Page 1 of 2 12 LastLast
Results 1 to 10 of 17

Thread: Help removing smitfraud

  1. #1
    Junior Member
    Join Date
    Mar 2012
    Posts
    12

    Default Help removing smitfraud

    Hi--thanks for the help with this. I had a thread opened earlier, but I had to leave unexpectedly for a death in the family. I am back and not much has been done since my last thread, which is archived http://forums.spybot.info/showthread...ht=spaceycayce

    Here is DDS record.


    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421
    Run by owner at 10:17:36 on 2012-03-26
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4044.2148 [GMT -7:00]
    .
    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    AV: AVG Anti-Virus 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
    C:\windows\system32\wininit.exe
    C:\windows\system32\lsm.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\svchost.exe -k RPCSS
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k netsvcs
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\svchost.exe -k NetworkService
    C:\windows\system32\Dwm.exe
    C:\windows\Explorer.EXE
    C:\windows\System32\spoolsv.exe
    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
    C:\windows\system32\taskhost.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\windows\system32\svchost.exe -k imgsvc
    C:\windows\system32\TODDSrv.exe
    C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
    C:\windows\system32\SearchIndexer.exe
    C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
    -netsvcs
    C:\windows\system32\conhost.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\windows\system32\wuauclt.exe
    C:\windows\system32\taskeng.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\windows\system32\SearchProtocolHost.exe
    C:\windows\system32\SearchFilterHost.exe
    C:\windows\system32\DllHost.exe
    C:\windows\system32\DllHost.exe
    C:\windows\SysWOW64\cmd.exe
    C:\windows\system32\conhost.exe
    C:\windows\SysWOW64\cscript.exe
    C:\windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = <local>
    BHO: MRI_DISABLED - No File
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
    uRun: [Facebook Update] "C:\Users\owner\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
    mRun: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
    mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    TCP: DhcpNameServer = 10.0.1.1
    TCP: Interfaces\{7C9D6D00-7B4D-4E44-9124-12F60CBE10A1} : DhcpNameServer = 10.0.1.1
    TCP: Interfaces\{7C9D6D00-7B4D-4E44-9124-12F60CBE10A1}\3797374756D683 : DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{7C9D6D00-7B4D-4E44-9124-12F60CBE10A1}\4756272796F6E613 : DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{7C9D6D00-7B4D-4E44-9124-12F60CBE10A1}\C49637A747D274 : DhcpNameServer = 10.106.0.6 10.106.0.7
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    BHO-X64: MRI_DISABLED - No File
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
    BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
    BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
    mRun-x64: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
    mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;C:\windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\windows\system32\DRIVERS\AVGIDSEH.Sys [?]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\system32\DRIVERS\avgrkx64.sys --> C:\windows\system32\DRIVERS\avgrkx64.sys [?]
    R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]
    R1 Avgldx64;AVG AVI Loader Driver;C:\windows\system32\DRIVERS\avgldx64.sys --> C:\windows\system32\DRIVERS\avgldx64.sys [?]
    R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\system32\DRIVERS\avgmfx64.sys --> C:\windows\system32\DRIVERS\avgmfx64.sys [?]
    R1 Avgtdia;AVG TDI Driver;C:\windows\system32\DRIVERS\avgtdia.sys --> C:\windows\system32\DRIVERS\avgtdia.sys [?]
    R1 MpFilter;Microsoft Malware Protection Driver;C:\windows\system32\DRIVERS\MpFilter.sys --> C:\windows\system32\DRIVERS\MpFilter.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
    R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2011-12-9 123320]
    R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-12-9 126392]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-3-15 1153368]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-12-9 2656280]
    R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [2012-3-26 918880]
    R3 FwLnk;FwLnk Driver;C:\windows\system32\DRIVERS\FwLnk.sys --> C:\windows\system32\DRIVERS\FwLnk.sys [?]
    R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?]
    R3 MEIx64;Intel(R) Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
    R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
    R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\system32\DRIVERS\rtl8192Ce.sys --> C:\windows\system32\DRIVERS\rtl8192Ce.sys [?]
    R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]
    R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]
    R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]
    R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-9 136176]
    S3 Andbus;LGE Android Platform Composite USB Device;C:\windows\system32\DRIVERS\lgandbus64.sys --> C:\windows\system32\DRIVERS\lgandbus64.sys [?]
    S3 AndDiag;LGE Android Platform USB Serial Port;C:\windows\system32\DRIVERS\lganddiag64.sys --> C:\windows\system32\DRIVERS\lganddiag64.sys [?]
    S3 AndGps;LGE Android Platform USB GPS NMEA Port;C:\windows\system32\DRIVERS\lgandgps64.sys --> C:\windows\system32\DRIVERS\lgandgps64.sys [?]
    S3 ANDModem;LGE Android Platform USB Modem;C:\windows\system32\DRIVERS\lgandmodem64.sys --> C:\windows\system32\DRIVERS\lgandmodem64.sys [?]
    S3 AVGIDSDriver;AVGIDSDriver;C:\windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
    S3 AVGIDSFilter;AVGIDSFilter;C:\windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
    S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-9 136176]
    S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\windows\system32\DRIVERS\MpNWMon.sys --> C:\windows\system32\DRIVERS\MpNWMon.sys [?]
    S3 NisDrv;Microsoft Network Inspection System;C:\windows\system32\DRIVERS\NisDrvWFP.sys --> C:\windows\system32\DRIVERS\NisDrvWFP.sys [?]
    S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
    S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-12-9 57216]
    S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-6-9 138152]
    S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
    S4 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
    S4 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2012-03-16 18:54:39 -------- d-s---w- C:\ComboFix
    2012-03-16 18:39:37 -------- d-sh--w- C:\$RECYCLE.BIN
    2012-03-16 18:23:31 20480 ----a-w- C:\windows\svchost.exe
    2012-03-16 16:09:55 8643640 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{06D6E3DE-7A61-4EB6-A6A7-92E5627CE843}\mpengine.dll
    2012-03-15 18:51:04 -------- d-----w- C:\Program Files\CCleaner
    2012-03-15 18:45:13 3145728 ----a-w- C:\windows\System32\win32k.sys
    2012-03-15 18:45:11 1544192 ----a-w- C:\windows\System32\DWrite.dll
    2012-03-15 18:45:11 1077248 ----a-w- C:\windows\SysWow64\DWrite.dll
    2012-03-15 18:45:04 826880 ----a-w- C:\windows\SysWow64\rdpcore.dll
    2012-03-15 18:45:04 23552 ----a-w- C:\windows\System32\drivers\tdtcp.sys
    2012-03-15 18:45:04 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys
    2012-03-15 18:45:03 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe
    2012-03-15 18:45:03 77312 ----a-w- C:\windows\System32\rdpwsx.dll
    2012-03-15 18:45:03 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll
    2012-03-15 18:44:28 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
    2012-03-15 18:44:28 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
    2012-03-15 18:35:14 525792 ----a-w- C:\windows\DIFxAPI.dll
    2012-03-15 18:35:14 232464 ----a-w- C:\windows\TmNSCIns.dll
    2012-03-15 18:22:29 -------- d-----w- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
    2012-03-13 22:07:39 -------- d-----w- C:\Users\owner\AppData\Local\Kjs.AppLife.Update
    2012-03-13 21:52:09 1031680 ----a-w- C:\windows\System32\rdpcore.dll
    2012-03-12 01:42:00 -------- d-----w- C:\$AVG
    2012-03-12 01:07:29 -------- d-----w- C:\Users\owner\AppData\Roaming\AVG2012
    2012-03-12 01:06:29 -------- d-----w- C:\ProgramData\AVG Secure Search
    2012-03-12 01:06:20 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
    2012-03-12 01:06:18 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
    2012-03-12 01:06:13 -------- d--h--w- C:\ProgramData\Common Files
    2012-03-12 01:06:05 -------- d-----w- C:\windows\SysWow64\drivers\AVG
    2012-03-12 01:05:46 -------- d-----w- C:\windows\System32\drivers\AVG
    2012-03-12 01:05:46 -------- d-----w- C:\ProgramData\AVG2012
    2012-03-12 01:05:17 -------- d-----w- C:\Program Files (x86)\AVG
    2012-03-12 00:55:23 -------- d-----w- C:\ProgramData\MFAData
    2012-03-11 07:23:59 -------- d-----w- C:\Users\owner\AppData\Roaming\Malwarebytes
    2012-03-03 19:14:40 34304 ----a-w- C:\windows\System32\drivers\lgandmodem64.sys
    2012-03-03 19:14:40 27136 ----a-w- C:\windows\System32\drivers\lgandgps64.sys
    2012-03-03 19:14:39 27648 ----a-w- C:\windows\System32\drivers\lganddiag64.sys
    2012-03-03 19:14:39 19456 ----a-w- C:\windows\System32\drivers\lgandbus64.sys
    2012-03-03 19:14:38 -------- d-----w- C:\Program Files (x86)\LG Electronics
    .
    ==================== Find3M ====================
    .
    2012-02-06 14:14:19 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-01-31 12:44:20 279656 ------w- C:\windows\System32\MpSigStub.exe
    2012-01-04 10:44:20 509952 ----a-w- C:\windows\System32\ntshrui.dll
    2012-01-04 08:58:41 442880 ----a-w- C:\windows\SysWow64\ntshrui.dll
    2011-12-30 06:26:08 515584 ----a-w- C:\windows\System32\timedate.cpl
    2011-12-30 05:27:56 478720 ----a-w- C:\windows\SysWow64\timedate.cpl
    2011-12-28 03:59:24 498688 ----a-w- C:\windows\System32\drivers\afd.sys
    .
    ============= FINISH: 10:19:35.54 ===============
    Attached Files Attached Files

  2. #2
    Security Expert oldman960's Avatar
    Join Date
    Sep 2010
    Posts
    631

    Default

    Hi spaceycayce,

    but I had to leave unexpectedly for a death in the family
    Sorry to hear that.

    Let's continue where we left off. Please post the combofix log you should be able to find it at C:\combofix.txt
    Member of UNITE and ASAP
    Threads will be closed if no response after 5 days.

  3. #3
    Junior Member
    Join Date
    Mar 2012
    Posts
    12

    Default

    +ComboFix 12-03-28.02 - owner 03/28/2012 9:47.2.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4044.2487 [GMT -7:00]
    Running from: c:\users\owner\Downloads\ComboFix.exe
    AV: AVG Anti-Virus 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: AVG Anti-Virus 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\svchost.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-28 )))))))))))))))))))))))))))))))
    .
    .
    2012-03-28 16:57 . 2009-07-14 01:14 20480 ----a-w- c:\windows\svchost.exe
    2012-03-28 16:55 . 2012-03-28 16:55 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-03-16 21:26 . 2012-03-16 21:26 -------- d-----w- c:\program files\7-Zip
    2012-03-16 16:09 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{06D6E3DE-7A61-4EB6-A6A7-92E5627CE843}\mpengine.dll
    2012-03-15 18:51 . 2012-03-15 19:30 -------- d-----w- c:\program files\CCleaner
    2012-03-15 18:45 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
    2012-03-15 18:45 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
    2012-03-15 18:45 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
    2012-03-15 18:45 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
    2012-03-15 18:45 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-03-15 18:45 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
    2012-03-15 18:45 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-03-15 18:45 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-03-15 18:45 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
    2012-03-15 18:44 . 2012-03-16 16:33 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2012-03-15 18:44 . 2012-03-15 18:47 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
    2012-03-15 18:35 . 2011-08-02 21:33 525792 ----a-w- c:\windows\DIFxAPI.dll
    2012-03-15 18:35 . 2011-08-02 21:33 232464 ----a-w- c:\windows\TmNSCIns.dll
    2012-03-15 18:22 . 2012-03-15 18:30 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE
    2012-03-13 22:07 . 2012-03-13 22:15 -------- d-----w- c:\users\owner\AppData\Local\Kjs.AppLife.Update
    2012-03-13 21:52 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
    2012-03-12 01:42 . 2012-03-12 01:42 -------- d-----w- C:\$AVG
    2012-03-12 01:07 . 2012-03-12 01:07 -------- d-----w- c:\users\owner\AppData\Roaming\AVG2012
    2012-03-12 01:06 . 2012-03-26 17:04 -------- d-----w- c:\programdata\AVG Secure Search
    2012-03-12 01:06 . 2012-03-15 17:55 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
    2012-03-12 01:06 . 2012-03-26 17:04 -------- d-----w- c:\program files (x86)\AVG Secure Search
    2012-03-12 01:06 . 2012-03-12 01:06 -------- d--h--w- c:\programdata\Common Files
    2012-03-12 01:06 . 2012-03-12 01:06 -------- d-----w- c:\windows\SysWow64\drivers\AVG
    2012-03-12 01:05 . 2012-03-16 18:05 -------- d-----w- c:\windows\system32\drivers\AVG
    2012-03-12 01:05 . 2012-03-12 01:18 -------- d-----w- c:\programdata\AVG2012
    2012-03-12 01:05 . 2012-03-12 01:05 -------- d-----w- c:\program files (x86)\AVG
    2012-03-12 00:55 . 2012-03-16 16:02 -------- d-----w- c:\programdata\MFAData
    2012-03-11 07:23 . 2012-03-11 07:23 -------- d-----w- c:\users\owner\AppData\Roaming\Malwarebytes
    2012-03-03 19:14 . 2010-12-07 22:23 34304 ----a-w- c:\windows\system32\drivers\lgandmodem64.sys
    2012-03-03 19:14 . 2010-12-07 22:23 27136 ----a-w- c:\windows\system32\drivers\lgandgps64.sys
    2012-03-03 19:14 . 2010-12-07 22:23 27648 ----a-w- c:\windows\system32\drivers\lganddiag64.sys
    2012-03-03 19:14 . 2010-12-07 22:22 19456 ----a-w- c:\windows\system32\drivers\lgandbus64.sys
    2012-03-03 19:14 . 2012-03-03 19:14 -------- d-----w- c:\program files (x86)\LG Electronics
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-02-11 20:17 . 2012-02-11 20:17 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C32BDBBE-FC19-4DE2-B182-E820F523E92B}\gapaengine.dll
    2012-02-08 07:13 . 2012-02-07 05:49 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-02-06 14:14 . 2011-10-31 02:34 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-02-06 05:26 . 2012-02-11 20:17 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
    2012-01-31 12:44 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
    2012-01-07 23:27 . 2011-03-29 01:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2012-01-04 10:44 . 2012-02-15 05:50 509952 ----a-w- c:\windows\system32\ntshrui.dll
    2012-01-04 08:58 . 2012-02-15 05:50 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
    2011-12-30 06:26 . 2012-02-15 05:50 515584 ----a-w- c:\windows\system32\timedate.cpl
    2011-12-30 05:27 . 2012-02-15 05:50 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
    2012-03-26 17:04 1869152 ----a-w- c:\program files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-26 1869152]
    .
    [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Facebook Update"="c:\users\owner\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-02-05 137536]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "B2C_AGENT"="c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [2011-09-28 404568]
    "AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-25 2416480]
    "vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-03-26 982880]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NortonOnlineBackupReminder]
    2011-06-22 22:26 3218864 ----a-w- c:\program files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToshibaAppPlace]
    2010-09-23 18:03 552960 ----a-w- c:\program files (x86)\TOSHIBA\Toshiba App Place\ToshibaAppPlace.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToshibaServiceStation]
    2011-07-12 01:16 1298816 ----a-w- c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
    .
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-09 136176]
    R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys [x]
    R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys [x]
    R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys [x]
    R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys [x]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
    R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-09 136176]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-28 288272]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
    R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216]
    R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-06-10 138152]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R4 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
    R4 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
    S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
    S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
    S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
    S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
    S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
    S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2011-07-19 123320]
    S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-07-19 126392]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
    S2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [2012-03-26 918880]
    S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
    S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
    S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
    S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-03-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2547257186-3653365119-3982157553-1000Core.job
    - c:\users\owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-05 04:44]
    .
    2012-03-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2547257186-3653365119-3982157553-1000UA.job
    - c:\users\owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-05 04:44]
    .
    2012-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-09 20:15]
    .
    2012-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-09 20:15]
    .
    2012-03-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2547257186-3653365119-3982157553-1000Core.job
    - c:\users\owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-22 21:28]
    .
    2012-03-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2547257186-3653365119-3982157553-1000UA.job
    - c:\users\owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-22 21:28]
    .
    2012-03-12 c:\windows\Tasks\SidebarExecute.job
    - c:\program files\Windows Sidebar\sidebar.exe [2010-11-21 03:24]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MRT"="c:\windows\system32\MRT.exe" [2012-03-16 56297240]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = <local>
    TCP: DhcpNameServer = 10.0.1.1
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
    AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2518870 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
    AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
    AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2539636 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
    AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2572078 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
    AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
    AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2633870 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
    AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656351 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCCUJobMgr]
    "ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\\.\globalroot\systemroot\svchost.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    .
    **************************************************************************
    .
    Completion time: 2012-03-28 10:11:14 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-03-28 17:11
    ComboFix2.txt 2012-03-16 18:29
    .
    Pre-Run: 262,254,624,768 bytes free
    Post-Run: 261,680,017,408 bytes free
    .
    - - End Of File - - 681FDF6D73FE89845881C8D0CDB4DE99
    Attached Files Attached Files

  4. #4
    Security Expert oldman960's Avatar
    Join Date
    Sep 2010
    Posts
    631

    Default

    Hi spaceycayce,


    Download the latest version of TDSSKiller from here and save it to your Desktop.


    • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.


    • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.


    • Click the Start Scan button.


    • If a suspicious object is detected, the default action will be Skip, click on Continue.


    • If malicious objects are found, they will show in the Scan results and offer three (3) options.
    • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.


    • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


    A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
    Member of UNITE and ASAP
    Threads will be closed if no response after 5 days.

  5. #5
    Junior Member
    Join Date
    Mar 2012
    Posts
    12

    Default

    00:24:01.0715 4256 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
    00:24:03.0177 4256 ============================================================
    00:24:03.0177 4256 Current date / time: 2012/03/29 00:24:03.0177
    00:24:03.0177 4256 SystemInfo:
    00:24:03.0177 4256
    00:24:03.0177 4256 OS Version: 6.1.7601 ServicePack: 1.0
    00:24:03.0177 4256 Product type: Workstation
    00:24:03.0177 4256 ComputerName: OWNER-PC
    00:24:03.0177 4256 UserName: owner
    00:24:03.0177 4256 Windows directory: C:\windows
    00:24:03.0177 4256 System windows directory: C:\windows
    00:24:03.0177 4256 Running under WOW64
    00:24:03.0177 4256 Processor architecture: Intel x64
    00:24:03.0177 4256 Number of processors: 2
    00:24:03.0177 4256 Page size: 0x1000
    00:24:03.0177 4256 Boot type: Normal boot
    00:24:03.0177 4256 ============================================================
    00:24:04.0362 4256 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    00:24:04.0365 4256 \Device\Harddisk0\DR0:
    00:24:04.0365 4256 MBR used
    00:24:04.0365 4256 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x235E9800
    00:24:04.0407 4256 Initialize success
    00:24:04.0407 4256 ============================================================
    00:24:28.0650 4268 ============================================================
    00:24:28.0650 4268 Scan started
    00:24:28.0650 4268 Mode: Manual; SigCheck; TDLFS;
    00:24:28.0650 4268 ============================================================
    00:24:33.0202 4268 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
    00:24:33.0535 4268 1394ohci - ok
    00:24:33.0734 4268 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
    00:24:33.0750 4268 ACPI - ok
    00:24:33.0878 4268 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
    00:24:34.0082 4268 AcpiPmi - ok
    00:24:34.0416 4268 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
    00:24:34.0447 4268 adp94xx - ok
    00:24:34.0709 4268 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
    00:24:34.0735 4268 adpahci - ok
    00:24:35.0003 4268 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
    00:24:35.0016 4268 adpu320 - ok
    00:24:35.0330 4268 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
    00:24:35.0537 4268 AeLookupSvc - ok
    00:24:35.0691 4268 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
    00:24:35.0812 4268 AFD - ok
    00:24:36.0016 4268 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
    00:24:36.0043 4268 agp440 - ok
    00:24:36.0254 4268 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
    00:24:36.0330 4268 ALG - ok
    00:24:36.0527 4268 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
    00:24:36.0765 4268 aliide - ok
    00:24:36.0872 4268 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
    00:24:36.0881 4268 amdide - ok
    00:24:37.0030 4268 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
    00:24:37.0084 4268 AmdK8 - ok
    00:24:37.0253 4268 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys
    00:24:37.0320 4268 AmdPPM - ok
    00:24:37.0433 4268 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
    00:24:37.0454 4268 amdsata - ok
    00:24:37.0586 4268 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
    00:24:37.0608 4268 amdsbs - ok
    00:24:37.0711 4268 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
    00:24:37.0727 4268 amdxata - ok
    00:24:37.0810 4268 Andbus (48cd7e6520d47d62eab0e6ce3ec30c65) C:\windows\system32\DRIVERS\lgandbus64.sys
    00:24:37.0846 4268 Andbus - ok
    00:24:37.0932 4268 AndDiag (08cbacc00d15dcdbbaae1a7c8f231c61) C:\windows\system32\DRIVERS\lganddiag64.sys
    00:24:37.0974 4268 AndDiag - ok
    00:24:38.0191 4268 AndGps (cea9a4cd6b3a83428ce8501240833668) C:\windows\system32\DRIVERS\lgandgps64.sys
    00:24:38.0229 4268 AndGps - ok
    00:24:38.0379 4268 ANDModem (e2b5663e547fa5e756b253efa8ec8286) C:\windows\system32\DRIVERS\lgandmodem64.sys
    00:24:38.0426 4268 ANDModem - ok
    00:24:38.0573 4268 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
    00:24:38.0809 4268 AppID - ok
    00:24:38.0905 4268 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
    00:24:38.0965 4268 AppIDSvc - ok
    00:24:39.0076 4268 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
    00:24:39.0148 4268 Appinfo - ok
    00:24:39.0286 4268 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
    00:24:39.0299 4268 arc - ok
    00:24:39.0412 4268 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
    00:24:39.0426 4268 arcsas - ok
    00:24:39.0523 4268 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
    00:24:39.0611 4268 AsyncMac - ok
    00:24:39.0734 4268 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
    00:24:39.0751 4268 atapi - ok
    00:24:39.0877 4268 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
    00:24:39.0946 4268 AudioEndpointBuilder - ok
    00:24:39.0970 4268 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
    00:24:40.0033 4268 AudioSrv - ok
    00:24:40.0334 4268 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
    00:24:40.0500 4268 AVGIDSAgent - ok
    00:24:40.0621 4268 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\windows\system32\DRIVERS\AVGIDSDriver.Sys
    00:24:40.0644 4268 AVGIDSDriver - ok
    00:24:40.0803 4268 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\windows\system32\DRIVERS\AVGIDSEH.Sys
    00:24:40.0819 4268 AVGIDSEH - ok
    00:24:41.0015 4268 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\windows\system32\DRIVERS\AVGIDSFilter.Sys
    00:24:41.0032 4268 AVGIDSFilter - ok
    00:24:41.0225 4268 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\windows\system32\DRIVERS\avgldx64.sys
    00:24:41.0250 4268 Avgldx64 - ok
    00:24:41.0389 4268 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\windows\system32\DRIVERS\avgmfx64.sys
    00:24:41.0400 4268 Avgmfx64 - ok
    00:24:41.0555 4268 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\windows\system32\DRIVERS\avgrkx64.sys
    00:24:41.0566 4268 Avgrkx64 - ok
    00:24:41.0751 4268 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\windows\system32\DRIVERS\avgtdia.sys
    00:24:41.0769 4268 Avgtdia - ok
    00:24:41.0918 4268 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    00:24:41.0931 4268 avgwd - ok
    00:24:42.0080 4268 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
    00:24:42.0222 4268 AxInstSV - ok
    00:24:42.0431 4268 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
    00:24:42.0482 4268 b06bdrv - ok
    00:24:42.0624 4268 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
    00:24:42.0676 4268 b57nd60a - ok
    00:24:42.0793 4268 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
    00:24:42.0839 4268 BDESVC - ok
    00:24:43.0034 4268 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
    00:24:43.0106 4268 Beep - ok
    00:24:43.0261 4268 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
    00:24:43.0387 4268 BFE - ok
    00:24:43.0604 4268 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\system32\qmgr.dll
    00:24:43.0715 4268 BITS - ok
    00:24:43.0848 4268 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
    00:24:43.0890 4268 blbdrive - ok
    00:24:44.0095 4268 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
    00:24:44.0171 4268 bowser - ok
    00:24:44.0325 4268 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
    00:24:44.0393 4268 BrFiltLo - ok
    00:24:44.0503 4268 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
    00:24:44.0536 4268 BrFiltUp - ok
    00:24:44.0695 4268 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
    00:24:44.0813 4268 BridgeMP - ok
    00:24:45.0081 4268 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
    00:24:45.0175 4268 Browser - ok
    00:24:45.0371 4268 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
    00:24:45.0433 4268 Brserid - ok
    00:24:45.0559 4268 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
    00:24:45.0621 4268 BrSerWdm - ok
    00:24:45.0803 4268 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
    00:24:45.0866 4268 BrUsbMdm - ok
    00:24:46.0026 4268 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
    00:24:46.0091 4268 BrUsbSer - ok
    00:24:46.0239 4268 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
    00:24:46.0310 4268 BTHMODEM - ok
    00:24:46.0496 4268 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
    00:24:46.0591 4268 bthserv - ok
    00:24:46.0619 4268 catchme - ok
    00:24:46.0764 4268 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
    00:24:46.0870 4268 cdfs - ok
    00:24:47.0034 4268 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
    00:24:47.0095 4268 cdrom - ok
    00:24:47.0243 4268 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
    00:24:47.0340 4268 CertPropSvc - ok
    00:24:47.0480 4268 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
    00:24:47.0536 4268 circlass - ok
    00:24:47.0725 4268 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
    00:24:47.0753 4268 CLFS - ok
    00:24:47.0931 4268 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    00:24:47.0955 4268 clr_optimization_v2.0.50727_32 - ok
    00:24:48.0075 4268 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    00:24:48.0094 4268 clr_optimization_v2.0.50727_64 - ok
    00:24:48.0302 4268 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    00:24:48.0323 4268 clr_optimization_v4.0.30319_32 - ok
    00:24:48.0556 4268 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    00:24:48.0574 4268 clr_optimization_v4.0.30319_64 - ok
    00:24:48.0724 4268 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
    00:24:48.0772 4268 CmBatt - ok
    00:24:48.0905 4268 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
    00:24:48.0926 4268 cmdide - ok
    00:24:49.0074 4268 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
    00:24:49.0103 4268 CNG - ok
    00:24:49.0370 4268 CnxtHdAudService (a260be645dd096d90318c8cf98536720) C:\windows\system32\drivers\CHDRT64.sys
    00:24:49.0455 4268 CnxtHdAudService - ok
    00:24:49.0613 4268 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
    00:24:49.0638 4268 Compbatt - ok
    00:24:49.0836 4268 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys
    00:24:49.0906 4268 CompositeBus - ok
    00:24:49.0996 4268 COMSysApp - ok
    00:24:50.0074 4268 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
    00:24:50.0109 4268 crcdisk - ok
    00:24:50.0318 4268 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\windows\system32\cryptsvc.dll
    00:24:50.0466 4268 CryptSvc - ok
    00:24:50.0706 4268 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    00:24:50.0759 4268 cvhsvc - ok
    00:24:50.0954 4268 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
    00:24:51.0085 4268 DcomLaunch - ok
    00:24:51.0318 4268 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
    00:24:51.0430 4268 defragsvc - ok
    00:24:51.0572 4268 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
    00:24:51.0688 4268 DfsC - ok
    00:24:51.0840 4268 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
    00:24:51.0969 4268 Dhcp - ok
    00:24:52.0116 4268 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
    00:24:52.0248 4268 discache - ok
    00:24:52.0439 4268 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
    00:24:52.0458 4268 Disk - ok
    00:24:52.0613 4268 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
    00:24:52.0728 4268 Dnscache - ok
    00:24:52.0873 4268 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
    00:24:53.0005 4268 dot3svc - ok
    00:24:53.0117 4268 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
    00:24:53.0185 4268 DPS - ok
    00:24:53.0314 4268 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
    00:24:53.0364 4268 drmkaud - ok
    00:24:53.0666 4268 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
    00:24:53.0722 4268 DXGKrnl - ok
    00:24:53.0899 4268 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
    00:24:53.0986 4268 EapHost - ok
    00:24:54.0783 4268 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
    00:24:54.0935 4268 ebdrv - ok
    00:24:55.0058 4268 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
    00:24:55.0125 4268 EFS - ok
    00:24:55.0271 4268 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
    00:24:55.0331 4268 ehRecvr - ok
    00:24:55.0498 4268 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
    00:24:55.0525 4268 ehSched - ok
    00:24:55.0690 4268 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
    00:24:55.0742 4268 elxstor - ok
    00:24:55.0994 4268 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
    00:24:56.0098 4268 ErrDev - ok
    00:24:56.0267 4268 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
    00:24:56.0354 4268 EventSystem - ok
    00:24:56.0508 4268 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
    00:24:56.0602 4268 exfat - ok
    00:24:56.0741 4268 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
    00:24:56.0842 4268 fastfat - ok
    00:24:57.0100 4268 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
    00:24:57.0186 4268 Fax - ok
    00:24:57.0277 4268 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
    00:24:57.0323 4268 fdc - ok
    00:24:57.0409 4268 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
    00:24:57.0481 4268 fdPHost - ok
    00:24:57.0490 4268 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
    00:24:57.0548 4268 FDResPub - ok
    00:24:57.0638 4268 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
    00:24:57.0652 4268 FileInfo - ok
    00:24:57.0664 4268 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
    00:24:57.0749 4268 Filetrace - ok
    00:24:57.0837 4268 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
    00:24:57.0855 4268 flpydisk - ok
    00:24:57.0932 4268 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
    00:24:57.0948 4268 FltMgr - ok
    00:24:58.0032 4268 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
    00:24:58.0093 4268 FontCache - ok
    00:24:58.0189 4268 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    00:24:58.0198 4268 FontCache3.0.0.0 - ok
    00:24:58.0309 4268 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
    00:24:58.0322 4268 FsDepends - ok
    00:24:58.0347 4268 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
    00:24:58.0355 4268 Fs_Rec - ok
    00:24:58.0447 4268 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
    00:24:58.0463 4268 fvevol - ok
    00:24:58.0549 4268 FwLnk (60acb128e64c35c2b4e4aab1b0a5c293) C:\windows\system32\DRIVERS\FwLnk.sys
    00:24:58.0593 4268 FwLnk - ok
    00:24:58.0737 4268 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
    00:24:58.0785 4268 gagp30kx - ok
    00:24:58.0928 4268 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
    00:24:58.0943 4268 GamesAppService - ok
    00:24:59.0089 4268 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
    00:24:59.0139 4268 gpsvc - ok
    00:24:59.0229 4268 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    00:24:59.0248 4268 gupdate - ok
    00:24:59.0271 4268 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    00:24:59.0283 4268 gupdatem - ok
    00:24:59.0382 4268 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    00:24:59.0394 4268 gusvc - ok
    00:24:59.0481 4268 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
    00:24:59.0522 4268 hcw85cir - ok
    00:24:59.0638 4268 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
    00:24:59.0775 4268 HdAudAddService - ok
    00:24:59.0896 4268 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys
    00:24:59.0991 4268 HDAudBus - ok
    00:25:00.0137 4268 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
    00:25:00.0163 4268 HidBatt - ok
    00:25:00.0295 4268 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
    00:25:00.0352 4268 HidBth - ok
    00:25:00.0733 4268 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
    00:25:00.0759 4268 HidIr - ok
    00:25:00.0871 4268 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll
    00:25:00.0969 4268 hidserv - ok
    00:25:01.0112 4268 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\drivers\hidusb.sys
    00:25:01.0132 4268 HidUsb - ok
    00:25:01.0261 4268 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
    00:25:01.0396 4268 hkmsvc - ok
    00:25:01.0512 4268 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
    00:25:01.0603 4268 HomeGroupListener - ok
    00:25:01.0722 4268 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
    00:25:01.0761 4268 HomeGroupProvider - ok
    00:25:01.0880 4268 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
    00:25:01.0891 4268 HpSAMD - ok
    00:25:02.0173 4268 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
    00:25:02.0268 4268 HTTP - ok
    00:25:02.0470 4268 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
    00:25:02.0480 4268 hwpolicy - ok
    00:25:02.0716 4268 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
    00:25:02.0752 4268 i8042prt - ok
    00:25:02.0930 4268 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\windows\system32\DRIVERS\iaStor.sys
    00:25:02.0949 4268 iaStor - ok
    00:25:03.0136 4268 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
    00:25:03.0192 4268 iaStorV - ok
    00:25:03.0316 4268 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    00:25:03.0359 4268 idsvc - ok
    00:25:04.0350 4268 igfx (370c2a8629b30f910f740387795ddc6f) C:\windows\system32\DRIVERS\igdkmd64.sys
    00:25:04.0816 4268 igfx - ok
    00:25:05.0030 4268 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
    00:25:05.0045 4268 iirsp - ok
    00:25:05.0241 4268 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
    00:25:05.0510 4268 IKEEXT - ok
    00:25:05.0664 4268 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
    00:25:05.0675 4268 intelide - ok
    00:25:05.0865 4268 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
    00:25:05.0898 4268 intelppm - ok
    00:25:06.0023 4268 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
    00:25:06.0086 4268 IPBusEnum - ok
    00:25:06.0200 4268 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
    00:25:06.0241 4268 IpFilterDriver - ok
    00:25:06.0433 4268 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
    00:25:06.0550 4268 iphlpsvc - ok
    00:25:06.0680 4268 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
    00:25:06.0715 4268 IPMIDRV - ok
    00:25:06.0870 4268 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
    00:25:06.0931 4268 IPNAT - ok
    00:25:07.0198 4268 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
    00:25:07.0215 4268 IRENUM - ok
    00:25:07.0394 4268 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
    00:25:07.0406 4268 isapnp - ok
    00:25:07.0577 4268 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
    00:25:07.0596 4268 iScsiPrt - ok
    00:25:07.0778 4268 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
    00:25:07.0791 4268 kbdclass - ok
    00:25:08.0841 4268 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
    00:25:08.0882 4268 kbdhid - ok
    00:25:09.0160 4268 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
    00:25:09.0185 4268 KeyIso - ok
    00:25:09.0464 4268 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
    00:25:09.0477 4268 KSecDD - ok
    00:25:09.0593 4268 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
    00:25:09.0604 4268 KSecPkg - ok
    00:25:09.0746 4268 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
    00:25:09.0824 4268 ksthunk - ok
    00:25:09.0935 4268 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
    00:25:10.0022 4268 KtmRm - ok
    00:25:11.0430 4268 L1C (045fb70bc993b691517ce309045ff02d) C:\windows\system32\DRIVERS\L1C62x64.sys
    00:25:11.0438 4268 L1C - ok
    00:25:11.0579 4268 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\System32\srvsvc.dll
    00:25:11.0662 4268 LanmanServer - ok
    00:25:11.0803 4268 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
    00:25:11.0886 4268 LanmanWorkstation - ok
    00:25:12.0814 4268 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
    00:25:12.0891 4268 lltdio - ok
    00:25:13.0019 4268 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
    00:25:13.0101 4268 lltdsvc - ok
    00:25:13.0182 4268 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
    00:25:13.0222 4268 lmhosts - ok
    00:25:13.0385 4268 LMS (98b16e756243bea9410e32025b19c06f) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    00:25:13.0416 4268 LMS - ok
    00:25:13.0583 4268 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
    00:25:13.0596 4268 LSI_FC - ok
    00:25:13.0719 4268 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
    00:25:13.0736 4268 LSI_SAS - ok
    00:25:13.0967 4268 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
    00:25:13.0983 4268 LSI_SAS2 - ok
    00:25:14.0279 4268 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
    00:25:14.0312 4268 LSI_SCSI - ok
    00:25:14.0404 4268 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
    00:25:14.0474 4268 luafv - ok
    00:25:14.0620 4268 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
    00:25:14.0637 4268 Mcx2Svc - ok
    00:25:14.0729 4268 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
    00:25:14.0746 4268 megasas - ok
    00:25:14.0870 4268 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
    00:25:14.0885 4268 MegaSR - ok
    00:25:14.0999 4268 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\windows\system32\DRIVERS\HECIx64.sys
    00:25:15.0010 4268 MEIx64 - ok
    00:25:15.0149 4268 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
    00:25:15.0233 4268 MMCSS - ok
    00:25:15.0394 4268 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
    00:25:15.0479 4268 Modem - ok
    00:25:15.0615 4268 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
    00:25:15.0655 4268 monitor - ok
    00:25:15.0861 4268 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
    00:25:15.0870 4268 mouclass - ok
    00:25:16.0179 4268 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\drivers\mouhid.sys
    00:25:16.0249 4268 mouhid - ok
    00:25:16.0340 4268 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
    00:25:16.0351 4268 mountmgr - ok
    00:25:16.0462 4268 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\windows\system32\DRIVERS\MpFilter.sys
    00:25:16.0477 4268 MpFilter - ok
    00:25:16.0537 4268 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
    00:25:16.0551 4268 mpio - ok
    00:25:16.0718 4268 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\windows\system32\DRIVERS\MpNWMon.sys
    00:25:16.0732 4268 MpNWMon - ok
    00:25:16.0863 4268 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
    00:25:16.0929 4268 mpsdrv - ok
    00:25:17.0139 4268 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
    00:25:17.0215 4268 MpsSvc - ok
    00:25:17.0514 4268 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
    00:25:17.0556 4268 MRxDAV - ok
    00:25:17.0721 4268 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
    00:25:17.0782 4268 mrxsmb - ok
    00:25:17.0938 4268 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
    00:25:17.0954 4268 mrxsmb10 - ok
    00:25:18.0072 4268 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
    00:25:18.0089 4268 mrxsmb20 - ok
    00:25:18.0205 4268 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\DRIVERS\msahci.sys
    00:25:18.0220 4268 msahci - ok
    00:25:18.0369 4268 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
    00:25:18.0401 4268 msdsm - ok
    00:25:18.0629 4268 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
    00:25:18.0675 4268 MSDTC - ok
    00:25:18.0838 4268 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
    00:25:18.0881 4268 Msfs - ok
    00:25:19.0007 4268 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
    00:25:19.0065 4268 mshidkmdf - ok
    00:25:19.0194 4268 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
    00:25:19.0204 4268 msisadrv - ok
    00:25:19.0327 4268 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
    00:25:19.0421 4268 MSiSCSI - ok
    00:25:19.0509 4268 msiserver - ok
    00:25:19.0908 4268 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
    00:25:19.0984 4268 MSKSSRV - ok
    00:25:20.0217 4268 MsMpSvc (157e9e498206a3366baa7e4697bdd947) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    00:25:20.0225 4268 MsMpSvc - ok
    00:25:20.0386 4268 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
    00:25:20.0492 4268 MSPCLOCK - ok
    00:25:20.0675 4268 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
    00:25:20.0749 4268 MSPQM - ok
    00:25:20.0916 4268 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
    00:25:20.0934 4268 MsRPC - ok
    00:25:21.0044 4268 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
    00:25:21.0058 4268 mssmbios - ok
    00:25:21.0189 4268 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
    00:25:21.0256 4268 MSTEE - ok
    00:25:21.0488 4268 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
    00:25:21.0502 4268 MTConfig - ok
    00:25:21.0589 4268 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
    00:25:21.0600 4268 Mup - ok
    00:25:21.0784 4268 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
    00:25:21.0889 4268 napagent - ok
    00:25:22.0031 4268 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
    00:25:22.0078 4268 NativeWifiP - ok
    00:25:22.0203 4268 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
