:10.0036 4276 [ FF3A488924B0032B1A9CA6948C1FA9E8 ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys
11:20:10.0067 4276 LVUVC64 - ok
11:20:10.0129 4276 [ 3D1516114F5B1548864D043177F992A6 ] lxeaCATSCustConnectService C:\Windows\system32\spool\DRIVERS\x64\3\\lxeaserv.exe
11:20:10.0129 4276 lxeaCATSCustConnectService - ok
11:20:10.0176 4276 lxea_device - ok
11:20:10.0207 4276 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
11:20:10.0207 4276 Mcx2Svc - ok
11:20:10.0223 4276 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
11:20:10.0223 4276 megasas - ok
11:20:10.0238 4276 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
11:20:10.0238 4276 MegaSR - ok
11:20:10.0316 4276 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
11:20:10.0316 4276 Microsoft Office Groove Audit Service - ok
11:20:10.0363 4276 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
11:20:10.0363 4276 MMCSS - ok
11:20:10.0379 4276 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
11:20:10.0379 4276 Modem - ok
11:20:10.0410 4276 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
11:20:10.0410 4276 monitor - ok
11:20:10.0441 4276 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
11:20:10.0441 4276 mouclass - ok
11:20:10.0457 4276 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
11:20:10.0457 4276 mouhid - ok
11:20:10.0488 4276 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
11:20:10.0488 4276 mountmgr - ok
11:20:10.0519 4276 [ 15D5398EED42C2504BB3D4FC875C15D1 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
11:20:10.0519 4276 MozillaMaintenance - ok
11:20:10.0550 4276 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
11:20:10.0550 4276 mpio - ok
11:20:10.0582 4276 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
11:20:10.0582 4276 mpsdrv - ok
11:20:10.0597 4276 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
11:20:10.0597 4276 MRxDAV - ok
11:20:10.0628 4276 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
11:20:10.0628 4276 mrxsmb - ok
11:20:10.0675 4276 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:20:10.0675 4276 mrxsmb10 - ok
11:20:10.0691 4276 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:20:10.0691 4276 mrxsmb20 - ok
11:20:10.0706 4276 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
11:20:10.0706 4276 msahci - ok
11:20:10.0738 4276 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
11:20:10.0753 4276 msdsm - ok
11:20:10.0769 4276 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
11:20:10.0769 4276 MSDTC - ok
11:20:10.0784 4276 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
11:20:10.0784 4276 Msfs - ok
11:20:10.0784 4276 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
11:20:10.0784 4276 mshidkmdf - ok
11:20:10.0800 4276 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
11:20:10.0800 4276 msisadrv - ok
11:20:10.0831 4276 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
11:20:10.0831 4276 MSiSCSI - ok
11:20:10.0831 4276 msiserver - ok
11:20:10.0862 4276 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
11:20:10.0862 4276 MSKSSRV - ok
11:20:10.0878 4276 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
11:20:10.0878 4276 MSPCLOCK - ok
11:20:10.0894 4276 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
11:20:10.0894 4276 MSPQM - ok
11:20:10.0940 4276 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
11:20:10.0940 4276 MsRPC - ok
11:20:10.0956 4276 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
11:20:10.0956 4276 mssmbios - ok
11:20:10.0987 4276 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
11:20:10.0987 4276 MSTEE - ok
11:20:11.0003 4276 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
11:20:11.0003 4276 MTConfig - ok
11:20:11.0018 4276 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
11:20:11.0018 4276 Mup - ok
11:20:11.0050 4276 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
11:20:11.0050 4276 napagent - ok
11:20:11.0081 4276 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
11:20:11.0081 4276 NativeWifiP - ok
11:20:11.0112 4276 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
11:20:11.0128 4276 NDIS - ok
11:20:11.0143 4276 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
11:20:11.0143 4276 NdisCap - ok
11:20:11.0159 4276 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
11:20:11.0159 4276 NdisTapi - ok
11:20:11.0190 4276 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
11:20:11.0190 4276 Ndisuio - ok
11:20:11.0221 4276 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
11:20:11.0221 4276 NdisWan - ok
11:20:11.0237 4276 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
11:20:11.0237 4276 NDProxy - ok
11:20:11.0268 4276 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
11:20:11.0268 4276 Net Driver HPZ12 - ok
11:20:11.0284 4276 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
11:20:11.0284 4276 NetBIOS - ok
11:20:11.0299 4276 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
11:20:11.0299 4276 NetBT - ok
11:20:11.0315 4276 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
11:20:11.0315 4276 Netlogon - ok
11:20:11.0330 4276 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
11:20:11.0330 4276 Netman - ok
11:20:11.0346 4276 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
11:20:11.0362 4276 netprofm - ok
11:20:11.0377 4276 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:20:11.0377 4276 NetTcpPortSharing - ok
11:20:11.0408 4276 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
11:20:11.0408 4276 nfrd960 - ok
11:20:11.0440 4276 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
11:20:11.0440 4276 NlaSvc - ok
11:20:11.0440 4276 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
11:20:11.0440 4276 Npfs - ok
11:20:11.0471 4276 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
11:20:11.0471 4276 nsi - ok
11:20:11.0471 4276 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
11:20:11.0471 4276 nsiproxy - ok
11:20:11.0533 4276 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
11:20:11.0564 4276 Ntfs - ok
11:20:11.0564 4276 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
11:20:11.0564 4276 Null - ok
11:20:11.0611 4276 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
11:20:11.0611 4276 nvraid - ok
11:20:11.0642 4276 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
11:20:11.0642 4276 nvstor - ok
11:20:11.0674 4276 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
11:20:11.0674 4276 nv_agp - ok
11:20:11.0736 4276 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:20:11.0736 4276 odserv - ok
11:20:11.0767 4276 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
11:20:11.0767 4276 ohci1394 - ok
11:20:11.0798 4276 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:20:11.0798 4276 ose - ok
11:20:11.0814 4276 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
11:20:11.0814 4276 p2pimsvc - ok
11:20:11.0830 4276 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
11:20:11.0845 4276 p2psvc - ok
11:20:11.0861 4276 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
11:20:11.0861 4276 Parport - ok
11:20:11.0876 4276 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
11:20:11.0876 4276 partmgr - ok
11:20:11.0892 4276 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
11:20:11.0892 4276 PcaSvc - ok
11:20:11.0923 4276 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
11:20:11.0923 4276 pci - ok
11:20:11.0954 4276 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
11:20:11.0954 4276 pciide - ok
11:20:11.0970 4276 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
11:20:11.0986 4276 pcmcia - ok
11:20:12.0048 4276 [ 65A66EB40254DF662E32E89BBBA55E89 ] PCPitstop Scheduling C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe
11:20:12.0048 4276 PCPitstop Scheduling - ok
11:20:12.0064 4276 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
11:20:12.0064 4276 pcw - ok
11:20:12.0079 4276 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
11:20:12.0079 4276 PEAUTH - ok
11:20:12.0157 4276 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
11:20:12.0157 4276 PerfHost - ok
11:20:12.0344 4276 [ F042EE4C8D66248D9B86DCF52ABAE416 ] PEVSystemStart C:\32788R22FWJFW\pev.3XE
11:20:12.0344 4276 PEVSystemStart - ok
11:20:12.0376 4276 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
11:20:12.0407 4276 pla - ok
11:20:12.0438 4276 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
11:20:12.0438 4276 PlugPlay - ok
11:20:12.0500 4276 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
11:20:12.0500 4276 Pml Driver HPZ12 - ok
11:20:12.0532 4276 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
11:20:12.0532 4276 PNRPAutoReg - ok
11:20:12.0547 4276 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
11:20:12.0547 4276 PNRPsvc - ok
11:20:12.0563 4276 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
11:20:12.0578 4276 PolicyAgent - ok
11:20:12.0594 4276 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
11:20:12.0594 4276 Power - ok
11:20:12.0625 4276 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
11:20:12.0625 4276 PptpMiniport - ok
11:20:12.0656 4276 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
11:20:12.0656 4276 Processor - ok
11:20:12.0672 4276 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll
11:20:12.0672 4276 ProfSvc - ok
11:20:12.0688 4276 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
11:20:12.0688 4276 ProtectedStorage - ok
11:20:12.0719 4276 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
11:20:12.0719 4276 Psched - ok
11:20:12.0750 4276 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
11:20:12.0781 4276 ql2300 - ok
11:20:12.0797 4276 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
11:20:12.0797 4276 ql40xx - ok
11:20:12.0812 4276 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
11:20:12.0812 4276 QWAVE - ok
11:20:12.0828 4276 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
11:20:12.0828 4276 QWAVEdrv - ok
11:20:12.0844 4276 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
11:20:12.0844 4276 RasAcd - ok
11:20:12.0875 4276 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
11:20:12.0875 4276 RasAgileVpn - ok
11:20:12.0890 4276 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
11:20:12.0890 4276 RasAuto - ok
11:20:12.0906 4276 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
11:20:12.0906 4276 Rasl2tp - ok
11:20:12.0922 4276 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
11:20:12.0922 4276 RasMan - ok
11:20:12.0937 4276 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
11:20:12.0937 4276 RasPppoe - ok
11:20:12.0937 4276 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
11:20:12.0937 4276 RasSstp - ok
11:20:12.0953 4276 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
11:20:12.0953 4276 rdbss - ok
11:20:12.0968 4276 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
11:20:12.0968 4276 rdpbus - ok
11:20:12.0984 4276 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
11:20:12.0984 4276 RDPCDD - ok
11:20:13.0015 4276 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
11:20:13.0015 4276 RDPENCDD - ok
11:20:13.0031 4276 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
11:20:13.0031 4276 RDPREFMP - ok
11:20:13.0062 4276 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
11:20:13.0062 4276 RDPWD - ok
11:20:13.0078 4276 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
11:20:13.0078 4276 rdyboost - ok
11:20:13.0124 4276 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
11:20:13.0124 4276 RemoteAccess - ok
11:20:13.0140 4276 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
11:20:13.0140 4276 RemoteRegistry - ok
11:20:13.0156 4276 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
11:20:13.0156 4276 RpcEptMapper - ok
11:20:13.0171 4276 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
11:20:13.0171 4276 RpcLocator - ok
11:20:13.0218 4276 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
11:20:13.0218 4276 RpcSs - ok
11:20:13.0218 4276 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
11:20:13.0218 4276 rspndr - ok
11:20:13.0234 4276 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
11:20:13.0234 4276 SamSs - ok
11:20:13.0265 4276 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
11:20:13.0265 4276 sbp2port - ok
11:20:13.0265 4276 SBRE - ok
11:20:13.0280 4276 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
11:20:13.0280 4276 SCardSvr - ok
11:20:13.0327 4276 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
11:20:13.0327 4276 scfilter - ok
11:20:13.0358 4276 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
11:20:13.0374 4276 Schedule - ok
11:20:13.0405 4276 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
11:20:13.0405 4276 SCPolicySvc - ok
11:20:13.0421 4276 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
11:20:13.0421 4276 SDRSVC - ok
11:20:13.0421 4276 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
11:20:13.0421 4276 secdrv - ok
11:20:13.0452 4276 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
11:20:13.0452 4276 seclogon - ok
11:20:13.0468 4276 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
11:20:13.0468 4276 SENS - ok
11:20:13.0483 4276 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
11:20:13.0483 4276 SensrSvc - ok
11:20:13.0514 4276 [ C284622531B1238E41DF70E84B7524CE ] Ser2pl C:\Windows\system32\DRIVERS\ser2pl64.sys
11:20:13.0514 4276 Ser2pl - ok
11:20:13.0530 4276 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
11:20:13.0530 4276 Serenum - ok
11:20:13.0546 4276 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
11:20:13.0561 4276 Serial - ok
11:20:13.0577 4276 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
11:20:13.0577 4276 sermouse - ok
11:20:13.0592 4276 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
11:20:13.0592 4276 SessionEnv - ok
11:20:13.0624 4276 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
11:20:13.0624 4276 sffdisk - ok
11:20:13.0639 4276 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
11:20:13.0639 4276 sffp_mmc - ok
11:20:13.0655 4276 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
11:20:13.0655 4276 sffp_sd - ok
11:20:13.0670 4276 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
11:20:13.0670 4276 sfloppy - ok
11:20:13.0686 4276 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:20:13.0686 4276 ShellHWDetection - ok
11:20:13.0702 4276 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:20:13.0717 4276 SiSRaid2 - ok
11:20:13.0733 4276 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
11:20:13.0733 4276 SiSRaid4 - ok
11:20:13.0780 4276 [ EA396139541706B4B433641D62EA53CE ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
11:20:13.0780 4276 SkypeUpdate - ok
11:20:13.0795 4276 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
11:20:13.0795 4276 Smb - ok
11:20:13.0826 4276 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
11:20:13.0826 4276 SNMPTRAP - ok
11:20:13.0842 4276 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
11:20:13.0842 4276 spldr - ok
11:20:13.0858 4276 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
11:20:13.0858 4276 Spooler - ok
11:20:13.0936 4276 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
11:20:14.0014 4276 sppsvc - ok
11:20:14.0045 4276 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
11:20:14.0045 4276 sppuinotify - ok
11:20:14.0060 4276 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
11:20:14.0060 4276 srv - ok
11:20:14.0107 4276 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
11:20:14.0107 4276 srv2 - ok
11:20:14.0123 4276 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
11:20:14.0123 4276 srvnet - ok
11:20:14.0170 4276 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
11:20:14.0170 4276 SSDPSRV - ok
11:20:14.0170 4276 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
11:20:14.0185 4276 SstpSvc - ok
11:20:14.0201 4276 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
11:20:14.0201 4276 stexstor - ok
11:20:14.0232 4276 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
11:20:14.0232 4276 stisvc - ok
11:20:14.0279 4276 [ 85BF0B7CE3D9B6D1611E05872E1C3E56 ] SWDUMon C:\Windows\system32\DRIVERS\SWDUMon.sys
11:20:14.0294 4276 SWDUMon - ok
11:20:14.0310 4276 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
11:20:14.0310 4276 swenum - ok
11:20:14.0341 4276 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
11:20:14.0341 4276 swprv - ok
11:20:14.0373 4276 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
11:20:14.0404 4276 SysMain - ok
11:20:14.0419 4276 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:20:14.0419 4276 TabletInputService - ok
11:20:14.0435 4276 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
11:20:14.0435 4276 TapiSrv - ok
11:20:14.0451 4276 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
11:20:14.0451 4276 TBS - ok
11:20:14.0513 4276 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
11:20:14.0544 4276 Tcpip - ok
11:20:14.0591 4276 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
11:20:14.0591 4276 TCPIP6 - ok
11:20:14.0638 4276 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
11:20:14.0638 4276 tcpipreg - ok
11:20:14.0638 4276 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
11:20:14.0638 4276 TDPIPE - ok
11:20:14.0669 4276 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
11:20:14.0669 4276 TDTCP - ok
11:20:14.0685 4276 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
11:20:14.0685 4276 tdx - ok
11:20:14.0700 4276 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
11:20:14.0700 4276 TermDD - ok
11:20:14.0716 4276 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
11:20:14.0731 4276 TermService - ok
11:20:14.0731 4276 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
11:20:14.0731 4276 Themes - ok
11:20:14.0747 4276 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
11:20:14.0747 4276 THREADORDER - ok
11:20:14.0763 4276 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
11:20:14.0763 4276 TrkWks - ok
11:20:14.0809 4276 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:20:14.0809 4276 TrustedInstaller - ok
11:20:14.0856 4276 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
11:20:14.0856 4276 tssecsrv - ok
11:20:14.0872 4276 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
11:20:14.0872 4276 TsUsbFlt - ok
11:20:14.0919 4276 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
11:20:14.0919 4276 tunnel - ok
11:20:14.0919 4276 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
11:20:14.0934 4276 uagp35 - ok
11:20:14.0934 4276 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
11:20:14.0950 4276 udfs - ok
11:20:14.0965 4276 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
11:20:14.0965 4276 UI0Detect - ok
11:20:14.0981 4276 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
11:20:14.0981 4276 uliagpkx - ok
11:20:15.0028 4276 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
11:20:15.0028 4276 umbus - ok
11:20:15.0028 4276 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
11:20:15.0028 4276 UmPass - ok
11:20:15.0121 4276 [ 67A95B9D129ED5399E7965CD09CF30E7 ] UMVPFSrv C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
11:20:15.0121 4276 UMVPFSrv - ok
11:20:15.0137 4276 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
11:20:15.0153 4276 upnphost - ok
11:20:15.0184 4276 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
11:20:15.0184 4276 USBAAPL64 - ok
11:20:15.0199 4276 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
11:20:15.0215 4276 usbaudio - ok
11:20:15.0231 4276 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
11:20:15.0231 4276 usbccgp - ok
11:20:15.0262 4276 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
11:20:15.0262 4276 usbcir - ok
11:20:15.0293 4276 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
11:20:15.0293 4276 usbehci - ok
11:20:15.0309 4276 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
11:20:15.0309 4276 usbhub - ok
11:20:15.0324 4276 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
11:20:15.0324 4276 usbohci - ok
11:20:15.0340 4276 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
11:20:15.0340 4276 usbprint - ok
11:20:15.0371 4276 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
11:20:15.0387 4276 usbscan - ok
11:20:15.0402 4276 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:20:15.0402 4276 USBSTOR - ok
11:20:15.0418 4276 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
11:20:15.0418 4276 usbuhci - ok
11:20:15.0418 4276 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
11:20:15.0433 4276 UxSms - ok
11:20:15.0433 4276 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
11:20:15.0433 4276 VaultSvc - ok
11:20:15.0449 4276 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
11:20:15.0449 4276 vdrvroot - ok
11:20:15.0480 4276 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
11:20:15.0480 4276 vds - ok
11:20:15.0496 4276 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
11:20:15.0511 4276 vga - ok
11:20:15.0511 4276 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
11:20:15.0511 4276 VgaSave - ok
11:20:15.0543 4276 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
11:20:15.0558 4276 vhdmp - ok
11:20:15.0574 4276 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
11:20:15.0574 4276 viaide - ok
11:20:15.0589 4276 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
11:20:15.0589 4276 volmgr - ok
11:20:15.0621 4276 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
11:20:15.0621 4276 volmgrx - ok
11:20:15.0652 4276 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
11:20:15.0652 4276 volsnap - ok
11:20:15.0667 4276 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
11:20:15.0667 4276 vsmraid - ok
11:20:15.0730 4276 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
11:20:15.0761 4276 VSS - ok
11:20:15.0777 4276 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
11:20:15.0777 4276 vwifibus - ok
11:20:15.0792 4276 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
11:20:15.0792 4276 W32Time - ok
11:20:15.0808 4276 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
11:20:15.0823 4276 WacomPen - ok
11:20:15.0823 4276 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
11:20:15.0823 4276 WANARP - ok
11:20:15.0839 4276 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
11:20:15.0839 4276 Wanarpv6 - ok
11:20:15.0886 4276 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
11:20:15.0901 4276 WatAdminSvc - ok
11:20:15.0933 4276 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
11:20:15.0979 4276 wbengine - ok
11:20:15.0979 4276 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
11:20:15.0995 4276 WbioSrvc - ok
11:20:15.0995 4276 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
11:20:16.0011 4276 wcncsvc - ok
11:20:16.0011 4276 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:20:16.0026 4276 WcsPlugInService - ok
11:20:16.0042 4276 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
11:20:16.0042 4276 Wd - ok
11:20:16.0057 4276 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
11:20:16.0057 4276 Wdf01000 - ok
11:20:16.0073 4276 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
11:20:16.0073 4276 WdiServiceHost - ok
11:20:16.0073 4276 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
11:20:16.0073 4276 WdiSystemHost - ok
11:20:16.0089 4276 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
11:20:16.0089 4276 WebClient - ok
11:20:16.0104 4276 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
11:20:16.0104 4276 Wecsvc - ok
11:20:16.0120 4276 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
11:20:16.0120 4276 wercplsupport - ok
11:20:16.0135 4276 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
11:20:16.0135 4276 WerSvc - ok
11:20:16.0135 4276 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
11:20:16.0135 4276 WfpLwf - ok
11:20:16.0151 4276 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
11:20:16.0167 4276 WIMMount - ok
11:20:16.0245 4276 WinDefend - ok
11:20:16.0245 4276 WinHttpAutoProxySvc - ok
11:20:16.0291 4276 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
11:20:16.0307 4276 Winmgmt - ok
11:20:16.0338 4276 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
11:20:16.0401 4276 WinRM - ok
11:20:16.0447 4276 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
11:20:16.0447 4276 WinUsb - ok
11:20:16.0479 4276 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
11:20:16.0494 4276 Wlansvc - ok
11:20:16.0603 4276 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:20:16.0666 4276 wlidsvc - ok
11:20:16.0681 4276 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
11:20:16.0681 4276 WmiAcpi - ok
11:20:16.0713 4276 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
11:20:16.0713 4276 wmiApSrv - ok
11:20:16.0728 4276 WMPNetworkSvc - ok
11:20:16.0728 4276 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
11:20:16.0728 4276 WPCSvc - ok
11:20:16.0744 4276 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
11:20:16.0744 4276 WPDBusEnum - ok
11:20:16.0775 4276 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
11:20:16.0775 4276 ws2ifsl - ok
11:20:16.0806 4276 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
11:20:16.0806 4276 wscsvc - ok
11:20:16.0837 4276 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
11:20:16.0837 4276 WSDPrintDevice - ok
11:20:16.0837 4276 WSearch - ok
11:20:16.0931 4276 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
11:20:16.0978 4276 wuauserv - ok
11:20:16.0993 4276 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
11:20:16.0993 4276 WudfPf - ok
11:20:17.0025 4276 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
11:20:17.0025 4276 WUDFRd - ok
11:20:17.0040 4276 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
11:20:17.0056 4276 wudfsvc - ok
11:20:17.0087 4276 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
11:20:17.0103 4276 WwanSvc - ok
11:20:17.0118 4276 wxxmvyaw - ok
11:20:17.0149 4276 ================ Scan global ===============================
11:20:17.0181 4276 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
11:20:17.0243 4276 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
11:20:17.0259 4276 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
11:20:17.0259 4276 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
11:20:17.0290 4276 [ 014A9CB92514E27C0107614DF764BC06 ] C:\Windows\system32\services.exe
11:20:17.0290 4276 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.b ) - infected
11:20:17.0290 4276 C:\Windows\system32\services.exe - detected Virus.Win64.ZAccess.b (0)
11:20:17.0290 4276 ================ Scan MBR ==================================
11:20:17.0305 4276 [ 81CD5EC01DB0CE57EDD853F82462EF27 ] \Device\Harddisk0\DR0
11:20:17.0461 4276 \Device\Harddisk0\DR0 - ok
11:20:17.0461 4276 ================ Scan VBR ==================================
11:20:17.0461 4276 [ 8E08006E0F98E3BE20113BE281D00C18 ] \Device\Harddisk0\DR0\Partition1
11:20:17.0461 4276 \Device\Harddisk0\DR0\Partition1 - ok
11:20:17.0461 4276 [ F59C16C40D1D14A49EC53855A94A0256 ] \Device\Harddisk0\DR0\Partition2
11:20:17.0461 4276 \Device\Harddisk0\DR0\Partition2 - ok
11:20:17.0461 4276 ============================================================
11:20:17.0461 4276 Scan finished
11:20:17.0461 4276 ============================================================
11:20:17.0477 5008 Detected object count: 1
11:20:17.0477 5008 Actual detected object count: 1
11:21:00.0143 5008 C:\Windows\system32\services.exe - copied to quarantine
11:21:01.0188 5008 C:\Windows\assembly\GAC_32\desktop.ini - copied to quarantine
11:21:01.0188 5008 C:\Windows\assembly\GAC_64\desktop.ini - copied to quarantine
11:21:01.0547 5008 C:\Users\Mike\AppData\Local\{9bba08d7-8b9b-7f45-493b-7bc7980ca44c}\@ - copied to quarantine
11:21:17.0568 5008 Backup copy found, using it..
11:21:17.0631 5008 C:\Windows\assembly\GAC_32\desktop.ini - will be deleted on reboot
11:21:17.0631 5008 C:\Windows\assembly\GAC_64\desktop.ini - will be deleted on reboot
11:21:17.0646 5008 C:\Users\Mike\AppData\Local\{9bba08d7-8b9b-7f45-493b-7bc7980ca44c}\@ - will be deleted on reboot
11:21:17.0662 5008 C:\Windows\system32\services.exe - will be cured on reboot
11:21:17.0662 5008 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.b ) - User select action: Cure
11:21:46.0163 1328 Deinitialize success

