Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Torpig


  • This topic is locked This topic is locked
14 replies to this topic

#1 Christuffa

Christuffa

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 15 November 2012 - 05:32 PM

Hello, I'm new to this site. Recently my emails were blocked by spamhaus. The following was stated on the CBL site:

At the time of removal, this was the explanation for this listing:

This IP is infected with, or is NATting for a machine infected with Torpig, also known by Symantec as Anserin.

This was detected by observing this IP attempting to make contact to a Torpig Command and Control server at , with contents unique to Torpig C&C command protocols.

Torpig is a banking trojan, specializing in stealing personal information (passwords, account information, etc) from interactions with banking sites.

Torpig is normally dropped by Mebroot. Mebroot is a Rootkit that installs itself into the MBR (Master Boot Record).

With Mebroot or any other rootkit that installs itself into the MBR, you will either have to use a "MBR cleaner" or reformat the drive completely - even if you manage to remove Torpig, the MBR infection will cause it to be reinfected again.

The best way to find the machine responsible is to look for connections to the Torpig C&C server. This detection was made through a connection to , but may change periodically. To find these infections, we suggest you search for TCP/IP connections in the following ranges:
CIDR format Range format
217.160.140.127/32 217.160.140.127
217.160.140.82/32 217.160.140.82
212.227.20.19/32 212.227.20.19
82.165.25.167/32 82.165.25.167
usually destination port 80 or 443, but you should look for all ports. This detection corresponds to a connection at 2012-11-05 21:35:43 (GMT - this timestamp is believed accurate to within one second).

You can try Kaspersky's TDSSKiller Antirootkit Utility to get this infection detected/removed. However, we strongly recommend you to do completely re-install your operation system to get this infection removed permanently

These infections are rated as a "severe threat" by Microsoft. It is a trojan downloader, and can download and execute ANY software on the infected computer.

You will need to find and eradicate the infection before delisting the IP address.

We strongly recommend that you DO NOT simply firewall off connections to the sinkhole IP addresses given above. Those IP addresses are of sinkholes operated by malware researchers. In other words, it's a "sensor" (only) run by "the good guys". The bot "thinks" its a command and control server run by the spambot operators but it isn't. It DOES NOT actually download anything, and is not a threat. If you firewall the sinkhole addresses, your IPs will remain infected, and they will STILL be delivering your users/customers personal information, including banking information to the criminal bot operators.

If you do choose to firewall these IPs, PLEASE instrument your firewall to tell you which internal machine is connecting to them so that you can identify the infected machine yourself and fix it.

We are enhancing the instructions on how to find these infections, and more information will be given here as it becomes available.

Virtually all detections made by the CBL are of infections that do NOT leave any "tracks" for you to find in your mail server logs. This is even more important for the viruses described here - these detections are made on network-level detections of malicious behaviour and may NOT involve malicious email being sent.

This means: if you have port 25 blocking enabled, do not take this as indication that your port 25 blocking isn't working.

The links above may help you find this infection. You can also consult Advanced Techniques for other options and alternatives. NOTE: the Advanced Techniques link focuses on finding port 25(SMTP) traffic. With "sinkhole malware" detections such as this listing, we aren't detecting port 25 traffic, we're detecting traffic on other ports. Therefore, when reading Advanced Techniques, you will need to consider all ports, not just SMTP.

Pay very close attention: Most of these trojans have extremely poor detection rates in current Anti-Virus software. For example, Ponmocup is only detected by 3 out of 49 AV tools queried at Virus Total.

Thus: having your anti-virus software doesn't find anything doesn't prove that you're not infected.

While we regret having to say this, downloaders will generally download many different malicious payloads. Even if an Anti-Virus product finds and removes the direct threat, they will not have detected or removed the other malicious payloads. For that reason, we recommend recloning the machine - meaning: reformatting the disks on the infected machine, and re-installing all software from known-good sources.

I am using AVG and Microsoft security. I ran Kaspersky's TDSSKiller Antirootkit Utility but it found nothing. Is there anything else I can do as I'm worried that someone has axcess to my banking details. Is ther any better options for security?
Thanks
Chris

BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:34 AM

Posted 17 November 2012 - 08:15 AM

Please do the following:

Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.


NEXT

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 Christuffa

Christuffa
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 18 November 2012 - 02:32 AM

Thanks CB. The files are attached as requested.Attached File  MBR.zip   554bytes   2 downloads

Attached Files



#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:34 AM

Posted 18 November 2012 - 08:46 AM

the log is showing you have two antivirus products installed, this can cause system slowdowns conflicts and crashes

I recommend uninstalling AVG

use their removal tool to remove all traces of it after removing from Programs and Features

http://www.avg.com/filedir/util/avg_arm_sup_____.dir/avgremover.exe



NEXT



Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.



NEXT


Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right-mouse click JRT.exe and select Run as administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

Edited by CatByte, 19 November 2012 - 08:30 AM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 Christuffa

Christuffa
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 19 November 2012 - 01:05 AM

I uninstalled AVG which leaves Microsoft Security Essentials. I somehow didn't download ComboFix to the desktop, hopefully this isn't going to cause problems. I have attached combofix.txt and JRT.txt. Should I replace Security essentials with anything else.

Attached Files



#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:34 AM

Posted 19 November 2012 - 08:36 AM

that's looking better, we just have a little more work to do ro make sure there are no leftovers


Keep MSSE, it's an excellent anti-virus.


please run the following:


Download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply


NEXT


Please download Malwarebytes Anti-Malware
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.




NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 Christuffa

Christuffa
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 19 November 2012 - 10:00 PM

Thanks for all your help I really appreciate it. I had problems that antivirus didn't pick up, should I be running other programmes on a regular basis.
Not sure if this is caused by what we have been doing but when I go to windows mail it just keeps downloading the same two emails over again and comes up with the following message:Your server has unexpectedly terminated the connection. Possible causes for this include server problems, network problems, or a long period of inactivity. Account: 'mail.bigpond.com', Server: 'mail.bigpond.com', Protocol: POP3, Port: 110, Secure(SSL): No, Error Number: 0x800CCC0F. Probably just a problem with my server.
Attachments as requested.

Attached Files



#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:34 AM

Posted 20 November 2012 - 06:20 PM

I would get in touch with your ISP about the email issue, that doesn't appear to be malware related

no AV can catch everything, so running your AV alongside Malwarebytes,Windows Firewall and the Web of Trust, and make sure you have a strong password on your router should suffice, but run the ESET online scan every once in a while (just be aware there could be false positives)




please run the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Press the WinKey + R to open a run box, type Notepad > click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

File::
C:\Users\Chris\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\111019104325135.rsc	
C:\Users\Chris\Downloads\iLividSetupV1.exe	
C:\Users\Chris\Downloads\Speedtest_TuneUpUtilities2012_en-AU.exe	
D:\CHRIS-PC\Backup Set 2011-11-12 084044\Backup Files 2011-11-12 084044\Backup files 10.zip	
D:\CHRIS-PC\Backup Set 2011-11-12 084044\Backup Files 2012-11-05 063458\Backup files 9.zip

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT

Please advise how the computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 Christuffa

Christuffa
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 21 November 2012 - 02:48 AM

Wow, I'm very impressed with your knowledge and help. I thank you for your patience and the time and effort you have put in to help me.
The computer seems to be running excellent with no issues I can see. Should I delete JRT, adwcleaner and combofix when your finished.