    00:25:22.0252 4268 NDIS - ok
    00:25:22.0396 4268 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
    00:25:22.0482 4268 NdisCap - ok
    00:25:22.0646 4268 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
    00:25:22.0695 4268 NdisTapi - ok
    00:25:22.0914 4268 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
    00:25:22.0995 4268 Ndisuio - ok
    00:25:23.0307 4268 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
    00:25:23.0374 4268 NdisWan - ok
    00:25:23.0552 4268 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
    00:25:23.0585 4268 NDProxy - ok
    00:25:23.0808 4268 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
    00:25:23.0905 4268 NetBIOS - ok
    00:25:24.0034 4268 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
    00:25:24.0080 4268 NetBT - ok
    00:25:24.0184 4268 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
    00:25:24.0195 4268 Netlogon - ok
    00:25:24.0356 4268 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
    00:25:24.0423 4268 Netman - ok
    00:25:24.0524 4268 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
    00:25:24.0590 4268 netprofm - ok
    00:25:24.0710 4268 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    00:25:24.0720 4268 NetTcpPortSharing - ok
    00:25:24.0900 4268 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
    00:25:24.0920 4268 nfrd960 - ok
    00:25:25.0080 4268 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\windows\system32\DRIVERS\NisDrvWFP.sys
    00:25:25.0090 4268 NisDrv - ok
    00:25:25.0180 4268 NisSrv (566ddd5d82520da01d75f81428ac4c38) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
    00:25:25.0190 4268 NisSrv - ok
    00:25:25.0400 4268 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
    00:25:25.0460 4268 NlaSvc - ok
    00:25:25.0550 4268 Norton PC Checkup Application Launcher - ok
    00:25:25.0740 4268 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
    00:25:25.0820 4268 Npfs - ok
    00:25:26.0020 4268 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
    00:25:26.0080 4268 nsi - ok
    00:25:26.0300 4268 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
    00:25:26.0370 4268 nsiproxy - ok
    00:25:26.0600 4268 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
    00:25:26.0740 4268 Ntfs - ok
    00:25:26.0870 4268 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
    00:25:26.0940 4268 Null - ok
    00:25:27.0080 4268 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
    00:25:27.0110 4268 nvraid - ok
    00:25:27.0220 4268 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
    00:25:27.0240 4268 nvstor - ok
    00:25:27.0250 4268 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
    00:25:27.0260 4268 nv_agp - ok
    00:25:27.0270 4268 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
    00:25:27.0290 4268 ohci1394 - ok
    00:25:27.0380 4268 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    00:25:27.0400 4268 ose - ok
    00:25:27.0760 4268 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    00:25:28.0040 4268 osppsvc - ok
    00:25:28.0230 4268 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
    00:25:28.0300 4268 p2pimsvc - ok
    00:25:28.0460 4268 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
    00:25:28.0510 4268 p2psvc - ok
    00:25:28.0630 4268 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
    00:25:28.0680 4268 Parport - ok
    00:25:28.0830 4268 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys
    00:25:28.0860 4268 partmgr - ok
    00:25:28.0950 4268 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
    00:25:29.0020 4268 PcaSvc - ok
    00:25:29.0170 4268 PCCUJobMgr (2f86be1818c2d7ac90478e3323ee7fcb) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
    00:25:29.0200 4268 PCCUJobMgr - ok
    00:25:29.0400 4268 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
    00:25:29.0420 4268 pci - ok
    00:25:29.0490 4268 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
    00:25:29.0510 4268 pciide - ok
    00:25:29.0660 4268 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
    00:25:29.0710 4268 pcmcia - ok
    00:25:29.0930 4268 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
    00:25:29.0960 4268 pcw - ok
    00:25:30.0190 4268 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
    00:25:30.0340 4268 PEAUTH - ok
    00:25:30.0460 4268 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
    00:25:30.0520 4268 PerfHost - ok
    00:25:30.0670 4268 PGEffect (91111cebbde8015e822c46120ed9537c) C:\windows\system32\DRIVERS\pgeffect.sys
    00:25:30.0700 4268 PGEffect - ok
    00:25:30.0920 4268 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
    00:25:31.0080 4268 pla - ok
    00:25:31.0230 4268 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
    00:25:31.0310 4268 PlugPlay - ok
    00:25:31.0480 4268 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
    00:25:31.0520 4268 PNRPAutoReg - ok
    00:25:31.0720 4268 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
    00:25:31.0750 4268 PNRPsvc - ok
    00:25:31.0960 4268 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
    00:25:33.0120 4268 PolicyAgent - ok
    00:25:33.0220 4268 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
    00:25:33.0310 4268 Power - ok
    00:25:33.0450 4268 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
    00:25:33.0520 4268 PptpMiniport - ok
    00:25:33.0650 4268 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
    00:25:33.0700 4268 Processor - ok
    00:25:33.0890 4268 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\windows\system32\profsvc.dll
    00:25:34.0000 4268 ProfSvc - ok
    00:25:34.0130 4268 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
    00:25:34.0160 4268 ProtectedStorage - ok
    00:25:34.0310 4268 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
    00:25:34.0450 4268 Psched - ok
    00:25:34.0770 4268 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
    00:25:34.0850 4268 ql2300 - ok
    00:25:35.0040 4268 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
    00:25:35.0050 4268 ql40xx - ok
    00:25:35.0260 4268 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
    00:25:35.0320 4268 QWAVE - ok
    00:25:35.0460 4268 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
    00:25:35.0540 4268 QWAVEdrv - ok
    00:25:35.0720 4268 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
    00:25:35.0820 4268 RasAcd - ok
    00:25:35.0990 4268 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
    00:25:36.0080 4268 RasAgileVpn - ok
    00:25:36.0260 4268 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
    00:25:36.0390 4268 RasAuto - ok
    00:25:36.0580 4268 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
    00:25:36.0670 4268 Rasl2tp - ok
    00:25:36.0830 4268 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
    00:25:36.0940 4268 RasMan - ok
    00:25:37.0080 4268 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
    00:25:37.0150 4268 RasPppoe - ok
    00:25:37.0390 4268 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
    00:25:37.0490 4268 RasSstp - ok
    00:25:37.0620 4268 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
    00:25:37.0720 4268 rdbss - ok
    00:25:37.0840 4268 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
    00:25:37.0890 4268 rdpbus - ok
    00:25:38.0020 4268 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
    00:25:38.0120 4268 RDPCDD - ok
    00:25:38.0300 4268 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
    00:25:38.0420 4268 RDPENCDD - ok
    00:25:38.0700 4268 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
    00:25:38.0770 4268 RDPREFMP - ok
    00:25:38.0900 4268 RDPWD (6d76e6433574b058adcb0c50df834492) C:\windows\system32\drivers\RDPWD.sys
    00:25:38.0950 4268 RDPWD - ok
    00:25:39.0110 4268 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
    00:25:39.0150 4268 rdyboost - ok
    00:25:39.0310 4268 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
    00:25:39.0430 4268 RemoteAccess - ok
    00:25:39.0530 4268 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
    00:25:39.0640 4268 RemoteRegistry - ok
    00:25:39.0750 4268 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
    00:25:39.0850 4268 RpcEptMapper - ok
    00:25:39.0960 4268 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
    00:25:39.0990 4268 RpcLocator - ok
    00:25:40.0130 4268 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
    00:25:40.0200 4268 RpcSs - ok
    00:25:40.0340 4268 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
    00:25:40.0430 4268 rspndr - ok
    00:25:40.0580 4268 RSUSBSTOR (0e3dcf76f11dc431b088a2dfd7265cda) C:\windows\system32\Drivers\RtsUStor.sys
    00:25:40.0630 4268 RSUSBSTOR - ok
    00:25:40.0770 4268 RTL8192Ce (64fdf4fe366ca42da2b7d9d424b6e39b) C:\windows\system32\DRIVERS\rtl8192Ce.sys
    00:25:40.0820 4268 RTL8192Ce - ok
    00:25:40.0950 4268 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
    00:25:40.0980 4268 SamSs - ok
    00:25:41.0100 4268 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
    00:25:41.0120 4268 sbp2port - ok
    00:25:41.0440 4268 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    00:25:41.0490 4268 SBSDWSCService - ok
    00:25:41.0630 4268 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
    00:25:41.0680 4268 SCardSvr - ok
    00:25:41.0730 4268 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
    00:25:41.0790 4268 scfilter - ok
    00:25:41.0960 4268 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
    00:25:42.0120 4268 Schedule - ok
    00:25:42.0290 4268 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
    00:25:42.0360 4268 SCPolicySvc - ok
    00:25:42.0540 4268 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
    00:25:42.0580 4268 SDRSVC - ok
    00:25:42.0840 4268 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
    00:25:42.0920 4268 secdrv - ok
    00:25:43.0110 4268 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
    00:25:43.0170 4268 seclogon - ok
    00:25:43.0300 4268 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\system32\sens.dll
    00:25:43.0390 4268 SENS - ok
    00:25:43.0490 4268 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
    00:25:43.0540 4268 SensrSvc - ok
    00:25:43.0700 4268 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
    00:25:43.0750 4268 Serenum - ok
    00:25:43.0960 4268 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
    00:25:44.0010 4268 Serial - ok
    00:25:44.0130 4268 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
    00:25:44.0180 4268 sermouse - ok
    00:25:44.0310 4268 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
    00:25:44.0370 4268 SessionEnv - ok
    00:25:44.0500 4268 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
    00:25:44.0520 4268 sffdisk - ok
    00:25:44.0650 4268 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
    00:25:44.0690 4268 sffp_mmc - ok
    00:25:44.0820 4268 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
    00:25:44.0860 4268 sffp_sd - ok
    00:25:45.0050 4268 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
    00:25:45.0100 4268 sfloppy - ok
    00:25:45.0300 4268 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\windows\system32\DRIVERS\Sftfslh.sys
    00:25:45.0330 4268 Sftfs - ok
    00:25:45.0440 4268 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    00:25:45.0470 4268 sftlist - ok
    00:25:45.0610 4268 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\windows\system32\DRIVERS\Sftplaylh.sys
    00:25:45.0630 4268 Sftplay - ok
    00:25:45.0810 4268 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\windows\system32\DRIVERS\Sftredirlh.sys
    00:25:45.0820 4268 Sftredir - ok
    00:25:45.0950 4268 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\windows\system32\DRIVERS\Sftvollh.sys
    00:25:45.0960 4268 Sftvol - ok
    00:25:46.0050 4268 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    00:25:46.0060 4268 sftvsa - ok
    00:25:46.0340 4268 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
    00:25:46.0380 4268 SharedAccess - ok
    00:25:46.0520 4268 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
    00:25:46.0600 4268 ShellHWDetection - ok
    00:25:46.0740 4268 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
    00:25:46.0750 4268 SiSRaid2 - ok
    00:25:46.0860 4268 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
    00:25:46.0870 4268 SiSRaid4 - ok
    00:25:46.0950 4268 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
    00:25:47.0040 4268 Smb - ok
    00:25:47.0170 4268 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
    00:25:47.0210 4268 SNMPTRAP - ok
    00:25:47.0330 4268 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
    00:25:47.0350 4268 spldr - ok
    00:25:47.0390 4268 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
    00:25:47.0440 4268 Spooler - ok
    00:25:47.0650 4268 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
    00:25:47.0780 4268 sppsvc - ok
    00:25:47.0930 4268 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
    00:25:47.0970 4268 sppuinotify - ok
    00:25:48.0080 4268 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
    00:25:48.0140 4268 srv - ok
    00:25:48.0270 4268 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
    00:25:48.0310 4268 srv2 - ok
    00:25:48.0540 4268 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
    00:25:48.0550 4268 srvnet - ok
    00:25:48.0670 4268 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
    00:25:48.0740 4268 SSDPSRV - ok
    00:25:48.0830 4268 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
    00:25:48.0860 4268 SstpSvc - ok
    00:25:49.0050 4268 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
    00:25:49.0060 4268 stexstor - ok
    00:25:49.0190 4268 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
    00:25:49.0240 4268 stisvc - ok
    00:25:49.0350 4268 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
    00:25:49.0380 4268 swenum - ok
    00:25:49.0510 4268 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
    00:25:49.0610 4268 swprv - ok
    00:25:49.0770 4268 SynTP (470c47daba9ca3966f0ab3f835d7d135) C:\windows\system32\DRIVERS\SynTP.sys
    00:25:49.0800 4268 SynTP - ok
    00:25:49.0990 4268 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
    00:25:50.0070 4268 SysMain - ok
    00:25:50.0250 4268 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
    00:25:50.0350 4268 TabletInputService - ok
    00:25:50.0500 4268 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
    00:25:50.0550 4268 TapiSrv - ok
    00:25:50.0730 4268 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
    00:25:50.0790 4268 TBS - ok
    00:25:51.0050 4268 Tcpip (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys
    00:25:51.0110 4268 Tcpip - ok
    00:25:51.0340 4268 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys
    00:25:51.0390 4268 TCPIP6 - ok
    00:25:51.0560 4268 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
    00:25:51.0620 4268 tcpipreg - ok
    00:25:51.0750 4268 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
    00:25:51.0760 4268 tdcmdpst - ok
    00:25:51.0910 4268 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
    00:25:51.0940 4268 TDPIPE - ok
    00:25:52.0030 4268 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
    00:25:52.0100 4268 TDTCP - ok
    00:25:52.0220 4268 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
    00:25:52.0270 4268 tdx - ok
    00:25:52.0450 4268 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys
    00:25:52.0460 4268 TermDD - ok
    00:25:52.0640 4268 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
    00:25:52.0730 4268 TermService - ok
    00:25:52.0970 4268 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
    00:25:52.0990 4268 Themes - ok
    00:25:53.0080 4268 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
    00:25:53.0120 4268 THREADORDER - ok
    00:25:53.0260 4268 TMachInfo (71c321649b28638ee80a2eeb164c1dc8) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    00:25:53.0280 4268 TMachInfo - ok
    00:25:53.0390 4268 TODDSrv (8e2c799d3476eac32c3ba0df7ce6af19) C:\windows\system32\TODDSrv.exe
    00:25:53.0400 4268 TODDSrv - ok
    00:25:53.0580 4268 TosCoSrv (1c73689b900428c7d054a41c4687f55c) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    00:25:53.0590 4268 TosCoSrv - ok
    00:25:53.0760 4268 TOSHIBA HDD SSD Alert Service (29d0886cf250fcef1bf9e65ab8d2c0c8) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    00:25:53.0760 4268 TOSHIBA HDD SSD Alert Service - ok
    00:25:53.0970 4268 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys
    00:25:54.0000 4268 tos_sps64 - ok
    00:25:54.0158 4268 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
    00:25:54.0241 4268 TrkWks - ok
    00:25:54.0315 4268 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
    00:25:54.0381 4268 TrustedInstaller - ok
    00:25:54.0544 4268 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
    00:25:54.0617 4268 tssecsrv - ok
    00:25:55.0315 4268 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
    00:25:55.0326 4268 TsUsbFlt - ok
    00:25:55.0448 4268 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
    00:25:55.0526 4268 TsUsbGD - ok
    00:25:55.0736 4268 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
    00:25:55.0806 4268 tunnel - ok
    00:25:56.0008 4268 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
    00:25:56.0017 4268 TVALZ - ok
    00:25:56.0153 4268 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
    00:25:56.0163 4268 uagp35 - ok
    00:25:56.0364 4268 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
    00:25:56.0443 4268 udfs - ok
    00:25:56.0635 4268 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
    00:25:56.0648 4268 UI0Detect - ok
    00:25:56.0764 4268 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
    00:25:56.0773 4268 uliagpkx - ok
    00:25:56.0926 4268 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
    00:25:56.0975 4268 umbus - ok
    00:25:57.0121 4268 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
    00:25:57.0177 4268 UmPass - ok
    00:25:57.0617 4268 UNS (7a78ed1088890114dfde2c4ab038d6b6) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    00:25:57.0697 4268 UNS - ok
    00:25:57.0807 4268 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
    00:25:57.0903 4268 upnphost - ok
    00:25:58.0172 4268 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
    00:25:58.0196 4268 usbccgp - ok
    00:25:58.0360 4268 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
    00:25:58.0380 4268 usbcir - ok
    00:25:58.0494 4268 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
    00:25:58.0602 4268 usbehci - ok
    00:25:58.0755 4268 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
    00:25:58.0773 4268 usbhub - ok
    00:25:58.0867 4268 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
    00:25:58.0905 4268 usbohci - ok
    00:25:59.0008 4268 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\drivers\usbprint.sys
    00:25:59.0064 4268 usbprint - ok
    00:25:59.0210 4268 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
    00:25:59.0269 4268 USBSTOR - ok
    00:25:59.0380 4268 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
    00:25:59.0418 4268 usbuhci - ok
    00:25:59.0518 4268 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
    00:25:59.0539 4268 usbvideo - ok
    00:25:59.0609 4268 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
    00:25:59.0670 4268 UxSms - ok
    00:25:59.0699 4268 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
    00:25:59.0711 4268 VaultSvc - ok
    00:25:59.0818 4268 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
    00:25:59.0828 4268 vdrvroot - ok
    00:25:59.0950 4268 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
    00:26:00.0022 4268 vds - ok
    00:26:00.0265 4268 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
    00:26:00.0281 4268 vga - ok
    00:26:00.0418 4268 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
    00:26:00.0483 4268 VgaSave - ok
    00:26:00.0729 4268 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
    00:26:00.0744 4268 vhdmp - ok
    00:26:00.0895 4268 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
    00:26:00.0923 4268 viaide - ok
    00:26:01.0143 4268 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
    00:26:01.0158 4268 volmgr - ok
    00:26:01.0305 4268 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
    00:26:01.0338 4268 volmgrx - ok
    00:26:01.0446 4268 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\windows\system32\drivers\volsnap.sys
    00:26:01.0462 4268 volsnap - ok
    00:26:01.0645 4268 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
    00:26:01.0657 4268 vsmraid - ok
    00:26:01.0810 4268 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
    00:26:01.0952 4268 VSS - ok
    00:26:02.0090 4268 vToolbarUpdater10.2.0 (3080f1f093869a19fb3d1f0226c73809) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
    00:26:02.0122 4268 vToolbarUpdater10.2.0 - ok
    00:26:02.0233 4268 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
    00:26:02.0269 4268 vwifibus - ok
    00:26:02.0412 4268 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
    00:26:02.0452 4268 vwififlt - ok
    00:26:02.0644 4268 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
    00:26:02.0684 4268 W32Time - ok
    00:26:02.0847 4268 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
    00:26:02.0885 4268 WacomPen - ok
    00:26:03.0035 4268 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
    00:26:03.0102 4268 WANARP - ok
    00:26:03.0137 4268 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
    00:26:03.0175 4268 Wanarpv6 - ok
    00:26:03.0340 4268 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
    00:26:03.0383 4268 WatAdminSvc - ok
    00:26:03.0521 4268 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
    00:26:03.0581 4268 wbengine - ok
    00:26:03.0683 4268 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
    00:26:03.0706 4268 WbioSrvc - ok
    00:26:03.0855 4268 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
    00:26:03.0908 4268 wcncsvc - ok
    00:26:04.0000 4268 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
    00:26:04.0016 4268 WcsPlugInService - ok
    00:26:04.0069 4268 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
    00:26:04.0082 4268 Wd - ok
    00:26:04.0338 4268 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
    00:26:04.0373 4268 Wdf01000 - ok
    00:26:04.0453 4268 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
    00:26:04.0495 4268 WdiServiceHost - ok
    00:26:04.0498 4268 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
    00:26:04.0516 4268 WdiSystemHost - ok
    00:26:04.0637 4268 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
    00:26:04.0671 4268 WebClient - ok
    00:26:04.0834 4268 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
    00:26:04.0904 4268 Wecsvc - ok
    00:26:05.0043 4268 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
    00:26:05.0094 4268 wercplsupport - ok
    00:26:05.0267 4268 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
    00:26:05.0336 4268 WerSvc - ok
    00:26:05.0479 4268 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
    00:26:05.0565 4268 WfpLwf - ok
    00:26:05.0705 4268 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
    00:26:05.0720 4268 WIMMount - ok
    00:26:05.0769 4268 WinDefend - ok
    00:26:05.0780 4268 WinHttpAutoProxySvc - ok
    00:26:05.0907 4268 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
    00:26:05.0962 4268 Winmgmt - ok
    00:26:06.0795 4268 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
    00:26:06.0903 4268 WinRM - ok
    00:26:07.0200 4268 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
    00:26:07.0293 4268 Wlansvc - ok
    00:26:07.0422 4268 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
    00:26:07.0432 4268 wlcrasvc - ok
    00:26:07.0938 4268 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    00:26:07.0983 4268 wlidsvc - ok
    00:26:08.0129 4268 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
    00:26:08.0186 4268 WmiAcpi - ok
    00:26:08.0437 4268 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
    00:26:08.0526 4268 wmiApSrv - ok
    00:26:08.0608 4268 WMPNetworkSvc - ok
    00:26:08.0826 4268 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
    00:26:08.0908 4268 WPCSvc - ok
    00:26:09.0004 4268 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
    00:26:09.0044 4268 WPDBusEnum - ok
    00:26:09.0114 4268 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
    00:26:09.0160 4268 ws2ifsl - ok
    00:26:09.0264 4268 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\system32\wscsvc.dll
    00:26:09.0349 4268 wscsvc - ok
    00:26:09.0357 4268 WSearch - ok
    00:26:09.0494 4268 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\windows\system32\wuaueng.dll
    00:26:09.0682 4268 wuauserv - ok
    00:26:09.0839 4268 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
    00:26:09.0951 4268 WudfPf - ok
    00:26:10.0096 4268 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
    00:26:10.0161 4268 WUDFRd - ok
    00:26:10.0275 4268 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
    00:26:10.0323 4268 wudfsvc - ok
    00:26:10.0425 4268 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
    00:26:10.0517 4268 WwanSvc - ok
    00:26:10.0576 4268 MBR (0x1B8) (849e52748aab5959bc8000cb4974bc13) \Device\Harddisk0\DR0
    00:26:10.0700 4268 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
    00:26:10.0700 4268 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
    00:26:10.0723 4268 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
    00:26:10.0723 4268 \Device\Harddisk0\DR0 - detected TDSS File System (1)
    00:26:10.0745 4268 Boot (0x1200) (f35360472a297c6edd472b5a8fe5d58b) \Device\Harddisk0\DR0\Partition0
    00:26:10.0745 4268 \Device\Harddisk0\DR0\Partition0 - ok
    00:26:10.0746 4268 ============================================================
    00:26:10.0746 4268 Scan finished
    00:26:10.0746 4268 ==========================================================