and the aswMBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-03 11:31:05
-----------------------------
11:31:05.309 OS Version: Windows x64 6.1.7601 Service Pack 1
11:31:05.309 Number of processors: 8 586 0x1A05
11:31:05.309 ComputerName: MIKEOHOME UserName: Mike
11:31:09.630 Initialize success
11:31:14.528 AVAST engine defs: 12090300
11:31:39.223 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2
11:31:39.223 Disk 0 Vendor: ST310005 HP22 Size: 953869MB BusType: 8
11:31:39.223 Disk 0 MBR read successfully
11:31:39.223 Disk 0 MBR scan
11:31:39.239 Disk 0 unknown MBR code
11:31:39.239 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 938610 MB offset 63
11:31:39.270 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15257 MB offset 1922273640
11:31:39.270 Disk 0 scanning C:\Windows\system32\drivers
11:31:48.443 Service scanning
11:32:04.729 Modules scanning
11:32:04.729 Disk 0 trace - called modules:
11:32:04.761 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
11:32:04.761 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80086c7790]
11:32:04.776 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0xfffffa800843d050]
11:32:06.243 AVAST engine scan C:\Windows
11:32:08.489 AVAST engine scan C:\Windows\system32
11:34:34.755 AVAST engine scan C:\Windows\system32\drivers
11:34:47.141 AVAST engine scan C:\Users\Mike
11:35:22.506 Disk 0 MBR has been saved successfully to "C:\Users\Mike\Desktop\MBR.dat"
11:35:22.506 The log file has been saved successfully to "C:\Users\Mike\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:21 AM