Here if the report from combofix:


ComboFix 12-11-20.02 - Chris 21/11/2012 17:54:06.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.2039.1004 [GMT 11:00]
Running from: c:\users\Chris\Desktop\ComboFix.exe
Command switches used :: c:\users\Chris\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Chris\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\111019104325135.rsc"
"c:\users\Chris\Downloads\iLividSetupV1.exe"
"c:\users\Chris\Downloads\Speedtest_TuneUpUtilities2012_en-AU.exe"
"d:\chris-pc\Backup Set 2011-11-12 084044\Backup Files 2011-11-12 084044\Backup files 10.zip"
"d:\chris-pc\Backup Set 2011-11-12 084044\Backup Files 2012-11-05 063458\Backup files 9.zip"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Chris\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\111019104325135.rsc
c:\users\Chris\Downloads\iLividSetupV1.exe
c:\users\Chris\Downloads\Speedtest_TuneUpUtilities2012_en-AU.exe
d:\chris-pc\Backup Set 2011-11-12 084044\Backup Files 2011-11-12 084044\Backup files 10.zip
d:\chris-pc\Backup Set 2011-11-12 084044\Backup Files 2012-11-05 063458\Backup files 9.zip
.
.
((((((((((((((((((((((((( Files Created from 2012-10-21 to 2012-11-21 )))))))))))))))))))))))))))))))
.
.
2012-11-21 07:02 . 2012-11-21 07:02 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-11-21 07:02 . 2012-11-21 07:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-20 20:07 . 2012-11-20 20:07 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E5CB958F-73DD-4B9C-80AB-6F0CFAA20010}\MpKsl30775da5.sys
2012-11-20 02:58 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E5CB958F-73DD-4B9C-80AB-6F0CFAA20010}\mpengine.dll
2012-11-19 22:16 . 2012-11-19 22:16 -------- d-----w- c:\program files\ESET
2012-11-19 21:58 . 2012-10-16 15:32 6918632 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-19 20:04 . 2012-11-19 20:04 -------- d-----w- c:\users\Chris\AppData\Roaming\Malwarebytes
2012-11-19 20:03 . 2012-11-19 20:03 -------- d-----w- c:\programdata\Malwarebytes
2012-11-19 20:03 . 2012-11-19 20:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-11-19 20:03 . 2012-09-29 08:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-18 22:21 . 2012-11-18 22:21 -------- d-----w- c:\windows\ERUNT
2012-11-18 22:21 . 2012-11-18 22:21 -------- d-----w- C:\JRT
2012-11-18 22:01 . 2012-11-21 07:03 -------- d-----w- c:\users\Chris\AppData\Local\temp
2012-11-13 21:49 . 2012-09-25 16:19 75776 ----a-w- c:\windows\system32\synceng.dll
2012-11-13 21:13 . 2012-10-12 14:29 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-11-08 02:47 . 2012-11-08 02:47 -------- d-----w- c:\users\Chris\.efianalytics
2012-11-08 02:47 . 2012-11-08 02:47 -------- d-----w- c:\program files\EFIAnalytics
2012-11-04 19:50 . 2012-08-07 05:18 740784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-11-04 19:50 . 2012-08-07 05:18 740784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AF2465A8-AE6F-48D4-BCF9-A7579BD47D22}\gapaengine.dll
2012-11-03 22:10 . 2012-11-03 22:10 -------- d-----w- c:\programdata\ClubSanDisk
2012-11-03 07:50 . 2012-11-03 07:51 -------- d-----w- c:\program files\Microsoft Security Client
2012-11-03 07:49 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2012-11-03 06:49 . 2012-11-03 08:22 -------- d-----w- c:\program files\Enigma Software Group
2012-11-03 06:48 . 2012-11-03 08:20 -------- d-----w- c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP
2012-11-03 06:48 . 2012-11-03 06:48 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-11-03 06:44 . 2012-11-08 19:11 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-11-03 06:06 . 2012-11-03 06:06 -------- d-----w- c:\users\Chris\AppData\Local\Mozilla
2012-11-03 06:06 . 2012-11-03 06:06 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-11-02 06:25 . 2012-11-02 06:36 -------- d-----w- c:\users\Chris\AppData\Local\Microsoft Games
2012-11-02 00:26 . 2012-11-02 00:26 -------- d-----w- c:\program files\VS Revo Group
2012-11-01 19:49 . 2012-11-01 19:49 -------- d-----w- c:\users\Default\AppData\Local\Google
2012-11-01 03:34 . 2012-11-01 03:34 -------- d-----w- c:\program files\Garmin GPS Plugin
2012-10-31 20:13 . 2012-10-31 20:13 10496 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2012-10-31 20:13 . 2012-10-31 20:13 -------- d-----w- c:\users\Chris\AppData\Local\SlimWare Utilities Inc
2012-10-30 20:33 . 2012-10-30 20:33 -------- d-----w- c:\program files\Common Files\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-08 23:16 . 2012-07-20 05:06 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-11-07 20:53 . 2012-04-09 20:04 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-07 20:53 . 2011-06-02 20:50 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-24 04:32 . 2012-06-17 23:07 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-24 04:32 . 2010-06-02 22:40 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-13 13:28 . 2012-10-10 17:52 2048 ----a-w- c:\windows\system32\tzres.dll
2012-08-30 11:03 . 2012-08-30 11:03 99272 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-30 11:03 . 2012-08-30 11:03 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-29 11:27 . 2012-10-10 17:52 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-29 11:27 . 2012-10-10 17:52 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-24 15:53 . 2012-10-10 17:52 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-10-24 17:50 . 2012-11-03 06:06 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-10-25 04:45 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-10-25 04:45 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-10-25 04:45 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-10-25 04:45 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"MyTomTomSA.exe"="c:\program files\MyTomTom 3\MyTomTomSA.exe" [2012-05-18 434168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-31 4702208]
"Skytel"="Skytel.exe" [2007-10-11 1826816]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"BigPondWirelessBroadbandCM"="c:\program files\Telstra\BigPond Wireless Broadband 2.0\BigPond_CM.exe" [2008-05-07 2162688]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-19 2656528]
"lxdwmon.exe"="c:\program files\Lexmark 7600 Series\lxdwmon.exe" [2008-05-21 676520]
"lxdwamon"="c:\program files\Lexmark 7600 Series\lxdwamon.exe" [2008-05-21 16040]
"Lexmark 7600 Series Fax Server"="c:\program files\Lexmark 7600 Series\fm3032.exe" [2008-05-21 311976]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-18 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-18 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-18 133656]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-11-06 3143800]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-10-5 809488]
RICOH Gate La.lnk - c:\program files\Caplio Software\RGateLXP.exe [2008-10-3 360448]
SanDisk Media Manager.lnk - [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL30775DA5
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
bthsvcs REG_MULTI_SZ BthServ
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-10-18 05:25 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 20:53]
.
2012-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 06:33]
.
2012-11-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 06:33]
.
2012-11-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3689734672-37842030-1896922146-1000Core.job
- c:\users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-25 04:00]
.
2012-11-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3689734672-37842030-1896922146-1000UA.job
- c:\users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-25 04:00]
.
2012-11-21 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59]
.
2012-10-09 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/webhp?source=search_app
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\b1tu5gb4.default\
FF - ExtSQL: 2012-10-11 19:16; avg@toolbar; c:\programdata\AVG Secure Search\FireFoxExt\13.2.0.5
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-vProt - c:\program files\AVG Secure Search\vprot.exe
HKLM-Run-ROC_ROC_NT - c:\program files\AVG Secure Search\ROC_ROC_NT.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-21 18:03
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-11-21 18:11:43
ComboFix-quarantined-files.txt 2012-11-21 07:11
ComboFix2.txt 2012-11-18 22:01
.
Pre-Run: 53,007,872,000 bytes free
Post-Run: 52,140,191,744 bytes free
.
- - End Of File - - D30001570234A35E1F61B96A019CA853

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:34 AM

Posted 21 November 2012 - 06:29 PM

Please run the following:

Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • If TDLFS File System/TDSS File system is found then ensure Cure is selected (if cure is not available, choose skip)
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)


NEXT


  • Please download MiniToolBox and save it to your desktop and run it.

    Checkmark following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List installed programs.

Click Go and post the result (Result.txt) that pops up. A copy of result.txt will be saved in the same directory the tool is run.

NEXT


Please download Farbar Service Scanner to your desktop and run it.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


Please advise how the computer is running now and are the issues with your email now resolved?

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 Christuffa

Christuffa
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 21 November 2012 - 07:14 PM

Email issues are fixed. The computer is running heaps faster with no issues. You have been more than helpful and your time has been appreciated. Do you have any further advice on settings for firewalls, virus protection and security etc?



10:42:31.0916 4772 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
10:42:33.0139 4772 ============================================================
10:42:33.0139 4772 Current date / time: 2012/11/22 10:42:33.0139
10:42:33.0139 4772 SystemInfo:
10:42:33.0139 4772
10:42:33.0139 4772 OS Version: 6.0.6002 ServicePack: 2.0
10:42:33.0139 4772 Product type: Workstation
10:42:33.0139 4772 ComputerName: CHRIS-PC
10:42:33.0139 4772 UserName: Chris
10:42:33.0139 4772 Windows directory: C:\Windows
10:42:33.0139 4772 System windows directory: C:\Windows
10:42:33.0139 4772 Processor architecture: Intel x86
10:42:33.0139 4772 Number of processors: 2
10:42:33.0139 4772 Page size: 0x1000
10:42:33.0139 4772 Boot type: Normal boot
10:42:33.0139 4772 ============================================================
10:42:35.0011 4772 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:42:35.0013 4772 ============================================================
10:42:35.0013 4772 \Device\Harddisk0\DR0:
10:42:35.0014 4772 MBR partitions:
10:42:35.0014 4772 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x12A347F8
10:42:35.0014 4772 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x12A35000, BlocksNum 0x129F8800
10:42:35.0014 4772 ============================================================
10:42:35.0043 4772 C: <-> \Device\Harddisk0\DR0\Partition1
10:42:35.0098 4772 D: <-> \Device\Harddisk0\DR0\Partition2
10:42:35.0098 4772 ============================================================
10:42:35.0098 4772 Initialize success
10:42:35.0098 4772 ============================================================
10:44:03.0464 3300 ============================================================
10:44:03.0464 3300 Scan started
10:44:03.0464 3300 Mode: Manual; TDLFS;
10:44:03.0464 3300 ============================================================
10:44:03.0979 3300 ================ Scan system memory ========================
10:44:03.0979 3300 System memory - ok
10:44:03.0979 3300 ================ Scan services =============================
10:44:04.0135 3300 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
10:44:04.0150 3300 ACPI - ok
10:44:04.0244 3300 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
10:44:04.0244 3300 AdobeARMservice - ok
10:44:04.0291 3300 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
10:44:04.0291 3300 AdobeFlashPlayerUpdateSvc - ok
10:44:04.0353 3300 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
10:44:04.0369 3300 adp94xx - ok
10:44:04.0400 3300 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
10:44:04.0415 3300 adpahci - ok
10:44:04.0447 3300 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
10:44:04.0447 3300 adpu160m - ok
10:44:04.0493 3300 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
10:44:04.0493 3300 adpu320 - ok
10:44:04.0525 3300 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
10:44:04.0525 3300 AeLookupSvc - ok
10:44:04.0556 3300 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
10:44:04.0571 3300 AFD - ok
10:44:04.0618 3300 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
10:44:04.0634 3300 agp440 - ok
10:44:04.0649 3300 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
10:44:04.0649 3300 aic78xx - ok
10:44:04.0681 3300 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
10:44:04.0681 3300 ALG - ok
10:44:04.0696 3300 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
10:44:04.0696 3300 aliide - ok
10:44:04.0712 3300 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
10:44:04.0712 3300 amdagp - ok
10:44:04.0727 3300 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
10:44:04.0727 3300 amdide - ok
10:44:04.0743 3300 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
10:44:04.0743 3300 AmdK7 - ok
10:44:04.0759 3300 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
10:44:04.0759 3300 AmdK8 - ok
10:44:04.0774 3300 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
10:44:04.0774 3300 Appinfo - ok
10:44:04.0852 3300 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:44:04.0852 3300 Apple Mobile Device - ok
10:44:04.0868 3300 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
10:44:04.0868 3300 arc - ok
10:44:04.0899 3300 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
10:44:04.0899 3300 arcsas - ok
10:44:04.0915 3300 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
10:44:04.0915 3300 AsyncMac - ok
10:44:04.0946 3300 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
10:44:04.0946 3300 atapi - ok
10:44:04.0993 3300 [ 30055346C9ED7DE35D321FEE1FEEA69B ] Atc002 C:\Windows\system32\DRIVERS\l260x86.sys
10:44:04.0993 3300 Atc002 - ok
10:44:05.0024 3300 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:44:05.0024 3300 AudioEndpointBuilder - ok
10:44:05.0039 3300 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
10:44:05.0039 3300 Audiosrv - ok
10:44:05.0086 3300 [ 57D83B82117C2DDB9D7E9AEA691CEDFC ] avgtp C:\Windows\system32\drivers\avgtpx86.sys
10:44:05.0086 3300 avgtp - ok
10:44:05.0149 3300 [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd C:\Program Files\AVG\AVG2013\avgwdsvc.exe
10:44:05.0164 3300 avgwd - ok
10:44:05.0195 3300 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
10:44:05.0195 3300 Beep - ok
10:44:05.0227 3300 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
10:44:05.0242 3300 BFE - ok
10:44:05.0273 3300 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\system32\qmgr.dll
10:44:05.0305 3300 BITS - ok
10:44:05.0305 3300 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
10:44:05.0305 3300 blbdrive - ok
10:44:05.0398 3300 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
10:44:05.0398 3300 Bonjour Service - ok
10:44:05.0445 3300 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
10:44:05.0445 3300 bowser - ok
10:44:05.0492 3300 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
10:44:05.0492 3300 BrFiltLo - ok
10:44:05.0507 3300 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
10:44:05.0507 3300 BrFiltUp - ok
10:44:05.0539 3300 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
10:44:05.0539 3300 Browser - ok
10:44:05.0554 3300 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
10:44:05.0554 3300 Brserid - ok
10:44:05.0570 3300 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
10:44:05.0570 3300 BrSerWdm - ok
10:44:05.0617 3300 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
10:44:05.0617 3300 BrUsbMdm - ok
10:44:05.0632 3300 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
10:44:05.0632 3300 BrUsbSer - ok
10:44:05.0648 3300 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
10:44:05.0648 3300 BTHMODEM - ok
10:44:05.0695 3300 [ 611FF3F2F095C8D4A6D4CFD9DCC09793 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
10:44:05.0726 3300 BTHPORT - ok
10:44:05.0757 3300 [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ C:\Windows\System32\bthserv.dll
10:44:05.0757 3300 BthServ - ok
10:44:05.0773 3300 [ D330803EAB2A15CAEC7F011F1D4CB30E ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
10:44:05.0773 3300 BTHUSB - ok
10:44:05.0835 3300 catchme - ok
10:44:05.0866 3300 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
10:44:05.0866 3300 cdfs - ok
10:44:05.0897 3300 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
10:44:05.0897 3300 cdrom - ok
10:44:05.0944 3300 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
10:44:05.0944 3300 CertPropSvc - ok
10:44:05.0975 3300 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
10:44:05.0975 3300 circlass - ok
10:44:06.0007 3300 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
10:44:06.0007 3300 CLFS - ok
10:44:06.0069 3300 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:44:06.0069 3300 clr_optimization_v2.0.50727_32 - ok
10:44:06.0116 3300 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:44:06.0147 3300 clr_optimization_v4.0.30319_32 - ok
10:44:06.0163 3300 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
10:44:06.0163 3300 cmdide - ok
10:44:06.0194 3300 [ D57D7CD061DBD3EAFFD2C662773DD2C6 ] cmusbnet C:\Windows\system32\DRIVERS\cmusbnet.sys
10:44:06.0194 3300 cmusbnet - ok
10:44:06.0194 3300 [ 631155CE46B7DA2AAC47EEDF7EE42EBE ] cmusbser C:\Windows\system32\DRIVERS\cmusbser.sys
10:44:06.0194 3300 cmusbser - ok
10:44:06.0209 3300 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\drivers\compbatt.sys
10:44:06.0209 3300 Compbatt - ok
10:44:06.0225 3300 COMSysApp - ok
10:44:06.0241 3300 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
10:44:06.0241 3300 crcdisk - ok
10:44:06.0256 3300 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
10:44:06.0256 3300 Crusoe - ok
10:44:06.0303 3300 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
10:44:06.0303 3300 CryptSvc - ok
10:44:06.0350 3300 [ 8A554B2AD8C57EC0647D9512365604C3 ] CSRBC C:\Windows\system32\Drivers\csrbcxp.sys
10:44:06.0412 3300 CSRBC - ok
10:44:06.0459 3300 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
10:44:06.0475 3300 DcomLaunch - ok
10:44:06.0506 3300 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
10:44:06.0506 3300 DfsC - ok
10:44:06.0568 3300 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
10:44:06.0615 3300 DFSR - ok
10:44:06.0677 3300 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
10:44:06.0677 3300 Dhcp - ok
10:44:06.0709 3300 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
10:44:06.0709 3300 disk - ok
10:44:06.0755 3300 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
10:44:06.0755 3300 Dnscache - ok
10:44:06.0771 3300 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
10:44:06.0787 3300 dot3svc - ok
10:44:06.0818 3300 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
10:44:06.0818 3300 DPS - ok
10:44:06.0849 3300 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
10:44:06.0849 3300 drmkaud - ok
10:44:06.0896 3300 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
10:44:06.0911 3300 DXGKrnl - ok
10:44:06.0943 3300 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
10:44:06.0943 3300 E1G60 - ok
10:44:06.0958 3300 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
10:44:06.0974 3300 EapHost - ok
10:44:06.0975 3300 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
10:44:06.0975 3300 Ecache - ok
10:44:07.0040 3300 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
10:44:07.0045 3300 ehRecvr - ok
10:44:07.0058 3300 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
10:44:07.0061 3300 ehSched - ok
10:44:07.0067 3300 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
10:44:07.0069 3300 ehstart - ok
10:44:07.0111 3300 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
10:44:07.0117 3300 elxstor - ok
10:44:07.0154 3300 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
10:44:07.0171 3300 EMDMgmt - ok
10:44:07.0187 3300 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
10:44:07.0188 3300 ErrDev - ok
10:44:07.0230 3300 esgiguard - ok
10:44:07.0264 3300 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
10:44:07.0268 3300 EventSystem - ok
10:44:07.0299 3300 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
10:44:07.0302 3300 exfat - ok
10:44:07.0341 3300 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
10:44:07.0344 3300 fastfat - ok
10:44:07.0357 3300 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
10:44:07.0358 3300 fdc - ok
10:44:07.0377 3300 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
10:44:07.0379 3300 fdPHost - ok
10:44:07.0391 3300 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
10:44:07.0393 3300 FDResPub - ok
10:44:07.0405 3300 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
10:44:07.0407 3300 FileInfo - ok
10:44:07.0468 3300 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
10:44:07.0469 3300 Filetrace - ok
10:44:07.0484 3300 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
10:44:07.0485 3300 flpydisk - ok
10:44:07.0513 3300 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
10:44:07.0516 3300 FltMgr - ok