  6. #6
    Junior Member
    Join Date
    Mar 2012
    Posts
    12

    Default

    ==
    00:26:10.0757 5088 Detected object count: 2
    00:26:10.0757 5088 Actual detected object count: 2
    00:26:38.0272 5088 \Device\Harddisk0\DR0\# - copied to quarantine
    00:26:38.0273 5088 \Device\Harddisk0\DR0 - copied to quarantine
    00:26:38.0305 5088 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
    00:26:38.0306 5088 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
    00:26:38.0309 5088 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
    00:26:38.0313 5088 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
    00:26:38.0324 5088 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
    00:26:38.0330 5088 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
    00:26:38.0332 5088 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
    00:26:38.0333 5088 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
    00:26:38.0334 5088 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
    00:26:38.0337 5088 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
    00:26:38.0340 5088 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
    00:26:38.0342 5088 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
    00:26:38.0383 5088 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
    00:26:38.0385 5088 \Device\Harddisk0\DR0 - ok
    00:26:38.0607 5088 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
    00:26:38.0608 5088 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
    00:26:38.0608 5088 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
    00:26:46.0159 1748 Deinitialize success

  7. #7
    Security Expert oldman960's Avatar
    Join Date
    Sep 2010
    Posts
    631

    Default

    Hi spaceycayce,


    How's the computer?

    Please delete the copy of combofix you currently have and download a new one from one of these locations:

    Link 1
    Link 2


    Save it to your desktop.

    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs
    • Right click on ComboFix.exe, click Run as Administrator & follow the prompts.


    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

    Notes:

    1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

    Please post back with the combofix log.
    Member of UNITE and ASAP
    Threads will be closed if no response after 5 days.