Posted 03 September 2012 - 11:09 AM

see if combofix will run now (don't let it run for 7hours)
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 mortol2

mortol2
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:21 PM

Posted 03 September 2012 - 12:12 PM

Greetings Gringo,

ComboFix ran beautifully! Please see the log below:

ComboFix 12-09-03.07 - Mike 09/03/2012 12:53:37.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.9207.7372 [GMT -4:00]
Running from: c:\users\Mike\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Trojan Guarder
c:\program files (x86)\Trojan Guarder\BlackList.txt
c:\program files (x86)\Trojan Guarder\EGhostLog.txt
c:\programdata\SPL494C.tmp
c:\programdata\SPL83BE.tmp
c:\users\Mike\AppData\Roaming\.#
c:\windows\Installer\{9bba08d7-8b9b-7f45-493b-7bc7980ca44c}\@
c:\windows\Installer\{9bba08d7-8b9b-7f45-493b-7bc7980ca44c}\L\00000004.@
c:\windows\Installer\{9bba08d7-8b9b-7f45-493b-7bc7980ca44c}\L\201d3dde
c:\windows\Installer\{9bba08d7-8b9b-7f45-493b-7bc7980ca44c}\U\00000004.@
c:\windows\Installer\{9bba08d7-8b9b-7f45-493b-7bc7980ca44c}\U\00000008.@
c:\windows\Installer\{9bba08d7-8b9b-7f45-493b-7bc7980ca44c}\U\000000cb.@
c:\windows\Installer\{9bba08d7-8b9b-7f45-493b-7bc7980ca44c}\U\80000000.@
c:\windows\Installer\{9bba08d7-8b9b-7f45-493b-7bc7980ca44c}\U\80000032.@
c:\windows\Installer\{9bba08d7-8b9b-7f45-493b-7bc7980ca44c}\U\80000064.@
.
.
((((((((((((((((((((((((( Files Created from 2012-08-03 to 2012-09-03 )))))))))))))))))))))))))))))))
.
.
2012-09-03 16:57 . 2012-09-03 16:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-03 15:21 . 2012-09-03 15:21 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-01 03:50 . 2012-09-01 22:10 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-09-01 03:50 . 2012-09-01 22:10 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-09-01 03:35 . 2012-09-01 03:35 -------- d-----w- c:\program files (x86)\PC Tools
2012-09-01 03:33 . 2012-09-01 22:10 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-09-01 03:32 . 2012-09-01 03:35 -------- d-----w- c:\programdata\PC Tools
2012-09-01 03:32 . 2012-09-01 03:32 -------- d-----w- c:\users\Mike\AppData\Roaming\TestApp
2012-09-01 03:28 . 2012-09-01 03:28 -------- d-----w- c:\programdata\Tarma Installer
2012-09-01 03:20 . 2012-09-01 03:20 -------- d-----w- C:\TEMP
2012-09-01 03:08 . 2012-09-01 03:08 -------- d-----w- c:\users\Mike\AppData\Local\adaware
2012-09-01 03:08 . 2012-09-01 22:10 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2012-09-01 03:08 . 2012-09-01 03:08 -------- d-----w- c:\programdata\Lavasoft
2012-09-01 03:08 . 2012-09-01 22:10 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus
2012-09-01 03:07 . 2012-09-01 03:09 -------- d-----w- c:\users\Mike\AppData\Roaming\Ad-Aware Antivirus
2012-09-01 03:06 . 2012-09-01 22:10 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-01 02:08 . 2012-06-19 04:44 46392 ----a-w- c:\windows\system32\drivers\TMEBC64.sys
2012-09-01 02:07 . 2012-09-01 18:14 59 ----a-w- c:\windows\system32\SupportTool.exe.bat
2012-09-01 02:07 . 2012-09-01 18:15 -------- d-----w- c:\programdata\Trend Micro
2012-09-01 02:01 . 2012-09-01 18:12 -------- d-----w- c:\program files (x86)\Trend Micro
2012-08-26 13:14 . 2012-08-21 09:12 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-08-26 13:14 . 2012-09-03 15:14 -------- d-----w- c:\programdata\AVAST Software
2012-08-26 13:14 . 2012-09-02 20:38 -------- d-----w- c:\program files\AVAST Software
2012-08-19 23:20 . 2012-09-03 16:58 15712 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2012-08-19 23:20 . 2012-08-19 23:20 -------- d-----w- c:\users\Mike\AppData\Local\SlimWare Utilities Inc
2012-08-19 23:20 . 2012-08-19 23:20 -------- d-----w- c:\program files (x86)\DriverUpdate
2012-08-19 16:31 . 2012-08-19 16:31 -------- d-----w- c:\programdata\GFI Software
2012-08-19 13:24 . 2012-08-19 13:24 -------- d-----w- c:\users\Mike\AppData\Local\Downloaded Installations
2012-08-18 14:33 . 2012-08-18 14:33 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-03 15:22 . 2009-07-13 23:19 328704 ----a-w- c:\windows\system32\services.exe
2012-08-16 07:01 . 2010-02-11 22:11 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-08-15 01:33 . 2012-03-31 21:04 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-15 01:33 . 2011-06-14 21:19 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-09 05:43 . 2012-07-11 10:32 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-07 00:59 . 2012-06-07 00:59 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-06-06 06:06 . 2012-07-11 10:32 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 10:32 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 10:31 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 10:32 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 10:32 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 10:31 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"UpdatePDIRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" [2009-02-02 210216]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-05-20 98304]
"KBD"="c:\program files (x86)\Hewlett-Packard\KBD\KbdStub.EXE" [2008-07-21 12288]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R1 wxxmvyaw;wxxmvyaw;c:\windows\system32\drivers\wxxmvyaw.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-09-27 133104]
R2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxeaserv.exe [2010-04-14 45736]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-09-27 133104]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2010-05-07 30304]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-21 113120]
R3 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files (x86)\PCPitstop\PCPitstopScheduleService.exe [2012-01-31 91816]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [2012-09-03 15712]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-24 1255736]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-09-23 69152]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-09-08 203264]
S2 AntiSpywareService;Comcast AntiSpyware;c:\program files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [2009-06-17 616408]
S2 HPBtnSrv;HP Easy Backup Button Service;c:\program files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [2008-10-01 192512]
S2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe [2010-04-14 1052328]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-09-08 7767552]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-09-08 279040]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys [2009-06-13 287960]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
S3 LVUVC64;Logitech QuickCam Pro 9000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - eeCtrl
*Deregistered* - EraserUtilRebootDrv
*Deregistered* - IDSVia64
*Deregistered* - SymEFA
*Deregistered* - SymEvent
*Deregistered* - SYMFW
*Deregistered* - SYMNDISV
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 01:33]
.
2012-09-03 c:\windows\Tasks\DriverUpdate Startup.job
- c:\program files (x86)\DriverUpdate\DriverUpdate.exe [2012-08-10 13:08]
.
2012-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-09-27 14:47]
.
2012-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-09-27 14:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Remote Software"="c:\program files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe" [2009-02-06 172032]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-12-04 186904]
"lxeamon.exe"="c:\program files (x86)\Lexmark S300-S400 Series\lxeamon.exe" [2011-01-24 770728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"PCDrProfiler"="c:\program files\PC-Doctor for Windows\RunProfiler.exe" [2009-06-26 136176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.excite.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.0.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} - hxxps://www.hpwindows7upgrade.arvato.com/north_america/Endcustomer/HPProdDetect.cab
FF - ProfilePath - c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\qj17lozr.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.excite.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-Desktop Software - c:\program files (x86)\Common Files\SupportSoft\bin\bcont.exe
Wow6432Node-HKLM-Run-Lexmark S300-S400 Series - c:\program files (x86)\Lexmark S300-S400 Series\fm3032.exe
SafeBoot-33107632.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SBRegRebootCleaner - c:\program files (x86)\Ad-Aware Antivirus\SBRC.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Completion time: 2012-09-03 13:03:22 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-03 17:03
.
Pre-Run: 673,973,735,424 bytes free
Post-Run: 673,883,303,936 bytes free
.
- - End Of File - - FCCCFA68FD93162DC673A5520BE3586F

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:21 AM

Posted 03 September 2012 - 02:14 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 mortol2

mortol2
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:21 PM

Posted 03 September 2012 - 04:23 PM

Hi Gringo,

Here are the reports from TDSSKiller and aswMBR, respectively. I will await your reply.