10:44:07.0592 3300 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
10:44:07.0609 3300 FontCache - ok
10:44:07.0658 3300 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
10:44:07.0660 3300 FontCache3.0.0.0 - ok
10:44:07.0694 3300 [ B0082808A6856A252F7CDD939892CE50 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
10:44:07.0695 3300 fssfltr - ok
10:44:07.0783 3300 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
10:44:07.0816 3300 fsssvc - ok
10:44:07.0845 3300 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
10:44:07.0846 3300 Fs_Rec - ok
10:44:07.0862 3300 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
10:44:07.0864 3300 gagp30kx - ok
10:44:07.0893 3300 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:44:07.0894 3300 GEARAspiWDM - ok
10:44:07.0925 3300 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
10:44:07.0930 3300 gpsvc - ok
10:44:07.0990 3300 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
10:44:07.0993 3300 gupdate - ok
10:44:08.0007 3300 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
10:44:08.0009 3300 gupdatem - ok
10:44:08.0038 3300 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
10:44:08.0042 3300 gusvc - ok
10:44:08.0066 3300 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:44:08.0070 3300 HdAudAddService - ok
10:44:08.0107 3300 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
10:44:08.0126 3300 HDAudBus - ok
10:44:08.0166 3300 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
10:44:08.0168 3300 HidBth - ok
10:44:08.0203 3300 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
10:44:08.0204 3300 HidIr - ok
10:44:08.0233 3300 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll
10:44:08.0234 3300 hidserv - ok
10:44:08.0254 3300 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
10:44:08.0255 3300 HidUsb - ok
10:44:08.0285 3300 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
10:44:08.0287 3300 hkmsvc - ok
10:44:08.0320 3300 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
10:44:08.0322 3300 HpCISSs - ok
10:44:08.0353 3300 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
10:44:08.0361 3300 HTTP - ok
10:44:08.0403 3300 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
10:44:08.0404 3300 i2omp - ok
10:44:08.0425 3300 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
10:44:08.0427 3300 i8042prt - ok
10:44:08.0526 3300 [ E5490AEA3B791C454E9933BF749CA3D8 ] ialm C:\Windows\system32\DRIVERS\igdkmd32.sys
10:44:08.0572 3300 ialm - ok
10:44:08.0588 3300 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
10:44:08.0588 3300 iaStorV - ok
10:44:08.0650 3300 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:44:08.0666 3300 idsvc - ok
10:44:08.0728 3300 [ E5490AEA3B791C454E9933BF749CA3D8 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
10:44:08.0744 3300 igfx - ok
10:44:08.0760 3300 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
10:44:08.0775 3300 iirsp - ok
10:44:08.0791 3300 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
10:44:08.0806 3300 IKEEXT - ok
10:44:08.0884 3300 [ 4E38A2883DF3BA382A59132B3E7D709E ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
10:44:08.0916 3300 IntcAzAudAddService - ok
10:44:08.0947 3300 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
10:44:08.0947 3300 intelide - ok
10:44:08.0962 3300 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
10:44:08.0962 3300 intelppm - ok
10:44:08.0994 3300 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
10:44:08.0994 3300 IPBusEnum - ok
10:44:09.0009 3300 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:44:09.0009 3300 IpFilterDriver - ok
10:44:09.0040 3300 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
10:44:09.0040 3300 iphlpsvc - ok
10:44:09.0056 3300 IpInIp - ok
10:44:09.0072 3300 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
10:44:09.0072 3300 IPMIDRV - ok
10:44:09.0087 3300 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
10:44:09.0087 3300 IPNAT - ok
10:44:09.0118 3300 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
10:44:09.0150 3300 iPod Service - ok
10:44:09.0165 3300 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
10:44:09.0165 3300 IRENUM - ok
10:44:09.0181 3300 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
10:44:09.0181 3300 isapnp - ok
10:44:09.0228 3300 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
10:44:09.0228 3300 iScsiPrt - ok
10:44:09.0259 3300 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
10:44:09.0259 3300 iteatapi - ok
10:44:09.0290 3300 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
10:44:09.0290 3300 iteraid - ok
10:44:09.0306 3300 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
10:44:09.0321 3300 kbdclass - ok
10:44:09.0368 3300 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
10:44:09.0368 3300 kbdhid - ok
10:44:09.0399 3300 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
10:44:09.0415 3300 KeyIso - ok
10:44:09.0415 3300 KMWDSERVICE - ok
10:44:09.0477 3300 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
10:44:09.0477 3300 KSecDD - ok
10:44:09.0508 3300 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
10:44:09.0508 3300 KtmRm - ok
10:44:09.0540 3300 [ DC61F15187372D164769C841655E58F3 ] L8042Kbd C:\Windows\system32\DRIVERS\L8042Kbd.sys
10:44:09.0555 3300 L8042Kbd - ok
10:44:09.0571 3300 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll
10:44:09.0586 3300 LanmanServer - ok
10:44:09.0602 3300 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:44:09.0602 3300 LanmanWorkstation - ok
10:44:09.0664 3300 [ 45B7D6BD6F59CBA3FB6BF202223F4264 ] LBTServ C:\Program Files\Common Files\logishrd\Bluetooth\LBTServ.exe
10:44:09.0680 3300 LBTServ - ok
10:44:09.0711 3300 [ DD83DC92463FCE6324FD30A13D17D0DA ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
10:44:09.0711 3300 LHidFilt - ok
10:44:09.0789 3300 [ 8577CA80212A3EE1CF2FD1FC91E1CFF6 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
10:44:09.0789 3300 LightScribeService - ok
10:44:09.0820 3300 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
10:44:09.0820 3300 lltdio - ok
10:44:09.0836 3300 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
10:44:09.0852 3300 lltdsvc - ok
10:44:09.0852 3300 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
10:44:09.0867 3300 lmhosts - ok
10:44:09.0898 3300 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
10:44:09.0914 3300 LSI_FC - ok
10:44:09.0945 3300 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
10:44:09.0945 3300 LSI_SAS - ok
10:44:09.0961 3300 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
10:44:09.0976 3300 LSI_SCSI - ok
10:44:09.0992 3300 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
10:44:09.0992 3300 luafv - ok
10:44:10.0008 3300 [ F96CFB47903854F228BAAF3E2D41A0A3 ] LVPr2Mon C:\Windows\system32\Drivers\LVPr2Mon.sys
10:44:10.0070 3300 LVPr2Mon - ok
10:44:10.0117 3300 [ FF23862146A682FCC3DBAA002E22F958 ] LVPrcSrv C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
10:44:10.0117 3300 LVPrcSrv - ok
10:44:10.0179 3300 [ E22FD7852E74F04CCEB6B8A684A51F3E ] LVRS C:\Windows\system32\DRIVERS\lvrs.sys
10:44:10.0210 3300 LVRS - ok
10:44:10.0242 3300 [ 5F987FC1AAD215EC2C60CF07719B1CCE ] LVUSBSta C:\Windows\system32\drivers\LVUSBSta.sys
10:44:10.0242 3300 LVUSBSta - ok
10:44:10.0290 3300 [ 7B7194AE306B29BB82FD165A2694FA2E ] lxdwCATSCustConnectService C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdwserv.exe
10:44:10.0294 3300 lxdwCATSCustConnectService - ok
10:44:10.0300 3300 lxdw_device - ok
10:44:10.0330 3300 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
10:44:10.0332 3300 MBAMProtector - ok
10:44:10.0365 3300 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
10:44:10.0371 3300 MBAMScheduler - ok
10:44:10.0401 3300 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
10:44:10.0426 3300 MBAMService - ok
10:44:10.0458 3300 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
10:44:10.0461 3300 Mcx2Svc - ok
10:44:10.0506 3300 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
10:44:10.0507 3300 megasas - ok
10:44:10.0526 3300 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
10:44:10.0532 3300 MegaSR - ok
10:44:10.0558 3300 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
10:44:10.0561 3300 MMCSS - ok
10:44:10.0574 3300 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
10:44:10.0575 3300 Modem - ok
10:44:10.0594 3300 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
10:44:10.0595 3300 monitor - ok
10:44:10.0605 3300 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
10:44:10.0607 3300 mouclass - ok
10:44:10.0632 3300 [ BAA4ED3C323BEE7EBC144C7D232220A8 ] moufiltr C:\Windows\system32\DRIVERS\moufiltr.sys
10:44:10.0633 3300 moufiltr - ok
10:44:10.0671 3300 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
10:44:10.0676 3300 mouhid - ok
10:44:10.0694 3300 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
10:44:10.0696 3300 MountMgr - ok
10:44:10.0744 3300 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
10:44:10.0747 3300 MozillaMaintenance - ok
10:44:10.0775 3300 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
10:44:10.0778 3300 MpFilter - ok
10:44:10.0794 3300 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
10:44:10.0796 3300 mpio - ok
10:44:10.0906 3300 [ A69630D039C38018689190234F866D77 ] MpKsl9466c0d3 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{97CC8396-0B68-4965-BA6E-2937FA59165E}\MpKsl9466c0d3.sys
10:44:10.0916 3300 MpKsl9466c0d3 - ok
10:44:10.0932 3300 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
10:44:10.0933 3300 mpsdrv - ok
10:44:10.0963 3300 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
10:44:10.0980 3300 MpsSvc - ok
10:44:10.0998 3300 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
10:44:11.0000 3300 Mraid35x - ok
10:44:11.0018 3300 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
10:44:11.0020 3300 MRxDAV - ok
10:44:11.0048 3300 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
10:44:11.0050 3300 mrxsmb - ok
10:44:11.0071 3300 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:44:11.0075 3300 mrxsmb10 - ok
10:44:11.0082 3300 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:44:11.0085 3300 mrxsmb20 - ok
10:44:11.0105 3300 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys
10:44:11.0106 3300 msahci - ok
10:44:11.0122 3300 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
10:44:11.0124 3300 msdsm - ok
10:44:11.0146 3300 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
10:44:11.0150 3300 MSDTC - ok
10:44:11.0165 3300 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
10:44:11.0167 3300 Msfs - ok
10:44:11.0196 3300 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
10:44:11.0197 3300 msisadrv - ok
10:44:11.0220 3300 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
10:44:11.0223 3300 MSiSCSI - ok
10:44:11.0232 3300 msiserver - ok
10:44:11.0245 3300 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
10:44:11.0248 3300 MSKSSRV - ok
10:44:11.0272 3300 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
10:44:11.0273 3300 MsMpSvc - ok
10:44:11.0311 3300 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
10:44:11.0312 3300 MSPCLOCK - ok
10:44:11.0326 3300 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
10:44:11.0327 3300 MSPQM - ok
10:44:11.0348 3300 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
10:44:11.0351 3300 MsRPC - ok
10:44:11.0369 3300 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
10:44:11.0370 3300 mssmbios - ok
10:44:11.0395 3300 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
10:44:11.0396 3300 MSTEE - ok
10:44:11.0435 3300 [ DCDAAB8697A47894A554050CE18D0B56 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
10:44:11.0436 3300 MTsensor - ok
10:44:11.0459 3300 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
10:44:11.0462 3300 Mup - ok
10:44:11.0496 3300 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
10:44:11.0502 3300 napagent - ok
10:44:11.0555 3300 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
10:44:11.0558 3300 NativeWifiP - ok
10:44:11.0582 3300 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
10:44:11.0599 3300 NDIS - ok
10:44:11.0620 3300 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
10:44:11.0622 3300 NdisTapi - ok
10:44:11.0633 3300 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
10:44:11.0634 3300 Ndisuio - ok
10:44:11.0661 3300 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
10:44:11.0663 3300 NdisWan - ok
10:44:11.0702 3300 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
10:44:11.0704 3300 NDProxy - ok
10:44:11.0711 3300 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
10:44:11.0713 3300 NetBIOS - ok
10:44:11.0727 3300 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
10:44:11.0731 3300 netbt - ok
10:44:11.0741 3300 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
10:44:11.0743 3300 Netlogon - ok
10:44:11.0769 3300 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
10:44:11.0775 3300 Netman - ok
10:44:11.0795 3300 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
10:44:11.0801 3300 netprofm - ok
10:44:11.0824 3300 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:44:11.0828 3300 NetTcpPortSharing - ok
10:44:11.0849 3300 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
10:44:11.0851 3300 nfrd960 - ok
10:44:11.0871 3300 [ 2CD24A6AF497D0E9B9BF3DA924ED05E6 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
10:44:11.0872 3300 NisDrv - ok
10:44:11.0901 3300 [ 3B846434055F80D9E89D0742F3ADAD34 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
10:44:11.0905 3300 NisSrv - ok
10:44:11.0921 3300 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
10:44:11.0925 3300 NlaSvc - ok
10:44:11.0984 3300 [ 9DF82B4B75D3CA7F068019F8C4C368F1 ] NMIndexingService C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
10:44:12.0000 3300 NMIndexingService - ok
10:44:12.0016 3300 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
10:44:12.0018 3300 Npfs - ok
10:44:12.0039 3300 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
10:44:12.0041 3300 nsi - ok
10:44:12.0050 3300 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
10:44:12.0052 3300 nsiproxy - ok
10:44:12.0090 3300 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
10:44:12.0135 3300 Ntfs - ok
10:44:12.0182 3300 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
10:44:12.0182 3300 ntrigdigi - ok
10:44:12.0198 3300 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
10:44:12.0198 3300 Null - ok
10:44:12.0229 3300 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
10:44:12.0229 3300 nvraid - ok
10:44:12.0245 3300 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
10:44:12.0245 3300 nvstor - ok
10:44:12.0276 3300 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
10:44:12.0291 3300 nv_agp - ok
10:44:12.0291 3300 NwlnkFlt - ok
10:44:12.0307 3300 NwlnkFwd - ok
10:44:12.0385 3300 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:44:12.0401 3300 odserv - ok
10:44:12.0416 3300 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
10:44:12.0416 3300 ohci1394 - ok
10:44:12.0479 3300 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:44:12.0494 3300 ose - ok
10:44:12.0525 3300 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
10:44:12.0541 3300 p2pimsvc - ok
10:44:12.0557 3300 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
10:44:12.0557 3300 p2psvc - ok
10:44:12.0588 3300 [ 8A79FDF04A73428597E2CAF9D0D67850 ] Parport C:\Windows\system32\DRIVERS\parport.sys
10:44:12.0603 3300 Parport - ok
10:44:12.0635 3300 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
10:44:12.0635 3300 partmgr - ok
10:44:12.0650 3300 [ 6C580025C81CAF3AE9E3617C22CAD00E ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
10:44:12.0650 3300 Parvdm - ok
10:44:12.0666 3300 [ 1961590AA191B6B7DCF18A6A693AF7B8 ] PCASp50 C:\Windows\system32\Drivers\PCASp50.sys
10:44:12.0666 3300 PCASp50 - ok
10:44:12.0697 3300 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
10:44:12.0697 3300 PcaSvc - ok
10:44:12.0728 3300 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
10:44:12.0728 3300 pci - ok
10:44:12.0744 3300 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys
10:44:12.0744 3300 pciide - ok
10:44:12.0791 3300 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
10:44:12.0791 3300 pcmcia - ok
10:44:12.0822 3300 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
10:44:12.0853 3300 PEAUTH - ok
10:44:12.0869 3300 [ 4349C7DC0C982CFFC11946FFF20F8524 ] pepifilter C:\Windows\system32\DRIVERS\lv302af.sys
10:44:12.0869 3300 pepifilter - ok
10:44:12.0978 3300 [ 4FC23DAE30EF4F6A2952CD93104909E7 ] PID_PEPI C:\Windows\system32\DRIVERS\LV302V32.SYS
10:44:13.0025 3300 PID_PEPI - ok
10:44:13.0056 3300 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
10:44:13.0087 3300 pla - ok
10:44:13.0118 3300 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
10:44:13.0118 3300 PlugPlay - ok
10:44:13.0149 3300 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
10:44:13.0149 3300 PNRPAutoReg - ok
10:44:13.0181 3300 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
10:44:13.0181 3300 PNRPsvc - ok
10:44:13.0227 3300 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
10:44:13.0227 3300 PolicyAgent - ok
10:44:13.0259 3300 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
10:44:13.0274 3300 PptpMiniport - ok
10:44:13.0274 3300 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
10:44:13.0290 3300 Processor - ok
10:44:13.0305 3300 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
10:44:13.0321 3300 ProfSvc - ok
10:44:13.0352 3300 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
10:44:13.0352 3300 ProtectedStorage - ok
10:44:13.0399 3300 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
10:44:13.0399 3300 PSched - ok
10:44:13.0430 3300 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
10:44:13.0461 3300 ql2300 - ok
10:44:13.0477 3300 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
10:44:13.0477 3300 ql40xx - ok
10:44:13.0508 3300 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
10:44:13.0508 3300 QWAVE - ok
10:44:13.0524 3300 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
10:44:13.0524 3300 QWAVEdrv - ok
10:44:13.0539 3300 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
10:44:13.0539 3300 RasAcd - ok
10:44:13.0555 3300 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
10:44:13.0555 3300 RasAuto - ok
10:44:13.0571 3300 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
10:44:13.0571 3300 Rasl2tp - ok
10:44:13.0602 3300 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
10:44:13.0602 3300 RasMan - ok
10:44:13.0617 3300 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
10:44:13.0633 3300 RasPppoe - ok
10:44:13.0649 3300 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
10:44:13.0664 3300 RasSstp - ok
10:44:13.0664 3300 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
10:44:13.0680 3300 rdbss - ok
10:44:13.0680 3300 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
10:44:13.0680 3300 RDPCDD - ok
10:44:13.0711 3300 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
10:44:13.0711 3300 rdpdr - ok
10:44:13.0711 3300 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
10:44:13.0727 3300 RDPENCDD - ok
10:44:13.0758 3300 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
10:44:13.0758 3300 RDPWD - ok
10:44:13.0805 3300 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
10:44:13.0805 3300 RemoteAccess - ok
10:44:13.0820 3300 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
10:44:13.0836 3300 RemoteRegistry - ok
10:44:13.0851 3300 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
10:44:13.0851 3300 RpcLocator - ok
10:44:13.0883 3300 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
10:44:13.0883 3300 RpcSs - ok
10:44:13.0898 3300 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
10:44:13.0898 3300 rspndr - ok
10:44:13.0898 3300 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
10:44:13.0914 3300 SamSs - ok
10:44:13.0929 3300 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
10:44:13.0929 3300 sbp2port - ok
10:44:13.0945 3300 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
10:44:13.0945 3300 SCardSvr - ok
10:44:13.0976 3300 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
10:44:13.0992 3300 Schedule - ok
10:44:14.0007 3300 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
10:44:14.0007 3300 SCPolicySvc - ok
10:44:14.0039 3300 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
10:44:14.0039 3300 SDRSVC - ok
10:44:14.0085 3300 [ 16A252022535B680046F6E34E136D378 ] SeaPort C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
10:44:14.0085 3300 SeaPort - ok
10:44:14.0101 3300 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
10:44:14.0101 3300 secdrv - ok
10:44:14.0117 3300 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
10:44:14.0117 3300 seclogon - ok
10:44:14.0163 3300 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll
10:44:14.0163 3300 SENS - ok
10:44:14.0163 3300 [ CE9EC966638EF0B10B864DDEDF62A099 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
10:44:14.0163 3300 Serenum - ok
10:44:14.0195 3300 [ 6D663022DB3E7058907784AE14B69898 ] Serial C:\Windows\system32\DRIVERS\serial.sys
10:44:14.0195 3300 Serial - ok
10:44:14.0241 3300 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
10:44:14.0241 3300 sermouse - ok
10:44:14.0257 3300 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
10:44:14.0273 3300 SessionEnv - ok
10:44:14.0288 3300 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
10:44:14.0288 3300 sffdisk - ok
10:44:14.0304 3300 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
10:44:14.0304 3300 sffp_mmc - ok
10:44:14.0319 3300 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
10:44:14.0319 3300 sffp_sd - ok
10:44:14.0319 3300 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
10:44:14.0319 3300 sfloppy - ok
10:44:14.0366 3300 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
10:44:14.0366 3300 SharedAccess - ok
10:44:14.0413 3300 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:44:14.0413 3300 ShellHWDetection - ok
10:44:14.0429 3300 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
10:44:14.0429 3300 sisagp - ok
10:44:14.0444 3300 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
10:44:14.0444 3300 SiSRaid2 - ok
10:44:14.0460 3300 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
10:44:14.0460 3300 SiSRaid4 - ok
10:44:14.0569 3300 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
10:44:14.0631 3300 slsvc - ok
10:44:14.0647 3300 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
10:44:14.0647 3300 SLUINotify - ok
10:44:14.0678 3300 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
10:44:14.0678 3300 Smb - ok
10:44:14.0694 3300 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
10:44:14.0694 3300 SNMPTRAP - ok
10:44:14.0709 3300 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
10:44:14.0709 3300 spldr - ok
10:44:14.0741 3300 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
10:44:14.0741 3300 Spooler - ok
10:44:14.0772 3300 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
10:44:14.0772 3300 srv - ok
10:44:14.0819 3300 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
10:44:14.0819 3300 srv2 - ok
10:44:14.0834 3300 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
10:44:14.0834 3300 srvnet - ok
10:44:14.0865 3300 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
10:44:14.0865 3300 SSDPSRV - ok
10:44:14.0897 3300 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
10:44:14.0897 3300 SstpSvc - ok
10:44:14.0928 3300 [ 306521935042FC0A6988D528643619B3 ] StarOpen C:\Windows\system32\drivers\StarOpen.sys
10:44:14.0928 3300 StarOpen - ok
10:44:14.0944 3300 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
10:44:14.0958 3300 stisvc - ok
10:44:14.0989 3300 [ 3F5B8FC6AB2BDC7C7E1CA78F151DDEF9 ] SWDUMon C:\Windows\system32\DRIVERS\SWDUMon.sys
10:44:15.0025 3300 SWDUMon - ok
10:44:15.0049 3300 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
10:44:15.0050 3300 swenum - ok
10:44:15.0078 3300 [ C4FAE11714250D65B721A8D3037BBA67 ] swg3kser00 C:\Windows\system32\DRIVERS\swg3kser00.sys
10:44:15.0082 3300 swg3kser00 - ok
10:44:15.0124 3300 [ 1A279C2F69F4F6CCDE1D15EC1D7EE862 ] swiwdmbx C:\Windows\system32\DRIVERS\swiwdmbx.sys
10:44:15.0131 3300 swiwdmbx - ok
10:44:15.0167 3300 [ 1D394F1585793AC2A9738028FF97FBE3 ] SWNC8UA3 C:\Windows\system32\DRIVERS\swnc8ua3.sys
10:44:15.0171 3300 SWNC8UA3 - ok
10:44:15.0232 3300 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
10:44:15.0239 3300 swprv - ok
10:44:15.0283 3300 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
10:44:15.0285 3300 Symc8xx - ok
10:44:15.0301 3300 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
10:44:15.0303 3300 Sym_hi - ok
10:44:15.0339 3300 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
10:44:15.0341 3300 Sym_u3 - ok
10:44:15.0375 3300 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
10:44:15.0392 3300 SysMain - ok
10:44:15.0426 3300 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:44:15.0430 3300 TabletInputService - ok
10:44:15.0480 3300 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
10:44:15.0485 3300 TapiSrv - ok
10:44:15.0504 3300 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
10:44:15.0507 3300 TBS - ok
10:44:15.0555 3300 [ EE7E10BED85C312C1D5D30C435BDDA9F ] Tcpip C:\Windows\system32\drivers\tcpip.sys
10:44:15.0579 3300 Tcpip - ok
10:44:15.0601 3300 [ EE7E10BED85C312C1D5D30C435BDDA9F ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
10:44:15.0609 3300 Tcpip6 - ok
10:44:15.0647 3300 [ 2C2D4CFF5E09C73908F9B5AF49A51365 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
10:44:15.0649 3300 tcpipreg - ok
10:44:15.0667 3300 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
10:44:15.0668 3300 TDPIPE - ok
10:44:15.0683 3300 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
10:44:15.0685 3300 TDTCP - ok
10:44:15.0708 3300 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
10:44:15.0710 3300 tdx - ok
10:44:15.0731 3300 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
10:44:15.0732 3300 TermDD - ok
10:44:15.0760 3300 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
10:44:15.0785 3300 TermService - ok
10:44:15.0801 3300 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
10:44:15.0806 3300 Themes - ok
10:44:15.0816 3300 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
10:44:15.0818 3300 THREADORDER - ok
10:44:15.0829 3300 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
10:44:15.0833 3300 TrkWks - ok
10:44:15.0887 3300 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:44:15.0889 3300 TrustedInstaller - ok
10:44:15.0908 3300 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
10:44:15.0909 3300 tssecsrv - ok
10:44:15.0931 3300 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
10:44:15.0932 3300 tunmp - ok
10:44:15.0966 3300 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
10:44:15.0967 3300 tunnel - ok
10:44:15.0980 3300 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
10:44:15.0982 3300 uagp35 - ok
10:44:16.0005 3300 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
10:44:16.0009 3300 udfs - ok
10:44:16.0030 3300 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
10:44:16.0034 3300 UI0Detect - ok
10:44:16.0049 3300 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
10:44:16.0051 3300 uliagpkx - ok
10:44:16.0069 3300 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
10:44:16.0075 3300 uliahci - ok
10:44:16.0085 3300 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
10:44:16.0087 3300 UlSata - ok
10:44:16.0102 3300 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
10:44:16.0105 3300 ulsata2 - ok
10:44:16.0123 3300 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
10:44:16.0124 3300 umbus - ok
10:44:16.0141 3300 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
10:44:16.0147 3300 upnphost - ok
10:44:16.0177 3300 [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
10:44:16.0179 3300 USBAAPL - ok
10:44:16.0207 3300 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
10:44:16.0208 3300 usbaudio - ok
10:44:16.0255 3300 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
10:44:16.0267 3300 usbccgp - ok
10:44:16.0279 3300 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
10:44:16.0282 3300 usbcir - ok
10:44:16.0325 3300 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
10:44:16.0326 3300 usbehci - ok
10:44:16.0352 3300 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
10:44:16.0355 3300 usbhub - ok
10:44:16.0371 3300 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
10:44:16.0372 3300 usbohci - ok
10:44:16.0402 3300 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
10:44:16.0403 3300 usbprint - ok
10:44:16.0434 3300 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
10:44:16.0435 3300 usbscan - ok
10:44:16.0468 3300 [ D575246188F63DE0ACCF6EAC5FB59E6A ] usbser C:\Windows\system32\DRIVERS\usbser.sys
10:44:16.0470 3300 usbser - ok
10:44:16.0482 3300 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:44:16.0483 3300 USBSTOR - ok
10:44:16.0504 3300 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
10:44:16.0506 3300 usbuhci - ok
10:44:16.0542 3300 [ 35C9095FA7076466AFBFC5B9EC4B779E ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
10:44:16.0543 3300 usb_rndisx - ok
10:44:16.0565 3300 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
10:44:16.0568 3300 UxSms - ok
10:44:16.0619 3300 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
10:44:16.0636 3300 vds - ok
10:44:16.0675 3300 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
10:44:16.0676 3300 vga - ok
10:44:16.0687 3300 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
10:44:16.0689 3300 VgaSave - ok
10:44:16.0701 3300 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
10:44:16.0703 3300 viaagp - ok
10:44:16.0715 3300 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
10:44:16.0716 3300 ViaC7 - ok
10:44:16.0735 3300 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
10:44:16.0737 3300 viaide - ok
10:44:16.0754 3300 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
10:44:16.0756 3300 volmgr - ok
10:44:16.0788 3300 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
10:44:16.0793 3300 volmgrx - ok
10:44:16.0806 3300 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
10:44:16.0810 3300 volsnap - ok
10:44:16.0824 3300 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
10:44:16.0826 3300 vsmraid - ok
10:44:16.0855 3300 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
10:44:16.0880 3300 VSS - ok
10:44:16.0983 3300 [ 7D110D645030C05A06C3CD08D1E47D0A ] vToolbarUpdater13.2.0 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
10:44:16.0994 3300 vToolbarUpdater13.2.0 - ok
10:44:17.0022 3300 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
10:44:17.0038 3300 W32Time - ok
10:44:17.0051 3300 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
10:44:17.0052 3300 WacomPen - ok
10:44:17.0066 3300 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
10:44:17.0068 3300 Wanarp - ok
10:44:17.0075 3300 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
10:44:17.0077 3300 Wanarpv6 - ok
10:44:17.0098 3300 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
10:44:17.0115 3300 wcncsvc - ok
10:44:17.0144 3300 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:44:17.0147 3300 WcsPlugInService - ok
10:44:17.0157 3300 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
10:44:17.0159 3300 Wd - ok
10:44:17.0177 3300 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
10:44:17.0194 3300 Wdf01000 - ok
10:44:17.0230 3300 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
10:44:17.0234 3300 WdiServiceHost - ok
10:44:17.0241 3300 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
10:44:17.0246 3300 WdiSystemHost - ok
10:44:17.0271 3300 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
10:44:17.0276 3300 WebClient - ok
10:44:17.0328 3300 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
10:44:17.0337 3300 Wecsvc - ok
10:44:17.0356 3300 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
10:44:17.0360 3300 wercplsupport - ok
10:44:17.0377 3300 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
10:44:17.0382 3300 WerSvc - ok
10:44:17.0421 3300 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
10:44:17.0425 3300 WinDefend - ok
10:44:17.0432 3300 WinHttpAutoProxySvc - ok
10:44:17.0473 3300 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
10:44:17.0476 3300 Winmgmt - ok
10:44:17.0549 3300 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
10:44:17.0575 3300 WinRM - ok
10:44:17.0613 3300 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
10:44:17.0630 3300 Wlansvc - ok
10:44:17.0679 3300 [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
10:44:17.0682 3300 wlcrasvc - ok
10:44:17.0751 3300 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:44:17.0785 3300 wlidsvc - ok
10:44:17.0810 3300 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
10:44:17.0821 3300 WmiAcpi - ok
10:44:17.0850 3300 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
10:44:17.0853 3300 wmiApSrv - ok
10:44:17.0912 3300 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
10:44:17.0928 3300 WMPNetworkSvc - ok
10:44:17.0942 3300 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
10:44:17.0947 3300 WPCSvc - ok
10:44:17.0971 3300 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
10:44:17.0975 3300 WPDBusEnum - ok
10:44:18.0004 3300 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
10:44:18.0005 3300 WpdUsb - ok
10:44:18.0103 3300 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
10:44:18.0115 3300 WPFFontCache_v0400 - ok
10:44:18.0135 3300 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
10:44:18.0136 3300 ws2ifsl - ok
10:44:18.0159 3300 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll
10:44:18.0163 3300 wscsvc - ok
10:44:18.0169 3300 WSearch - ok
10:44:18.0303 3300 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
10:44:18.0344 3300 wuauserv - ok
10:44:18.0361 3300 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
10:44:18.0363 3300 WUDFRd - ok
10:44:18.0388 3300 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
10:44:18.0392 3300 wudfsvc - ok
10:44:18.0496 3300 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
10:44:18.0514 3300 YahooAUService - ok
10:44:18.0538 3300 ================ Scan global ===============================
10:44:18.0566 3300 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
10:44:18.0630 3300 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
10:44:18.0656 3300 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
10:44:18.0689 3300 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
10:44:18.0712 3300 [Global] - ok
10:44:18.0712 3300 ================ Scan MBR ==================================
10:44:18.0730 3300 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
10:44:19.0347 3300 \Device\Harddisk0\DR0 - ok
10:44:19.0347 3300 ================ Scan VBR ==================================
10:44:19.0381 3300 [ F5720A6445AEA24030C9EC4739B0B171 ] \Device\Harddisk0\DR0\Partition1
10:44:19.0383 3300 \Device\Harddisk0\DR0\Partition1 - ok
10:44:19.0404 3300 [ 655665D52E39D8CA54F7D61D40F96DBA ] \Device\Harddisk0\DR0\Partition2
10:44:19.0406 3300 \Device\Harddisk0\DR0\Partition2 - ok
10:44:19.0407 3300 ============================================================
10:44:19.0407 3300 Scan finished
10:44:19.0407 3300 ============================================================
10:44:19.0421 4148 Detected object count: 0
10:44:19.0421 4148 Actual detected object count: 0




MiniToolBox by Farbar Version: 10-11-2012 02
Ran by Chris (administrator) on 22-11-2012 at 10:49:27
Windows Vista ™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost


=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
ABBYY FineReader 6.0 Sprint (Version: 6.00.2146.41621)
Acrobat.com (Version: 1.6.65)
Adobe AIR (Version: 1.5.0.7220)
Adobe Flash Player 11 ActiveX (Version: 11.5.502.110)
Adobe Reader X (10.1.4) (Version: 10.1.4)
Apple Application Support (Version: 2.2.2)
Apple Mobile Device Support (Version: 6.0.0.59)
Apple Software Update (Version: 2.1.3.127)
ASUSUpdate
Atheros Communications Inc.® L2 Fast Ethernet Driver (Version: 2.6.7.10)
BigPond Media Downloader (Version: 1.0.61)
BigPond Wireless Broadband 2.10.6 (Version: 2.10.6)
Bonjour (Version: 3.0.0.10)
Caplio Software
Cardo Upgrades (Version: 3.0.19)
CCleaner (Version: 3.24)
CDDRV_Installer (Version: 4.60)
Chinese Simplified Fonts Support For Adobe Reader 9 (Version: 9.0.0)
D3DX10 (Version: 15.4.2368.0902)
DVD Shrink 3.2
EON Viewer (Version: 6.1.0)
EON Viewer 6.1 (Version: 6.1.0)
erLT (Version: 1.20.0137)
ESET Online Scanner v3
Garmin BaseCamp (Version: 4.0.2)
Garmin Communicator Plugin (Version: 4.0.3)
Garmin USB Drivers (Version: 2.3.1.0)
Germany-Sun-Rays-1-1152x864
Google Chrome (Version: 23.0.1271.64)
Google Chrome Frame (Version: 23.0.1271.64)
Google Drive (Version: 1.5.3654.684)
Google Earth (Version: 6.2.2.6613)
Google Gmail Notifier
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3230.2052)
Google Update Helper (Version: 1.3.21.123)
Highlight Viewer (Windows Live Toolbar) (Version: 03.01.0146)
iCloud (Version: 2.0.2.187)
ieSpell (Version: 2.5.1 (build 106))
Intel® Graphics Media Accelerator Driver
iTunes (Version: 10.7.0.21)
Java Auto Updater (Version: 2.0.7.2)
Java™ 6 Update 37 (Version: 6.0.370)
Junk Mail filter update (Version: 15.4.3502.0922)
KhalInstallWrapper (Version: 4.70.213)
Korean Fonts Support For Adobe Reader 9 (Version: 9.0.0)
Lexmark 7600 Series
Lexmark Fax Solutions
Lexmark Printable Web (Version: 1.0.0.0)
Lexmark Toolbar (Version: 4.0.53.0)
Lexmark Tools for Office (Version: 1.24.0.0)
LightScribe System Software 1.10.19.1 (Version: 1.10.19.1)
Logitech Harmony Remote Software (Version: 1.0.110307)
Logitech QuickCam (Version: 11.90.1263)
Logitech QuickCam Driver Package
Logitech SetPoint (Version: 4.70)
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
MegaLogViewer HD version 3.1.1 (Version: 3.1.1)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Search Enhancement Pack (Version: 3.0.133.0)
Microsoft Security Client (Version: 4.1.0522.0)
Microsoft Security Essentials (Version: 4.1.522.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft XML Parser (Version: 8.70.1104.04)
Mozilla Firefox 16.0.2 (x86 en-US) (Version: 16.0.2)
Mozilla Maintenance Service (Version: 16.0.2)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MyTomTom 3.2.0.700 (Version: 3.2.0.700)
Nero 8 Essentials (Version: 8.10.376)
neroxml (Version: 1.0.0)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
Power Vision Log Tuner (Version: 1.2.0)
Power Vision Software (Version: 1.0.68.1180)
QuickTime (Version: 7.72.80.56)
Realtek High Definition Audio Driver (Version: 6.0.1.5506)
Revo Uninstaller 1.94 (Version: 1.94)
SanDisk ® Media Manager (Version: 2.1.0.4)
Segoe UI (Version: 15.4.2271.0615)
Smart Menus (Windows Live Toolbar) (Version: 03.01.0146)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
System Requirements Lab for Intel (Version: 4.5.3.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VCRedistSetup (Version: 1.0.0)
Vista Codec Package (Version: 5.1.8)
Visual Studio C++ 10.0 Runtime (Version: 10.0.0)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (Version: 04/19/2012 2.3.1.0)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live Family Safety (Version: 15.4.3555.0308)
Windows Live Favorites for Windows Live Toolbar (Version: 03.01.0146)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Toolbar Extension (Windows Live Toolbar) (Version: 03.01.0146)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WinRAR archiver
Yahoo! Install Manager
Yahoo! Software Update
Yahoo! Toolbar

**** End of log ****


Farbar Service Scanner Version: 09-11-2012
Ran by Chris (administrator) on 22-11-2012 at 11:04:05
Running from "C:\Users\Chris\Desktop"
Windows Vista ™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2012-10-11 04:52] - [2012-06-02 11:02] - 0133120 ____A (Microsoft Corporation) F1E8C34892336D33EDDCDFE44E474F64

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:34 AM

Posted 21 November 2012 - 07:22 PM

I use Microsoft Security esentials myself, I think it's an excellent AV

no AV can find everything though, so you have to be careful where you visit, what you download and what links you click on.

I use the pro version of malwarebytes, windows Firewall and the Web of Trust, plus I'm behind a secured router.

Stay away from cracks, keygens, peer to peer and torrents.

the logs look good so we just have some housekeeping to do


You can delete the DDS, all the Farbar and aswMBR logs and programs from your desktop.


NEXT


Follow these steps to uninstall Combofix

  • Make sure your security programs are totally disabled.
  • Press the WinKey +R to open a run box
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Posted Image


NEXT

  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with yes.


If there are any logs/tools remaining on your desktop > right click and delete them.


NEXT


Below I have included a number of recommendations for how to protect your computer against malware infections.

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.

  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

  • Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean
    It's normal after running TFC cleaner that the PC will be slower to boot the first time.

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
    PC Safety and Security--What Do I Need?.
  • Simple and easy ways to keep your computer safe and secure on the Internet

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 Christuffa

Christuffa
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 21 November 2012 - 08:45 PM

CB,
Thanks a million for all your help and advice. I'm left with JRT, awdcleaner, and TFC on my desktop should I delete those? I've been using Google chrome for my browser would I be better just using IE or firefox? Looks like I've got a bit of reading to do and I will certainly implement all your advice.

Hope you have a safe & Happy Christmas

#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:34 AM

Posted 21 November 2012 - 08:49 PM

adwcleaner can be deleted by the following:

Double click on adwcleaner.exe to run the tool.
Click on Uninstall.
Confirm with yes.

JRT and TFC can be deleted if you don't want to keep them, but it might be useful to keep them and run them every 6 months or so

I've never used Chrome, I'm a diehard FireFox fan and will never change, but that's just me, I really don't think there is any real difference between the browsers, it just comes down to which ever one you prefer.


stay safe :hello:

~CB

happy holidays to you too!

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:34 AM

Posted 28 November 2012 - 09:35 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users