  8. #8
    Junior Member
    Join Date
    Mar 2012
    Posts
    12

    Default

    ComboFix 12-03-29.02 - owner 03/29/2012 11:18:06.3.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4044.2589 [GMT -7:00]
    Running from: c:\users\owner\Downloads\ComboFix.exe
    AV: AVG Anti-Virus 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: AVG Anti-Virus 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\svchost.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-29 )))))))))))))))))))))))))))))))
    .
    .
    2012-03-29 18:22 . 2012-03-29 18:22 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-03-29 07:26 . 2012-03-29 07:26 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-03-16 21:26 . 2012-03-16 21:26 -------- d-----w- c:\program files\7-Zip
    2012-03-16 16:09 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{06D6E3DE-7A61-4EB6-A6A7-92E5627CE843}\mpengine.dll
    2012-03-15 18:51 . 2012-03-15 19:30 -------- d-----w- c:\program files\CCleaner
    2012-03-15 18:45 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
    2012-03-15 18:45 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
    2012-03-15 18:45 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
    2012-03-15 18:45 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
    2012-03-15 18:45 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-03-15 18:45 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
    2012-03-15 18:45 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-03-15 18:45 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-03-15 18:45 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
    2012-03-15 18:44 . 2012-03-16 16:33 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2012-03-15 18:44 . 2012-03-15 18:47 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
    2012-03-15 18:35 . 2011-08-02 21:33 525792 ----a-w- c:\windows\DIFxAPI.dll
    2012-03-15 18:35 . 2011-08-02 21:33 232464 ----a-w- c:\windows\TmNSCIns.dll
    2012-03-13 22:07 . 2012-03-13 22:15 -------- d-----w- c:\users\owner\AppData\Local\Kjs.AppLife.Update
    2012-03-13 21:52 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
    2012-03-12 01:42 . 2012-03-12 01:42 -------- d-----w- C:\$AVG
    2012-03-12 01:07 . 2012-03-12 01:07 -------- d-----w- c:\users\owner\AppData\Roaming\AVG2012
    2012-03-12 01:06 . 2012-03-26 17:04 -------- d-----w- c:\programdata\AVG Secure Search
    2012-03-12 01:06 . 2012-03-15 17:55 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
    2012-03-12 01:06 . 2012-03-26 17:04 -------- d-----w- c:\program files (x86)\AVG Secure Search
    2012-03-12 01:06 . 2012-03-12 01:06 -------- d--h--w- c:\programdata\Common Files
    2012-03-12 01:06 . 2012-03-12 01:06 -------- d-----w- c:\windows\SysWow64\drivers\AVG
    2012-03-12 01:05 . 2012-03-16 18:05 -------- d-----w- c:\windows\system32\drivers\AVG
    2012-03-12 01:05 . 2012-03-12 01:18 -------- d-----w- c:\programdata\AVG2012
    2012-03-12 01:05 . 2012-03-12 01:05 -------- d-----w- c:\program files (x86)\AVG
    2012-03-12 00:55 . 2012-03-16 16:02 -------- d-----w- c:\programdata\MFAData
    2012-03-11 07:23 . 2012-03-11 07:23 -------- d-----w- c:\users\owner\AppData\Roaming\Malwarebytes
    2012-03-03 19:14 . 2010-12-07 22:23 34304 ----a-w- c:\windows\system32\drivers\lgandmodem64.sys
    2012-03-03 19:14 . 2010-12-07 22:23 27136 ----a-w- c:\windows\system32\drivers\lgandgps64.sys
    2012-03-03 19:14 . 2010-12-07 22:23 27648 ----a-w- c:\windows\system32\drivers\lganddiag64.sys
    2012-03-03 19:14 . 2010-12-07 22:22 19456 ----a-w- c:\windows\system32\drivers\lgandbus64.sys
    2012-03-03 19:14 . 2012-03-03 19:14 -------- d-----w- c:\program files (x86)\LG Electronics
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-02-11 20:17 . 2012-02-11 20:17 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C32BDBBE-FC19-4DE2-B182-E820F523E92B}\gapaengine.dll
    2012-02-08 07:13 . 2012-02-07 05:49 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-02-06 14:14 . 2011-10-31 02:34 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-02-06 05:26 . 2012-02-11 20:17 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
    2012-01-31 12:44 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
    2012-01-07 23:27 . 2011-03-29 01:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2012-01-04 10:44 . 2012-02-15 05:50 509952 ----a-w- c:\windows\system32\ntshrui.dll
    2012-01-04 08:58 . 2012-02-15 05:50 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-03-28_16.57.29 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2012-03-29 18:13 . 2012-03-29 07:27 32768 c:\windows\temp\Temporary Internet Files\Content.IE5\index.dat
    + 2012-03-29 18:13 . 2012-03-29 07:27 16384 c:\windows\temp\History\History.IE5\index.dat
    + 2012-03-29 18:13 . 2012-03-29 07:27 16384 c:\windows\temp\Cookies\index.dat
    + 2012-03-29 07:21 . 2012-03-29 07:18 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012032920120330\index.dat
    + 2012-03-28 16:39 . 2012-03-28 20:29 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012032820120329\index.dat
    - 2012-03-09 23:35 . 2012-03-28 16:35 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
    + 2012-03-09 23:35 . 2012-03-29 07:18 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
    + 2012-01-22 07:20 . 2012-03-29 18:13 96966 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
    + 2012-01-07 20:55 . 2012-03-29 03:08 74096 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
    + 2010-11-21 03:09 . 2012-03-29 07:29 43988 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2012-03-29 07:29 48990 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2012-03-29 08:16 . 2012-03-29 03:08 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
    + 2012-03-16 16:09 . 2012-03-28 18:45 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2012-03-16 16:09 . 2012-03-16 16:43 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2012-03-16 16:09 . 2012-03-28 18:45 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2012-03-16 16:09 . 2012-03-16 16:43 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2012-03-16 16:43 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2012-03-28 18:45 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2012-03-09 23:30 . 2012-03-28 16:56 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2012-03-09 23:30 . 2012-03-16 22:04 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2012-03-09 23:30 . 2012-03-16 22:04 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2012-03-09 23:30 . 2012-03-28 16:56 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2012-03-09 23:30 . 2012-03-16 22:04 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2012-03-09 23:30 . 2012-03-28 16:56 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2012-03-28 17:28 . 2012-03-28 17:28 10240 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml.Serializ#\f137c53afae3903f20eba1fa0f8f8dad\System.Xml.Serialization.ni.dll
    + 2012-03-28 17:28 . 2012-03-28 17:28 43520 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Pres#\ef151d5b49d8b0d0052d05fc56d25107\System.Windows.Presentation.ni.dll
    + 2012-03-28 17:27 . 2012-03-28 17:27 86016 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Applicat#\c5b08a1a9a7a97922af50f30b5e32268\System.Web.ApplicationServices.ni.dll
    + 2012-03-28 17:24 . 2012-03-28 17:24 97792 c:\windows\assembly\NativeImages_v4.0.30319_64\System.AddIn.Contra#\5b53a87f7799ee5454e4fb8faece3a82\System.AddIn.Contract.ni.dll
    + 2012-03-28 17:20 . 2012-03-28 17:20 14336 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualC\a4e98103e5d36bf22ef19c64442543f2\Microsoft.VisualC.ni.dll
    + 2012-03-28 17:18 . 2012-03-28 17:18 10752 c:\windows\assembly\NativeImages_v4.0.30319_64\dfsvc\cbd21f19057f07ec2cb55b2bef91f344\dfsvc.ni.exe
    + 2012-03-28 17:18 . 2012-03-28 17:18 58368 c:\windows\assembly\NativeImages_v4.0.30319_64\Accessibility\52890eb2a4f8d822bff7e9cddc713fb5\Accessibility.ni.dll
    + 2012-01-07 20:33 . 2012-03-29 07:29 6322 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2547257186-3653365119-3982157553-1000_UserData.bin
    + 2012-03-29 18:23 . 2012-03-29 18:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2012-03-28 16:56 . 2012-03-28 16:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2012-03-28 16:56 . 2012-03-28 16:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2012-03-29 18:23 . 2012-03-29 18:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2012-03-09 23:31 . 2012-03-29 07:18 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    - 2012-03-09 23:31 . 2012-03-28 16:35 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    - 2009-07-14 04:54 . 2012-03-28 16:57 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:54 . 2012-03-29 07:27 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-07-14 02:36 . 2012-03-28 16:41 638134 c:\windows\system32\perfh009.dat
    + 2009-07-14 02:36 . 2012-03-29 18:17 638134 c:\windows\system32\perfh009.dat
    + 2009-07-14 02:36 . 2012-03-29 18:17 111460 c:\windows\system32\perfc009.dat
    - 2009-07-14 02:36 . 2012-03-28 16:41 111460 c:\windows\system32\perfc009.dat
    + 2012-03-16 18:06 . 2012-03-29 18:22 228720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2012-03-16 18:06 . 2012-03-28 16:56 228720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2012-03-16 18:06 . 2012-03-29 07:26 229488 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
    - 2012-03-16 18:06 . 2012-03-28 16:56 229488 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
    + 2012-03-28 17:28 . 2012-03-28 17:28 336896 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsFormsIntegra#\d05858dd730eef93a5e4a3cc88dd4ec3\WindowsFormsIntegration.ni.dll
    + 2012-03-28 17:23 . 2012-03-28 17:23 231424 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationTypes\b2a2a1fb4e1313088250b334b3af2a15\UIAutomationTypes.ni.dll
    + 2012-03-28 17:23 . 2012-03-28 17:23 122368 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationProvider\89414bab411eb27c7c181df81b4d36a5\UIAutomationProvider.ni.dll
    + 2012-03-28 17:28 . 2012-03-28 17:28 645120 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationClient\cd55f47d44c3695862bc047b8e86fcd3\UIAutomationClient.ni.dll
    + 2012-03-28 17:22 . 2012-03-28 17:22 528896 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml.Linq\910d557d55f4fc7bb51ace0546bd3c50\System.Xml.Linq.ni.dll
    + 2012-03-28 17:23 . 2012-03-28 17:23 256000 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Inpu#\dcb9e1eaa1491094f79c3288b8c78830\System.Windows.Input.Manipulations.ni.dll
    + 2012-03-28 17:22 . 2012-03-28 17:22 903168 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Transactions\922f3f17f5112441e77f9d3d56d5b753\System.Transactions.ni.dll
    + 2012-03-28 17:27 . 2012-03-28 17:27 281088 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceProce#\73874670b92afbde73b23e8a1200eede\System.ServiceProcess.ni.dll
    + 2012-03-28 17:27 . 2012-03-28 17:27 517120 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\909c8d76773648809478644ac50a21eb\System.ServiceModel.Routing.ni.dll
    + 2012-03-28 17:27 . 2012-03-28 17:27 108032 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\26db69101f5bcf148fd962f00c0e78dd\System.ServiceModel.Channels.ni.dll
    + 2012-03-28 17:19 . 2012-03-28 17:19 946688 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Security\878946615037b9d5f09916c598420dc1\System.Security.ni.dll
    + 2012-03-28 17:23 . 2012-03-28 17:23 376832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\73cc698ccc98e37f53cdbff3687a921c\System.Runtime.Serialization.Formatters.Soap.ni.dll
    + 2012-03-28 17:23 . 2012-03-28 17:23 987648 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Remo#\b73b4f0282ef46505b3e59702ded433b\System.Runtime.Remoting.ni.dll
    + 2012-03-28 17:19 . 2012-03-28 17:19 176640 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Numerics\8064e773b9addf027658899e27e94c7b\System.Numerics.ni.dll
    + 2012-03-28 17:26 . 2012-03-28 17:26 933376 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Net\a46d5472536da900435885b28a19eda8\System.Net.ni.dll
    + 2012-03-28 17:26 . 2012-03-28 17:26 781824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Messaging\ae0089b9135614de304ebe288fa6fca8\System.Messaging.ni.dll
    + 2012-03-28 17:26 . 2012-03-28 17:26 521728 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Management.I#\3ad050d3f47352421e05b7707ddd3524\System.Management.Instrumentation.ni.dll
    + 2012-03-28 17:26 . 2012-03-28 17:26 531456 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IO.Log\87efa405cd384d2c47380467fcd7ea86\System.IO.Log.ni.dll
    + 2012-03-28 17:26 . 2012-03-28 17:26 290816 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IdentityMode#\50ccc897ad714e66f750ca1e51e0ffde\System.IdentityModel.Selectors.ni.dll
    + 2012-03-28 17:22 . 2012-03-28 17:22 348672 c:\windows\assembly\NativeImages_v4.0.30319_64\System.EnterpriseSe#\7b06b84cb3b99a3ab22adb2a3f6376e6\System.EnterpriseServices.Wrapper.dll
    + 2012-03-28 17:19 . 2012-03-28 17:19 512000 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Dynamic\cbc3e5d028dd347a294096f068a053d4\System.Dynamic.ni.dll
    + 2012-03-28 17:26 . 2012-03-28 17:26 632832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\1ae0a8a9eb92ccaf900f5911740b2c3c\System.DirectoryServices.Protocols.ni.dll
    + 2012-03-28 17:26 . 2012-03-28 17:26 141824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Device\9edded64312f5cbae54a093eca246aaa\System.Device.ni.dll
    + 2012-03-28 17:24 . 2012-03-28 17:24 176128 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.DataSet#\db296a100034c7dee5f80219f0542df7\System.Data.DataSetExtensions.ni.dll
    + 2012-03-28 17:24 . 2012-03-28 17:24 181760 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Configuratio#\0f771cbf8b32ae1618f4cd4266337b3c\System.Configuration.Install.ni.dll
    + 2012-03-28 17:24 . 2012-03-28 17:24 255488 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ComponentMod#\501ad39b1ef6f43e8dc92a4efa7c35ea\System.ComponentModel.DataAnnotations.ni.dll
    + 2012-03-28 17:24 . 2012-03-28 17:24 865792 c:\windows\assembly\NativeImages_v4.0.30319_64\System.AddIn\f8c6e4854178bb4d928c8aec1c04648d\System.AddIn.ni.dll
    + 2012-03-28 17:24 . 2012-03-28 17:24 560640 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.D#\3503e3c2a87db97b720c0ed8a5d59f61\System.Activities.DurableInstancing.ni.dll
    + 2012-03-28 17:19 . 2012-03-28 17:19 432128 c:\windows\assembly\NativeImages_v4.0.30319_64\SMSvcHost\30cf4fc2c247cf490879f5436c63017c\SMSvcHost.ni.exe
    + 2012-03-28 17:22 . 2012-03-28 17:22 185344 c:\windows\assembly\NativeImages_v4.0.30319_64\SMDiagnostics\b4f75962376771b6b6d39279d780abba\SMDiagnostics.ni.dll
    + 2012-03-28 17:22 . 2012-03-28 17:22 428032 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\eaca48940ac6976d39d5de4d5b42fed6\PresentationFramework.Royale.ni.dll
    + 2012-03-28 17:22 . 2012-03-28 17:22 802304 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\bdb41ce9ab6d561ddb8107255daaee30\PresentationFramework.Luna.ni.dll
    + 2012-03-28 17:22 . 2012-03-28 17:22 622592 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\78310f7eef84b5f9ca4bf32798bd77f9\PresentationFramework.Aero.ni.dll
    + 2012-03-28 17:22 . 2012-03-28 17:22 349184 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\64b86aebea22fd357f22384757caed3f\PresentationFramework.Classic.ni.dll
    + 2012-03-28 17:20 . 2012-03-28 17:20 289280 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\5a7e968020fcc15deaead9c8f27feeab\Microsoft.VisualBasic.Compatibility.Data.ni.dll
    + 2012-03-28 17:20 . 2012-03-28 17:20 600064 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Transacti#\16bf3be602620d349b25e6c2d08199a3\Microsoft.Transactions.Bridge.Dtc.ni.dll
    + 2012-03-28 17:19 . 2012-03-28 17:19 279552 c:\windows\assembly\NativeImages_v4.0.30319_64\CustomMarshalers\f6b9abf9cd43524102ad9be82b7136d0\CustomMarshalers.ni.dll
    - 2009-07-14 04:54 . 2012-03-28 16:44 9388032 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2012-03-29 07:27 9388032 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2012-03-28 17:20 . 2012-03-28 17:20 5237248 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsBase\02198c29552545c7d7e7a95ab39488e5\WindowsBase.ni.dll
    + 2012-03-28 17:28 . 2012-03-28 17:28 1430016 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationClients#\d1d48cd30cd275b06fad70778798cae7\UIAutomationClientsideProviders.ni.dll
    + 2012-03-28 17:19 . 2012-03-28 17:19 7037952 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml\ecdcf3d1d7bc90546464d70a4bee843d\System.Xml.ni.dll
    + 2012-03-28 17:22 . 2012-03-28 17:22 2449408 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xaml\3a9670f473f8f9291ca256d9a15fc281\System.Xaml.ni.dll
    + 2012-03-28 17:28 . 2012-03-28 17:28 5627904 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Form#\455d5edfdc989057a8fea7bc88a02ef6\System.Windows.Forms.DataVisualization.ni.dll
    + 2012-03-28 17:28 . 2012-03-28 17:28 2236416 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Services\bd044dc068adc34e430faa820e5c5e44\System.Web.Services.ni.dll
    + 2012-03-28 17:27 . 2012-03-28 17:27 2735616 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Speech\561e5a115d6d7ade93236df74d61af84\System.Speech.ni.dll
    + 2012-03-28 17:27 . 2012-03-28 17:27 1918976 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\4606cac0ba2d406b4ddefca21a3db1eb\System.ServiceModel.Activities.ni.dll
    + 2012-03-28 17:27 . 2012-03-28 17:27 1579008 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\28b5d075cf252a24a6b007ff5941dce1\System.ServiceModel.Discovery.ni.dll
    + 2012-03-28 17:22 . 2012-03-28 17:22 3412992 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\1a361129f93a8190d8797b7c680baecc\System.Runtime.Serialization.ni.dll
    + 2012-03-28 17:22 . 2012-03-28 17:22 1348096 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Dura#\2c57eff357f1bc56d0367f04adcf6d76\System.Runtime.DurableInstancing.ni.dll
    + 2012-03-28 17:24 . 2012-03-28 17:24 1467392 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Printing\7668fa73a73410f2e00d341a8684e28a\System.Printing.ni.dll
    + 2012-03-28 17:26 . 2012-03-28 17:26 1470464 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Management\2280764a011295483642b17fe5d2b1f7\System.Management.ni.dll
    + 2012-03-28 17:26 . 2012-03-28 17:26 1416192 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IdentityModel\a77730a57cc54142f1ecbb1e85060e5f\System.IdentityModel.ni.dll
    + 2012-03-28 17:22 . 2012-03-28 17:22 1098752 c:\windows\assembly\NativeImages_v4.0.30319_64\System.EnterpriseSe#\7b06b84cb3b99a3ab22adb2a3f6376e6\System.EnterpriseServices.ni.dll
    + 2012-03-28 17:22 . 2012-03-28 17:22 2290176 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\5b5fe518d1a632afaae9f24dd18cee2f\System.Drawing.ni.dll
    + 2012-03-28 17:26 . 2012-03-28 17:26 1217024 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\60390cb3abc6f1d85a572c156d39fc02\System.DirectoryServices.AccountManagement.ni.dll
    + 2012-03-28 17:22 . 2012-03-28 17:22 1622528 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\5eaf17b571cf9fb6f159a0c92d6244ab\System.DirectoryServices.ni.dll
    + 2012-03-28 17:23 . 2012-03-28 17:23 2402816 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\0ce1b3a9a0192c2cdb16d848e78e6688\System.Deployment.ni.dll
    + 2012-03-28 17:23 . 2012-03-28 17:23 8601600 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data\ca4a0bde02b2eb73d2e9f22925719ecf\System.Data.ni.dll
    + 2012-03-28 17:19 . 2012-03-28 17:19 3390976 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.SqlXml\657b967b5fd7819f273f5704197ce97e\System.Data.SqlXml.ni.dll
    + 2012-03-28 17:26 . 2012-03-28 17:26 1799168 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Service#\930a4b48234d358f2758f075be0684c5\System.Data.Services.Client.ni.dll
    + 2012-03-28 17:26 . 2012-03-28 17:26 3386880 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Linq\0ba3ab7e136a52fcba260ad7893ede32\System.Data.Linq.ni.dll
    + 2012-03-28 17:19 . 2012-03-28 17:19 1257472 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\c24ce44b45c0e0c0961a9755f192eb3a\System.Configuration.ni.dll
    + 2012-03-28 17:24 . 2012-03-28 17:24 1007616 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ComponentMod#\5a66bc1859e864d87b81e31438a5f07d\System.ComponentModel.Composition.ni.dll
    + 2012-03-28 17:24 . 2012-03-28 17:24 5695488 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities\f25d1dde40ef0128d9e5163d142bd2e2\System.Activities.ni.dll
    + 2012-03-28 17:24 . 2012-03-28 17:24 5048832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.P#\26671ab09e54e0ecfd23012e32cb6383\System.Activities.Presentation.ni.dll
    + 2012-03-28 17:24 . 2012-03-28 17:24 2064896 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.C#\e9f6686e336507594e33cad6ed7814cd\System.Activities.Core.Presentation.ni.dll
    + 2012-03-28 17:24 . 2012-03-28 17:24 4233216 c:\windows\assembly\NativeImages_v4.0.30319_64\ReachFramework\9c49a7b6fb133a307e3804ca7ba35d16\ReachFramework.ni.dll
    + 2012-03-28 17:22 . 2012-03-28 17:22 2056192 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationUI\68d02e44d8b1f23c21a116119fbb65d0\PresentationUI.ni.dll
    + 2012-03-28 17:20 . 2012-03-28 17:20 1838080 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\b18f859bfbbe0897cade0aa931c22477\Microsoft.VisualBasic.Compatibility.ni.dll
    + 2012-03-28 17:20 . 2012-03-28 17:20 2317312 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\1903f5de0c7c33993c55319d4fc3062e\Microsoft.VisualBasic.ni.dll
    + 2012-03-28 17:20 . 2012-03-28 17:20 1623040 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\15b88fefd6d638f01856a68c14e2ab9b\Microsoft.VisualBasic.Activities.Compiler.ni.dll
    + 2012-03-28 17:20 . 2012-03-28 17:20 1526784 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Transacti#\2d92f0cffe052f601c1bca1f52425fef\Microsoft.Transactions.Bridge.ni.dll
    + 2012-03-28 17:26 . 2012-03-28 17:26 3313664 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.JScript\0fbfc1087f7622c5b6b06f88fce1a45e\Microsoft.JScript.ni.dll
    + 2012-03-28 17:19 . 2012-03-28 17:19 2009600 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.CSharp\83f53b455553f5ad67e756f6762dc3b4\Microsoft.CSharp.ni.dll
    + 2009-07-14 04:54 . 2012-03-29 07:18 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 04:54 . 2012-03-28 16:44 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2012-03-29 18:17 . 2012-03-29 18:17 10125312 c:\windows\ERDNT\Hiv-backup\schema.dat
    + 2012-03-28 17:23 . 2012-03-28 17:23 17291264 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\f850dba642b0cc845d9a7d8ac300e243\System.Windows.Forms.ni.dll
    + 2012-03-28 17:27 . 2012-03-28 17:27 24551424 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel\bd433ada9b2565b666331b5b1276538a\System.ServiceModel.ni.dll
    + 2012-03-28 17:25 . 2012-03-28 17:25 18480128 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Entity\9aca7097fc620da8481516b2d4e3fede\System.Data.Entity.ni.dll
    + 2012-03-28 17:19 . 2012-03-28 17:19 10440704 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Core\e91a0d844afdda429e0fbd9814f41134\System.Core.ni.dll
    + 2012-03-28 17:22 . 2012-03-28 17:22 24406528 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\8a4ac50c706da226242a99b871c9f981\PresentationFramework.ni.dll
    + 2012-03-28 17:21 . 2012-03-28 17:21 15907328 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationCore\b0adff19c63ba3b4be1cae43567af15d\PresentationCore.ni.dll
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
    2012-03-26 17:04 1869152 ----a-w- c:\program files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-26 1869152]
    .
    [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Facebook Update"="c:\users\owner\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-02-05 137536]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "B2C_AGENT"="c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [2011-09-28 404568]
    "AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-25 2416480]
    "vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-03-26 982880]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NortonOnlineBackupReminder]
    2011-06-22 22:26 3218864 ----a-w- c:\program files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToshibaAppPlace]
    2010-09-23 18:03 552960 ----a-w- c:\program files (x86)\TOSHIBA\Toshiba App Place\ToshibaAppPlace.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToshibaServiceStation]
    2011-07-12 01:16 1298816 ----a-w- c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-09 136176]
    R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys [x]
    R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys [x]
    R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys [x]
    R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys [x]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
    R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-09 136176]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-28 288272]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
    R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216]
    R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-06-10 138152]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R4 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
    R4 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
    S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
    S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
    S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
    S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
    S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
    S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2011-07-19 123320]
    S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-07-19 126392]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
    S2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [2012-03-26 918880]
    S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
    S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
    S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
    S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-03-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2547257186-3653365119-3982157553-1000Core.job
    - c:\users\owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-05 04:44]
    .
    2012-03-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2547257186-3653365119-3982157553-1000UA.job
    - c:\users\owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-05 04:44]
    .
    2012-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-09 20:15]
    .
    2012-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-09 20:15]
    .
    2012-03-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2547257186-3653365119-3982157553-1000Core.job
    - c:\users\owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-22 21:28]
    .
    2012-03-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2547257186-3653365119-3982157553-1000UA.job
    - c:\users\owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-22 21:28]
    .
    2012-03-12 c:\windows\Tasks\SidebarExecute.job
    - c:\program files\Windows Sidebar\sidebar.exe [2010-11-21 03:24]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MRT"="c:\windows\system32\MRT.exe" [2012-03-16 56297240]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = <local>
    TCP: DhcpNameServer = 10.0.1.1
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCCUJobMgr]
    "ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    .
    **************************************************************************
    .
    Completion time: 2012-03-29 11:27:28 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-03-29 18:27
    ComboFix2.txt 2012-03-16 18:29
    .
    Pre-Run: 260,982,353,920 bytes free
    Post-Run: 260,929,994,752 bytes free
    .
    - - End Of File - - 8649188C872DAF97D1B8980D37098E10