16:20:20.0099 3660 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
16:20:20.0348 3660 ============================================================
16:20:20.0348 3660 Current date / time: 2012/09/03 16:20:20.0348
16:20:20.0348 3660 SystemInfo:
16:20:20.0348 3660
16:20:20.0348 3660 OS Version: 6.1.7601 ServicePack: 1.0
16:20:20.0348 3660 Product type: Workstation
16:20:20.0348 3660 ComputerName: MIKEOHOME
16:20:20.0348 3660 UserName: Mike
16:20:20.0348 3660 Windows directory: C:\Windows
16:20:20.0348 3660 System windows directory: C:\Windows
16:20:20.0348 3660 Running under WOW64
16:20:20.0348 3660 Processor architecture: Intel x64
16:20:20.0348 3660 Number of processors: 8
16:20:20.0348 3660 Page size: 0x1000
16:20:20.0348 3660 Boot type: Normal boot
16:20:20.0348 3660 ============================================================
16:20:20.0645 3660 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:20:20.0738 3660 ============================================================
16:20:20.0738 3660 \Device\Harddisk0\DR0:
16:20:20.0738 3660 MBR partitions:
16:20:20.0738 3660 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x72939129
16:20:20.0738 3660 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x72939168, BlocksNum 0x1DCC859
16:20:20.0738 3660 ============================================================
16:20:20.0754 3660 C: <-> \Device\Harddisk0\DR0\Partition1
16:20:20.0801 3660 D: <-> \Device\Harddisk0\DR0\Partition2
16:20:20.0801 3660 ============================================================
16:20:20.0801 3660 Initialize success
16:20:20.0801 3660 ============================================================
16:20:46.0744 3512 ============================================================
16:20:46.0744 3512 Scan started
16:20:46.0744 3512 Mode: Manual;
16:20:46.0744 3512 ============================================================
16:20:46.0868 3512 ================ Scan system memory ========================
16:20:46.0868 3512 System memory - ok
16:20:46.0868 3512 ================ Scan services =============================
16:20:46.0993 3512 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
16:20:46.0993 3512 1394ohci - ok
16:20:47.0040 3512 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
16:20:47.0040 3512 ACPI - ok
16:20:47.0071 3512 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
16:20:47.0071 3512 AcpiPmi - ok
16:20:47.0180 3512 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:20:47.0180 3512 AdobeFlashPlayerUpdateSvc - ok
16:20:47.0212 3512 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
16:20:47.0212 3512 adp94xx - ok
16:20:47.0227 3512 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
16:20:47.0227 3512 adpahci - ok
16:20:47.0243 3512 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
16:20:47.0243 3512 adpu320 - ok
16:20:47.0290 3512 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:20:47.0290 3512 AeLookupSvc - ok
16:20:47.0321 3512 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
16:20:47.0321 3512 AFD - ok
16:20:47.0352 3512 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
16:20:47.0352 3512 agp440 - ok
16:20:47.0368 3512 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
16:20:47.0368 3512 ALG - ok
16:20:47.0399 3512 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
16:20:47.0414 3512 aliide - ok
16:20:47.0446 3512 [ C6F7A4E77158AF1B937F872392FF1B13 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
16:20:47.0446 3512 AMD External Events Utility - ok
16:20:47.0461 3512 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
16:20:47.0461 3512 amdide - ok
16:20:47.0477 3512 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
16:20:47.0477 3512 AmdK8 - ok
16:20:47.0617 3512 [ 21D749E3C8140B16C40A8273FD747899 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
16:20:47.0758 3512 amdkmdag - ok
16:20:47.0789 3512 [ 1AA6F50A8E7F8413377C979CEF5218A5 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
16:20:47.0789 3512 amdkmdap - ok
16:20:47.0789 3512 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
16:20:47.0789 3512 AmdPPM - ok
16:20:47.0836 3512 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
16:20:47.0836 3512 amdsata - ok
16:20:47.0851 3512 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
16:20:47.0851 3512 amdsbs - ok
16:20:47.0867 3512 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
16:20:47.0867 3512 amdxata - ok
16:20:47.0960 3512 [ F9DAC844B1D370DA4C984D4C22F5E696 ] AntiSpywareService C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
16:20:47.0960 3512 AntiSpywareService - ok
16:20:47.0992 3512 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
16:20:47.0992 3512 AppID - ok
16:20:48.0007 3512 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:20:48.0007 3512 AppIDSvc - ok
16:20:48.0054 3512 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
16:20:48.0054 3512 Appinfo - ok
16:20:48.0116 3512 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:20:48.0116 3512 Apple Mobile Device - ok
16:20:48.0148 3512 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
16:20:48.0148 3512 arc - ok
16:20:48.0163 3512 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
16:20:48.0179 3512 arcsas - ok
16:20:48.0179 3512 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:20:48.0179 3512 AsyncMac - ok
16:20:48.0210 3512 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
16:20:48.0226 3512 atapi - ok
16:20:48.0257 3512 [ 04A5815DF7E8B037DF674D3CCACC0C31 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
16:20:48.0257 3512 AtiHdmiService - ok
16:20:48.0382 3512 [ 21D749E3C8140B16C40A8273FD747899 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
16:20:48.0413 3512 atikmdag - ok
16:20:48.0460 3512 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:20:48.0460 3512 AudioEndpointBuilder - ok
16:20:48.0475 3512 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
16:20:48.0475 3512 AudioSrv - ok
16:20:48.0491 3512 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
16:20:48.0491 3512 AxInstSV - ok
16:20:48.0506 3512 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
16:20:48.0522 3512 b06bdrv - ok
16:20:48.0553 3512 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
16:20:48.0553 3512 b57nd60a - ok
16:20:48.0569 3512 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
16:20:48.0569 3512 BDESVC - ok
16:20:48.0600 3512 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
16:20:48.0600 3512 Beep - ok
16:20:48.0647 3512 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
16:20:48.0647 3512 BFE - ok
16:20:48.0678 3512 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
16:20:48.0678 3512 blbdrive - ok
16:20:48.0740 3512 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:20:48.0740 3512 Bonjour Service - ok
16:20:48.0772 3512 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:20:48.0772 3512 bowser - ok
16:20:48.0787 3512 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:20:48.0787 3512 BrFiltLo - ok
16:20:48.0803 3512 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:20:48.0803 3512 BrFiltUp - ok
16:20:48.0818 3512 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
16:20:48.0818 3512 BridgeMP - ok
16:20:48.0865 3512 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
16:20:48.0865 3512 Browser - ok
16:20:48.0881 3512 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
16:20:48.0881 3512 Brserid - ok
16:20:48.0881 3512 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
16:20:48.0896 3512 BrSerWdm - ok
16:20:48.0912 3512 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
16:20:48.0912 3512 BrUsbMdm - ok
16:20:48.0912 3512 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
16:20:48.0912 3512 BrUsbSer - ok
16:20:48.0928 3512 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
16:20:48.0928 3512 BTHMODEM - ok
16:20:48.0943 3512 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
16:20:48.0943 3512 bthserv - ok
16:20:48.0959 3512 catchme - ok
16:20:48.0974 3512 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:20:48.0974 3512 cdfs - ok
16:20:49.0006 3512 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
16:20:49.0021 3512 cdrom - ok
16:20:49.0052 3512 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
16:20:49.0052 3512 CertPropSvc - ok
16:20:49.0052 3512 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
16:20:49.0068 3512 circlass - ok
16:20:49.0068 3512 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
16:20:49.0084 3512 CLFS - ok
16:20:49.0193 3512 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:20:49.0193 3512 clr_optimization_v2.0.50727_32 - ok
16:20:49.0240 3512 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:20:49.0240 3512 clr_optimization_v2.0.50727_64 - ok
16:20:49.0302 3512 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:20:49.0302 3512 clr_optimization_v4.0.30319_32 - ok
16:20:49.0318 3512 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:20:49.0318 3512 clr_optimization_v4.0.30319_64 - ok
16:20:49.0333 3512 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
16:20:49.0333 3512 CmBatt - ok
16:20:49.0364 3512 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:20:49.0364 3512 cmdide - ok
16:20:49.0396 3512 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
16:20:49.0396 3512 CNG - ok
16:20:49.0427 3512 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
16:20:49.0427 3512 Compbatt - ok
16:20:49.0458 3512 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
16:20:49.0458 3512 CompositeBus - ok
16:20:49.0458 3512 COMSysApp - ok
16:20:49.0474 3512 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
16:20:49.0474 3512 crcdisk - ok
16:20:49.0520 3512 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:20:49.0520 3512 CryptSvc - ok
16:20:49.0567 3512 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
16:20:49.0567 3512 DcomLaunch - ok
16:20:49.0614 3512 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
16:20:49.0614 3512 defragsvc - ok
16:20:49.0645 3512 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:20:49.0661 3512 DfsC - ok
16:20:49.0692 3512 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
16:20:49.0692 3512 Dhcp - ok
16:20:49.0708 3512 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
16:20:49.0708 3512 discache - ok
16:20:49.0739 3512 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
16:20:49.0739 3512 Disk - ok
16:20:49.0770 3512 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:20:49.0770 3512 Dnscache - ok
16:20:49.0801 3512 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
16:20:49.0801 3512 dot3svc - ok
16:20:49.0817 3512 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
16:20:49.0817 3512 DPS - ok
16:20:49.0848 3512 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:20:49.0848 3512 drmkaud - ok
16:20:49.0864 3512 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:20:49.0864 3512 DXGKrnl - ok
16:20:49.0895 3512 [ 761B9EDD97A021AA1922501B7A056635 ] e1yexpress C:\Windows\system32\DRIVERS\e1y62x64.sys
16:20:49.0910 3512 e1yexpress - ok
16:20:49.0910 3512 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
16:20:49.0910 3512 EapHost - ok
16:20:49.0973 3512 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
16:20:50.0035 3512 ebdrv - ok
16:20:50.0066 3512 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
16:20:50.0066 3512 EFS - ok
16:20:50.0129 3512 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:20:50.0129 3512 ehRecvr - ok
16:20:50.0160 3512 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
16:20:50.0160 3512 ehSched - ok
16:20:50.0176 3512 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
16:20:50.0191 3512 elxstor - ok
16:20:50.0222 3512 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:20:50.0222 3512 ErrDev - ok
16:20:50.0238 3512 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
16:20:50.0238 3512 EventSystem - ok
16:20:50.0254 3512 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
16:20:50.0269 3512 exfat - ok
16:20:50.0285 3512 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:20:50.0285 3512 fastfat - ok
16:20:50.0316 3512 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
16:20:50.0332 3512 Fax - ok
16:20:50.0332 3512 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
16:20:50.0332 3512 fdc - ok
16:20:50.0363 3512 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
16:20:50.0363 3512 fdPHost - ok
16:20:50.0363 3512 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
16:20:50.0363 3512 FDResPub - ok
16:20:50.0378 3512 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:20:50.0378 3512 FileInfo - ok
16:20:50.0394 3512 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:20:50.0394 3512 Filetrace - ok
16:20:50.0441 3512 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
16:20:50.0456 3512 FLEXnet Licensing Service - ok
16:20:50.0472 3512 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
16:20:50.0472 3512 flpydisk - ok
16:20:50.0488 3512 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:20:50.0488 3512 FltMgr - ok
16:20:50.0534 3512 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
16:20:50.0550 3512 FontCache - ok
16:20:50.0628 3512 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:20:50.0628 3512 FontCache3.0.0.0 - ok
16:20:50.0628 3512 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
16:20:50.0644 3512 FsDepends - ok
16:20:50.0675 3512 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:20:50.0675 3512 Fs_Rec - ok
16:20:50.0706 3512 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
16:20:50.0706 3512 fvevol - ok
16:20:50.0722 3512 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
16:20:50.0722 3512 gagp30kx - ok
16:20:50.0784 3512 [ 4FBCCBDD99A75C9EFBC90392CF32AF61 ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
16:20:50.0800 3512 GameConsoleService - ok
16:20:50.0831 3512 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:20:50.0831 3512 GEARAspiWDM - ok
16:20:50.0846 3512 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
16:20:50.0862 3512 gpsvc - ok
16:20:50.0909 3512 [ 626A24ED1228580B9518C01930936DF9 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:20:50.0909 3512 gupdate - ok
16:20:50.0940 3512 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:20:50.0940 3512 gupdatem - ok
16:20:50.0956 3512 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
16:20:50.0956 3512 hcw85cir - ok
16:20:50.0971 3512 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:20:50.0987 3512 HdAudAddService - ok
16:20:51.0034 3512 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
16:20:51.0034 3512 HDAudBus - ok
16:20:51.0049 3512 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
16:20:51.0049 3512 HidBatt - ok
16:20:51.0065 3512 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
16:20:51.0065 3512 HidBth - ok
16:20:51.0080 3512 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
16:20:51.0080 3512 HidIr - ok
16:20:51.0112 3512 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
16:20:51.0112 3512 hidserv - ok
16:20:51.0158 3512 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:20:51.0158 3512 HidUsb - ok
16:20:51.0190 3512 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:20:51.0190 3512 hkmsvc - ok
16:20:51.0221 3512 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:20:51.0221 3512 HomeGroupListener - ok
16:20:51.0252 3512 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:20:51.0268 3512 HomeGroupProvider - ok
16:20:51.0299 3512 [ AA9EF0B395097F24D289F64445B2FD2E ] HP Health Check Service c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
16:20:51.0299 3512 HP Health Check Service - ok
16:20:51.0299 3512 [ DEAB3BF5AEFBDC3F9AC0E020926EC81D ] HPBtnSrv C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
16:20:51.0314 3512 HPBtnSrv - ok
16:20:51.0330 3512 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
16:20:51.0346 3512 HpSAMD - ok
16:20:51.0377 3512 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:20:51.0392 3512 HTTP - ok
16:20:51.0392 3512 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
16:20:51.0408 3512 hwpolicy - ok
16:20:51.0424 3512 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
16:20:51.0424 3512 i8042prt - ok
16:20:51.0486 3512 [ F79525634B192F5A18DE503568F94EF3 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
16:20:51.0502 3512 IAANTMON - ok
16:20:51.0517 3512 [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
16:20:51.0533 3512 iaStor - ok
16:20:51.0564 3512 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
16:20:51.0564 3512 iaStorV - ok
16:20:51.0611 3512 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:20:51.0611 3512 idsvc - ok
16:20:51.0642 3512 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
16:20:51.0642 3512 iirsp - ok
16:20:51.0673 3512 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
16:20:51.0673 3512 IKEEXT - ok
16:20:51.0751 3512 [ 3C4B4EE54FEBB09F7E9F58776DE96DCA ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
16:20:51.0767 3512 IntcAzAudAddService - ok
16:20:51.0814 3512 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
16:20:51.0814 3512 intelide - ok
16:20:51.0829 3512 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:20:51.0845 3512 intelppm - ok
16:20:51.0876 3512 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:20:51.0876 3512 IPBusEnum - ok
16:20:51.0892 3512 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:20:51.0892 3512 IpFilterDriver - ok
16:20:51.0938 3512 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:20:51.0954 3512 iphlpsvc - ok
16:20:51.0970 3512 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
16:20:51.0970 3512 IPMIDRV - ok
16:20:51.0985 3512 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
16:20:51.0985 3512 IPNAT - ok
16:20:52.0063 3512 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
16:20:52.0063 3512 iPod Service - ok
16:20:52.0079 3512 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:20:52.0079 3512 IRENUM - ok
16:20:52.0094 3512 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:20:52.0094 3512 isapnp - ok
16:20:52.0126 3512 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
16:20:52.0126 3512 iScsiPrt - ok
16:20:52.0157 3512 [ 79A55E8907F34AB569029505418C35EF ] JRAID C:\Windows\system32\DRIVERS\jraid.sys
16:20:52.0157 3512 JRAID - ok
16:20:52.0188 3512 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:20:52.0188 3512 kbdclass - ok
16:20:52.0219 3512 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
16:20:52.0219 3512 kbdhid - ok
16:20:52.0235 3512 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
16:20:52.0235 3512 KeyIso - ok
16:20:52.0250 3512 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:20:52.0266 3512 KSecDD - ok
16:20:52.0282 3512 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
16:20:52.0297 3512 KSecPkg - ok
16:20:52.0297 3512 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
16:20:52.0297 3512 ksthunk - ok
16:20:52.0328 3512 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
16:20:52.0328 3512 KtmRm - ok
16:20:52.0360 3512 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
16:20:52.0360 3512 LanmanServer - ok
16:20:52.0391 3512 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:20:52.0391 3512 LanmanWorkstation - ok
16:20:52.0438 3512 [ 3C46290F7A5D45BA6EF32C248E22AA69 ] Lbd C:\Windows\system32\DRIVERS\Lbd.sys
16:20:52.0438 3512 Lbd - ok
16:20:52.0484 3512 [ DFEFF67508D3A9AEB1A85D7B0F513B24 ] LightScribeService c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
16:20:52.0484 3512 LightScribeService - ok
16:20:52.0500 3512 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:20:52.0500 3512 lltdio - ok
16:20:52.0531 3512 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:20:52.0531 3512 lltdsvc - ok
16:20:52.0547 3512 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:20:52.0547 3512 lmhosts - ok
16:20:52.0562 3512 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
16:20:52.0562 3512 LSI_FC - ok
16:20:52.0578 3512 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
16:20:52.0578 3512 LSI_SAS - ok
16:20:52.0594 3512 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:20:52.0594 3512 LSI_SAS2 - ok
16:20:52.0609 3512 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:20:52.0609 3512 LSI_SCSI - ok
16:20:52.0625 3512 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
16:20:52.0625 3512 luafv - ok
16:20:52.0656 3512 [ B3944D06EB4B64D57BD7E5FE89415F58 ] LVPr2M64 C:\Windows\system32\DRIVERS\LVPr2M64.sys
16:20:52.0656 3512 LVPr2M64 - ok
16:20:52.0656 3512 [ B3944D06EB4B64D57BD7E5FE89415F58 ] LVPr2Mon C:\Windows\system32\DRIVERS\LVPr2M64.sys
16:20:52.0656 3512 LVPr2Mon - ok
16:20:52.0703 3512 [ 0C85B2B6FB74B36A251792D45E0EF860 ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys
16:20:52.0703 3512 LVRS64 - ok
16:20:52.0781 3512 [ FF3A488924B0032B1A9CA6948C1FA9E8 ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys
16:20:52.0796 3512 LVUVC64 - ok
16:20:52.0859 3512 [ 3D1516114F5B1548864D043177F992A6 ] lxeaCATSCustConnectService C:\Windows\system32\spool\DRIVERS\x64\3\\lxeaserv.exe
16:20:52.0874 3512 lxeaCATSCustConnectService - ok
16:20:52.0874 3512 lxea_device - ok
16:20:52.0906 3512 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:20:52.0906 3512 Mcx2Svc - ok
16:20:52.0921 3512 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
16:20:52.0921 3512 megasas - ok
16:20:52.0937 3512 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
16:20:52.0937 3512 MegaSR - ok
16:20:53.0015 3512 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
16:20:53.0015 3512 Microsoft Office Groove Audit Service - ok
16:20:53.0062 3512 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
16:20:53.0062 3512 MMCSS - ok
16:20:53.0077 3512 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
16:20:53.0077 3512 Modem - ok
16:20:53.0108 3512 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:20:53.0108 3512 monitor - ok
16:20:53.0124 3512 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:20:53.0124 3512 mouclass - ok
16:20:53.0140 3512 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:20:53.0140 3512 mouhid - ok
16:20:53.0171 3512 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
16:20:53.0171 3512 mountmgr - ok
16:20:53.0218 3512 [ 15D5398EED42C2504BB3D4FC875C15D1 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:20:53.0218 3512 MozillaMaintenance - ok
16:20:53.0249 3512 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
16:20:53.0249 3512 mpio - ok
16:20:53.0264 3512 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:20:53.0264 3512 mpsdrv - ok
16:20:53.0327 3512 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
16:20:53.0342 3512 MpsSvc - ok
16:20:53.0358 3512 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:20:53.0374 3512 MRxDAV - ok
16:20:53.0405 3512 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:20:53.0405 3512 mrxsmb - ok
16:20:53.0436 3512 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:20:53.0436 3512 mrxsmb10 - ok
16:20:53.0452 3512 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:20:53.0452 3512 mrxsmb20 - ok
16:20:53.0483 3512 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
16:20:53.0483 3512 msahci - ok
16:20:53.0514 3512 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:20:53.0514 3512 msdsm - ok
16:20:53.0545 3512 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
16:20:53.0545 3512 MSDTC - ok
16:20:53.0561 3512 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:20:53.0561 3512 Msfs - ok
16:20:53.0561 3512 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
16:20:53.0561 3512 mshidkmdf - ok
16:20:53.0576 3512 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:20:53.0576 3512 msisadrv - ok
16:20:53.0608 3512 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:20:53.0608 3512 MSiSCSI - ok
16:20:53.0608 3512 msiserver - ok
16:20:53.0623 3512 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:20:53.0623 3512 MSKSSRV - ok
16:20:53.0639 3512 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:20:53.0639 3512 MSPCLOCK - ok
16:20:53.0654 3512 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:20:53.0654 3512 MSPQM - ok
16:20:53.0686 3512 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:20:53.0686 3512 MsRPC - ok
16:20:53.0701 3512 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
16:20:53.0701 3512 mssmbios - ok
16:20:53.0717 3512 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:20:53.0717 3512 MSTEE - ok
16:20:53.0732 3512 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
16:20:53.0732 3512 MTConfig - ok
16:20:53.0748 3512 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
16:20:53.0748 3512 Mup - ok
16:20:53.0764 3512 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
16:20:53.0779 3512 napagent - ok
16:20:53.0795 3512 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:20:53.0795 3512 NativeWifiP - ok
16:20:53.0842 3512 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
16:20:53.0857 3512 NDIS - ok
16:20:53.0873 3512 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
16:20:53.0873 3512 NdisCap - ok
16:20:53.0888 3512 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:20:53.0888 3512 NdisTapi - ok
16:20:53.0904 3512 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:20:53.0920 3512 Ndisuio - ok
16:20:53.0951 3512 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:20:53.0951 3512 NdisWan - ok
16:20:53.0951 3512 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:20:53.0951 3512 NDProxy - ok
16:20:53.0998 3512 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
16:20:53.0998 3512 Net Driver HPZ12 - ok
16:20:53.0998 3512 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:20:53.0998 3512 NetBIOS - ok
16:20:54.0013 3512 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
16:20:54.0029 3512 NetBT - ok
16:20:54.0029 3512 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
16:20:54.0029 3512 Netlogon - ok
16:20:54.0076 3512 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
16:20:54.0091 3512 Netman - ok
16:20:54.0107 3512 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
16:20:54.0107 3512 netprofm - ok
16:20:54.0138 3512 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:20:54.0138 3512 NetTcpPortSharing - ok
16:20:54.0154 3512 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
16:20:54.0154 3512 nfrd960 - ok
16:20:54.0185 3512 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
16:20:54.0200 3512 NlaSvc - ok
16:20:54.0200 3512 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:20:54.0200 3512 Npfs - ok
16:20:54.0216 3512 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
16:20:54.0216 3512 nsi - ok
16:20:54.0216 3512 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:20:54.0216 3512 nsiproxy - ok
16:20:54.0278 3512 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:20:54.0310 3512 Ntfs - ok
16:20:54.0310 3512 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
16:20:54.0310 3512 Null - ok
16:20:54.0341 3512 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:20:54.0341 3512 nvraid - ok
16:20:54.0372 3512 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:20:54.0372 3512 nvstor - ok
16:20:54.0403 3512 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:20:54.0403 3512 nv_agp - ok
16:20:54.0466 3512 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:20:54.0481 3512 odserv - ok
16:20:54.0497 3512 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
16:20:54.0497 3512 ohci1394 - ok
16:20:54.0528 3512 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:20:54.0528 3512 ose - ok
16:20:54.0559 3512 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
16:20:54.0559 3512 p2pimsvc - ok
16:20:54.0575 3512 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
16:20:54.0575 3512 p2psvc - ok
16:20:54.0590 3512 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
16:20:54.0590 3512 Parport - ok
16:20:54.0606 3512 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:20:54.0606 3512 partmgr - ok
16:20:54.0622 3512 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
16:20:54.0622 3512 PcaSvc - ok
16:20:54.0668 3512 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
16:20:54.0668 3512 pci - ok
16:20:54.0700 3512 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
16:20:54.0700 3512 pciide - ok
16:20:54.0715 3512 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
16:20:54.0715 3512 pcmcia - ok
16:20:54.0793 3512 [ 65A66EB40254DF662E32E89BBBA55E89 ] PCPitstop Scheduling C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe
16:20:54.0793 3512 PCPitstop Scheduling - ok
16:20:54.0809 3512 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
16:20:54.0809 3512 pcw - ok
16:20:54.0840 3512 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:20:54.0840 3512 PEAUTH - ok
16:20:54.0902 3512 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
16:20:54.0902 3512 PerfHost - ok
16:20:54.0949 3512 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
16:20:54.0980 3512 pla - ok
16:20:55.0012 3512 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:20:55.0012 3512 PlugPlay - ok
16:20:55.0058 3512 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
16:20:55.0058 3512 Pml Driver HPZ12 - ok
16:20:55.0074 3512 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
16:20:55.0074 3512 PNRPAutoReg - ok
16:20:55.0090 3512 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
16:20:55.0090 3512 PNRPsvc - ok
16:20:55.0105 3512 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:20:55.0121 3512 PolicyAgent - ok
16:20:55.0136 3512 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
16:20:55.0136 3512 Power - ok
16:20:55.0168 3512 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:20:55.0168 3512 PptpMiniport - ok
16:20:55.0183 3512 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
16:20:55.0183 3512 Processor - ok
16:20:55.0199 3512 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll
16:20:55.0199 3512 ProfSvc - ok
16:20:55.0214 3512 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:20:55.0214 3512 ProtectedStorage - ok
16:20:55.0246 3512 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
16:20:55.0246 3512 Psched - ok
16:20:55.0292 3512 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
16:20:55.0324 3512 ql2300 - ok
16:20:55.0324 3512 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
16:20:55.0339 3512 ql40xx - ok
16:20:55.0355 3512 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
16:20:55.0355 3512 QWAVE - ok
16:20:55.0370 3512 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:20:55.0370 3512 QWAVEdrv - ok
16:20:55.0370 3512 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:20:55.0370 3512 RasAcd - ok
16:20:55.0386 3512 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
16:20:55.0402 3512 RasAgileVpn - ok
16:20:55.0402 3512 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
16:20:55.0402 3512 RasAuto - ok
16:20:55.0433 3512 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:20:55.0433 3512 Rasl2tp - ok
16:20:55.0448 3512 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
16:20:55.0448 3512 RasMan - ok
16:20:55.0448 3512 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:20:55.0464 3512 RasPppoe - ok
16:20:55.0464 3512 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:20:55.0464 3512 RasSstp - ok
16:20:55.0480 3512 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:20:55.0480 3512 rdbss - ok
16:20:55.0495 3512 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
16:20:55.0495 3512 rdpbus - ok
16:20:55.0511 3512 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:20:55.0511 3512 RDPCDD - ok
16:20:55.0542 3512 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:20:55.0542 3512 RDPENCDD - ok
16:20:55.0558 3512 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
16:20:55.0558 3512 RDPREFMP - ok
16:20:55.0589 3512 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:20:55.0589 3512 RDPWD - ok