  9. #9
    Security Expert oldman960's Avatar
    Join Date
    Sep 2010
    Posts
    631

    Default

    Hi spaceycayce,

    Looks like we got it.

    Please rerun TDSSKiller. This time when presented with
    00:26:10.0723 4268 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
    00:26:10.0723 4268 \Device\Harddisk0\DR0 - detected TDSS File System (1)
    please use the dropdwon menu and select delete.

    Next

    Please rerun aswMBR.

    Please post back with
    • TDSSKiller log
    • aswMBR log
    How's the computer?
    Member of UNITE and ASAP
    Threads will be closed if no response after 5 days.

  10. #10
    Junior Member
    Join Date
    Mar 2012
    Posts
    12

    Default

    It seems clean Thanks!
    23:30:56.0481 4012 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18

    23:30:56.0879 4012 Current date / time: 2012/03/29 23:30:56.0878
    23:30:56.0879 4012 SystemInfo:

    23:30:56.0879 4012 OS Version: 6.1.7601 ServicePack: 1.0
    23:30:56.0879 4012 Product type: Workstation
    23:30:56.0879 4012 ComputerName: OWNER-PC
    23:30:56.0879 4012 UserName: owner
    23:30:56.0879 4012 Windows directory: C:\windows
    23:30:56.0879 4012 System windows directory: C:\windows
    23:30:56.0879 4012 Running under WOW64
    23:30:56.0879 4012 Processor architecture: Intel x64
    23:30:56.0879 4012 Number of processors: 2
    23:30:56.0879 4012 Page size: 0x1000
    23:30:56.0879 4012 Boot type: Normal boot

    23:30:57.0807 4012 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    23:30:57.0811 4012 \Device\Harddisk0\DR0:
    23:30:57.0811 4012 MBR used
    23:30:57.0811 4012 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x235E9800
    23:30:57.0841 4012 Initialize success

    23:31:10.0596 2724
    23:31:10.0596 2724 Scan started
    23:31:10.0596 2724 Mode: Manual; SigCheck; TDLFS;