16:20:55.0620 3512 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
16:20:55.0620 3512 rdyboost - ok
16:20:55.0651 3512 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:20:55.0651 3512 RemoteAccess - ok
16:20:55.0667 3512 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:20:55.0667 3512 RemoteRegistry - ok
16:20:55.0682 3512 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
16:20:55.0682 3512 RpcEptMapper - ok
16:20:55.0698 3512 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
16:20:55.0698 3512 RpcLocator - ok
16:20:55.0729 3512 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
16:20:55.0729 3512 RpcSs - ok
16:20:55.0745 3512 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:20:55.0745 3512 rspndr - ok
16:20:55.0745 3512 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
16:20:55.0745 3512 SamSs - ok
16:20:55.0776 3512 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:20:55.0776 3512 sbp2port - ok
16:20:55.0792 3512 SBRE - ok
16:20:55.0792 3512 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:20:55.0807 3512 SCardSvr - ok
16:20:55.0838 3512 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
16:20:55.0838 3512 scfilter - ok
16:20:55.0854 3512 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
16:20:55.0870 3512 Schedule - ok
16:20:55.0916 3512 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
16:20:55.0916 3512 SCPolicySvc - ok
16:20:55.0948 3512 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:20:55.0948 3512 SDRSVC - ok
16:20:55.0948 3512 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:20:55.0948 3512 secdrv - ok
16:20:55.0979 3512 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
16:20:55.0979 3512 seclogon - ok
16:20:55.0994 3512 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
16:20:55.0994 3512 SENS - ok
16:20:55.0994 3512 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
16:20:56.0010 3512 SensrSvc - ok
16:20:56.0041 3512 [ C284622531B1238E41DF70E84B7524CE ] Ser2pl C:\Windows\system32\DRIVERS\ser2pl64.sys
16:20:56.0041 3512 Ser2pl - ok
16:20:56.0057 3512 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
16:20:56.0057 3512 Serenum - ok
16:20:56.0072 3512 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
16:20:56.0072 3512 Serial - ok
16:20:56.0119 3512 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
16:20:56.0119 3512 sermouse - ok
16:20:56.0135 3512 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
16:20:56.0135 3512 SessionEnv - ok
16:20:56.0166 3512 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:20:56.0166 3512 sffdisk - ok
16:20:56.0182 3512 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:20:56.0182 3512 sffp_mmc - ok
16:20:56.0197 3512 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:20:56.0197 3512 sffp_sd - ok
16:20:56.0213 3512 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
16:20:56.0213 3512 sfloppy - ok
16:20:56.0244 3512 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:20:56.0244 3512 SharedAccess - ok
16:20:56.0260 3512 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:20:56.0260 3512 ShellHWDetection - ok
16:20:56.0291 3512 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:20:56.0291 3512 SiSRaid2 - ok
16:20:56.0306 3512 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
16:20:56.0306 3512 SiSRaid4 - ok
16:20:56.0353 3512 [ EA396139541706B4B433641D62EA53CE ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
16:20:56.0353 3512 SkypeUpdate - ok
16:20:56.0369 3512 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:20:56.0369 3512 Smb - ok
16:20:56.0400 3512 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:20:56.0400 3512 SNMPTRAP - ok
16:20:56.0416 3512 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
16:20:56.0416 3512 spldr - ok
16:20:56.0431 3512 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
16:20:56.0431 3512 Spooler - ok
16:20:56.0509 3512 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
16:20:56.0540 3512 sppsvc - ok
16:20:56.0556 3512 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
16:20:56.0556 3512 sppuinotify - ok
16:20:56.0572 3512 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
16:20:56.0587 3512 srv - ok
16:20:56.0603 3512 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:20:56.0618 3512 srv2 - ok
16:20:56.0634 3512 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:20:56.0634 3512 srvnet - ok
16:20:56.0650 3512 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:20:56.0650 3512 SSDPSRV - ok
16:20:56.0665 3512 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:20:56.0665 3512 SstpSvc - ok
16:20:56.0681 3512 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
16:20:56.0696 3512 stexstor - ok
16:20:56.0712 3512 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
16:20:56.0712 3512 stisvc - ok
16:20:56.0743 3512 [ 85BF0B7CE3D9B6D1611E05872E1C3E56 ] SWDUMon C:\Windows\system32\DRIVERS\SWDUMon.sys
16:20:56.0743 3512 SWDUMon - ok
16:20:56.0774 3512 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
16:20:56.0774 3512 swenum - ok
16:20:56.0790 3512 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
16:20:56.0806 3512 swprv - ok
16:20:56.0837 3512 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
16:20:56.0852 3512 SysMain - ok
16:20:56.0868 3512 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:20:56.0868 3512 TabletInputService - ok
16:20:56.0868 3512 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
16:20:56.0884 3512 TapiSrv - ok
16:20:56.0884 3512 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
16:20:56.0884 3512 TBS - ok
16:20:56.0946 3512 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:20:56.0977 3512 Tcpip - ok
16:20:57.0008 3512 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
16:20:57.0024 3512 TCPIP6 - ok
16:20:57.0071 3512 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:20:57.0071 3512 tcpipreg - ok
16:20:57.0071 3512 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:20:57.0071 3512 TDPIPE - ok
16:20:57.0102 3512 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:20:57.0102 3512 TDTCP - ok
16:20:57.0118 3512 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:20:57.0118 3512 tdx - ok
16:20:57.0118 3512 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
16:20:57.0118 3512 TermDD - ok
16:20:57.0133 3512 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
16:20:57.0149 3512 TermService - ok
16:20:57.0164 3512 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
16:20:57.0164 3512 Themes - ok
16:20:57.0164 3512 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
16:20:57.0180 3512 THREADORDER - ok
16:20:57.0196 3512 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
16:20:57.0196 3512 TrkWks - ok
16:20:57.0242 3512 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:20:57.0242 3512 TrustedInstaller - ok
16:20:57.0274 3512 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:20:57.0274 3512 tssecsrv - ok
16:20:57.0305 3512 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
16:20:57.0305 3512 TsUsbFlt - ok
16:20:57.0336 3512 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:20:57.0336 3512 tunnel - ok
16:20:57.0352 3512 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
16:20:57.0352 3512 uagp35 - ok
16:20:57.0367 3512 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:20:57.0367 3512 udfs - ok
16:20:57.0414 3512 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:20:57.0414 3512 UI0Detect - ok
16:20:57.0430 3512 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:20:57.0430 3512 uliagpkx - ok
16:20:57.0445 3512 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
16:20:57.0445 3512 umbus - ok
16:20:57.0461 3512 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
16:20:57.0461 3512 UmPass - ok
16:20:57.0539 3512 [ 67A95B9D129ED5399E7965CD09CF30E7 ] UMVPFSrv C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
16:20:57.0554 3512 UMVPFSrv - ok
16:20:57.0570 3512 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
16:20:57.0570 3512 upnphost - ok
16:20:57.0586 3512 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
16:20:57.0601 3512 USBAAPL64 - ok
16:20:57.0617 3512 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
16:20:57.0617 3512 usbaudio - ok
16:20:57.0664 3512 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:20:57.0664 3512 usbccgp - ok
16:20:57.0695 3512 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:20:57.0695 3512 usbcir - ok
16:20:57.0710 3512 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
16:20:57.0710 3512 usbehci - ok
16:20:57.0726 3512 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:20:57.0726 3512 usbhub - ok
16:20:57.0742 3512 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
16:20:57.0742 3512 usbohci - ok
16:20:57.0757 3512 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:20:57.0757 3512 usbprint - ok
16:20:57.0788 3512 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
16:20:57.0788 3512 usbscan - ok
16:20:57.0820 3512 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:20:57.0820 3512 USBSTOR - ok
16:20:57.0820 3512 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
16:20:57.0835 3512 usbuhci - ok
16:20:57.0835 3512 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
16:20:57.0835 3512 UxSms - ok
16:20:57.0851 3512 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
16:20:57.0851 3512 VaultSvc - ok
16:20:57.0882 3512 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
16:20:57.0882 3512 vdrvroot - ok
16:20:57.0913 3512 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
16:20:57.0913 3512 vds - ok
16:20:57.0929 3512 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:20:57.0929 3512 vga - ok
16:20:57.0944 3512 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
16:20:57.0944 3512 VgaSave - ok
16:20:57.0976 3512 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
16:20:57.0976 3512 vhdmp - ok
16:20:58.0007 3512 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
16:20:58.0007 3512 viaide - ok
16:20:58.0007 3512 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:20:58.0022 3512 volmgr - ok
16:20:58.0054 3512 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:20:58.0054 3512 volmgrx - ok
16:20:58.0085 3512 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:20:58.0100 3512 volsnap - ok
16:20:58.0116 3512 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
16:20:58.0116 3512 vsmraid - ok
16:20:58.0178 3512 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
16:20:58.0210 3512 VSS - ok
16:20:58.0225 3512 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
16:20:58.0225 3512 vwifibus - ok
16:20:58.0241 3512 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
16:20:58.0241 3512 W32Time - ok
16:20:58.0256 3512 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
16:20:58.0272 3512 WacomPen - ok
16:20:58.0272 3512 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
16:20:58.0288 3512 WANARP - ok
16:20:58.0288 3512 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:20:58.0288 3512 Wanarpv6 - ok
16:20:58.0334 3512 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
16:20:58.0366 3512 WatAdminSvc - ok
16:20:58.0397 3512 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
16:20:58.0428 3512 wbengine - ok
16:20:58.0428 3512 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
16:20:58.0444 3512 WbioSrvc - ok
16:20:58.0444 3512 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:20:58.0459 3512 wcncsvc - ok
16:20:58.0459 3512 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:20:58.0475 3512 WcsPlugInService - ok
16:20:58.0490 3512 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
16:20:58.0490 3512 Wd - ok
16:20:58.0506 3512 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:20:58.0522 3512 Wdf01000 - ok
16:20:58.0522 3512 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:20:58.0537 3512 WdiServiceHost - ok
16:20:58.0537 3512 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:20:58.0537 3512 WdiSystemHost - ok
16:20:58.0553 3512 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
16:20:58.0553 3512 WebClient - ok
16:20:58.0568 3512 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:20:58.0568 3512 Wecsvc - ok
16:20:58.0568 3512 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:20:58.0568 3512 wercplsupport - ok
16:20:58.0600 3512 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
16:20:58.0600 3512 WerSvc - ok
16:20:58.0615 3512 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
16:20:58.0615 3512 WfpLwf - ok
16:20:58.0631 3512 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
16:20:58.0631 3512 WIMMount - ok
16:20:58.0693 3512 WinDefend - ok
16:20:58.0693 3512 WinHttpAutoProxySvc - ok
16:20:58.0756 3512 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:20:58.0771 3512 Winmgmt - ok
16:20:58.0802 3512 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
16:20:58.0865 3512 WinRM - ok
16:20:58.0927 3512 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
16:20:58.0927 3512 WinUsb - ok
16:20:58.0943 3512 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
16:20:58.0958 3512 Wlansvc - ok
16:20:59.0068 3512 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:20:59.0083 3512 wlidsvc - ok
16:20:59.0130 3512 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
16:20:59.0130 3512 WmiAcpi - ok
16:20:59.0146 3512 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:20:59.0146 3512 wmiApSrv - ok
16:20:59.0177 3512 WMPNetworkSvc - ok
16:20:59.0177 3512 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:20:59.0177 3512 WPCSvc - ok
16:20:59.0192 3512 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:20:59.0192 3512 WPDBusEnum - ok
16:20:59.0224 3512 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:20:59.0224 3512 ws2ifsl - ok
16:20:59.0239 3512 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
16:20:59.0239 3512 wscsvc - ok
16:20:59.0270 3512 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
16:20:59.0270 3512 WSDPrintDevice - ok
16:20:59.0270 3512 WSearch - ok
16:20:59.0364 3512 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
16:20:59.0380 3512 wuauserv - ok
16:20:59.0395 3512 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:20:59.0395 3512 WudfPf - ok
16:20:59.0426 3512 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:20:59.0426 3512 WUDFRd - ok
16:20:59.0458 3512 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:20:59.0458 3512 wudfsvc - ok
16:20:59.0473 3512 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
16:20:59.0473 3512 WwanSvc - ok
16:20:59.0473 3512 wxxmvyaw - ok
16:20:59.0489 3512 ================ Scan global ===============================
16:20:59.0504 3512 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
16:20:59.0551 3512 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
16:20:59.0551 3512 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
16:20:59.0567 3512 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
16:20:59.0582 3512 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
16:20:59.0598 3512 [Global] - ok
16:20:59.0598 3512 ================ Scan MBR ==================================
16:20:59.0598 3512 [ 81CD5EC01DB0CE57EDD853F82462EF27 ] \Device\Harddisk0\DR0
16:20:59.0785 3512 \Device\Harddisk0\DR0 - ok
16:20:59.0785 3512 ================ Scan VBR ==================================
16:20:59.0785 3512 [ 8E08006E0F98E3BE20113BE281D00C18 ] \Device\Harddisk0\DR0\Partition1
16:20:59.0785 3512 \Device\Harddisk0\DR0\Partition1 - ok
16:20:59.0785 3512 [ F59C16C40D1D14A49EC53855A94A0256 ] \Device\Harddisk0\DR0\Partition2
16:20:59.0785 3512 \Device\Harddisk0\DR0\Partition2 - ok
16:20:59.0785 3512 ============================================================
16:20:59.0785 3512 Scan finished
16:20:59.0785 3512 ============================================================
16:20:59.0801 2708 Detected object count: 0
16:20:59.0801 2708 Actual detected object count: 0


and the aswMBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-03 16:25:09
-----------------------------
16:25:09.007 OS Version: Windows x64 6.1.7601 Service Pack 1
16:25:09.007 Number of processors: 8 586 0x1A05
16:25:09.007 ComputerName: MIKEOHOME UserName: Mike
16:25:13.234 Initialize success
16:25:37.695 AVAST engine defs: 12090300
16:26:06.087 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2
16:26:06.087 Disk 0 Vendor: ST310005 HP22 Size: 953869MB BusType: 8
16:26:06.103 Disk 0 MBR read successfully
16:26:06.103 Disk 0 MBR scan
16:26:06.103 Disk 0 unknown MBR code
16:26:06.103 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 938610 MB offset 63
16:26:06.134 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15257 MB offset 1922273640
16:26:06.197 Disk 0 scanning C:\Windows\system32\drivers
16:26:16.290 Service scanning
16:26:31.952 Modules scanning
16:26:31.952 Disk 0 trace - called modules:
16:26:31.983 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
16:26:31.983 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80086c4790]
16:26:31.999 3 CLASSPNP.SYS[fffff8800181743f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0xfffffa8008438050]
16:26:33.465 AVAST engine scan C:\Windows
16:26:36.211 AVAST engine scan C:\Windows\system32
16:28:59.919 AVAST engine scan C:\Windows\system32\drivers
16:29:11.790 AVAST engine scan C:\Users\Mike
17:13:57.192 AVAST engine scan C:\ProgramData
17:15:50.510 Scan finished successfully
17:21:47.221 Disk 0 MBR has been saved successfully to "C:\Users\Mike\Desktop\MBR.dat"
17:21:47.221 The log file has been saved successfully to "C:\Users\Mike\Desktop\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:21 AM

Posted 03 September 2012 - 06:57 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache:: 

Driver::
wxxmvyaw

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo




Code:
Hello

I would like you to run This Cobofix script for me. It will upload some files to analyzed by our experts so it is very important to be connected to the internet at the time of the scan.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

put script here

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

NOTE**
  • When ComboFix finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will upload files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer



"information and logs"

  • In your next post I need the following

  • The report from combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 mortol2

mortol2
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:21 PM

Posted 03 September 2012 - 08:27 PM

Greetings Gringo. I ran ComboFix again with the CFScript. Everything ran fine. My firewall appears to be restored, and as of yet, google appears to be working properly. I also ran a quickscan of Avast! and no infections surfaced. I attached the ComboFix log below. I think we might be in good shape; what do you think?

ComboFix 12-09-03.07 - Mike 09/03/2012 20:54:40.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.9207.6944 [GMT -4:00]
Running from: c:\users\Mike\Desktop\ComboFix.exe
Command switches used :: c:\users\Mike\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Mike\AppData\Local\Temp\{B7DCD059-6760-41FA-A2BF-DEC3891D80ED}\fpb.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_wxxmvyaw
.
.
((((((((((((((((((((((((( Files Created from 2012-08-04 to 2012-09-04 )))))))))))))))))))))))))))))))
.
.
2012-09-04 00:59 . 2012-09-04 00:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-04 00:03 . 2012-08-21 09:13 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-09-04 00:03 . 2012-08-21 09:13 359464 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-09-04 00:03 . 2012-08-21 09:13 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-09-04 00:03 . 2012-08-21 09:13 969200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-09-04 00:03 . 2012-08-21 09:13 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-09-04 00:03 . 2012-08-21 09:13 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-09-04 00:03 . 2012-08-21 09:12 41224 ----a-w- c:\windows\avastSS.scr
2012-09-04 00:03 . 2012-08-21 09:12 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-09-03 15:21 . 2012-09-03 15:21 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-01 03:50 . 2012-09-01 22:10 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-09-01 03:50 . 2012-09-01 22:10 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-09-01 03:35 . 2012-09-01 03:35 -------- d-----w- c:\program files (x86)\PC Tools
2012-09-01 03:33 . 2012-09-01 22:10 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-09-01 03:32 . 2012-09-01 03:35 -------- d-----w- c:\programdata\PC Tools
2012-09-01 03:32 . 2012-09-01 03:32 -------- d-----w- c:\users\Mike\AppData\Roaming\TestApp
2012-09-01 03:28 . 2012-09-01 03:28 -------- d-----w- c:\programdata\Tarma Installer
2012-09-01 03:20 . 2012-09-01 03:20 -------- d-----w- C:\TEMP
2012-09-01 03:08 . 2012-09-01 03:08 -------- d-----w- c:\users\Mike\AppData\Local\adaware
2012-09-01 03:08 . 2012-09-01 22:10 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2012-09-01 03:08 . 2012-09-01 03:08 -------- d-----w- c:\programdata\Lavasoft
2012-09-01 03:08 . 2012-09-01 22:10 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus
2012-09-01 03:07 . 2012-09-01 03:09 -------- d-----w- c:\users\Mike\AppData\Roaming\Ad-Aware Antivirus
2012-09-01 03:06 . 2012-09-01 22:10 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-01 02:08 . 2012-06-19 04:44 46392 ----a-w- c:\windows\system32\drivers\TMEBC64.sys
2012-09-01 02:07 . 2012-09-01 18:14 59 ----a-w- c:\windows\system32\SupportTool.exe.bat
2012-09-01 02:07 . 2012-09-01 18:15 -------- d-----w- c:\programdata\Trend Micro
2012-09-01 02:01 . 2012-09-01 18:12 -------- d-----w- c:\program files (x86)\Trend Micro
2012-08-26 13:14 . 2012-08-21 09:12 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-08-26 13:14 . 2012-09-04 00:02 -------- d-----w- c:\programdata\AVAST Software
2012-08-26 13:14 . 2012-09-04 00:02 -------- d-----w- c:\program files\AVAST Software
2012-08-19 23:20 . 2012-09-04 01:00 15712 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2012-08-19 23:20 . 2012-08-19 23:20 -------- d-----w- c:\users\Mike\AppData\Local\SlimWare Utilities Inc
2012-08-19 23:20 . 2012-08-19 23:20 -------- d-----w- c:\program files (x86)\DriverUpdate
2012-08-19 16:31 . 2012-08-19 16:31 -------- d-----w- c:\programdata\GFI Software
2012-08-19 13:24 . 2012-08-19 13:24 -------- d-----w- c:\users\Mike\AppData\Local\Downloaded Installations
2012-08-18 14:33 . 2012-08-18 14:33 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-03 15:22 . 2009-07-13 23:19 328704 ----a-w- c:\windows\system32\services.exe
2012-08-16 07:01 . 2010-02-11 22:11 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-08-15 01:33 . 2012-03-31 21:04 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-15 01:33 . 2011-06-14 21:19 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-09 05:43 . 2012-07-11 10:32 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-07 00:59 . 2012-06-07 00:59 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-06-06 06:06 . 2012-07-11 10:32 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 10:32 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 10:31 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 10:32 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 10:32 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 10:31 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-09-03_16.59.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-20 01:29 . 2012-09-03 17:08 54240 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-09-03 17:08 33938 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-01-20 01:13 . 2012-09-03 17:08 19096 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3452488347-1287581555-2733521940-1000_UserData.bin
- 2010-01-20 00:22 . 2012-09-03 15:22 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-20 00:22 . 2012-09-03 17:08 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-20 00:22 . 2012-09-03 17:08 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-01-20 00:22 . 2012-09-03 15:22 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-09-03 17:08 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-09-03 15:22 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-20 01:13 . 2012-09-03 17:06 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-20 01:13 . 2012-09-03 15:24 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-20 01:13 . 2012-09-03 15:24 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-20 01:13 . 2012-09-03 17:06 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-20 01:13 . 2012-09-03 17:06 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-01-20 01:13 . 2012-09-03 15:24 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-20 01:13 . 2012-09-04 00:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-20 01:13 . 2012-09-03 16:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-20 01:13 . 2012-09-03 16:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-20 01:13 . 2012-09-04 00:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-09-03 16:58 . 2012-09-03 16:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-09-04 01:00 . 2012-09-04 01:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-09-04 01:00 . 2012-09-04 01:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-09-03 16:58 . 2012-09-03 16:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 04:54 . 2012-09-04 01:00 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-09-03 16:58 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-09-04 01:00 655360 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-09-03 16:58 655360 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-20 22:35 . 2012-09-03 23:57 483394 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2009-07-14 02:36 . 2012-09-03 17:10 627066 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-09-03 15:27 627066 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-09-03 17:10 107382 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-09-03 15:27 107382 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-09-03 16:58 467920 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-09-04 01:00 467920 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:54 . 2012-09-04 01:00 3588096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-09-03 16:58 3588096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"UpdatePDIRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" [2009-02-02 210216]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-05-20 98304]
"KBD"="c:\program files (x86)\Hewlett-Packard\KBD\KbdStub.EXE" [2008-07-21 12288]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-09-27 133104]
R2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxeaserv.exe [2010-04-14 45736]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-09-27 133104]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2010-05-07 30304]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-21 113120]
R3 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files (x86)\PCPitstop\PCPitstopScheduleService.exe [2012-01-31 91816]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [2012-09-04 15712]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-24 1255736]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-09-23 69152]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-09-08 203264]
S2 AntiSpywareService;Comcast AntiSpyware;c:\program files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [2009-06-17 616408]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-08-21 71600]
S2 HPBtnSrv;HP Easy Backup Button Service;c:\program files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [2008-10-01 192512]
S2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe [2010-04-14 1052328]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-09-08 7767552]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-09-08 279040]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys [2009-06-13 287960]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
S3 LVUVC64;Logitech QuickCam Pro 9000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - eeCtrl
*Deregistered* - EraserUtilRebootDrv
*Deregistered* - IDSVia64
*Deregistered* - SymEFA
*Deregistered* - SymEvent
*Deregistered* - SYMFW
*Deregistered* - SYMNDISV
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 01:33]
.
2012-09-04 c:\windows\Tasks\DriverUpdate Startup.job
- c:\program files (x86)\DriverUpdate\DriverUpdate.exe [2012-08-10 13:08]
.
2012-09-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-09-27 14:47]
.
2012-09-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-09-27 14:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:11 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Remote Software"="c:\program files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe" [2009-02-06 172032]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-12-04 186904]
"lxeamon.exe"="c:\program files (x86)\Lexmark S300-S400 Series\lxeamon.exe" [2011-01-24 770728]
"SBRegRebootCleaner"="c:\program files (x86)\Ad-Aware Antivirus\SBRC.exe" [BU]
"combofix"="c:\combofix\CF27649.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"PCDrProfiler"="c:\program files\PC-Doctor for Windows\RunProfiler.exe" [2009-06-26 136176]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.excite.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.0.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} - hxxps://www.hpwindows7upgrade.arvato.com/north_america/Endcustomer/HPProdDetect.cab
FF - ProfilePath - c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\qj17lozr.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.excite.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Completion time: 2012-09-03 21:05:51 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-04 01:05
ComboFix2.txt 2012-09-03 17:03
.
Pre-Run: 673,485,660,160 bytes free
Post-Run: 672,935,260,160 bytes free
.
- - End Of File - - 3E6BFE92F622A3A4A7055A4C6B0A62C1

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:21 AM

Posted 03 September 2012 - 08:53 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Adobe Reader 9.5.2
Java™ 6 Update 29
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]
Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.


: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 mortol2

mortol2
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:21 PM

Posted 03 September 2012 - 10:34 PM

Hi Gringo,

I removed the programs via Revo, performed the updates, and ran CCleaner and Malwarebytes as instructed. So far the computer seems to be running normally. Here are the log files from Malwarebytes and HijackThis, respectively.
I shall await your reply.

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.09.04.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Mike :: MIKEOHOME [administrator]

9/3/2012 11:01:05 PM
mbam-log-2012-09-03 (23-01-05).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 204344
Time elapsed: 2 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:23:36 PM, on 9/3/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe
C:\Users\Mike\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg32.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Advertising Cookie Opt-out - {8E425EB4-ADBD-4816-B1E8-49BB9DECF034} - C:\Program Files (x86)\Google\Advertising Cookie Opt-out\opt_out.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Updater For XFIN_PORTAL - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll (file missing)
O2 - BHO: TmBpIeBHO - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1107\7.5.1107\TmBpIe32.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
O4 - HKLM\..\Run: [UpdateLBPShortCut] "c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
O16 - DPF: {2DEF4530-8CE6-41C9-84B6-A54536C90213} (Crystal Report Viewer Control 9) - http://64.144.224.251/crystalreportviewers/activeXViewer/activexviewer.cab
O16 - DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} (HP Product Detection Control) - https://www.hpwindows7upgrade.arvato.com/north_america/Endcustomer/HPProdDetect.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - https://wimpro2.cce.hp.com/ChatEntry/downloads/sysinfo.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} (Lexmark eDiagnostics Class) - https://ediagnostics.lexmark.com/serval.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://attwm.webex.com/client/T25L10NSP41EP15-attwm/webex/ieatgpc.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1107\7.5.1107\TmBpIe32.dll (file missing)
O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg32.dll (file missing)
O18 - Protocol: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (file missing)
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Comcast AntiSpyware (AntiSpywareService) - Unknown owner - C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Easy Backup Button Service (HPBtnSrv) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxeaCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\x64\3\\lxeaserv.exe
O23 - Service: lxea_device - - C:\Windows\system32\lxeacoms.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PCPitstop Scheduling - PC Pitstop LLC - C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13585 bytes

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:21 AM

Posted 03 September 2012 - 10:54 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
      O4 - HKLM\..\Run: [UpdateLBPShortCut] "c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
      O4 - HKLM\..\Run: [UpdateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
      O4 - HKLM\..\Run: [UpdatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
      O4 - HKLM\..\Run: [UpdatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
      O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 mortol2

mortol2
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:21 PM

Posted 04 September 2012 - 12:33 AM

Hi Gringo,

I removed the unneeded startup entries as instructed, and ran ESCAN. It came up with the following 12 threats:

C:\Program Files (x86)\HP Games\Farm Mania\Farm-WT.exe a variant of Win32/Kryptik.SH trojan
C:\ProgramData\WildTangent\528821fe-58e4-439c-81de-49f36a16aa12-extr.exe a variant of Win32/Kryptik.SH trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{9bba08d7-8b9b-7f45-493b-7bc7980ca44c}\U\00000008.@.vir Win64/Agent.BA trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{9bba08d7-8b9b-7f45-493b-7bc7980ca44c}\U\000000cb.@.vir Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{9bba08d7-8b9b-7f45-493b-7bc7980ca44c}\U\80000000.@.vir Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{9bba08d7-8b9b-7f45-493b-7bc7980ca44c}\U\80000032.@.vir a variant of Win32/Sirefef.FD trojan
C:\TDSSKiller_Quarantine\03.09.2012_11.19.50\zasubsys0000\file0000\tsk0000.dta Win64/Patched.B.Gen trojan
C:\TDSSKiller_Quarantine\03.09.2012_11.19.50\zasubsys0000\zafs0000\tsk0000.dta Win32/Sirefef.EZ trojan
C:\TDSSKiller_Quarantine\03.09.2012_11.19.50\zasubsys0000\zafs0000\tsk0001.dta Win64/Sirefef.AD trojan
C:\Users\All Users\WildTangent\528821fe-58e4-439c-81de-49f36a16aa12-extr.exe a variant of Win32/Kryptik.SH trojan
C:\Users\Mike\Desktop\my documents\avc-free.exe Win32/OpenCandy application
C:\Users\Mike\Desktop\my documents\setups\Setup_FreeFlvConverterN.exe Win32/Toolbar.Widgi application




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users