    23:31:11.0639 2724 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
    23:31:11.0823 2724 1394ohci - ok
    23:31:11.0937 2724 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
    23:31:11.0982 2724 ACPI - ok
    23:31:12.0122 2724 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
    23:31:12.0231 2724 AcpiPmi - ok
    23:31:12.0430 2724 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
    23:31:12.0467 2724 adp94xx - ok
    23:31:12.0656 2724 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
    23:31:12.0693 2724 adpahci - ok
    23:31:12.0882 2724 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
    23:31:12.0911 2724 adpu320 - ok
    23:31:12.0997 2724 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
    23:31:13.0196 2724 AeLookupSvc - ok
    23:31:13.0373 2724 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
    23:31:13.0456 2724 AFD - ok
    23:31:13.0594 2724 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
    23:31:13.0619 2724 agp440 - ok
    23:31:13.0788 2724 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
    23:31:13.0884 2724 ALG - ok
    23:31:14.0038 2724 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
    23:31:14.0054 2724 aliide - ok
    23:31:14.0216 2724 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
    23:31:14.0239 2724 amdide - ok
    23:31:14.0396 2724 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
    23:31:14.0451 2724 AmdK8 - ok
    23:31:14.0597 2724 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys
    23:31:14.0658 2724 AmdPPM - ok
    23:31:14.0778 2724 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
    23:31:14.0804 2724 amdsata - ok
    23:31:14.0984 2724 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
    23:31:15.0012 2724 amdsbs - ok
    23:31:15.0156 2724 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
    23:31:15.0178 2724 amdxata - ok
    23:31:15.0299 2724 Andbus (48cd7e6520d47d62eab0e6ce3ec30c65) C:\windows\system32\DRIVERS\lgandbus64.sys
    23:31:15.0355 2724 Andbus - ok
    23:31:15.0521 2724 AndDiag (08cbacc00d15dcdbbaae1a7c8f231c61) C:\windows\system32\DRIVERS\lganddiag64.sys
    23:31:15.0581 2724 AndDiag - ok
    23:31:15.0724 2724 AndGps (cea9a4cd6b3a83428ce8501240833668) C:\windows\system32\DRIVERS\lgandgps64.sys
    23:31:15.0769 2724 AndGps - ok
    23:31:15.0879 2724 ANDModem (e2b5663e547fa5e756b253efa8ec8286) C:\windows\system32\DRIVERS\lgandmodem64.sys
    23:31:15.0935 2724 ANDModem - ok
    23:31:16.0062 2724 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
    23:31:16.0231 2724 AppID - ok
    23:31:16.0306 2724 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
    23:31:16.0392 2724 AppIDSvc - ok
    23:31:16.0543 2724 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
    23:31:16.0632 2724 Appinfo - ok
    23:31:16.0776 2724 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
    23:31:16.0797 2724 arc - ok
    23:31:16.0989 2724 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
    23:31:17.0015 2724 arcsas - ok
    23:31:17.0120 2724 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
    23:31:17.0225 2724 AsyncMac - ok
    23:31:17.0345 2724 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
    23:31:17.0367 2724 atapi - ok
    23:31:17.0525 2724 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
    23:31:17.0585 2724 AudioEndpointBuilder - ok
    23:31:17.0595 2724 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
    23:31:17.0634 2724 AudioSrv - ok
    23:31:17.0968 2724 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
    23:31:18.0126 2724 AVGIDSAgent - ok
    23:31:18.0255 2724 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\windows\system32\DRIVERS\AVGIDSDriver.Sys
    23:31:18.0291 2724 AVGIDSDriver - ok
    23:31:18.0419 2724 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\windows\system32\DRIVERS\AVGIDSEH.Sys
    23:31:18.0438 2724 AVGIDSEH - ok
    23:31:18.0548 2724 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\windows\system32\DRIVERS\AVGIDSFilter.Sys
    23:31:18.0567 2724 AVGIDSFilter - ok
    23:31:18.0846 2724 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\windows\system32\DRIVERS\avgldx64.sys
    23:31:18.0911 2724 Avgldx64 - ok
    23:31:19.0034 2724 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\windows\system32\DRIVERS\avgmfx64.sys
    23:31:19.0054 2724 Avgmfx64 - ok
    23:31:19.0188 2724 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\windows\system32\DRIVERS\avgrkx64.sys
    23:31:19.0205 2724 Avgrkx64 - ok
    23:31:19.0369 2724 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\windows\system32\DRIVERS\avgtdia.sys
    23:31:19.0403 2724 Avgtdia - ok
    23:31:19.0531 2724 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    23:31:19.0557 2724 avgwd - ok
    23:31:19.0714 2724 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
    23:31:19.0858 2724 AxInstSV - ok
    23:31:20.0000 2724 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
    23:31:20.0071 2724 b06bdrv - ok
    23:31:20.0237 2724 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
    23:31:20.0291 2724 b57nd60a - ok
    23:31:20.0416 2724 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
    23:31:20.0464 2724 BDESVC - ok
    23:31:20.0590 2724 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
    23:31:20.0682 2724 Beep - ok
    23:31:20.0894 2724 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
    23:31:20.0999 2724 BFE - ok
    23:31:21.0218 2724 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\system32\qmgr.dll
    23:31:21.0296 2724 BITS - ok
    23:31:21.0403 2724 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
    23:31:21.0468 2724 blbdrive - ok
    23:31:21.0640 2724 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
    23:31:21.0695 2724 bowser - ok
    23:31:21.0870 2724 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
    23:31:21.0920 2724 BrFiltLo - ok
    23:31:22.0015 2724 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
    23:31:22.0041 2724 BrFiltUp - ok
    23:31:22.0173 2724 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
    23:31:22.0253 2724 BridgeMP - ok
    23:31:22.0348 2724 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
    23:31:22.0450 2724 Browser - ok
    23:31:22.0594 2724 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
    23:31:22.0676 2724 Brserid - ok
    23:31:22.0770 2724 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
    23:31:22.0820 2724 BrSerWdm - ok
    23:31:22.0926 2724 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
    23:31:22.0989 2724 BrUsbMdm - ok
    23:31:23.0093 2724 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
    23:31:23.0133 2724 BrUsbSer - ok
    23:31:23.0250 2724 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
    23:31:23.0309 2724 BTHMODEM - ok
    23:31:23.0462 2724 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
    23:31:23.0547 2724 bthserv - ok
    23:31:23.0575 2724 catchme - ok
    23:31:23.0718 2724 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
    23:31:23.0791 2724 cdfs - ok
    23:31:23.0956 2724 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
    23:31:24.0003 2724 cdrom - ok
    23:31:24.0118 2724 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
    23:31:24.0218 2724 CertPropSvc - ok
    23:31:24.0368 2724 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
    23:31:24.0418 2724 circlass - ok
    23:31:24.0559 2724 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
    23:31:24.0596 2724 CLFS - ok
    23:31:24.0730 2724 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    23:31:24.0777 2724 clr_optimization_v2.0.50727_32 - ok
    23:31:24.0918 2724 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    23:31:24.0940 2724 clr_optimization_v2.0.50727_64 - ok
    23:31:25.0079 2724 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    23:31:25.0105 2724 clr_optimization_v4.0.30319_32 - ok
    23:31:25.0267 2724 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    23:31:25.0291 2724 clr_optimization_v4.0.30319_64 - ok
    23:31:25.0412 2724 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
    23:31:25.0468 2724 CmBatt - ok
    23:31:25.0548 2724 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
    23:31:25.0571 2724 cmdide - ok
    23:31:25.0718 2724 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
    23:31:25.0770 2724 CNG - ok
    23:31:26.0000 2724 CnxtHdAudService (a260be645dd096d90318c8cf98536720) C:\windows\system32\drivers\CHDRT64.sys
    23:31:26.0062 2724 CnxtHdAudService - ok
    23:31:26.0191 2724 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
    23:31:26.0212 2724 Compbatt - ok
    23:31:26.0380 2724 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys
    23:31:26.0438 2724 CompositeBus - ok
    23:31:26.0537 2724 COMSysApp - ok
    23:31:26.0574 2724 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
    23:31:26.0589 2724 crcdisk - ok
    23:31:26.0750 2724 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\windows\system32\cryptsvc.dll
    23:31:26.0841 2724 CryptSvc - ok
    23:31:27.0016 2724 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    23:31:27.0052 2724 cvhsvc - ok
    23:31:27.0188 2724 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
    23:31:27.0283 2724 DcomLaunch - ok
    23:31:27.0407 2724 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
    23:31:27.0493 2724 defragsvc - ok
    23:31:27.0594 2724 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
    23:31:27.0655 2724 DfsC - ok
    23:31:27.0849 2724 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
    23:31:27.0924 2724 Dhcp - ok
    23:31:28.0016 2724 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
    23:31:28.0115 2724 discache - ok
    23:31:28.0284 2724 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
    23:31:28.0309 2724 Disk - ok
    23:31:28.0446 2724 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
    23:31:28.0506 2724 Dnscache - ok
    23:31:28.0629 2724 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
    23:31:28.0707 2724 dot3svc - ok
    23:31:28.0817 2724 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
    23:31:28.0896 2724 DPS - ok
    23:31:29.0059 2724 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
    23:31:29.0142 2724 drmkaud - ok
    23:31:29.0321 2724 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
    23:31:29.0367 2724 DXGKrnl - ok
    23:31:29.0465 2724 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
    23:31:29.0541 2724 EapHost - ok
    23:31:29.0804 2724 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
    23:31:29.0879 2724 ebdrv - ok
    23:31:30.0003 2724 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
    23:31:30.0067 2724 EFS - ok
    23:31:30.0164 2724 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
    23:31:30.0224 2724 ehRecvr - ok
    23:31:30.0308 2724 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
    23:31:30.0340 2724 ehSched - ok
    23:31:30.0478 2724 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
    23:31:30.0519 2724 elxstor - ok
    23:31:30.0593 2724 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
    23:31:30.0641 2724 ErrDev - ok
    23:31:30.0847 2724 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
    23:31:30.0952 2724 EventSystem - ok
    23:31:31.0185 2724 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
    23:31:31.0256 2724 exfat - ok
    23:31:31.0374 2724 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
    23:31:31.0470 2724 fastfat - ok
    23:31:31.0658 2724 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
    23:31:31.0721 2724 Fax - ok
    23:31:31.0877 2724 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
    23:31:31.0929 2724 fdc - ok
    23:31:32.0109 2724 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
    23:31:32.0188 2724 fdPHost - ok
    23:31:32.0366 2724 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
    23:31:32.0460 2724 FDResPub - ok
    23:31:32.0594 2724 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
    23:31:32.0618 2724 FileInfo - ok
    23:31:32.0738 2724 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
    23:31:32.0827 2724 Filetrace - ok
    23:31:32.0906 2724 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
    23:31:32.0945 2724 flpydisk - ok
    23:31:33.0056 2724 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
    23:31:33.0087 2724 FltMgr - ok
    23:31:33.0220 2724 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
    23:31:33.0292 2724 FontCache - ok
    23:31:33.0378 2724 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    23:31:33.0400 2724 FontCache3.0.0.0 - ok
    23:31:33.0453 2724 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
    23:31:33.0473 2724 FsDepends - ok
    23:31:33.0598 2724 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
    23:31:33.0617 2724 Fs_Rec - ok
    23:31:33.0758 2724 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
    23:31:33.0794 2724 fvevol - ok
    23:31:33.0905 2724 FwLnk (60acb128e64c35c2b4e4aab1b0a5c293) C:\windows\system32\DRIVERS\FwLnk.sys
    23:31:33.0969 2724 FwLnk - ok
    23:31:34.0112 2724 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
    23:31:34.0136 2724 gagp30kx - ok
    23:31:34.0263 2724 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
    23:31:34.0286 2724 GamesAppService - ok
    23:31:34.0495 2724 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
    23:31:34.0555 2724 gpsvc - ok
    23:31:34.0663 2724 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    23:31:34.0686 2724 gupdate - ok
    23:31:34.0718 2724 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    23:31:34.0734 2724 gupdatem - ok
    23:31:34.0806 2724 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    23:31:34.0825 2724 gusvc - ok
    23:31:35.0004 2724 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
    23:31:35.0052 2724 hcw85cir - ok
    23:31:35.0208 2724 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
    23:31:35.0276 2724 HdAudAddService - ok
    23:31:35.0397 2724 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys
    23:31:35.0448 2724 HDAudBus - ok
    23:31:35.0538 2724 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
    23:31:35.0563 2724 HidBatt - ok
    23:31:35.0685 2724 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
    23:31:35.0743 2724 HidBth - ok
    23:31:35.0889 2724 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
    23:31:35.0924 2724 HidIr - ok
    23:31:36.0008 2724 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll
    23:31:36.0102 2724 hidserv - ok
    23:31:36.0279 2724 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\drivers\hidusb.sys
    23:31:36.0309 2724 HidUsb - ok
    23:31:36.0451 2724 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
    23:31:36.0549 2724 hkmsvc - ok
    23:31:36.0646 2724 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
    23:31:36.0708 2724 HomeGroupListener - ok
    23:31:36.0791 2724 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
    23:31:36.0833 2724 HomeGroupProvider - ok
    23:31:36.0937 2724 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
    23:31:36.0959 2724 HpSAMD - ok
    23:31:37.0124 2724 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
    23:31:37.0227 2724 HTTP - ok
    23:31:37.0338 2724 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
    23:31:37.0359 2724 hwpolicy - ok
    23:31:37.0462 2724 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
    23:31:37.0494 2724 i8042prt - ok
    23:31:37.0673 2724 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\windows\system32\DRIVERS\iaStor.sys
    23:31:37.0699 2724 iaStor - ok
    23:31:37.0895 2724 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
    23:31:37.0925 2724 iaStorV - ok
    23:31:38.0075 2724 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    23:31:38.0120 2724 idsvc - ok
    23:31:38.0946 2724 igfx (370c2a8629b30f910f740387795ddc6f) C:\windows\system32\DRIVERS\igdkmd64.sys
    23:31:39.0366 2724 igfx - ok
    23:31:39.0530 2724 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
    23:31:39.0552 2724 iirsp - ok
    23:31:39.0692 2724 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
    23:31:39.0771 2724 IKEEXT - ok
    23:31:39.0874 2724 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
    23:31:39.0897 2724 intelide - ok
    23:31:40.0009 2724 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
    23:31:40.0053 2724 intelppm - ok
    23:31:40.0201 2724 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
    23:31:40.0285 2724 IPBusEnum - ok
    23:31:40.0433 2724 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
    23:31:40.0497 2724 IpFilterDriver - ok
    23:31:40.0638 2724 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
    23:31:40.0721 2724 iphlpsvc - ok
    23:31:40.0857 2724 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
    23:31:40.0903 2724 IPMIDRV - ok
    23:31:41.0015 2724 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
    23:31:41.0105 2724 IPNAT - ok
    23:31:41.0209 2724 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
    23:31:41.0242 2724 IRENUM - ok
    23:31:41.0383 2724 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
    23:31:41.0405 2724 isapnp - ok
    23:31:41.0477 2724 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
    23:31:41.0505 2724 iScsiPrt - ok
    23:31:41.0554 2724 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
    23:31:41.0564 2724 kbdclass - ok
    23:31:41.0718 2724 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
    23:31:41.0766 2724 kbdhid - ok
    23:31:41.0871 2724 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
    23:31:41.0898 2724 KeyIso - ok
    23:31:41.0997 2724 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
    23:31:42.0023 2724 KSecDD - ok
    23:31:42.0138 2724 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
    23:31:42.0163 2724 KSecPkg - ok
    23:31:42.0290 2724 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
    23:31:42.0369 2724 ksthunk - ok
    23:31:42.0525 2724 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
    23:31:42.0609 2724 KtmRm - ok
    23:31:42.0785 2724 L1C (045fb70bc993b691517ce309045ff02d) C:\windows\system32\DRIVERS\L1C62x64.sys
    23:31:42.0808 2724 L1C - ok
    23:31:42.0968 2724 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\System32\srvsvc.dll
    23:31:43.0056 2724 LanmanServer - ok
    23:31:43.0247 2724 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
    23:31:43.0324 2724 LanmanWorkstation - ok
    23:31:43.0502 2724 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
    23:31:43.0582 2724 lltdio - ok
    23:31:43.0686 2724 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
    23:31:43.0763 2724 lltdsvc - ok
    23:31:43.0870 2724 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
    23:31:43.0931 2724 lmhosts - ok
    23:31:44.0064 2724 LMS (98b16e756243bea9410e32025b19c06f) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    23:31:44.0095 2724 LMS - ok
    23:31:44.0228 2724 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
    23:31:44.0255 2724 LSI_FC - ok
    23:31:44.0408 2724 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
    23:31:44.0437 2724 LSI_SAS - ok
    23:31:44.0565 2724 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
    23:31:44.0590 2724 LSI_SAS2 - ok
    23:31:44.0642 2724 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
    23:31:44.0669 2724 LSI_SCSI - ok
    23:31:44.0760 2724 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
    23:31:44.0842 2724 luafv - ok
    23:31:44.0964 2724 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
    23:31:44.0992 2724 Mcx2Svc - ok
    23:31:45.0032 2724 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
    23:31:45.0052 2724 megasas - ok
    23:31:45.0182 2724 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
    23:31:45.0202 2724 MegaSR - ok
    23:31:45.0312 2724 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\windows\system32\DRIVERS\HECIx64.sys
    23:31:45.0342 2724 MEIx64 - ok
    23:31:45.0432 2724 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
    23:31:45.0522 2724 MMCSS - ok
    23:31:45.0682 2724 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
    23:31:45.0782 2724 Modem - ok
    23:31:45.0902 2724 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
    23:31:45.0972 2724 monitor - ok
    23:31:46.0112 2724 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
    23:31:46.0132 2724 mouclass - ok
    23:31:46.0312 2724 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\drivers\mouhid.sys
    23:31:46.0362 2724 mouhid - ok
    23:31:46.0502 2724 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
    23:31:46.0522 2724 mountmgr - ok
    23:31:46.0672 2724 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\windows\system32\DRIVERS\MpFilter.sys
    23:31:46.0692 2724 MpFilter - ok
    23:31:46.0802 2724 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
    23:31:46.0822 2724 mpio - ok
    23:31:46.0962 2724 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\windows\system32\DRIVERS\MpNWMon.sys
    23:31:46.0982 2724 MpNWMon - ok
    23:31:47.0012 2724 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
    23:31:47.0072 2724 mpsdrv - ok
    23:31:47.0212 2724 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
    23:31:47.0282 2724 MpsSvc - ok
    23:31:47.0402 2724 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
    23:31:47.0472 2724 MRxDAV - ok
    23:31:47.0602 2724 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
    23:31:47.0672 2724 mrxsmb - ok
    23:31:47.0802 2724 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
    23:31:47.0832 2724 mrxsmb10 - ok
    23:31:48.0042 2724 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
    23:31:48.0072 2724 mrxsmb20 - ok
    23:31:48.0232 2724 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\DRIVERS\msahci.sys
    23:31:48.0252 2724 msahci - ok
    23:31:48.0362 2724 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
    23:31:48.0392 2724 msdsm - ok
    23:31:48.0482 2724 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
    23:31:48.0532 2724 MSDTC - ok
    23:31:48.0712 2724 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
    23:31:48.0772 2724 Msfs - ok
    23:31:48.0892 2724 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
    23:31:48.0982 2724 mshidkmdf - ok
    23:31:49.0092 2724 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
    23:31:49.0112 2724 msisadrv - ok
    23:31:49.0282 2724 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
    23:31:49.0372 2724 MSiSCSI - ok
    23:31:49.0422 2724 msiserver - ok
    23:31:49.0502 2724 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
    23:31:49.0582 2724 MSKSSRV - ok
    23:31:49.0712 2724 MsMpSvc (157e9e498206a3366baa7e4697bdd947) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    23:31:49.0732 2724 MsMpSvc - ok
    23:31:49.0872 2724 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
    23:31:49.0942 2724 MSPCLOCK - ok
    23:31:50.0202 2724 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
    23:31:50.0282 2724 MSPQM - ok
    23:31:50.0492 2724 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
    23:31:50.0512 2724 MsRPC - ok
    23:31:50.0642 2724 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
    23:31:50.0652 2724 mssmbios - ok
    23:31:50.0782 2724 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
    23:31:50.0872 2724 MSTEE - ok
    23:31:50.0972 2724 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
    23:31:50.0992 2724 MTConfig - ok
    23:31:51.0082 2724 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
    23:31:51.0112 2724 Mup - ok
    23:31:51.0152 2724 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
    23:31:51.0222 2724 napagent - ok
    23:31:51.0392 2724 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
    23:31:51.0462 2724 NativeWifiP - ok
    23:31:51.0622 2724 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
    23:31:51.0662 2724 NDIS - ok
    23:31:51.0812 2724 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
    23:31:51.0892 2724 NdisCap - ok
    23:31:52.0062 2724 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
    23:31:52.0132 2724 NdisTapi - ok
    23:31:52.0282 2724 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
    23:31:52.0382 2724 Ndisuio - ok
    23:31:52.0512 2724 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
    23:31:52.0612 2724 NdisWan - ok
    23:31:52.0702 2724 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
    23:31:52.0762 2724 NDProxy - ok
    23:31:52.0892 2724 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
    23:31:52.0972 2724 NetBIOS - ok
    23:31:53.0082 2724 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
    23:31:53.0132 2724 NetBT - ok
    23:31:53.0212 2724 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
    23:31:53.0242 2724 Netlogon - ok
    23:31:53.0372 2724 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
    23:31:53.0442 2724 Netman - ok
    23:31:53.0542 2724 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
    23:31:53.0632 2724 netprofm - ok
    23:31:53.0762 2724 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    23:31:53.0782 2724 NetTcpPortSharing - ok
    23:31:53.0892 2724 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
    23:31:53.0922 2724 nfrd960 - ok
    23:31:54.0012 2724 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\windows\system32\DRIVERS\NisDrvWFP.sys
    23:31:54.0032 2724 NisDrv - ok
    23:31:54.0162 2724 NisSrv (566ddd5d82520da01d75f81428ac4c38) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
    23:31:54.0192 2724 NisSrv - ok
    23:31:54.0322 2724 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
    23:31:54.0402 2724 NlaSvc - ok
    23:31:54.0492 2724 Norton PC Checkup Application Launcher - ok
    23:31:54.0642 2724 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
    23:31:54.0692 2724 Npfs - ok
    23:31:54.0782 2724 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
    23:31:54.0832 2724 nsi - ok
    23:31:54.0942 2724 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
    23:31:55.0032 2724 nsiproxy - ok
    23:31:55.0232 2724 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
    23:31:55.0282 2724 Ntfs - ok
    23:31:55.0392 2724 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
    23:31:55.0432 2724 Null - ok
    23:31:55.0602 2724 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
    23:31:55.0632 2724 nvraid - ok
    23:31:55.0732 2724 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
    23:31:55.0752 2724 nvstor - ok
    23:31:55.0852 2724 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
    23:31:55.0882 2724 nv_agp - ok
    23:31:55.0902 2724 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
    23:31:55.0922 2724 ohci1394 - ok
    23:31:56.0042 2724 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    23:31:56.0062 2724 ose - ok
    23:31:56.0302 2724 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    23:31:56.0482 2724 osppsvc - ok
    23:31:56.0602 2724 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
    23:31:56.0652 2724 p2pimsvc - ok
    23:31:56.0802 2724 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
    23:31:56.0832 2724 p2psvc - ok
    23:31:56.0942 2724 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
    23:31:56.0972 2724 Parport - ok
    23:31:57.0072 2724 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys
    23:31:57.0092 2724 partmgr - ok
    23:31:57.0192 2724 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
    23:31:57.0272 2724 PcaSvc - ok
    23:31:57.0362 2724 PCCUJobMgr (2f86be1818c2d7ac90478e3323ee7fcb) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
    23:31:57.0382 2724 PCCUJobMgr - ok
    23:31:57.0472 2724 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
    23:31:57.0502 2724 pci - ok
    23:31:57.0612 2724 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
    23:31:57.0632 2724 pciide - ok
    23:31:57.0762 2724 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
    23:31:57.0792 2724 pcmcia - ok
    23:31:57.0892 2724 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
    23:31:57.0912 2724 pcw - ok
    23:31:58.0086 2724 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
    23:31:58.0180 2724 PEAUTH - ok
    23:31:58.0282 2724 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
    23:31:58.0331 2724 PerfHost - ok
    23:31:58.0455 2724 PGEffect (91111cebbde8015e822c46120ed9537c) C:\windows\system32\DRIVERS\pgeffect.sys
    23:31:58.0475 2724 PGEffect - ok
    23:31:58.0597 2724 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
    23:31:58.0670 2724 pla - ok
    23:31:58.0811 2724 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
    23:31:58.0856 2724 PlugPlay - ok
    23:31:58.0942 2724 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
    23:31:58.0994 2724 PNRPAutoReg - ok
    23:31:59.0100 2724 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
    23:31:59.0140 2724 PNRPsvc - ok
    23:31:59.0270 2724 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
    23:31:59.0360 2724 PolicyAgent - ok
    23:31:59.0470 2724 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
    23:31:59.0570 2724 Power - ok
    23:31:59.0670 2724 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
    23:31:59.0760 2724 PptpMiniport - ok
    23:31:59.0890 2724 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
    23:31:59.0950 2724 Processor - ok
    23:32:00.0155 2724 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\windows\system32\profsvc.dll
    23:32:00.0233 2724 ProfSvc - ok
    23:32:00.0384 2724 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
    23:32:00.0409 2724 ProtectedStorage - ok
    23:32:00.0521 2724 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
    23:32:00.0581 2724 Psched - ok
    23:32:00.0911 2724 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
    23:32:00.0980 2724 ql2300 - ok
    23:32:01.0107 2724 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
    23:32:01.0135 2724 ql40xx - ok
    23:32:01.0241 2724 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
    23:32:01.0278 2724 QWAVE - ok
    23:32:01.0393 2724 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
    23:32:01.0447 2724 QWAVEdrv - ok
    23:32:01.0585 2724 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
    23:32:01.0670 2724 RasAcd - ok
    23:32:01.0839 2724 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
    23:32:01.0910 2724 RasAgileVpn - ok
    23:32:02.0020 2724 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
    23:32:02.0096 2724 RasAuto - ok
    23:32:02.0207 2724 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
    23:32:02.0298 2724 Rasl2tp - ok
    23:32:02.0409 2724 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
    23:32:02.0455 2724 RasMan - ok
    23:32:02.0616 2724 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
    23:32:02.0668 2724 RasPppoe - ok
    23:32:02.0819 2724 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
    23:32:02.0908 2724 RasSstp - ok
    23:32:03.0005 2724 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
    23:32:03.0081 2724 rdbss - ok
    23:32:03.0184 2724 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
    23:32:03.0224 2724 rdpbus - ok
    23:32:03.0368 2724 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
    23:32:03.0446 2724 RDPCDD - ok
    23:32:03.0590 2724 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
    23:32:03.0675 2724 RDPENCDD - ok
    23:32:03.0789 2724 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
    23:32:03.0835 2724 RDPREFMP - ok
    23:32:04.0009 2724 RDPWD (6d76e6433574b058adcb0c50df834492) C:\windows\system32\drivers\RDPWD.sys
    23:32:04.0079 2724 RDPWD - ok
    23:32:04.0251 2724 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
    23:32:04.0275 2724 rdyboost - ok
    23:32:04.0353 2724 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
    23:32:04.0434 2724 RemoteAccess - ok
    23:32:04.0587 2724 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
    23:32:04.0667 2724 RemoteRegistry - ok
    23:32:04.0754 2724 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
    23:32:04.0836 2724 RpcEptMapper - ok
    23:32:04.0892 2724 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
    23:32:04.0917 2724 RpcLocator - ok
    23:32:04.0980 2724 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
    23:32:05.0038 2724 RpcSs - ok
    23:32:05.0163 2724 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
    23:32:05.0235 2724 rspndr - ok
    23:32:05.0373 2724 RSUSBSTOR (0e3dcf76f11dc431b088a2dfd7265cda) C:\windows\system32\Drivers\RtsUStor.sys
    23:32:05.0409 2724 RSUSBSTOR - ok
    23:32:05.0565 2724 RTL8192Ce (64fdf4fe366ca42da2b7d9d424b6e39b) C:\windows\system32\DRIVERS\rtl8192Ce.sys
    23:32:05.0603 2724 RTL8192Ce - ok
    23:32:05.0684 2724 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
    23:32:05.0711 2724 SamSs - ok
    23:32:05.0910 2724 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
    23:32:05.0933 2724 sbp2port - ok
    23:32:06.0199 2724 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    23:32:06.0252 2724 SBSDWSCService - ok
    23:32:06.0343 2724 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
    23:32:06.0392 2724 SCardSvr - ok
    23:32:06.0573 2724 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
    23:32:06.0662 2724 scfilter - ok
    23:32:06.0819 2724 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
    23:32:06.0913 2724 Schedule - ok
    23:32:07.0037 2724 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
    23:32:07.0083 2724 SCPolicySvc - ok
    23:32:07.0212 2724 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
    23:32:07.0265 2724 SDRSVC - ok
    23:32:07.0396 2724 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
    23:32:07.0488 2724 secdrv - ok
    23:32:07.0676 2724 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
    23:32:07.0735 2724 seclogon - ok
    23:32:07.0764 2724 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\system32\sens.dll
    23:32:07.0826 2724 SENS - ok
    23:32:07.0912 2724 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
    23:32:07.0964 2724 SensrSvc - ok
    23:32:08.0093 2724 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
    23:32:08.0139 2724 Serenum - ok
    23:32:08.0321 2724 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
    23:32:08.0370 2724 Serial - ok
    23:32:08.0524 2724 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
    23:32:08.0581 2724 sermouse - ok
    23:32:08.0698 2724 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
    23:32:08.0780 2724 SessionEnv - ok
    23:32:08.0888 2724 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
    23:32:08.0941 2724 sffdisk - ok
    23:32:09.0066 2724 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
    23:32:09.0149 2724 sffp_mmc - ok
    23:32:09.0277 2724 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
    23:32:09.0341 2724 sffp_sd - ok
    23:32:09.0467 2724 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
    23:32:09.0535 2724 sfloppy - ok
    23:32:09.0790 2724 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\windows\system32\DRIVERS\Sftfslh.sys
    23:32:09.0820 2724 Sftfs - ok
    23:32:09.0994 2724 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    23:32:10.0029 2724 sftlist - ok
    23:32:10.0159 2724 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\windows\system32\DRIVERS\Sftplaylh.sys
    23:32:10.0184 2724 Sftplay - ok
    23:32:10.0330 2724 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\windows\system32\DRIVERS\Sftredirlh.sys
    23:32:10.0349 2724 Sftredir - ok
    23:32:10.0482 2724 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\windows\system32\DRIVERS\Sftvollh.sys
    23:32:10.0500 2724 Sftvol - ok
    23:32:10.0653 2724 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    23:32:10.0679 2724 sftvsa - ok
    23:32:10.0829 2724 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
    23:32:10.0879 2724 SharedAccess - ok
    23:32:10.0966 2724 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
    23:32:11.0026 2724 ShellHWDetection - ok
    23:32:11.0168 2724 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
    23:32:11.0191 2724 SiSRaid2 - ok
    23:32:11.0337 2724 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
    23:32:11.0354 2724 SiSRaid4 - ok
    23:32:11.0483 2724 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
    23:32:11.0540 2724 Smb - ok
    23:32:11.0689 2724 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
    23:32:11.0743 2724 SNMPTRAP - ok
    23:32:11.0797 2724 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
    23:32:11.0811 2724 spldr - ok
    23:32:11.0945 2724 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
    23:32:12.0009 2724 Spooler - ok
    23:32:12.0201 2724 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
    23:32:12.0323 2724 sppsvc - ok
    23:32:12.0414 2724 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
    23:32:12.0483 2724 sppuinotify - ok
    23:32:12.0615 2724 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
    23:32:12.0701 2724 srv - ok
    23:32:12.0831 2724 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
    23:32:12.0892 2724 srv2 - ok
    23:32:13.0017 2724 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
    23:32:13.0042 2724 srvnet - ok
    23:32:13.0198 2724 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
    23:32:13.0283 2724 SSDPSRV - ok
    23:32:13.0397 2724 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
    23:32:13.0456 2724 SstpSvc - ok
    23:32:13.0567 2724 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
    23:32:13.0590 2724 stexstor - ok
    23:32:13.0731 2724 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
    23:32:13.0773 2724 stisvc - ok
    23:32:13.0886 2724 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
    23:32:13.0905 2724 swenum - ok
    23:32:14.0012 2724 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
    23:32:14.0094 2724 swprv - ok
    23:32:14.0272 2724 SynTP (470c47daba9ca3966f0ab3f835d7d135) C:\windows\system32\DRIVERS\SynTP.sys
    23:32:14.0299 2724 SynTP - ok
    23:32:14.0503 2724 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
    23:32:14.0580 2724 SysMain - ok
    23:32:14.0706 2724 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
    23:32:14.0761 2724 TabletInputService - ok
    23:32:14.0859 2724 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
    23:32:14.0955 2724 TapiSrv - ok
    23:32:15.0074 2724 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
    23:32:15.0133 2724 TBS - ok
    23:32:15.0334 2724 Tcpip (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys
    23:32:15.0383 2724 Tcpip - ok
    23:32:15.0609 2724 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys
    23:32:15.0673 2724 TCPIP6 - ok
    23:32:15.0828 2724 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
    23:32:15.0922 2724 tcpipreg - ok
    23:32:16.0039 2724 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
    23:32:16.0059 2724 tdcmdpst - ok
    23:32:16.0116 2724 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
    23:32:16.0140 2724 TDPIPE - ok
    23:32:16.0221 2724 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
    23:32:16.0255 2724 TDTCP - ok
    23:32:16.0420 2724 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
    23:32:16.0478 2724 tdx - ok
    23:32:16.0598 2724 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys
    23:32:16.0623 2724 TermDD - ok
    23:32:16.0751 2724 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
    23:32:16.0831 2724 TermService - ok
    23:32:16.0942 2724 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
    23:32:16.0994 2724 Themes - ok
    23:32:17.0051 2724 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
    23:32:17.0102 2724 THREADORDER - ok
    23:32:17.0222 2724 TMachInfo (71c321649b28638ee80a2eeb164c1dc8) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    23:32:17.0252 2724 TMachInfo - ok
    23:32:17.0350 2724 TODDSrv (8e2c799d3476eac32c3ba0df7ce6af19) C:\windows\system32\TODDSrv.exe
    23:32:17.0360 2724 TODDSrv - ok
    23:32:17.0506 2724 TosCoSrv (1c73689b900428c7d054a41c4687f55c) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    23:32:17.0531 2724 TosCoSrv - ok
    23:32:17.0659 2724 TOSHIBA HDD SSD Alert Service (29d0886cf250fcef1bf9e65ab8d2c0c8) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    23:32:17.0697 2724 TOSHIBA HDD SSD Alert Service - ok
    23:32:17.0919 2724 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys
    23:32:17.0953 2724 tos_sps64 - ok
    23:32:18.0070 2724 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
    23:32:18.0186 2724 TrkWks - ok
    23:32:18.0281 2724 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
    23:32:18.0347 2724 TrustedInstaller - ok
    23:32:18.0553 2724 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
    23:32:18.0620 2724 tssecsrv - ok
    23:32:18.0769 2724 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
    23:32:18.0793 2724 TsUsbFlt - ok
    23:32:18.0914 2724 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
    23:32:18.0957 2724 TsUsbGD - ok
    23:32:19.0124 2724 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
    23:32:19.0212 2724 tunnel - ok
    23:32:19.0318 2724 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
    23:32:19.0337 2724 TVALZ - ok
    23:32:19.0430 2724 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
    23:32:19.0453 2724 uagp35 - ok
    23:32:19.0576 2724 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
    23:32:19.0656 2724 udfs - ok
    23:32:19.0811 2724 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
    23:32:19.0841 2724 UI0Detect - ok
    23:32:19.0952 2724 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
    23:32:19.0971 2724 uliagpkx - ok
    23:32:20.0123 2724 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
    23:32:20.0174 2724 umbus - ok
    23:32:20.0297 2724 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
    23:32:20.0345 2724 UmPass - ok
    23:32:20.0710 2724 UNS (7a78ed1088890114dfde2c4ab038d6b6) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    23:32:20.0802 2724 UNS - ok
    23:32:20.0907 2724 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
    23:32:20.0971 2724 upnphost - ok
    23:32:21.0059 2724 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
    23:32:21.0071 2724 usbccgp - ok
    23:32:21.0191 2724 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
    23:32:21.0222 2724 usbcir - ok
    23:32:21.0326 2724 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
    23:32:21.0371 2724 usbehci - ok
    23:32:21.0478 2724 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
    23:32:21.0504 2724 usbhub - ok
    23:32:21.0620 2724 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
    23:32:21.0670 2724 usbohci - ok
    23:32:21.0785 2724 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\drivers\usbprint.sys
    23:32:21.0835 2724 usbprint - ok
    23:32:21.0980 2724 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
    23:32:22.0030 2724 USBSTOR - ok
    23:32:22.0146 2724 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
    23:32:22.0191 2724 usbuhci - ok
    23:32:22.0329 2724 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
    23:32:22.0365 2724 usbvideo - ok
    23:32:22.0463 2724 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
    23:32:22.0555 2724 UxSms - ok
    23:32:22.0686 2724 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
    23:32:22.0707 2724 VaultSvc - ok
    23:32:22.0827 2724 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
    23:32:22.0846 2724 vdrvroot - ok
    23:32:22.0948 2724 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
    23:32:23.0025 2724 vds - ok
    23:32:23.0130 2724 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
    23:32:23.0165 2724 vga - ok
    23:32:23.0275 2724 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
    23:32:23.0368 2724 VgaSave - ok
    23:32:23.0461 2724 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
    23:32:23.0488 2724 vhdmp - ok
    23:32:23.0604 2724 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
    23:32:23.0621 2724 viaide - ok
    23:32:23.0731 2724 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
    23:32:23.0756 2724 volmgr - ok
    23:32:23.0894 2724 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
    23:32:23.0927 2724 volmgrx - ok
    23:32:24.0036 2724 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\windows\system32\drivers\volsnap.sys
    23:32:24.0070 2724 volsnap - ok
    23:32:24.0178 2724 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
    23:32:24.0204 2724 vsmraid - ok
    23:32:24.0383 2724 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
    23:32:24.0464 2724 VSS - ok
    23:32:24.0629 2724 vToolbarUpdater10.2.0 (3080f1f093869a19fb3d1f0226c73809) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
    23:32:24.0667 2724 vToolbarUpdater10.2.0 - ok
    23:32:24.0765 2724 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
    23:32:24.0824 2724 vwifibus - ok
    23:32:24.0967 2724 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
    23:32:25.0032 2724 vwififlt - ok
    23:32:25.0201 2724 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
    23:32:25.0265 2724 W32Time - ok
    23:32:25.0468 2724 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
    23:32:25.0525 2724 WacomPen - ok
    23:32:25.0702 2724 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
    23:32:25.0791 2724 WANARP - ok
    23:32:25.0834 2724 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
    23:32:25.0869 2724 Wanarpv6 - ok
    23:32:26.0002 2724 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
    23:32:26.0047 2724 WatAdminSvc - ok
    23:32:26.0286 2724 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
    23:32:26.0342 2724 wbengine - ok
    23:32:26.0449 2724 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
    23:32:26.0493 2724 WbioSrvc - ok
    23:32:26.0589 2724 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
    23:32:26.0689 2724 wcncsvc - ok
    23:32:26.0799 2724 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
    23:32:26.0830 2724 WcsPlugInService - ok
    23:32:26.0924 2724 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
    23:32:26.0946 2724 Wd - ok
    23:32:27.0086 2724 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
    23:32:27.0116 2724 Wdf01000 - ok
    23:32:27.0196 2724 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
    23:32:27.0256 2724 WdiServiceHost - ok
    23:32:27.0256 2724 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
    23:32:27.0276 2724 WdiSystemHost - ok
    23:32:27.0386 2724 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
    23:32:27.0416 2724 WebClient - ok
    23:32:27.0634 2724 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
    23:32:27.0718 2724 Wecsvc - ok
    23:32:27.0832 2724 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
    23:32:27.0881 2724 wercplsupport - ok
    23:32:28.0000 2724 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
    23:32:28.0086 2724 WerSvc - ok
    23:32:28.0222 2724 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
    23:32:28.0282 2724 WfpLwf - ok
    23:32:28.0438 2724 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
    23:32:28.0461 2724 WIMMount - ok
    23:32:28.0502 2724 WinDefend - ok
    23:32:28.0515 2724 WinHttpAutoProxySvc - ok
    23:32:28.0696 2724 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
    23:32:28.0755 2724 Winmgmt - ok
    23:32:28.0901 2724 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
    23:32:28.0962 2724 WinRM - ok
    23:32:29.0148 2724 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
    23:32:29.0213 2724 Wlansvc - ok
    23:32:29.0332 2724 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
    23:32:29.0352 2724 wlcrasvc - ok
    23:32:29.0521 2724 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    23:32:29.0618 2724 wlidsvc - ok
    23:32:29.0738 2724 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
    23:32:29.0790 2724 WmiAcpi - ok
    23:32:29.0928 2724 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
    23:32:29.0980 2724 wmiApSrv - ok
    23:32:30.0040 2724 WMPNetworkSvc - ok
    23:32:30.0179 2724 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
    23:32:30.0209 2724 WPCSvc - ok
    23:32:30.0326 2724 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
    23:32:30.0351 2724 WPDBusEnum - ok
    23:32:30.0501 2724 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
    23:32:30.0555 2724 ws2ifsl - ok
    23:32:30.0641 2724 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\system32\wscsvc.dll
    23:32:30.0720 2724 wscsvc - ok
    23:32:30.0798 2724 WSearch - ok
    23:32:30.0877 2724 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\windows\system32\wuaueng.dll
    23:32:30.0985 2724 wuauserv - ok
    23:32:31.0114 2724 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
    23:32:31.0195 2724 WudfPf - ok
    23:32:31.0339 2724 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
    23:32:31.0428 2724 WUDFRd - ok
    23:32:31.0562 2724 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
    23:32:31.0622 2724 wudfsvc - ok
    23:32:31.0724 2724 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
    23:32:31.0785 2724 WwanSvc - ok
    23:32:31.0829 2724 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
    23:32:31.0991 2724 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
    23:32:31.0991 2724 \Device\Harddisk0\DR0 - detected TDSS File System (1)
    23:32:32.0009 2724 Boot (0x1200) (f35360472a297c6edd472b5a8fe5d58b) \Device\Harddisk0\DR0\Partition0
    23:32:32.0012 2724 \Device\Harddisk0\DR0\Partition0 - ok

    23:32:32.0013 2724 Scan finished

    23:32:32.0032 2120 Detected object count: 1
    23:32:32.0032 2120 Actual detected object count: 1
    23:33:27.0848 2120 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
    23:33:27.0850 2120 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
    23:33:27.0853 2120 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
    23:33:27.0856 2120 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
    23:33:27.0865 2120 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
    23:33:27.0900 2120 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
    23:33:27.0969 2120 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
    23:33:27.0971 2120 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
    23:33:27.0974 2120 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
    23:33:27.0978 2120 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
    23:33:27.0982 2120 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
    23:33:27.0984 2120 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
    23:33:27.0985 2120 \Device\Harddisk0\DR0\TDLFS - deleted
    23:33:27.0985 2120 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
    23:42:07.0478 1652 Deinitialize success

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •