View Full Version : Help removing smitfraud
spaceycayce
2012-03-26, 20:48
Hi--thanks for the help with this. I had a thread opened earlier, but I had to leave unexpectedly for a death in the family. I am back and not much has been done since my last thread, which is archived http://forums.spybot.info/showthread.php?t=65508&highlight=spaceycayce
Here is DDS record.
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by owner at 10:17:36 on 2012-03-26
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4044.2148 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: AVG Anti-Virus 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
-netsvcs
C:\windows\system32\conhost.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\windows\system32\wuauclt.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>
BHO: MRI_DISABLED - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
uRun: [Facebook Update] "C:\Users\owner\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
mRun: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
TCP: DhcpNameServer = 10.0.1.1
TCP: Interfaces\{7C9D6D00-7B4D-4E44-9124-12F60CBE10A1} : DhcpNameServer = 10.0.1.1
TCP: Interfaces\{7C9D6D00-7B4D-4E44-9124-12F60CBE10A1}\3797374756D683 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{7C9D6D00-7B4D-4E44-9124-12F60CBE10A1}\4756272796F6E613 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{7C9D6D00-7B4D-4E44-9124-12F60CBE10A1}\C49637A747D274 : DhcpNameServer = 10.106.0.6 10.106.0.7
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: MRI_DISABLED - No File
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
mRun-x64: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\system32\DRIVERS\avgrkx64.sys --> C:\windows\system32\DRIVERS\avgrkx64.sys [?]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\windows\system32\DRIVERS\avgldx64.sys --> C:\windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\system32\DRIVERS\avgmfx64.sys --> C:\windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\windows\system32\DRIVERS\avgtdia.sys --> C:\windows\system32\DRIVERS\avgtdia.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\windows\system32\DRIVERS\MpFilter.sys --> C:\windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2011-12-9 123320]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-12-9 126392]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-3-15 1153368]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-12-9 2656280]
R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [2012-3-26 918880]
R3 FwLnk;FwLnk Driver;C:\windows\system32\DRIVERS\FwLnk.sys --> C:\windows\system32\DRIVERS\FwLnk.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\system32\DRIVERS\rtl8192Ce.sys --> C:\windows\system32\DRIVERS\rtl8192Ce.sys [?]
R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-9 136176]
S3 Andbus;LGE Android Platform Composite USB Device;C:\windows\system32\DRIVERS\lgandbus64.sys --> C:\windows\system32\DRIVERS\lgandbus64.sys [?]
S3 AndDiag;LGE Android Platform USB Serial Port;C:\windows\system32\DRIVERS\lganddiag64.sys --> C:\windows\system32\DRIVERS\lganddiag64.sys [?]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;C:\windows\system32\DRIVERS\lgandgps64.sys --> C:\windows\system32\DRIVERS\lgandgps64.sys [?]
S3 ANDModem;LGE Android Platform USB Modem;C:\windows\system32\DRIVERS\lgandmodem64.sys --> C:\windows\system32\DRIVERS\lgandmodem64.sys [?]
S3 AVGIDSDriver;AVGIDSDriver;C:\windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
S3 AVGIDSFilter;AVGIDSFilter;C:\windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-9 136176]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\windows\system32\DRIVERS\MpNWMon.sys --> C:\windows\system32\DRIVERS\MpNWMon.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\windows\system32\DRIVERS\NisDrvWFP.sys --> C:\windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-12-9 57216]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-6-9 138152]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S4 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-03-16 18:54:39 -------- d-s---w- C:\ComboFix
2012-03-16 18:39:37 -------- d-sh--w- C:\$RECYCLE.BIN
2012-03-16 18:23:31 20480 ----a-w- C:\windows\svchost.exe
2012-03-16 16:09:55 8643640 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{06D6E3DE-7A61-4EB6-A6A7-92E5627CE843}\mpengine.dll
2012-03-15 18:51:04 -------- d-----w- C:\Program Files\CCleaner
2012-03-15 18:45:13 3145728 ----a-w- C:\windows\System32\win32k.sys
2012-03-15 18:45:11 1544192 ----a-w- C:\windows\System32\DWrite.dll
2012-03-15 18:45:11 1077248 ----a-w- C:\windows\SysWow64\DWrite.dll
2012-03-15 18:45:04 826880 ----a-w- C:\windows\SysWow64\rdpcore.dll
2012-03-15 18:45:04 23552 ----a-w- C:\windows\System32\drivers\tdtcp.sys
2012-03-15 18:45:04 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys
2012-03-15 18:45:03 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe
2012-03-15 18:45:03 77312 ----a-w- C:\windows\System32\rdpwsx.dll
2012-03-15 18:45:03 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll
2012-03-15 18:44:28 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-03-15 18:44:28 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-03-15 18:35:14 525792 ----a-w- C:\windows\DIFxAPI.dll
2012-03-15 18:35:14 232464 ----a-w- C:\windows\TmNSCIns.dll
2012-03-15 18:22:29 -------- d-----w- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
2012-03-13 22:07:39 -------- d-----w- C:\Users\owner\AppData\Local\Kjs.AppLife.Update
2012-03-13 21:52:09 1031680 ----a-w- C:\windows\System32\rdpcore.dll
2012-03-12 01:42:00 -------- d-----w- C:\$AVG
2012-03-12 01:07:29 -------- d-----w- C:\Users\owner\AppData\Roaming\AVG2012
2012-03-12 01:06:29 -------- d-----w- C:\ProgramData\AVG Secure Search
2012-03-12 01:06:20 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2012-03-12 01:06:18 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
2012-03-12 01:06:13 -------- d--h--w- C:\ProgramData\Common Files
2012-03-12 01:06:05 -------- d-----w- C:\windows\SysWow64\drivers\AVG
2012-03-12 01:05:46 -------- d-----w- C:\windows\System32\drivers\AVG
2012-03-12 01:05:46 -------- d-----w- C:\ProgramData\AVG2012
2012-03-12 01:05:17 -------- d-----w- C:\Program Files (x86)\AVG
2012-03-12 00:55:23 -------- d-----w- C:\ProgramData\MFAData
2012-03-11 07:23:59 -------- d-----w- C:\Users\owner\AppData\Roaming\Malwarebytes
2012-03-03 19:14:40 34304 ----a-w- C:\windows\System32\drivers\lgandmodem64.sys
2012-03-03 19:14:40 27136 ----a-w- C:\windows\System32\drivers\lgandgps64.sys
2012-03-03 19:14:39 27648 ----a-w- C:\windows\System32\drivers\lganddiag64.sys
2012-03-03 19:14:39 19456 ----a-w- C:\windows\System32\drivers\lgandbus64.sys
2012-03-03 19:14:38 -------- d-----w- C:\Program Files (x86)\LG Electronics
.
==================== Find3M ====================
.
2012-02-06 14:14:19 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-31 12:44:20 279656 ------w- C:\windows\System32\MpSigStub.exe
2012-01-04 10:44:20 509952 ----a-w- C:\windows\System32\ntshrui.dll
2012-01-04 08:58:41 442880 ----a-w- C:\windows\SysWow64\ntshrui.dll
2011-12-30 06:26:08 515584 ----a-w- C:\windows\System32\timedate.cpl
2011-12-30 05:27:56 478720 ----a-w- C:\windows\SysWow64\timedate.cpl
2011-12-28 03:59:24 498688 ----a-w- C:\windows\System32\drivers\afd.sys
.
============= FINISH: 10:19:35.54 ===============
oldman960
2012-03-28, 13:32
Hi spaceycayce,
but I had to leave unexpectedly for a death in the familySorry to hear that.
Let's continue where we left off. Please post the combofix log you should be able to find it at C:\combofix.txt
spaceycayce
2012-03-28, 20:22
+ComboFix 12-03-28.02 - owner 03/28/2012 9:47.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4044.2487 [GMT -7:00]
Running from: c:\users\owner\Downloads\ComboFix.exe
AV: AVG Anti-Virus 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: AVG Anti-Virus 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-28 )))))))))))))))))))))))))))))))
.
.
2012-03-28 16:57 . 2009-07-14 01:14 20480 ----a-w- c:\windows\svchost.exe
2012-03-28 16:55 . 2012-03-28 16:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-16 21:26 . 2012-03-16 21:26 -------- d-----w- c:\program files\7-Zip
2012-03-16 16:09 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{06D6E3DE-7A61-4EB6-A6A7-92E5627CE843}\mpengine.dll
2012-03-15 18:51 . 2012-03-15 19:30 -------- d-----w- c:\program files\CCleaner
2012-03-15 18:45 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-15 18:45 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-15 18:45 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-15 18:45 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-15 18:45 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-15 18:45 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-15 18:45 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-15 18:45 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-15 18:45 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-15 18:44 . 2012-03-16 16:33 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-03-15 18:44 . 2012-03-15 18:47 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-03-15 18:35 . 2011-08-02 21:33 525792 ----a-w- c:\windows\DIFxAPI.dll
2012-03-15 18:35 . 2011-08-02 21:33 232464 ----a-w- c:\windows\TmNSCIns.dll
2012-03-15 18:22 . 2012-03-15 18:30 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE
2012-03-13 22:07 . 2012-03-13 22:15 -------- d-----w- c:\users\owner\AppData\Local\Kjs.AppLife.Update
2012-03-13 21:52 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-12 01:42 . 2012-03-12 01:42 -------- d-----w- C:\$AVG
2012-03-12 01:07 . 2012-03-12 01:07 -------- d-----w- c:\users\owner\AppData\Roaming\AVG2012
2012-03-12 01:06 . 2012-03-26 17:04 -------- d-----w- c:\programdata\AVG Secure Search
2012-03-12 01:06 . 2012-03-15 17:55 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-03-12 01:06 . 2012-03-26 17:04 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-03-12 01:06 . 2012-03-12 01:06 -------- d--h--w- c:\programdata\Common Files
2012-03-12 01:06 . 2012-03-12 01:06 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-03-12 01:05 . 2012-03-16 18:05 -------- d-----w- c:\windows\system32\drivers\AVG
2012-03-12 01:05 . 2012-03-12 01:18 -------- d-----w- c:\programdata\AVG2012
2012-03-12 01:05 . 2012-03-12 01:05 -------- d-----w- c:\program files (x86)\AVG
2012-03-12 00:55 . 2012-03-16 16:02 -------- d-----w- c:\programdata\MFAData
2012-03-11 07:23 . 2012-03-11 07:23 -------- d-----w- c:\users\owner\AppData\Roaming\Malwarebytes
2012-03-03 19:14 . 2010-12-07 22:23 34304 ----a-w- c:\windows\system32\drivers\lgandmodem64.sys
2012-03-03 19:14 . 2010-12-07 22:23 27136 ----a-w- c:\windows\system32\drivers\lgandgps64.sys
2012-03-03 19:14 . 2010-12-07 22:23 27648 ----a-w- c:\windows\system32\drivers\lganddiag64.sys
2012-03-03 19:14 . 2010-12-07 22:22 19456 ----a-w- c:\windows\system32\drivers\lgandbus64.sys
2012-03-03 19:14 . 2012-03-03 19:14 -------- d-----w- c:\program files (x86)\LG Electronics
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-11 20:17 . 2012-02-11 20:17 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C32BDBBE-FC19-4DE2-B182-E820F523E92B}\gapaengine.dll
2012-02-08 07:13 . 2012-02-07 05:49 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-06 14:14 . 2011-10-31 02:34 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-06 05:26 . 2012-02-11 20:17 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-01-31 12:44 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-07 23:27 . 2011-03-29 01:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-01-04 10:44 . 2012-02-15 05:50 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-15 05:50 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2011-12-30 06:26 . 2012-02-15 05:50 515584 ----a-w- c:\windows\system32\timedate.cpl
2011-12-30 05:27 . 2012-02-15 05:50 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-03-26 17:04 1869152 ----a-w- c:\program files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-26 1869152]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\owner\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-02-05 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"B2C_AGENT"="c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [2011-09-28 404568]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-25 2416480]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-03-26 982880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NortonOnlineBackupReminder]
2011-06-22 22:26 3218864 ----a-w- c:\program files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToshibaAppPlace]
2010-09-23 18:03 552960 ----a-w- c:\program files (x86)\TOSHIBA\Toshiba App Place\ToshibaAppPlace.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToshibaServiceStation]
2011-07-12 01:16 1298816 ----a-w- c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-09 136176]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys [x]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys [x]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys [x]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys [x]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-09 136176]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-28 288272]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-06-10 138152]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R4 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2011-07-19 123320]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-07-19 126392]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [2012-03-26 918880]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2547257186-3653365119-3982157553-1000Core.job
- c:\users\owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-05 04:44]
.
2012-03-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2547257186-3653365119-3982157553-1000UA.job
- c:\users\owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-05 04:44]
.
2012-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-09 20:15]
.
2012-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-09 20:15]
.
2012-03-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2547257186-3653365119-3982157553-1000Core.job
- c:\users\owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-22 21:28]
.
2012-03-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2547257186-3653365119-3982157553-1000UA.job
- c:\users\owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-22 21:28]
.
2012-03-12 c:\windows\Tasks\SidebarExecute.job
- c:\program files\Windows Sidebar\sidebar.exe [2010-11-21 03:24]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MRT"="c:\windows\system32\MRT.exe" [2012-03-16 56297240]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 10.0.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2518870 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2539636 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2572078 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2633870 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656351 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\\.\globalroot\systemroot\svchost.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-03-28 10:11:14 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-28 17:11
ComboFix2.txt 2012-03-16 18:29
.
Pre-Run: 262,254,624,768 bytes free
Post-Run: 261,680,017,408 bytes free
.
- - End Of File - - 681FDF6D73FE89845881C8D0CDB4DE99
oldman960
2012-03-29, 01:02
Hi spaceycayce,
Download the latest version of TDSSKiller from here (http://support.kaspersky.com/downloads/utils/tdsskiller.exe) and save it to your Desktop.
Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
http://i466.photobucket.com/albums/rr21/JSntgRvr/tdss_1.jpg
Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
http://i466.photobucket.com/albums/rr21/JSntgRvr/tdss_2.jpg
Click the Start Scan button.
http://i466.photobucket.com/albums/rr21/JSntgRvr/tdss_3.jpg
If a suspicious object is detected, the default action will be Skip, click on Continue.
http://i466.photobucket.com/albums/rr21/JSntgRvr/tdss_4.jpg
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
http://i466.photobucket.com/albums/rr21/JSntgRvr/tdss_5.jpg
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
spaceycayce
2012-03-29, 10:34
00:24:01.0715 4256 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
00:24:03.0177 4256 ============================================================
00:24:03.0177 4256 Current date / time: 2012/03/29 00:24:03.0177
00:24:03.0177 4256 SystemInfo:
00:24:03.0177 4256
00:24:03.0177 4256 OS Version: 6.1.7601 ServicePack: 1.0
00:24:03.0177 4256 Product type: Workstation
00:24:03.0177 4256 ComputerName: OWNER-PC
00:24:03.0177 4256 UserName: owner
00:24:03.0177 4256 Windows directory: C:\windows
00:24:03.0177 4256 System windows directory: C:\windows
00:24:03.0177 4256 Running under WOW64
00:24:03.0177 4256 Processor architecture: Intel x64
00:24:03.0177 4256 Number of processors: 2
00:24:03.0177 4256 Page size: 0x1000
00:24:03.0177 4256 Boot type: Normal boot
00:24:03.0177 4256 ============================================================
00:24:04.0362 4256 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:24:04.0365 4256 \Device\Harddisk0\DR0:
00:24:04.0365 4256 MBR used
00:24:04.0365 4256 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x235E9800
00:24:04.0407 4256 Initialize success
00:24:04.0407 4256 ============================================================
00:24:28.0650 4268 ============================================================
00:24:28.0650 4268 Scan started
00:24:28.0650 4268 Mode: Manual; SigCheck; TDLFS;
00:24:28.0650 4268 ============================================================
00:24:33.0202 4268 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
00:24:33.0535 4268 1394ohci - ok
00:24:33.0734 4268 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
00:24:33.0750 4268 ACPI - ok
00:24:33.0878 4268 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
00:24:34.0082 4268 AcpiPmi - ok
00:24:34.0416 4268 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
00:24:34.0447 4268 adp94xx - ok
00:24:34.0709 4268 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
00:24:34.0735 4268 adpahci - ok
00:24:35.0003 4268 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
00:24:35.0016 4268 adpu320 - ok
00:24:35.0330 4268 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
00:24:35.0537 4268 AeLookupSvc - ok
00:24:35.0691 4268 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
00:24:35.0812 4268 AFD - ok
00:24:36.0016 4268 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
00:24:36.0043 4268 agp440 - ok
00:24:36.0254 4268 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
00:24:36.0330 4268 ALG - ok
00:24:36.0527 4268 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
00:24:36.0765 4268 aliide - ok
00:24:36.0872 4268 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
00:24:36.0881 4268 amdide - ok
00:24:37.0030 4268 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
00:24:37.0084 4268 AmdK8 - ok
00:24:37.0253 4268 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys
00:24:37.0320 4268 AmdPPM - ok
00:24:37.0433 4268 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
00:24:37.0454 4268 amdsata - ok
00:24:37.0586 4268 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
00:24:37.0608 4268 amdsbs - ok
00:24:37.0711 4268 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
00:24:37.0727 4268 amdxata - ok
00:24:37.0810 4268 Andbus (48cd7e6520d47d62eab0e6ce3ec30c65) C:\windows\system32\DRIVERS\lgandbus64.sys
00:24:37.0846 4268 Andbus - ok
00:24:37.0932 4268 AndDiag (08cbacc00d15dcdbbaae1a7c8f231c61) C:\windows\system32\DRIVERS\lganddiag64.sys
00:24:37.0974 4268 AndDiag - ok
00:24:38.0191 4268 AndGps (cea9a4cd6b3a83428ce8501240833668) C:\windows\system32\DRIVERS\lgandgps64.sys
00:24:38.0229 4268 AndGps - ok
00:24:38.0379 4268 ANDModem (e2b5663e547fa5e756b253efa8ec8286) C:\windows\system32\DRIVERS\lgandmodem64.sys
00:24:38.0426 4268 ANDModem - ok
00:24:38.0573 4268 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
00:24:38.0809 4268 AppID - ok
00:24:38.0905 4268 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
00:24:38.0965 4268 AppIDSvc - ok
00:24:39.0076 4268 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
00:24:39.0148 4268 Appinfo - ok
00:24:39.0286 4268 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
00:24:39.0299 4268 arc - ok
00:24:39.0412 4268 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
00:24:39.0426 4268 arcsas - ok
00:24:39.0523 4268 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
00:24:39.0611 4268 AsyncMac - ok
00:24:39.0734 4268 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
00:24:39.0751 4268 atapi - ok
00:24:39.0877 4268 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
00:24:39.0946 4268 AudioEndpointBuilder - ok
00:24:39.0970 4268 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
00:24:40.0033 4268 AudioSrv - ok
00:24:40.0334 4268 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
00:24:40.0500 4268 AVGIDSAgent - ok
00:24:40.0621 4268 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\windows\system32\DRIVERS\AVGIDSDriver.Sys
00:24:40.0644 4268 AVGIDSDriver - ok
00:24:40.0803 4268 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\windows\system32\DRIVERS\AVGIDSEH.Sys
00:24:40.0819 4268 AVGIDSEH - ok
00:24:41.0015 4268 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\windows\system32\DRIVERS\AVGIDSFilter.Sys
00:24:41.0032 4268 AVGIDSFilter - ok
00:24:41.0225 4268 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\windows\system32\DRIVERS\avgldx64.sys
00:24:41.0250 4268 Avgldx64 - ok
00:24:41.0389 4268 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\windows\system32\DRIVERS\avgmfx64.sys
00:24:41.0400 4268 Avgmfx64 - ok
00:24:41.0555 4268 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\windows\system32\DRIVERS\avgrkx64.sys
00:24:41.0566 4268 Avgrkx64 - ok
00:24:41.0751 4268 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\windows\system32\DRIVERS\avgtdia.sys
00:24:41.0769 4268 Avgtdia - ok
00:24:41.0918 4268 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
00:24:41.0931 4268 avgwd - ok
00:24:42.0080 4268 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
00:24:42.0222 4268 AxInstSV - ok
00:24:42.0431 4268 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
00:24:42.0482 4268 b06bdrv - ok
00:24:42.0624 4268 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
00:24:42.0676 4268 b57nd60a - ok
00:24:42.0793 4268 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
00:24:42.0839 4268 BDESVC - ok
00:24:43.0034 4268 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
00:24:43.0106 4268 Beep - ok
00:24:43.0261 4268 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
00:24:43.0387 4268 BFE - ok
00:24:43.0604 4268 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\system32\qmgr.dll
00:24:43.0715 4268 BITS - ok
00:24:43.0848 4268 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
00:24:43.0890 4268 blbdrive - ok
00:24:44.0095 4268 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
00:24:44.0171 4268 bowser - ok
00:24:44.0325 4268 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
00:24:44.0393 4268 BrFiltLo - ok
00:24:44.0503 4268 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
00:24:44.0536 4268 BrFiltUp - ok
00:24:44.0695 4268 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
00:24:44.0813 4268 BridgeMP - ok
00:24:45.0081 4268 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
00:24:45.0175 4268 Browser - ok
00:24:45.0371 4268 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
00:24:45.0433 4268 Brserid - ok
00:24:45.0559 4268 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
00:24:45.0621 4268 BrSerWdm - ok
00:24:45.0803 4268 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
00:24:45.0866 4268 BrUsbMdm - ok
00:24:46.0026 4268 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
00:24:46.0091 4268 BrUsbSer - ok
00:24:46.0239 4268 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
00:24:46.0310 4268 BTHMODEM - ok
00:24:46.0496 4268 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
00:24:46.0591 4268 bthserv - ok
00:24:46.0619 4268 catchme - ok
00:24:46.0764 4268 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
00:24:46.0870 4268 cdfs - ok
00:24:47.0034 4268 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
00:24:47.0095 4268 cdrom - ok
00:24:47.0243 4268 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
00:24:47.0340 4268 CertPropSvc - ok
00:24:47.0480 4268 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
00:24:47.0536 4268 circlass - ok
00:24:47.0725 4268 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
00:24:47.0753 4268 CLFS - ok
00:24:47.0931 4268 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:24:47.0955 4268 clr_optimization_v2.0.50727_32 - ok
00:24:48.0075 4268 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:24:48.0094 4268 clr_optimization_v2.0.50727_64 - ok
00:24:48.0302 4268 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:24:48.0323 4268 clr_optimization_v4.0.30319_32 - ok
00:24:48.0556 4268 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:24:48.0574 4268 clr_optimization_v4.0.30319_64 - ok
00:24:48.0724 4268 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
00:24:48.0772 4268 CmBatt - ok
00:24:48.0905 4268 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
00:24:48.0926 4268 cmdide - ok
00:24:49.0074 4268 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
00:24:49.0103 4268 CNG - ok
00:24:49.0370 4268 CnxtHdAudService (a260be645dd096d90318c8cf98536720) C:\windows\system32\drivers\CHDRT64.sys
00:24:49.0455 4268 CnxtHdAudService - ok
00:24:49.0613 4268 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
00:24:49.0638 4268 Compbatt - ok
00:24:49.0836 4268 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys
00:24:49.0906 4268 CompositeBus - ok
00:24:49.0996 4268 COMSysApp - ok
00:24:50.0074 4268 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
00:24:50.0109 4268 crcdisk - ok
00:24:50.0318 4268 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\windows\system32\cryptsvc.dll
00:24:50.0466 4268 CryptSvc - ok
00:24:50.0706 4268 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
00:24:50.0759 4268 cvhsvc - ok
00:24:50.0954 4268 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
00:24:51.0085 4268 DcomLaunch - ok
00:24:51.0318 4268 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
00:24:51.0430 4268 defragsvc - ok
00:24:51.0572 4268 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
00:24:51.0688 4268 DfsC - ok
00:24:51.0840 4268 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
00:24:51.0969 4268 Dhcp - ok
00:24:52.0116 4268 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
00:24:52.0248 4268 discache - ok
00:24:52.0439 4268 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
00:24:52.0458 4268 Disk - ok
00:24:52.0613 4268 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
00:24:52.0728 4268 Dnscache - ok
00:24:52.0873 4268 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
00:24:53.0005 4268 dot3svc - ok
00:24:53.0117 4268 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
00:24:53.0185 4268 DPS - ok
00:24:53.0314 4268 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
00:24:53.0364 4268 drmkaud - ok
00:24:53.0666 4268 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
00:24:53.0722 4268 DXGKrnl - ok
00:24:53.0899 4268 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
00:24:53.0986 4268 EapHost - ok
00:24:54.0783 4268 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
00:24:54.0935 4268 ebdrv - ok
00:24:55.0058 4268 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
00:24:55.0125 4268 EFS - ok
00:24:55.0271 4268 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
00:24:55.0331 4268 ehRecvr - ok
00:24:55.0498 4268 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
00:24:55.0525 4268 ehSched - ok
00:24:55.0690 4268 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
00:24:55.0742 4268 elxstor - ok
00:24:55.0994 4268 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
00:24:56.0098 4268 ErrDev - ok
00:24:56.0267 4268 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
00:24:56.0354 4268 EventSystem - ok
00:24:56.0508 4268 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
00:24:56.0602 4268 exfat - ok
00:24:56.0741 4268 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
00:24:56.0842 4268 fastfat - ok
00:24:57.0100 4268 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
00:24:57.0186 4268 Fax - ok
00:24:57.0277 4268 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
00:24:57.0323 4268 fdc - ok
00:24:57.0409 4268 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
00:24:57.0481 4268 fdPHost - ok
00:24:57.0490 4268 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
00:24:57.0548 4268 FDResPub - ok
00:24:57.0638 4268 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
00:24:57.0652 4268 FileInfo - ok
00:24:57.0664 4268 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
00:24:57.0749 4268 Filetrace - ok
00:24:57.0837 4268 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
00:24:57.0855 4268 flpydisk - ok
00:24:57.0932 4268 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
00:24:57.0948 4268 FltMgr - ok
00:24:58.0032 4268 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
00:24:58.0093 4268 FontCache - ok
00:24:58.0189 4268 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:24:58.0198 4268 FontCache3.0.0.0 - ok
00:24:58.0309 4268 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
00:24:58.0322 4268 FsDepends - ok
00:24:58.0347 4268 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
00:24:58.0355 4268 Fs_Rec - ok
00:24:58.0447 4268 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
00:24:58.0463 4268 fvevol - ok
00:24:58.0549 4268 FwLnk (60acb128e64c35c2b4e4aab1b0a5c293) C:\windows\system32\DRIVERS\FwLnk.sys
00:24:58.0593 4268 FwLnk - ok
00:24:58.0737 4268 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
00:24:58.0785 4268 gagp30kx - ok
00:24:58.0928 4268 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
00:24:58.0943 4268 GamesAppService - ok
00:24:59.0089 4268 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
00:24:59.0139 4268 gpsvc - ok
00:24:59.0229 4268 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:24:59.0248 4268 gupdate - ok
00:24:59.0271 4268 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:24:59.0283 4268 gupdatem - ok
00:24:59.0382 4268 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
00:24:59.0394 4268 gusvc - ok
00:24:59.0481 4268 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
00:24:59.0522 4268 hcw85cir - ok
00:24:59.0638 4268 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
00:24:59.0775 4268 HdAudAddService - ok
00:24:59.0896 4268 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys
00:24:59.0991 4268 HDAudBus - ok
00:25:00.0137 4268 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
00:25:00.0163 4268 HidBatt - ok
00:25:00.0295 4268 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
00:25:00.0352 4268 HidBth - ok
00:25:00.0733 4268 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
00:25:00.0759 4268 HidIr - ok
00:25:00.0871 4268 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll
00:25:00.0969 4268 hidserv - ok
00:25:01.0112 4268 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\drivers\hidusb.sys
00:25:01.0132 4268 HidUsb - ok
00:25:01.0261 4268 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
00:25:01.0396 4268 hkmsvc - ok
00:25:01.0512 4268 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
00:25:01.0603 4268 HomeGroupListener - ok
00:25:01.0722 4268 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
00:25:01.0761 4268 HomeGroupProvider - ok
00:25:01.0880 4268 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
00:25:01.0891 4268 HpSAMD - ok
00:25:02.0173 4268 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
00:25:02.0268 4268 HTTP - ok
00:25:02.0470 4268 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
00:25:02.0480 4268 hwpolicy - ok
00:25:02.0716 4268 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
00:25:02.0752 4268 i8042prt - ok
00:25:02.0930 4268 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\windows\system32\DRIVERS\iaStor.sys
00:25:02.0949 4268 iaStor - ok
00:25:03.0136 4268 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
00:25:03.0192 4268 iaStorV - ok
00:25:03.0316 4268 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:25:03.0359 4268 idsvc - ok
00:25:04.0350 4268 igfx (370c2a8629b30f910f740387795ddc6f) C:\windows\system32\DRIVERS\igdkmd64.sys
00:25:04.0816 4268 igfx - ok
00:25:05.0030 4268 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
00:25:05.0045 4268 iirsp - ok
00:25:05.0241 4268 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
00:25:05.0510 4268 IKEEXT - ok
00:25:05.0664 4268 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
00:25:05.0675 4268 intelide - ok
00:25:05.0865 4268 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
00:25:05.0898 4268 intelppm - ok
00:25:06.0023 4268 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
00:25:06.0086 4268 IPBusEnum - ok
00:25:06.0200 4268 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
00:25:06.0241 4268 IpFilterDriver - ok
00:25:06.0433 4268 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
00:25:06.0550 4268 iphlpsvc - ok
00:25:06.0680 4268 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
00:25:06.0715 4268 IPMIDRV - ok
00:25:06.0870 4268 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
00:25:06.0931 4268 IPNAT - ok
00:25:07.0198 4268 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
00:25:07.0215 4268 IRENUM - ok
00:25:07.0394 4268 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
00:25:07.0406 4268 isapnp - ok
00:25:07.0577 4268 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
00:25:07.0596 4268 iScsiPrt - ok
00:25:07.0778 4268 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
00:25:07.0791 4268 kbdclass - ok
00:25:08.0841 4268 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
00:25:08.0882 4268 kbdhid - ok
00:25:09.0160 4268 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
00:25:09.0185 4268 KeyIso - ok
00:25:09.0464 4268 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
00:25:09.0477 4268 KSecDD - ok
00:25:09.0593 4268 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
00:25:09.0604 4268 KSecPkg - ok
00:25:09.0746 4268 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
00:25:09.0824 4268 ksthunk - ok
00:25:09.0935 4268 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
00:25:10.0022 4268 KtmRm - ok
00:25:11.0430 4268 L1C (045fb70bc993b691517ce309045ff02d) C:\windows\system32\DRIVERS\L1C62x64.sys
00:25:11.0438 4268 L1C - ok
00:25:11.0579 4268 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\System32\srvsvc.dll
00:25:11.0662 4268 LanmanServer - ok
00:25:11.0803 4268 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
00:25:11.0886 4268 LanmanWorkstation - ok
00:25:12.0814 4268 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
00:25:12.0891 4268 lltdio - ok
00:25:13.0019 4268 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
00:25:13.0101 4268 lltdsvc - ok
00:25:13.0182 4268 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
00:25:13.0222 4268 lmhosts - ok
00:25:13.0385 4268 LMS (98b16e756243bea9410e32025b19c06f) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
00:25:13.0416 4268 LMS - ok
00:25:13.0583 4268 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
00:25:13.0596 4268 LSI_FC - ok
00:25:13.0719 4268 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
00:25:13.0736 4268 LSI_SAS - ok
00:25:13.0967 4268 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
00:25:13.0983 4268 LSI_SAS2 - ok
00:25:14.0279 4268 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
00:25:14.0312 4268 LSI_SCSI - ok
00:25:14.0404 4268 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
00:25:14.0474 4268 luafv - ok
00:25:14.0620 4268 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
00:25:14.0637 4268 Mcx2Svc - ok
00:25:14.0729 4268 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
00:25:14.0746 4268 megasas - ok
00:25:14.0870 4268 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
00:25:14.0885 4268 MegaSR - ok
00:25:14.0999 4268 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\windows\system32\DRIVERS\HECIx64.sys
00:25:15.0010 4268 MEIx64 - ok
00:25:15.0149 4268 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
00:25:15.0233 4268 MMCSS - ok
00:25:15.0394 4268 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
00:25:15.0479 4268 Modem - ok
00:25:15.0615 4268 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
00:25:15.0655 4268 monitor - ok
00:25:15.0861 4268 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
00:25:15.0870 4268 mouclass - ok
00:25:16.0179 4268 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\drivers\mouhid.sys
00:25:16.0249 4268 mouhid - ok
00:25:16.0340 4268 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
00:25:16.0351 4268 mountmgr - ok
00:25:16.0462 4268 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\windows\system32\DRIVERS\MpFilter.sys
00:25:16.0477 4268 MpFilter - ok
00:25:16.0537 4268 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
00:25:16.0551 4268 mpio - ok
00:25:16.0718 4268 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\windows\system32\DRIVERS\MpNWMon.sys
00:25:16.0732 4268 MpNWMon - ok
00:25:16.0863 4268 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
00:25:16.0929 4268 mpsdrv - ok
00:25:17.0139 4268 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
00:25:17.0215 4268 MpsSvc - ok
00:25:17.0514 4268 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
00:25:17.0556 4268 MRxDAV - ok
00:25:17.0721 4268 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
00:25:17.0782 4268 mrxsmb - ok
00:25:17.0938 4268 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
00:25:17.0954 4268 mrxsmb10 - ok
00:25:18.0072 4268 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
00:25:18.0089 4268 mrxsmb20 - ok
00:25:18.0205 4268 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\DRIVERS\msahci.sys
00:25:18.0220 4268 msahci - ok
00:25:18.0369 4268 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
00:25:18.0401 4268 msdsm - ok
00:25:18.0629 4268 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
00:25:18.0675 4268 MSDTC - ok
00:25:18.0838 4268 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
00:25:18.0881 4268 Msfs - ok
00:25:19.0007 4268 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
00:25:19.0065 4268 mshidkmdf - ok
00:25:19.0194 4268 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
00:25:19.0204 4268 msisadrv - ok
00:25:19.0327 4268 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
00:25:19.0421 4268 MSiSCSI - ok
00:25:19.0509 4268 msiserver - ok
00:25:19.0908 4268 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
00:25:19.0984 4268 MSKSSRV - ok
00:25:20.0217 4268 MsMpSvc (157e9e498206a3366baa7e4697bdd947) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
00:25:20.0225 4268 MsMpSvc - ok
00:25:20.0386 4268 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
00:25:20.0492 4268 MSPCLOCK - ok
00:25:20.0675 4268 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
00:25:20.0749 4268 MSPQM - ok
00:25:20.0916 4268 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
00:25:20.0934 4268 MsRPC - ok
00:25:21.0044 4268 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
00:25:21.0058 4268 mssmbios - ok
00:25:21.0189 4268 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
00:25:21.0256 4268 MSTEE - ok
00:25:21.0488 4268 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
00:25:21.0502 4268 MTConfig - ok
00:25:21.0589 4268 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
00:25:21.0600 4268 Mup - ok
00:25:21.0784 4268 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
00:25:21.0889 4268 napagent - ok
00:25:22.0031 4268 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
00:25:22.0078 4268 NativeWifiP - ok
00:25:22.0203 4268 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
00:25:22.0252 4268 NDIS - ok
00:25:22.0396 4268 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
00:25:22.0482 4268 NdisCap - ok
00:25:22.0646 4268 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
00:25:22.0695 4268 NdisTapi - ok
00:25:22.0914 4268 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
00:25:22.0995 4268 Ndisuio - ok
00:25:23.0307 4268 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
00:25:23.0374 4268 NdisWan - ok
00:25:23.0552 4268 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
00:25:23.0585 4268 NDProxy - ok
00:25:23.0808 4268 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
00:25:23.0905 4268 NetBIOS - ok
00:25:24.0034 4268 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
00:25:24.0080 4268 NetBT - ok
00:25:24.0184 4268 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
00:25:24.0195 4268 Netlogon - ok
00:25:24.0356 4268 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
00:25:24.0423 4268 Netman - ok
00:25:24.0524 4268 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
00:25:24.0590 4268 netprofm - ok
00:25:24.0710 4268 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:25:24.0720 4268 NetTcpPortSharing - ok
00:25:24.0900 4268 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
00:25:24.0920 4268 nfrd960 - ok
00:25:25.0080 4268 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\windows\system32\DRIVERS\NisDrvWFP.sys
00:25:25.0090 4268 NisDrv - ok
00:25:25.0180 4268 NisSrv (566ddd5d82520da01d75f81428ac4c38) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
00:25:25.0190 4268 NisSrv - ok
00:25:25.0400 4268 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
00:25:25.0460 4268 NlaSvc - ok
00:25:25.0550 4268 Norton PC Checkup Application Launcher - ok
00:25:25.0740 4268 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
00:25:25.0820 4268 Npfs - ok
00:25:26.0020 4268 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
00:25:26.0080 4268 nsi - ok
00:25:26.0300 4268 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
00:25:26.0370 4268 nsiproxy - ok
00:25:26.0600 4268 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
00:25:26.0740 4268 Ntfs - ok
00:25:26.0870 4268 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
00:25:26.0940 4268 Null - ok
00:25:27.0080 4268 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
00:25:27.0110 4268 nvraid - ok
00:25:27.0220 4268 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
00:25:27.0240 4268 nvstor - ok
00:25:27.0250 4268 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
00:25:27.0260 4268 nv_agp - ok
00:25:27.0270 4268 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
00:25:27.0290 4268 ohci1394 - ok
00:25:27.0380 4268 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:25:27.0400 4268 ose - ok
00:25:27.0760 4268 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
00:25:28.0040 4268 osppsvc - ok
00:25:28.0230 4268 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
00:25:28.0300 4268 p2pimsvc - ok
00:25:28.0460 4268 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
00:25:28.0510 4268 p2psvc - ok
00:25:28.0630 4268 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
00:25:28.0680 4268 Parport - ok
00:25:28.0830 4268 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys
00:25:28.0860 4268 partmgr - ok
00:25:28.0950 4268 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
00:25:29.0020 4268 PcaSvc - ok
00:25:29.0170 4268 PCCUJobMgr (2f86be1818c2d7ac90478e3323ee7fcb) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
00:25:29.0200 4268 PCCUJobMgr - ok
00:25:29.0400 4268 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
00:25:29.0420 4268 pci - ok
00:25:29.0490 4268 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
00:25:29.0510 4268 pciide - ok
00:25:29.0660 4268 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
00:25:29.0710 4268 pcmcia - ok
00:25:29.0930 4268 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
00:25:29.0960 4268 pcw - ok
00:25:30.0190 4268 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
00:25:30.0340 4268 PEAUTH - ok
00:25:30.0460 4268 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
00:25:30.0520 4268 PerfHost - ok
00:25:30.0670 4268 PGEffect (91111cebbde8015e822c46120ed9537c) C:\windows\system32\DRIVERS\pgeffect.sys
00:25:30.0700 4268 PGEffect - ok
00:25:30.0920 4268 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
00:25:31.0080 4268 pla - ok
00:25:31.0230 4268 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
00:25:31.0310 4268 PlugPlay - ok
00:25:31.0480 4268 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
00:25:31.0520 4268 PNRPAutoReg - ok
00:25:31.0720 4268 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
00:25:31.0750 4268 PNRPsvc - ok
00:25:31.0960 4268 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
00:25:33.0120 4268 PolicyAgent - ok
00:25:33.0220 4268 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
00:25:33.0310 4268 Power - ok
00:25:33.0450 4268 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
00:25:33.0520 4268 PptpMiniport - ok
00:25:33.0650 4268 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
00:25:33.0700 4268 Processor - ok
00:25:33.0890 4268 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\windows\system32\profsvc.dll
00:25:34.0000 4268 ProfSvc - ok
00:25:34.0130 4268 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
00:25:34.0160 4268 ProtectedStorage - ok
00:25:34.0310 4268 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
00:25:34.0450 4268 Psched - ok
00:25:34.0770 4268 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
00:25:34.0850 4268 ql2300 - ok
00:25:35.0040 4268 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
00:25:35.0050 4268 ql40xx - ok
00:25:35.0260 4268 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
00:25:35.0320 4268 QWAVE - ok
00:25:35.0460 4268 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
00:25:35.0540 4268 QWAVEdrv - ok
00:25:35.0720 4268 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
00:25:35.0820 4268 RasAcd - ok
00:25:35.0990 4268 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
00:25:36.0080 4268 RasAgileVpn - ok
00:25:36.0260 4268 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
00:25:36.0390 4268 RasAuto - ok
00:25:36.0580 4268 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
00:25:36.0670 4268 Rasl2tp - ok
00:25:36.0830 4268 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
00:25:36.0940 4268 RasMan - ok
00:25:37.0080 4268 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
00:25:37.0150 4268 RasPppoe - ok
00:25:37.0390 4268 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
00:25:37.0490 4268 RasSstp - ok
00:25:37.0620 4268 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
00:25:37.0720 4268 rdbss - ok
00:25:37.0840 4268 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
00:25:37.0890 4268 rdpbus - ok
00:25:38.0020 4268 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
00:25:38.0120 4268 RDPCDD - ok
00:25:38.0300 4268 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
00:25:38.0420 4268 RDPENCDD - ok
00:25:38.0700 4268 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
00:25:38.0770 4268 RDPREFMP - ok
00:25:38.0900 4268 RDPWD (6d76e6433574b058adcb0c50df834492) C:\windows\system32\drivers\RDPWD.sys
00:25:38.0950 4268 RDPWD - ok
00:25:39.0110 4268 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
00:25:39.0150 4268 rdyboost - ok
00:25:39.0310 4268 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
00:25:39.0430 4268 RemoteAccess - ok
00:25:39.0530 4268 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
00:25:39.0640 4268 RemoteRegistry - ok
00:25:39.0750 4268 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
00:25:39.0850 4268 RpcEptMapper - ok
00:25:39.0960 4268 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
00:25:39.0990 4268 RpcLocator - ok
00:25:40.0130 4268 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
00:25:40.0200 4268 RpcSs - ok
00:25:40.0340 4268 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
00:25:40.0430 4268 rspndr - ok
00:25:40.0580 4268 RSUSBSTOR (0e3dcf76f11dc431b088a2dfd7265cda) C:\windows\system32\Drivers\RtsUStor.sys
00:25:40.0630 4268 RSUSBSTOR - ok
00:25:40.0770 4268 RTL8192Ce (64fdf4fe366ca42da2b7d9d424b6e39b) C:\windows\system32\DRIVERS\rtl8192Ce.sys
00:25:40.0820 4268 RTL8192Ce - ok
00:25:40.0950 4268 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
00:25:40.0980 4268 SamSs - ok
00:25:41.0100 4268 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
00:25:41.0120 4268 sbp2port - ok
00:25:41.0440 4268 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
00:25:41.0490 4268 SBSDWSCService - ok
00:25:41.0630 4268 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
00:25:41.0680 4268 SCardSvr - ok
00:25:41.0730 4268 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
00:25:41.0790 4268 scfilter - ok
00:25:41.0960 4268 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
00:25:42.0120 4268 Schedule - ok
00:25:42.0290 4268 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
00:25:42.0360 4268 SCPolicySvc - ok
00:25:42.0540 4268 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
00:25:42.0580 4268 SDRSVC - ok
00:25:42.0840 4268 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
00:25:42.0920 4268 secdrv - ok
00:25:43.0110 4268 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
00:25:43.0170 4268 seclogon - ok
00:25:43.0300 4268 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\system32\sens.dll
00:25:43.0390 4268 SENS - ok
00:25:43.0490 4268 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
00:25:43.0540 4268 SensrSvc - ok
00:25:43.0700 4268 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
00:25:43.0750 4268 Serenum - ok
00:25:43.0960 4268 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
00:25:44.0010 4268 Serial - ok
00:25:44.0130 4268 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
00:25:44.0180 4268 sermouse - ok
00:25:44.0310 4268 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
00:25:44.0370 4268 SessionEnv - ok
00:25:44.0500 4268 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
00:25:44.0520 4268 sffdisk - ok
00:25:44.0650 4268 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
00:25:44.0690 4268 sffp_mmc - ok
00:25:44.0820 4268 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
00:25:44.0860 4268 sffp_sd - ok
00:25:45.0050 4268 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
00:25:45.0100 4268 sfloppy - ok
00:25:45.0300 4268 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\windows\system32\DRIVERS\Sftfslh.sys
00:25:45.0330 4268 Sftfs - ok
00:25:45.0440 4268 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
00:25:45.0470 4268 sftlist - ok
00:25:45.0610 4268 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\windows\system32\DRIVERS\Sftplaylh.sys
00:25:45.0630 4268 Sftplay - ok
00:25:45.0810 4268 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\windows\system32\DRIVERS\Sftredirlh.sys
00:25:45.0820 4268 Sftredir - ok
00:25:45.0950 4268 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\windows\system32\DRIVERS\Sftvollh.sys
00:25:45.0960 4268 Sftvol - ok
00:25:46.0050 4268 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
00:25:46.0060 4268 sftvsa - ok
00:25:46.0340 4268 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
00:25:46.0380 4268 SharedAccess - ok
00:25:46.0520 4268 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
00:25:46.0600 4268 ShellHWDetection - ok
00:25:46.0740 4268 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
00:25:46.0750 4268 SiSRaid2 - ok
00:25:46.0860 4268 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
00:25:46.0870 4268 SiSRaid4 - ok
00:25:46.0950 4268 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
00:25:47.0040 4268 Smb - ok
00:25:47.0170 4268 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
00:25:47.0210 4268 SNMPTRAP - ok
00:25:47.0330 4268 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
00:25:47.0350 4268 spldr - ok
00:25:47.0390 4268 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
00:25:47.0440 4268 Spooler - ok
00:25:47.0650 4268 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
00:25:47.0780 4268 sppsvc - ok
00:25:47.0930 4268 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
00:25:47.0970 4268 sppuinotify - ok
00:25:48.0080 4268 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
00:25:48.0140 4268 srv - ok
00:25:48.0270 4268 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
00:25:48.0310 4268 srv2 - ok
00:25:48.0540 4268 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
00:25:48.0550 4268 srvnet - ok
00:25:48.0670 4268 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
00:25:48.0740 4268 SSDPSRV - ok
00:25:48.0830 4268 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
00:25:48.0860 4268 SstpSvc - ok
00:25:49.0050 4268 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
00:25:49.0060 4268 stexstor - ok
00:25:49.0190 4268 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
00:25:49.0240 4268 stisvc - ok
00:25:49.0350 4268 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
00:25:49.0380 4268 swenum - ok
00:25:49.0510 4268 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
00:25:49.0610 4268 swprv - ok
00:25:49.0770 4268 SynTP (470c47daba9ca3966f0ab3f835d7d135) C:\windows\system32\DRIVERS\SynTP.sys
00:25:49.0800 4268 SynTP - ok
00:25:49.0990 4268 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
00:25:50.0070 4268 SysMain - ok
00:25:50.0250 4268 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
00:25:50.0350 4268 TabletInputService - ok
00:25:50.0500 4268 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
00:25:50.0550 4268 TapiSrv - ok
00:25:50.0730 4268 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
00:25:50.0790 4268 TBS - ok
00:25:51.0050 4268 Tcpip (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys
00:25:51.0110 4268 Tcpip - ok
00:25:51.0340 4268 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys
00:25:51.0390 4268 TCPIP6 - ok
00:25:51.0560 4268 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
00:25:51.0620 4268 tcpipreg - ok
00:25:51.0750 4268 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
00:25:51.0760 4268 tdcmdpst - ok
00:25:51.0910 4268 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
00:25:51.0940 4268 TDPIPE - ok
00:25:52.0030 4268 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
00:25:52.0100 4268 TDTCP - ok
00:25:52.0220 4268 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
00:25:52.0270 4268 tdx - ok
00:25:52.0450 4268 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys
00:25:52.0460 4268 TermDD - ok
00:25:52.0640 4268 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
00:25:52.0730 4268 TermService - ok
00:25:52.0970 4268 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
00:25:52.0990 4268 Themes - ok
00:25:53.0080 4268 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
00:25:53.0120 4268 THREADORDER - ok
00:25:53.0260 4268 TMachInfo (71c321649b28638ee80a2eeb164c1dc8) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
00:25:53.0280 4268 TMachInfo - ok
00:25:53.0390 4268 TODDSrv (8e2c799d3476eac32c3ba0df7ce6af19) C:\windows\system32\TODDSrv.exe
00:25:53.0400 4268 TODDSrv - ok
00:25:53.0580 4268 TosCoSrv (1c73689b900428c7d054a41c4687f55c) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
00:25:53.0590 4268 TosCoSrv - ok
00:25:53.0760 4268 TOSHIBA HDD SSD Alert Service (29d0886cf250fcef1bf9e65ab8d2c0c8) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
00:25:53.0760 4268 TOSHIBA HDD SSD Alert Service - ok
00:25:53.0970 4268 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys
00:25:54.0000 4268 tos_sps64 - ok
00:25:54.0158 4268 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
00:25:54.0241 4268 TrkWks - ok
00:25:54.0315 4268 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
00:25:54.0381 4268 TrustedInstaller - ok
00:25:54.0544 4268 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
00:25:54.0617 4268 tssecsrv - ok
00:25:55.0315 4268 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
00:25:55.0326 4268 TsUsbFlt - ok
00:25:55.0448 4268 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
00:25:55.0526 4268 TsUsbGD - ok
00:25:55.0736 4268 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
00:25:55.0806 4268 tunnel - ok
00:25:56.0008 4268 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
00:25:56.0017 4268 TVALZ - ok
00:25:56.0153 4268 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
00:25:56.0163 4268 uagp35 - ok
00:25:56.0364 4268 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
00:25:56.0443 4268 udfs - ok
00:25:56.0635 4268 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
00:25:56.0648 4268 UI0Detect - ok
00:25:56.0764 4268 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
00:25:56.0773 4268 uliagpkx - ok
00:25:56.0926 4268 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
00:25:56.0975 4268 umbus - ok
00:25:57.0121 4268 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
00:25:57.0177 4268 UmPass - ok
00:25:57.0617 4268 UNS (7a78ed1088890114dfde2c4ab038d6b6) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
00:25:57.0697 4268 UNS - ok
00:25:57.0807 4268 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
00:25:57.0903 4268 upnphost - ok
00:25:58.0172 4268 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
00:25:58.0196 4268 usbccgp - ok
00:25:58.0360 4268 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
00:25:58.0380 4268 usbcir - ok
00:25:58.0494 4268 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
00:25:58.0602 4268 usbehci - ok
00:25:58.0755 4268 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
00:25:58.0773 4268 usbhub - ok
00:25:58.0867 4268 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
00:25:58.0905 4268 usbohci - ok
00:25:59.0008 4268 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\drivers\usbprint.sys
00:25:59.0064 4268 usbprint - ok
00:25:59.0210 4268 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
00:25:59.0269 4268 USBSTOR - ok
00:25:59.0380 4268 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
00:25:59.0418 4268 usbuhci - ok
00:25:59.0518 4268 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
00:25:59.0539 4268 usbvideo - ok
00:25:59.0609 4268 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
00:25:59.0670 4268 UxSms - ok
00:25:59.0699 4268 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
00:25:59.0711 4268 VaultSvc - ok
00:25:59.0818 4268 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
00:25:59.0828 4268 vdrvroot - ok
00:25:59.0950 4268 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
00:26:00.0022 4268 vds - ok
00:26:00.0265 4268 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
00:26:00.0281 4268 vga - ok
00:26:00.0418 4268 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
00:26:00.0483 4268 VgaSave - ok
00:26:00.0729 4268 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
00:26:00.0744 4268 vhdmp - ok
00:26:00.0895 4268 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
00:26:00.0923 4268 viaide - ok
00:26:01.0143 4268 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
00:26:01.0158 4268 volmgr - ok
00:26:01.0305 4268 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
00:26:01.0338 4268 volmgrx - ok
00:26:01.0446 4268 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\windows\system32\drivers\volsnap.sys
00:26:01.0462 4268 volsnap - ok
00:26:01.0645 4268 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
00:26:01.0657 4268 vsmraid - ok
00:26:01.0810 4268 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
00:26:01.0952 4268 VSS - ok
00:26:02.0090 4268 vToolbarUpdater10.2.0 (3080f1f093869a19fb3d1f0226c73809) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
00:26:02.0122 4268 vToolbarUpdater10.2.0 - ok
00:26:02.0233 4268 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
00:26:02.0269 4268 vwifibus - ok
00:26:02.0412 4268 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
00:26:02.0452 4268 vwififlt - ok
00:26:02.0644 4268 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
00:26:02.0684 4268 W32Time - ok
00:26:02.0847 4268 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
00:26:02.0885 4268 WacomPen - ok
00:26:03.0035 4268 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
00:26:03.0102 4268 WANARP - ok
00:26:03.0137 4268 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
00:26:03.0175 4268 Wanarpv6 - ok
00:26:03.0340 4268 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
00:26:03.0383 4268 WatAdminSvc - ok
00:26:03.0521 4268 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
00:26:03.0581 4268 wbengine - ok
00:26:03.0683 4268 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
00:26:03.0706 4268 WbioSrvc - ok
00:26:03.0855 4268 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
00:26:03.0908 4268 wcncsvc - ok
00:26:04.0000 4268 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
00:26:04.0016 4268 WcsPlugInService - ok
00:26:04.0069 4268 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
00:26:04.0082 4268 Wd - ok
00:26:04.0338 4268 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
00:26:04.0373 4268 Wdf01000 - ok
00:26:04.0453 4268 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
00:26:04.0495 4268 WdiServiceHost - ok
00:26:04.0498 4268 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
00:26:04.0516 4268 WdiSystemHost - ok
00:26:04.0637 4268 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
00:26:04.0671 4268 WebClient - ok
00:26:04.0834 4268 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
00:26:04.0904 4268 Wecsvc - ok
00:26:05.0043 4268 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
00:26:05.0094 4268 wercplsupport - ok
00:26:05.0267 4268 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
00:26:05.0336 4268 WerSvc - ok
00:26:05.0479 4268 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
00:26:05.0565 4268 WfpLwf - ok
00:26:05.0705 4268 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
00:26:05.0720 4268 WIMMount - ok
00:26:05.0769 4268 WinDefend - ok
00:26:05.0780 4268 WinHttpAutoProxySvc - ok
00:26:05.0907 4268 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
00:26:05.0962 4268 Winmgmt - ok
00:26:06.0795 4268 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
00:26:06.0903 4268 WinRM - ok
00:26:07.0200 4268 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
00:26:07.0293 4268 Wlansvc - ok
00:26:07.0422 4268 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
00:26:07.0432 4268 wlcrasvc - ok
00:26:07.0938 4268 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:26:07.0983 4268 wlidsvc - ok
00:26:08.0129 4268 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
00:26:08.0186 4268 WmiAcpi - ok
00:26:08.0437 4268 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
00:26:08.0526 4268 wmiApSrv - ok
00:26:08.0608 4268 WMPNetworkSvc - ok
00:26:08.0826 4268 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
00:26:08.0908 4268 WPCSvc - ok
00:26:09.0004 4268 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
00:26:09.0044 4268 WPDBusEnum - ok
00:26:09.0114 4268 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
00:26:09.0160 4268 ws2ifsl - ok
00:26:09.0264 4268 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\system32\wscsvc.dll
00:26:09.0349 4268 wscsvc - ok
00:26:09.0357 4268 WSearch - ok
00:26:09.0494 4268 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\windows\system32\wuaueng.dll
00:26:09.0682 4268 wuauserv - ok
00:26:09.0839 4268 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
00:26:09.0951 4268 WudfPf - ok
00:26:10.0096 4268 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
00:26:10.0161 4268 WUDFRd - ok
00:26:10.0275 4268 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
00:26:10.0323 4268 wudfsvc - ok
00:26:10.0425 4268 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
00:26:10.0517 4268 WwanSvc - ok
00:26:10.0576 4268 MBR (0x1B8) (849e52748aab5959bc8000cb4974bc13) \Device\Harddisk0\DR0
00:26:10.0700 4268 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
00:26:10.0700 4268 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
00:26:10.0723 4268 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
00:26:10.0723 4268 \Device\Harddisk0\DR0 - detected TDSS File System (1)
00:26:10.0745 4268 Boot (0x1200) (f35360472a297c6edd472b5a8fe5d58b) \Device\Harddisk0\DR0\Partition0
00:26:10.0745 4268 \Device\Harddisk0\DR0\Partition0 - ok
00:26:10.0746 4268 ============================================================
00:26:10.0746 4268 Scan finished
00:26:10.0746 4268 ==========================================================
spaceycayce
2012-03-29, 10:34
==
00:26:10.0757 5088 Detected object count: 2
00:26:10.0757 5088 Actual detected object count: 2
00:26:38.0272 5088 \Device\Harddisk0\DR0\# - copied to quarantine
00:26:38.0273 5088 \Device\Harddisk0\DR0 - copied to quarantine
00:26:38.0305 5088 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
00:26:38.0306 5088 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
00:26:38.0309 5088 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
00:26:38.0313 5088 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
00:26:38.0324 5088 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
00:26:38.0330 5088 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
00:26:38.0332 5088 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
00:26:38.0333 5088 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
00:26:38.0334 5088 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
00:26:38.0337 5088 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
00:26:38.0340 5088 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
00:26:38.0342 5088 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
00:26:38.0383 5088 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
00:26:38.0385 5088 \Device\Harddisk0\DR0 - ok
00:26:38.0607 5088 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
00:26:38.0608 5088 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
00:26:38.0608 5088 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
00:26:46.0159 1748 Deinitialize success
oldman960
2012-03-29, 11:24
Hi spaceycayce,
How's the computer?
Please delete the copy of combofix you currently have and download a new one from one of these locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.infospyware.net/antimalware/combofix/)
Save it to your desktop.
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs (http://forums.whatthetech.com/How_to_Disable_your_Security_Programs_t96260.html)
Right click on ComboFix.exe, click Run as Administrator & follow the prompts.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Please post back with the combofix log.
spaceycayce
2012-03-29, 21:40
ComboFix 12-03-29.02 - owner 03/29/2012 11:18:06.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4044.2589 [GMT -7:00]
Running from: c:\users\owner\Downloads\ComboFix.exe
AV: AVG Anti-Virus 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: AVG Anti-Virus 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-29 )))))))))))))))))))))))))))))))
.
.
2012-03-29 18:22 . 2012-03-29 18:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-29 07:26 . 2012-03-29 07:26 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-16 21:26 . 2012-03-16 21:26 -------- d-----w- c:\program files\7-Zip
2012-03-16 16:09 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{06D6E3DE-7A61-4EB6-A6A7-92E5627CE843}\mpengine.dll
2012-03-15 18:51 . 2012-03-15 19:30 -------- d-----w- c:\program files\CCleaner
2012-03-15 18:45 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-15 18:45 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-15 18:45 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-15 18:45 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-15 18:45 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-15 18:45 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-15 18:45 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-15 18:45 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-15 18:45 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-15 18:44 . 2012-03-16 16:33 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-03-15 18:44 . 2012-03-15 18:47 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-03-15 18:35 . 2011-08-02 21:33 525792 ----a-w- c:\windows\DIFxAPI.dll
2012-03-15 18:35 . 2011-08-02 21:33 232464 ----a-w- c:\windows\TmNSCIns.dll
2012-03-13 22:07 . 2012-03-13 22:15 -------- d-----w- c:\users\owner\AppData\Local\Kjs.AppLife.Update
2012-03-13 21:52 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-12 01:42 . 2012-03-12 01:42 -------- d-----w- C:\$AVG
2012-03-12 01:07 . 2012-03-12 01:07 -------- d-----w- c:\users\owner\AppData\Roaming\AVG2012
2012-03-12 01:06 . 2012-03-26 17:04 -------- d-----w- c:\programdata\AVG Secure Search
2012-03-12 01:06 . 2012-03-15 17:55 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-03-12 01:06 . 2012-03-26 17:04 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-03-12 01:06 . 2012-03-12 01:06 -------- d--h--w- c:\programdata\Common Files
2012-03-12 01:06 . 2012-03-12 01:06 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-03-12 01:05 . 2012-03-16 18:05 -------- d-----w- c:\windows\system32\drivers\AVG
2012-03-12 01:05 . 2012-03-12 01:18 -------- d-----w- c:\programdata\AVG2012
2012-03-12 01:05 . 2012-03-12 01:05 -------- d-----w- c:\program files (x86)\AVG
2012-03-12 00:55 . 2012-03-16 16:02 -------- d-----w- c:\programdata\MFAData
2012-03-11 07:23 . 2012-03-11 07:23 -------- d-----w- c:\users\owner\AppData\Roaming\Malwarebytes
2012-03-03 19:14 . 2010-12-07 22:23 34304 ----a-w- c:\windows\system32\drivers\lgandmodem64.sys
2012-03-03 19:14 . 2010-12-07 22:23 27136 ----a-w- c:\windows\system32\drivers\lgandgps64.sys
2012-03-03 19:14 . 2010-12-07 22:23 27648 ----a-w- c:\windows\system32\drivers\lganddiag64.sys
2012-03-03 19:14 . 2010-12-07 22:22 19456 ----a-w- c:\windows\system32\drivers\lgandbus64.sys
2012-03-03 19:14 . 2012-03-03 19:14 -------- d-----w- c:\program files (x86)\LG Electronics
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-11 20:17 . 2012-02-11 20:17 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C32BDBBE-FC19-4DE2-B182-E820F523E92B}\gapaengine.dll
2012-02-08 07:13 . 2012-02-07 05:49 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-06 14:14 . 2011-10-31 02:34 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-06 05:26 . 2012-02-11 20:17 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-01-31 12:44 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-07 23:27 . 2011-03-29 01:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-01-04 10:44 . 2012-02-15 05:50 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-15 05:50 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-28_16.57.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-29 18:13 . 2012-03-29 07:27 32768 c:\windows\temp\Temporary Internet Files\Content.IE5\index.dat
+ 2012-03-29 18:13 . 2012-03-29 07:27 16384 c:\windows\temp\History\History.IE5\index.dat
+ 2012-03-29 18:13 . 2012-03-29 07:27 16384 c:\windows\temp\Cookies\index.dat
+ 2012-03-29 07:21 . 2012-03-29 07:18 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012032920120330\index.dat
+ 2012-03-28 16:39 . 2012-03-28 20:29 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012032820120329\index.dat
- 2012-03-09 23:35 . 2012-03-28 16:35 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2012-03-09 23:35 . 2012-03-29 07:18 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2012-01-22 07:20 . 2012-03-29 18:13 96966 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2012-01-07 20:55 . 2012-03-29 03:08 74096 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2010-11-21 03:09 . 2012-03-29 07:29 43988 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-29 07:29 48990 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-03-29 08:16 . 2012-03-29 03:08 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
+ 2012-03-16 16:09 . 2012-03-28 18:45 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-03-16 16:09 . 2012-03-16 16:43 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-03-16 16:09 . 2012-03-28 18:45 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-03-16 16:09 . 2012-03-16 16:43 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-16 16:43 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-28 18:45 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-03-09 23:30 . 2012-03-28 16:56 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-03-09 23:30 . 2012-03-16 22:04 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-03-09 23:30 . 2012-03-16 22:04 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-03-09 23:30 . 2012-03-28 16:56 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-03-09 23:30 . 2012-03-16 22:04 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-03-09 23:30 . 2012-03-28 16:56 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-03-28 17:28 . 2012-03-28 17:28 10240 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml.Serializ#\f137c53afae3903f20eba1fa0f8f8dad\System.Xml.Serialization.ni.dll
+ 2012-03-28 17:28 . 2012-03-28 17:28 43520 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Pres#\ef151d5b49d8b0d0052d05fc56d25107\System.Windows.Presentation.ni.dll
+ 2012-03-28 17:27 . 2012-03-28 17:27 86016 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Applicat#\c5b08a1a9a7a97922af50f30b5e32268\System.Web.ApplicationServices.ni.dll
+ 2012-03-28 17:24 . 2012-03-28 17:24 97792 c:\windows\assembly\NativeImages_v4.0.30319_64\System.AddIn.Contra#\5b53a87f7799ee5454e4fb8faece3a82\System.AddIn.Contract.ni.dll
+ 2012-03-28 17:20 . 2012-03-28 17:20 14336 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualC\a4e98103e5d36bf22ef19c64442543f2\Microsoft.VisualC.ni.dll
+ 2012-03-28 17:18 . 2012-03-28 17:18 10752 c:\windows\assembly\NativeImages_v4.0.30319_64\dfsvc\cbd21f19057f07ec2cb55b2bef91f344\dfsvc.ni.exe
+ 2012-03-28 17:18 . 2012-03-28 17:18 58368 c:\windows\assembly\NativeImages_v4.0.30319_64\Accessibility\52890eb2a4f8d822bff7e9cddc713fb5\Accessibility.ni.dll
+ 2012-01-07 20:33 . 2012-03-29 07:29 6322 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2547257186-3653365119-3982157553-1000_UserData.bin
+ 2012-03-29 18:23 . 2012-03-29 18:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-28 16:56 . 2012-03-28 16:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-28 16:56 . 2012-03-28 16:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-29 18:23 . 2012-03-29 18:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-09 23:31 . 2012-03-29 07:18 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2012-03-09 23:31 . 2012-03-28 16:35 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 04:54 . 2012-03-28 16:57 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-03-29 07:27 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 02:36 . 2012-03-28 16:41 638134 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-29 18:17 638134 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-29 18:17 111460 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-03-28 16:41 111460 c:\windows\system32\perfc009.dat
+ 2012-03-16 18:06 . 2012-03-29 18:22 228720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2012-03-16 18:06 . 2012-03-28 16:56 228720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-03-16 18:06 . 2012-03-29 07:26 229488 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
- 2012-03-16 18:06 . 2012-03-28 16:56 229488 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2012-03-28 17:28 . 2012-03-28 17:28 336896 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsFormsIntegra#\d05858dd730eef93a5e4a3cc88dd4ec3\WindowsFormsIntegration.ni.dll
+ 2012-03-28 17:23 . 2012-03-28 17:23 231424 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationTypes\b2a2a1fb4e1313088250b334b3af2a15\UIAutomationTypes.ni.dll
+ 2012-03-28 17:23 . 2012-03-28 17:23 122368 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationProvider\89414bab411eb27c7c181df81b4d36a5\UIAutomationProvider.ni.dll
+ 2012-03-28 17:28 . 2012-03-28 17:28 645120 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationClient\cd55f47d44c3695862bc047b8e86fcd3\UIAutomationClient.ni.dll
+ 2012-03-28 17:22 . 2012-03-28 17:22 528896 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml.Linq\910d557d55f4fc7bb51ace0546bd3c50\System.Xml.Linq.ni.dll
+ 2012-03-28 17:23 . 2012-03-28 17:23 256000 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Inpu#\dcb9e1eaa1491094f79c3288b8c78830\System.Windows.Input.Manipulations.ni.dll
+ 2012-03-28 17:22 . 2012-03-28 17:22 903168 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Transactions\922f3f17f5112441e77f9d3d56d5b753\System.Transactions.ni.dll
+ 2012-03-28 17:27 . 2012-03-28 17:27 281088 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceProce#\73874670b92afbde73b23e8a1200eede\System.ServiceProcess.ni.dll
+ 2012-03-28 17:27 . 2012-03-28 17:27 517120 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\909c8d76773648809478644ac50a21eb\System.ServiceModel.Routing.ni.dll
+ 2012-03-28 17:27 . 2012-03-28 17:27 108032 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\26db69101f5bcf148fd962f00c0e78dd\System.ServiceModel.Channels.ni.dll
+ 2012-03-28 17:19 . 2012-03-28 17:19 946688 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Security\878946615037b9d5f09916c598420dc1\System.Security.ni.dll
+ 2012-03-28 17:23 . 2012-03-28 17:23 376832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\73cc698ccc98e37f53cdbff3687a921c\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-03-28 17:23 . 2012-03-28 17:23 987648 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Remo#\b73b4f0282ef46505b3e59702ded433b\System.Runtime.Remoting.ni.dll
+ 2012-03-28 17:19 . 2012-03-28 17:19 176640 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Numerics\8064e773b9addf027658899e27e94c7b\System.Numerics.ni.dll
+ 2012-03-28 17:26 . 2012-03-28 17:26 933376 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Net\a46d5472536da900435885b28a19eda8\System.Net.ni.dll
+ 2012-03-28 17:26 . 2012-03-28 17:26 781824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Messaging\ae0089b9135614de304ebe288fa6fca8\System.Messaging.ni.dll
+ 2012-03-28 17:26 . 2012-03-28 17:26 521728 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Management.I#\3ad050d3f47352421e05b7707ddd3524\System.Management.Instrumentation.ni.dll
+ 2012-03-28 17:26 . 2012-03-28 17:26 531456 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IO.Log\87efa405cd384d2c47380467fcd7ea86\System.IO.Log.ni.dll
+ 2012-03-28 17:26 . 2012-03-28 17:26 290816 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IdentityMode#\50ccc897ad714e66f750ca1e51e0ffde\System.IdentityModel.Selectors.ni.dll
+ 2012-03-28 17:22 . 2012-03-28 17:22 348672 c:\windows\assembly\NativeImages_v4.0.30319_64\System.EnterpriseSe#\7b06b84cb3b99a3ab22adb2a3f6376e6\System.EnterpriseServices.Wrapper.dll
+ 2012-03-28 17:19 . 2012-03-28 17:19 512000 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Dynamic\cbc3e5d028dd347a294096f068a053d4\System.Dynamic.ni.dll
+ 2012-03-28 17:26 . 2012-03-28 17:26 632832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\1ae0a8a9eb92ccaf900f5911740b2c3c\System.DirectoryServices.Protocols.ni.dll
+ 2012-03-28 17:26 . 2012-03-28 17:26 141824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Device\9edded64312f5cbae54a093eca246aaa\System.Device.ni.dll
+ 2012-03-28 17:24 . 2012-03-28 17:24 176128 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.DataSet#\db296a100034c7dee5f80219f0542df7\System.Data.DataSetExtensions.ni.dll
+ 2012-03-28 17:24 . 2012-03-28 17:24 181760 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Configuratio#\0f771cbf8b32ae1618f4cd4266337b3c\System.Configuration.Install.ni.dll
+ 2012-03-28 17:24 . 2012-03-28 17:24 255488 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ComponentMod#\501ad39b1ef6f43e8dc92a4efa7c35ea\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-03-28 17:24 . 2012-03-28 17:24 865792 c:\windows\assembly\NativeImages_v4.0.30319_64\System.AddIn\f8c6e4854178bb4d928c8aec1c04648d\System.AddIn.ni.dll
+ 2012-03-28 17:24 . 2012-03-28 17:24 560640 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.D#\3503e3c2a87db97b720c0ed8a5d59f61\System.Activities.DurableInstancing.ni.dll
+ 2012-03-28 17:19 . 2012-03-28 17:19 432128 c:\windows\assembly\NativeImages_v4.0.30319_64\SMSvcHost\30cf4fc2c247cf490879f5436c63017c\SMSvcHost.ni.exe
+ 2012-03-28 17:22 . 2012-03-28 17:22 185344 c:\windows\assembly\NativeImages_v4.0.30319_64\SMDiagnostics\b4f75962376771b6b6d39279d780abba\SMDiagnostics.ni.dll
+ 2012-03-28 17:22 . 2012-03-28 17:22 428032 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\eaca48940ac6976d39d5de4d5b42fed6\PresentationFramework.Royale.ni.dll
+ 2012-03-28 17:22 . 2012-03-28 17:22 802304 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\bdb41ce9ab6d561ddb8107255daaee30\PresentationFramework.Luna.ni.dll
+ 2012-03-28 17:22 . 2012-03-28 17:22 622592 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\78310f7eef84b5f9ca4bf32798bd77f9\PresentationFramework.Aero.ni.dll
+ 2012-03-28 17:22 . 2012-03-28 17:22 349184 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\64b86aebea22fd357f22384757caed3f\PresentationFramework.Classic.ni.dll
+ 2012-03-28 17:20 . 2012-03-28 17:20 289280 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\5a7e968020fcc15deaead9c8f27feeab\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2012-03-28 17:20 . 2012-03-28 17:20 600064 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Transacti#\16bf3be602620d349b25e6c2d08199a3\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-03-28 17:19 . 2012-03-28 17:19 279552 c:\windows\assembly\NativeImages_v4.0.30319_64\CustomMarshalers\f6b9abf9cd43524102ad9be82b7136d0\CustomMarshalers.ni.dll
- 2009-07-14 04:54 . 2012-03-28 16:44 9388032 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-29 07:27 9388032 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-03-28 17:20 . 2012-03-28 17:20 5237248 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsBase\02198c29552545c7d7e7a95ab39488e5\WindowsBase.ni.dll
+ 2012-03-28 17:28 . 2012-03-28 17:28 1430016 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationClients#\d1d48cd30cd275b06fad70778798cae7\UIAutomationClientsideProviders.ni.dll
+ 2012-03-28 17:19 . 2012-03-28 17:19 7037952 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml\ecdcf3d1d7bc90546464d70a4bee843d\System.Xml.ni.dll
+ 2012-03-28 17:22 . 2012-03-28 17:22 2449408 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xaml\3a9670f473f8f9291ca256d9a15fc281\System.Xaml.ni.dll
+ 2012-03-28 17:28 . 2012-03-28 17:28 5627904 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Form#\455d5edfdc989057a8fea7bc88a02ef6\System.Windows.Forms.DataVisualization.ni.dll
+ 2012-03-28 17:28 . 2012-03-28 17:28 2236416 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Services\bd044dc068adc34e430faa820e5c5e44\System.Web.Services.ni.dll
+ 2012-03-28 17:27 . 2012-03-28 17:27 2735616 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Speech\561e5a115d6d7ade93236df74d61af84\System.Speech.ni.dll
+ 2012-03-28 17:27 . 2012-03-28 17:27 1918976 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\4606cac0ba2d406b4ddefca21a3db1eb\System.ServiceModel.Activities.ni.dll
+ 2012-03-28 17:27 . 2012-03-28 17:27 1579008 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\28b5d075cf252a24a6b007ff5941dce1\System.ServiceModel.Discovery.ni.dll
+ 2012-03-28 17:22 . 2012-03-28 17:22 3412992 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\1a361129f93a8190d8797b7c680baecc\System.Runtime.Serialization.ni.dll
+ 2012-03-28 17:22 . 2012-03-28 17:22 1348096 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Dura#\2c57eff357f1bc56d0367f04adcf6d76\System.Runtime.DurableInstancing.ni.dll
+ 2012-03-28 17:24 . 2012-03-28 17:24 1467392 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Printing\7668fa73a73410f2e00d341a8684e28a\System.Printing.ni.dll
+ 2012-03-28 17:26 . 2012-03-28 17:26 1470464 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Management\2280764a011295483642b17fe5d2b1f7\System.Management.ni.dll
+ 2012-03-28 17:26 . 2012-03-28 17:26 1416192 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IdentityModel\a77730a57cc54142f1ecbb1e85060e5f\System.IdentityModel.ni.dll
+ 2012-03-28 17:22 . 2012-03-28 17:22 1098752 c:\windows\assembly\NativeImages_v4.0.30319_64\System.EnterpriseSe#\7b06b84cb3b99a3ab22adb2a3f6376e6\System.EnterpriseServices.ni.dll
+ 2012-03-28 17:22 . 2012-03-28 17:22 2290176 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\5b5fe518d1a632afaae9f24dd18cee2f\System.Drawing.ni.dll
+ 2012-03-28 17:26 . 2012-03-28 17:26 1217024 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\60390cb3abc6f1d85a572c156d39fc02\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-03-28 17:22 . 2012-03-28 17:22 1622528 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\5eaf17b571cf9fb6f159a0c92d6244ab\System.DirectoryServices.ni.dll
+ 2012-03-28 17:23 . 2012-03-28 17:23 2402816 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\0ce1b3a9a0192c2cdb16d848e78e6688\System.Deployment.ni.dll
+ 2012-03-28 17:23 . 2012-03-28 17:23 8601600 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data\ca4a0bde02b2eb73d2e9f22925719ecf\System.Data.ni.dll
+ 2012-03-28 17:19 . 2012-03-28 17:19 3390976 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.SqlXml\657b967b5fd7819f273f5704197ce97e\System.Data.SqlXml.ni.dll
+ 2012-03-28 17:26 . 2012-03-28 17:26 1799168 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Service#\930a4b48234d358f2758f075be0684c5\System.Data.Services.Client.ni.dll
+ 2012-03-28 17:26 . 2012-03-28 17:26 3386880 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Linq\0ba3ab7e136a52fcba260ad7893ede32\System.Data.Linq.ni.dll
+ 2012-03-28 17:19 . 2012-03-28 17:19 1257472 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\c24ce44b45c0e0c0961a9755f192eb3a\System.Configuration.ni.dll
+ 2012-03-28 17:24 . 2012-03-28 17:24 1007616 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ComponentMod#\5a66bc1859e864d87b81e31438a5f07d\System.ComponentModel.Composition.ni.dll
+ 2012-03-28 17:24 . 2012-03-28 17:24 5695488 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities\f25d1dde40ef0128d9e5163d142bd2e2\System.Activities.ni.dll
+ 2012-03-28 17:24 . 2012-03-28 17:24 5048832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.P#\26671ab09e54e0ecfd23012e32cb6383\System.Activities.Presentation.ni.dll
+ 2012-03-28 17:24 . 2012-03-28 17:24 2064896 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.C#\e9f6686e336507594e33cad6ed7814cd\System.Activities.Core.Presentation.ni.dll
+ 2012-03-28 17:24 . 2012-03-28 17:24 4233216 c:\windows\assembly\NativeImages_v4.0.30319_64\ReachFramework\9c49a7b6fb133a307e3804ca7ba35d16\ReachFramework.ni.dll
+ 2012-03-28 17:22 . 2012-03-28 17:22 2056192 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationUI\68d02e44d8b1f23c21a116119fbb65d0\PresentationUI.ni.dll
+ 2012-03-28 17:20 . 2012-03-28 17:20 1838080 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\b18f859bfbbe0897cade0aa931c22477\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2012-03-28 17:20 . 2012-03-28 17:20 2317312 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\1903f5de0c7c33993c55319d4fc3062e\Microsoft.VisualBasic.ni.dll
+ 2012-03-28 17:20 . 2012-03-28 17:20 1623040 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\15b88fefd6d638f01856a68c14e2ab9b\Microsoft.VisualBasic.Activities.Compiler.ni.dll
+ 2012-03-28 17:20 . 2012-03-28 17:20 1526784 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Transacti#\2d92f0cffe052f601c1bca1f52425fef\Microsoft.Transactions.Bridge.ni.dll
+ 2012-03-28 17:26 . 2012-03-28 17:26 3313664 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.JScript\0fbfc1087f7622c5b6b06f88fce1a45e\Microsoft.JScript.ni.dll
+ 2012-03-28 17:19 . 2012-03-28 17:19 2009600 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.CSharp\83f53b455553f5ad67e756f6762dc3b4\Microsoft.CSharp.ni.dll
+ 2009-07-14 04:54 . 2012-03-29 07:18 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-28 16:44 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-03-29 18:17 . 2012-03-29 18:17 10125312 c:\windows\ERDNT\Hiv-backup\schema.dat
+ 2012-03-28 17:23 . 2012-03-28 17:23 17291264 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\f850dba642b0cc845d9a7d8ac300e243\System.Windows.Forms.ni.dll
+ 2012-03-28 17:27 . 2012-03-28 17:27 24551424 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel\bd433ada9b2565b666331b5b1276538a\System.ServiceModel.ni.dll
+ 2012-03-28 17:25 . 2012-03-28 17:25 18480128 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Entity\9aca7097fc620da8481516b2d4e3fede\System.Data.Entity.ni.dll
+ 2012-03-28 17:19 . 2012-03-28 17:19 10440704 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Core\e91a0d844afdda429e0fbd9814f41134\System.Core.ni.dll
+ 2012-03-28 17:22 . 2012-03-28 17:22 24406528 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\8a4ac50c706da226242a99b871c9f981\PresentationFramework.ni.dll
+ 2012-03-28 17:21 . 2012-03-28 17:21 15907328 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationCore\b0adff19c63ba3b4be1cae43567af15d\PresentationCore.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-03-26 17:04 1869152 ----a-w- c:\program files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-26 1869152]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\owner\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-02-05 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"B2C_AGENT"="c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [2011-09-28 404568]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-25 2416480]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-03-26 982880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NortonOnlineBackupReminder]
2011-06-22 22:26 3218864 ----a-w- c:\program files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToshibaAppPlace]
2010-09-23 18:03 552960 ----a-w- c:\program files (x86)\TOSHIBA\Toshiba App Place\ToshibaAppPlace.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToshibaServiceStation]
2011-07-12 01:16 1298816 ----a-w- c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-09 136176]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys [x]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys [x]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys [x]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys [x]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-09 136176]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-28 288272]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-06-10 138152]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R4 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2011-07-19 123320]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-07-19 126392]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [2012-03-26 918880]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2547257186-3653365119-3982157553-1000Core.job
- c:\users\owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-05 04:44]
.
2012-03-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2547257186-3653365119-3982157553-1000UA.job
- c:\users\owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-05 04:44]
.
2012-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-09 20:15]
.
2012-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-09 20:15]
.
2012-03-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2547257186-3653365119-3982157553-1000Core.job
- c:\users\owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-22 21:28]
.
2012-03-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2547257186-3653365119-3982157553-1000UA.job
- c:\users\owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-22 21:28]
.
2012-03-12 c:\windows\Tasks\SidebarExecute.job
- c:\program files\Windows Sidebar\sidebar.exe [2010-11-21 03:24]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MRT"="c:\windows\system32\MRT.exe" [2012-03-16 56297240]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 10.0.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-03-29 11:27:28 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-29 18:27
ComboFix2.txt 2012-03-16 18:29
.
Pre-Run: 260,982,353,920 bytes free
Post-Run: 260,929,994,752 bytes free
.
- - End Of File - - 8649188C872DAF97D1B8980D37098E10
oldman960
2012-03-30, 01:19
Hi spaceycayce,
Looks like we got it.
Please rerun TDSSKiller. This time when presented with
00:26:10.0723 4268 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
00:26:10.0723 4268 \Device\Harddisk0\DR0 - detected TDSS File System (1)
please use the dropdwon menu and select delete.
Next
Please rerun aswMBR.
Please post back with
TDSSKiller log
aswMBR log
How's the computer?
spaceycayce
2012-03-30, 09:50
It seems clean Thanks!
23:30:56.0481 4012 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
23:30:56.0879 4012 Current date / time: 2012/03/29 23:30:56.0878
23:30:56.0879 4012 SystemInfo:
23:30:56.0879 4012 OS Version: 6.1.7601 ServicePack: 1.0
23:30:56.0879 4012 Product type: Workstation
23:30:56.0879 4012 ComputerName: OWNER-PC
23:30:56.0879 4012 UserName: owner
23:30:56.0879 4012 Windows directory: C:\windows
23:30:56.0879 4012 System windows directory: C:\windows
23:30:56.0879 4012 Running under WOW64
23:30:56.0879 4012 Processor architecture: Intel x64
23:30:56.0879 4012 Number of processors: 2
23:30:56.0879 4012 Page size: 0x1000
23:30:56.0879 4012 Boot type: Normal boot
23:30:57.0807 4012 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:30:57.0811 4012 \Device\Harddisk0\DR0:
23:30:57.0811 4012 MBR used
23:30:57.0811 4012 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x235E9800
23:30:57.0841 4012 Initialize success
23:31:10.0596 2724
23:31:10.0596 2724 Scan started
23:31:10.0596 2724 Mode: Manual; SigCheck; TDLFS;
23:31:11.0639 2724 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
23:31:11.0823 2724 1394ohci - ok
23:31:11.0937 2724 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
23:31:11.0982 2724 ACPI - ok
23:31:12.0122 2724 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
23:31:12.0231 2724 AcpiPmi - ok
23:31:12.0430 2724 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
23:31:12.0467 2724 adp94xx - ok
23:31:12.0656 2724 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
23:31:12.0693 2724 adpahci - ok
23:31:12.0882 2724 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
23:31:12.0911 2724 adpu320 - ok
23:31:12.0997 2724 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
23:31:13.0196 2724 AeLookupSvc - ok
23:31:13.0373 2724 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
23:31:13.0456 2724 AFD - ok
23:31:13.0594 2724 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
23:31:13.0619 2724 agp440 - ok
23:31:13.0788 2724 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
23:31:13.0884 2724 ALG - ok
23:31:14.0038 2724 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
23:31:14.0054 2724 aliide - ok
23:31:14.0216 2724 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
23:31:14.0239 2724 amdide - ok
23:31:14.0396 2724 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
23:31:14.0451 2724 AmdK8 - ok
23:31:14.0597 2724 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys
23:31:14.0658 2724 AmdPPM - ok
23:31:14.0778 2724 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
23:31:14.0804 2724 amdsata - ok
23:31:14.0984 2724 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
23:31:15.0012 2724 amdsbs - ok
23:31:15.0156 2724 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
23:31:15.0178 2724 amdxata - ok
23:31:15.0299 2724 Andbus (48cd7e6520d47d62eab0e6ce3ec30c65) C:\windows\system32\DRIVERS\lgandbus64.sys
23:31:15.0355 2724 Andbus - ok
23:31:15.0521 2724 AndDiag (08cbacc00d15dcdbbaae1a7c8f231c61) C:\windows\system32\DRIVERS\lganddiag64.sys
23:31:15.0581 2724 AndDiag - ok
23:31:15.0724 2724 AndGps (cea9a4cd6b3a83428ce8501240833668) C:\windows\system32\DRIVERS\lgandgps64.sys
23:31:15.0769 2724 AndGps - ok
23:31:15.0879 2724 ANDModem (e2b5663e547fa5e756b253efa8ec8286) C:\windows\system32\DRIVERS\lgandmodem64.sys
23:31:15.0935 2724 ANDModem - ok
23:31:16.0062 2724 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
23:31:16.0231 2724 AppID - ok
23:31:16.0306 2724 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
23:31:16.0392 2724 AppIDSvc - ok
23:31:16.0543 2724 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
23:31:16.0632 2724 Appinfo - ok
23:31:16.0776 2724 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
23:31:16.0797 2724 arc - ok
23:31:16.0989 2724 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
23:31:17.0015 2724 arcsas - ok
23:31:17.0120 2724 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
23:31:17.0225 2724 AsyncMac - ok
23:31:17.0345 2724 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
23:31:17.0367 2724 atapi - ok
23:31:17.0525 2724 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
23:31:17.0585 2724 AudioEndpointBuilder - ok
23:31:17.0595 2724 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
23:31:17.0634 2724 AudioSrv - ok
23:31:17.0968 2724 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
23:31:18.0126 2724 AVGIDSAgent - ok
23:31:18.0255 2724 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\windows\system32\DRIVERS\AVGIDSDriver.Sys
23:31:18.0291 2724 AVGIDSDriver - ok
23:31:18.0419 2724 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\windows\system32\DRIVERS\AVGIDSEH.Sys
23:31:18.0438 2724 AVGIDSEH - ok
23:31:18.0548 2724 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\windows\system32\DRIVERS\AVGIDSFilter.Sys
23:31:18.0567 2724 AVGIDSFilter - ok
23:31:18.0846 2724 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\windows\system32\DRIVERS\avgldx64.sys
23:31:18.0911 2724 Avgldx64 - ok
23:31:19.0034 2724 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\windows\system32\DRIVERS\avgmfx64.sys
23:31:19.0054 2724 Avgmfx64 - ok
23:31:19.0188 2724 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\windows\system32\DRIVERS\avgrkx64.sys
23:31:19.0205 2724 Avgrkx64 - ok
23:31:19.0369 2724 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\windows\system32\DRIVERS\avgtdia.sys
23:31:19.0403 2724 Avgtdia - ok
23:31:19.0531 2724 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
23:31:19.0557 2724 avgwd - ok
23:31:19.0714 2724 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
23:31:19.0858 2724 AxInstSV - ok
23:31:20.0000 2724 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
23:31:20.0071 2724 b06bdrv - ok
23:31:20.0237 2724 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
23:31:20.0291 2724 b57nd60a - ok
23:31:20.0416 2724 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
23:31:20.0464 2724 BDESVC - ok
23:31:20.0590 2724 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
23:31:20.0682 2724 Beep - ok
23:31:20.0894 2724 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
23:31:20.0999 2724 BFE - ok
23:31:21.0218 2724 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\system32\qmgr.dll
23:31:21.0296 2724 BITS - ok
23:31:21.0403 2724 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
23:31:21.0468 2724 blbdrive - ok
23:31:21.0640 2724 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
23:31:21.0695 2724 bowser - ok
23:31:21.0870 2724 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
23:31:21.0920 2724 BrFiltLo - ok
23:31:22.0015 2724 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
23:31:22.0041 2724 BrFiltUp - ok
23:31:22.0173 2724 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
23:31:22.0253 2724 BridgeMP - ok
23:31:22.0348 2724 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
23:31:22.0450 2724 Browser - ok
23:31:22.0594 2724 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
23:31:22.0676 2724 Brserid - ok
23:31:22.0770 2724 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
23:31:22.0820 2724 BrSerWdm - ok
23:31:22.0926 2724 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
23:31:22.0989 2724 BrUsbMdm - ok
23:31:23.0093 2724 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
23:31:23.0133 2724 BrUsbSer - ok
23:31:23.0250 2724 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
23:31:23.0309 2724 BTHMODEM - ok
23:31:23.0462 2724 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
23:31:23.0547 2724 bthserv - ok
23:31:23.0575 2724 catchme - ok
23:31:23.0718 2724 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
23:31:23.0791 2724 cdfs - ok
23:31:23.0956 2724 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
23:31:24.0003 2724 cdrom - ok
23:31:24.0118 2724 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
23:31:24.0218 2724 CertPropSvc - ok
23:31:24.0368 2724 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
23:31:24.0418 2724 circlass - ok
23:31:24.0559 2724 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
23:31:24.0596 2724 CLFS - ok
23:31:24.0730 2724 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:31:24.0777 2724 clr_optimization_v2.0.50727_32 - ok
23:31:24.0918 2724 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:31:24.0940 2724 clr_optimization_v2.0.50727_64 - ok
23:31:25.0079 2724 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:31:25.0105 2724 clr_optimization_v4.0.30319_32 - ok
23:31:25.0267 2724 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:31:25.0291 2724 clr_optimization_v4.0.30319_64 - ok
23:31:25.0412 2724 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
23:31:25.0468 2724 CmBatt - ok
23:31:25.0548 2724 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
23:31:25.0571 2724 cmdide - ok
23:31:25.0718 2724 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
23:31:25.0770 2724 CNG - ok
23:31:26.0000 2724 CnxtHdAudService (a260be645dd096d90318c8cf98536720) C:\windows\system32\drivers\CHDRT64.sys
23:31:26.0062 2724 CnxtHdAudService - ok
23:31:26.0191 2724 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
23:31:26.0212 2724 Compbatt - ok
23:31:26.0380 2724 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys
23:31:26.0438 2724 CompositeBus - ok
23:31:26.0537 2724 COMSysApp - ok
23:31:26.0574 2724 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
23:31:26.0589 2724 crcdisk - ok
23:31:26.0750 2724 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\windows\system32\cryptsvc.dll
23:31:26.0841 2724 CryptSvc - ok
23:31:27.0016 2724 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
23:31:27.0052 2724 cvhsvc - ok
23:31:27.0188 2724 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
23:31:27.0283 2724 DcomLaunch - ok
23:31:27.0407 2724 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
23:31:27.0493 2724 defragsvc - ok
23:31:27.0594 2724 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
23:31:27.0655 2724 DfsC - ok
23:31:27.0849 2724 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
23:31:27.0924 2724 Dhcp - ok
23:31:28.0016 2724 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
23:31:28.0115 2724 discache - ok
23:31:28.0284 2724 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
23:31:28.0309 2724 Disk - ok
23:31:28.0446 2724 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
23:31:28.0506 2724 Dnscache - ok
23:31:28.0629 2724 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
23:31:28.0707 2724 dot3svc - ok
23:31:28.0817 2724 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
23:31:28.0896 2724 DPS - ok
23:31:29.0059 2724 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
23:31:29.0142 2724 drmkaud - ok
23:31:29.0321 2724 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
23:31:29.0367 2724 DXGKrnl - ok
23:31:29.0465 2724 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
23:31:29.0541 2724 EapHost - ok
23:31:29.0804 2724 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
23:31:29.0879 2724 ebdrv - ok
23:31:30.0003 2724 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
23:31:30.0067 2724 EFS - ok
23:31:30.0164 2724 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
23:31:30.0224 2724 ehRecvr - ok
23:31:30.0308 2724 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
23:31:30.0340 2724 ehSched - ok
23:31:30.0478 2724 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
23:31:30.0519 2724 elxstor - ok
23:31:30.0593 2724 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
23:31:30.0641 2724 ErrDev - ok
23:31:30.0847 2724 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
23:31:30.0952 2724 EventSystem - ok
23:31:31.0185 2724 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
23:31:31.0256 2724 exfat - ok
23:31:31.0374 2724 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
23:31:31.0470 2724 fastfat - ok
23:31:31.0658 2724 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
23:31:31.0721 2724 Fax - ok
23:31:31.0877 2724 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
23:31:31.0929 2724 fdc - ok
23:31:32.0109 2724 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
23:31:32.0188 2724 fdPHost - ok
23:31:32.0366 2724 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
23:31:32.0460 2724 FDResPub - ok
23:31:32.0594 2724 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
23:31:32.0618 2724 FileInfo - ok
23:31:32.0738 2724 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
23:31:32.0827 2724 Filetrace - ok
23:31:32.0906 2724 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
23:31:32.0945 2724 flpydisk - ok
23:31:33.0056 2724 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
23:31:33.0087 2724 FltMgr - ok
23:31:33.0220 2724 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
23:31:33.0292 2724 FontCache - ok
23:31:33.0378 2724 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:31:33.0400 2724 FontCache3.0.0.0 - ok
23:31:33.0453 2724 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
23:31:33.0473 2724 FsDepends - ok
23:31:33.0598 2724 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
23:31:33.0617 2724 Fs_Rec - ok
23:31:33.0758 2724 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
23:31:33.0794 2724 fvevol - ok
23:31:33.0905 2724 FwLnk (60acb128e64c35c2b4e4aab1b0a5c293) C:\windows\system32\DRIVERS\FwLnk.sys
23:31:33.0969 2724 FwLnk - ok
23:31:34.0112 2724 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
23:31:34.0136 2724 gagp30kx - ok
23:31:34.0263 2724 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
23:31:34.0286 2724 GamesAppService - ok
23:31:34.0495 2724 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
23:31:34.0555 2724 gpsvc - ok
23:31:34.0663 2724 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:31:34.0686 2724 gupdate - ok
23:31:34.0718 2724 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:31:34.0734 2724 gupdatem - ok
23:31:34.0806 2724 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
23:31:34.0825 2724 gusvc - ok
23:31:35.0004 2724 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
23:31:35.0052 2724 hcw85cir - ok
23:31:35.0208 2724 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
23:31:35.0276 2724 HdAudAddService - ok
23:31:35.0397 2724 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys
23:31:35.0448 2724 HDAudBus - ok
23:31:35.0538 2724 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
23:31:35.0563 2724 HidBatt - ok
23:31:35.0685 2724 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
23:31:35.0743 2724 HidBth - ok
23:31:35.0889 2724 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
23:31:35.0924 2724 HidIr - ok
23:31:36.0008 2724 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll
23:31:36.0102 2724 hidserv - ok
23:31:36.0279 2724 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\drivers\hidusb.sys
23:31:36.0309 2724 HidUsb - ok
23:31:36.0451 2724 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
23:31:36.0549 2724 hkmsvc - ok
23:31:36.0646 2724 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
23:31:36.0708 2724 HomeGroupListener - ok
23:31:36.0791 2724 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
23:31:36.0833 2724 HomeGroupProvider - ok
23:31:36.0937 2724 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
23:31:36.0959 2724 HpSAMD - ok
23:31:37.0124 2724 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
23:31:37.0227 2724 HTTP - ok
23:31:37.0338 2724 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
23:31:37.0359 2724 hwpolicy - ok
23:31:37.0462 2724 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
23:31:37.0494 2724 i8042prt - ok
23:31:37.0673 2724 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\windows\system32\DRIVERS\iaStor.sys
23:31:37.0699 2724 iaStor - ok
23:31:37.0895 2724 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
23:31:37.0925 2724 iaStorV - ok
23:31:38.0075 2724 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:31:38.0120 2724 idsvc - ok
23:31:38.0946 2724 igfx (370c2a8629b30f910f740387795ddc6f) C:\windows\system32\DRIVERS\igdkmd64.sys
23:31:39.0366 2724 igfx - ok
23:31:39.0530 2724 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
23:31:39.0552 2724 iirsp - ok
23:31:39.0692 2724 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
23:31:39.0771 2724 IKEEXT - ok
23:31:39.0874 2724 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
23:31:39.0897 2724 intelide - ok
23:31:40.0009 2724 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
23:31:40.0053 2724 intelppm - ok
23:31:40.0201 2724 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
23:31:40.0285 2724 IPBusEnum - ok
23:31:40.0433 2724 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
23:31:40.0497 2724 IpFilterDriver - ok
23:31:40.0638 2724 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
23:31:40.0721 2724 iphlpsvc - ok
23:31:40.0857 2724 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
23:31:40.0903 2724 IPMIDRV - ok
23:31:41.0015 2724 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
23:31:41.0105 2724 IPNAT - ok
23:31:41.0209 2724 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
23:31:41.0242 2724 IRENUM - ok
23:31:41.0383 2724 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
23:31:41.0405 2724 isapnp - ok
23:31:41.0477 2724 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
23:31:41.0505 2724 iScsiPrt - ok
23:31:41.0554 2724 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
23:31:41.0564 2724 kbdclass - ok
23:31:41.0718 2724 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
23:31:41.0766 2724 kbdhid - ok
23:31:41.0871 2724 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
23:31:41.0898 2724 KeyIso - ok
23:31:41.0997 2724 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
23:31:42.0023 2724 KSecDD - ok
23:31:42.0138 2724 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
23:31:42.0163 2724 KSecPkg - ok
23:31:42.0290 2724 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
23:31:42.0369 2724 ksthunk - ok
23:31:42.0525 2724 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
23:31:42.0609 2724 KtmRm - ok
23:31:42.0785 2724 L1C (045fb70bc993b691517ce309045ff02d) C:\windows\system32\DRIVERS\L1C62x64.sys
23:31:42.0808 2724 L1C - ok
23:31:42.0968 2724 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\System32\srvsvc.dll
23:31:43.0056 2724 LanmanServer - ok
23:31:43.0247 2724 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
23:31:43.0324 2724 LanmanWorkstation - ok
23:31:43.0502 2724 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
23:31:43.0582 2724 lltdio - ok
23:31:43.0686 2724 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
23:31:43.0763 2724 lltdsvc - ok
23:31:43.0870 2724 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
23:31:43.0931 2724 lmhosts - ok
23:31:44.0064 2724 LMS (98b16e756243bea9410e32025b19c06f) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
23:31:44.0095 2724 LMS - ok
23:31:44.0228 2724 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
23:31:44.0255 2724 LSI_FC - ok
23:31:44.0408 2724 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
23:31:44.0437 2724 LSI_SAS - ok
23:31:44.0565 2724 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
23:31:44.0590 2724 LSI_SAS2 - ok
23:31:44.0642 2724 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
23:31:44.0669 2724 LSI_SCSI - ok
23:31:44.0760 2724 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
23:31:44.0842 2724 luafv - ok
23:31:44.0964 2724 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
23:31:44.0992 2724 Mcx2Svc - ok
23:31:45.0032 2724 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
23:31:45.0052 2724 megasas - ok
23:31:45.0182 2724 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
23:31:45.0202 2724 MegaSR - ok
23:31:45.0312 2724 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\windows\system32\DRIVERS\HECIx64.sys
23:31:45.0342 2724 MEIx64 - ok
23:31:45.0432 2724 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
23:31:45.0522 2724 MMCSS - ok
23:31:45.0682 2724 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
23:31:45.0782 2724 Modem - ok
23:31:45.0902 2724 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
23:31:45.0972 2724 monitor - ok
23:31:46.0112 2724 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
23:31:46.0132 2724 mouclass - ok
23:31:46.0312 2724 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\drivers\mouhid.sys
23:31:46.0362 2724 mouhid - ok
23:31:46.0502 2724 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
23:31:46.0522 2724 mountmgr - ok
23:31:46.0672 2724 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\windows\system32\DRIVERS\MpFilter.sys
23:31:46.0692 2724 MpFilter - ok
23:31:46.0802 2724 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
23:31:46.0822 2724 mpio - ok
23:31:46.0962 2724 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\windows\system32\DRIVERS\MpNWMon.sys
23:31:46.0982 2724 MpNWMon - ok
23:31:47.0012 2724 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
23:31:47.0072 2724 mpsdrv - ok
23:31:47.0212 2724 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
23:31:47.0282 2724 MpsSvc - ok
23:31:47.0402 2724 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
23:31:47.0472 2724 MRxDAV - ok
23:31:47.0602 2724 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
23:31:47.0672 2724 mrxsmb - ok
23:31:47.0802 2724 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
23:31:47.0832 2724 mrxsmb10 - ok
23:31:48.0042 2724 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
23:31:48.0072 2724 mrxsmb20 - ok
23:31:48.0232 2724 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\DRIVERS\msahci.sys
23:31:48.0252 2724 msahci - ok
23:31:48.0362 2724 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
23:31:48.0392 2724 msdsm - ok
23:31:48.0482 2724 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
23:31:48.0532 2724 MSDTC - ok
23:31:48.0712 2724 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
23:31:48.0772 2724 Msfs - ok
23:31:48.0892 2724 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
23:31:48.0982 2724 mshidkmdf - ok
23:31:49.0092 2724 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
23:31:49.0112 2724 msisadrv - ok
23:31:49.0282 2724 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
23:31:49.0372 2724 MSiSCSI - ok
23:31:49.0422 2724 msiserver - ok
23:31:49.0502 2724 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
23:31:49.0582 2724 MSKSSRV - ok
23:31:49.0712 2724 MsMpSvc (157e9e498206a3366baa7e4697bdd947) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
23:31:49.0732 2724 MsMpSvc - ok
23:31:49.0872 2724 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
23:31:49.0942 2724 MSPCLOCK - ok
23:31:50.0202 2724 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
23:31:50.0282 2724 MSPQM - ok
23:31:50.0492 2724 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
23:31:50.0512 2724 MsRPC - ok
23:31:50.0642 2724 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
23:31:50.0652 2724 mssmbios - ok
23:31:50.0782 2724 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
23:31:50.0872 2724 MSTEE - ok
23:31:50.0972 2724 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
23:31:50.0992 2724 MTConfig - ok
23:31:51.0082 2724 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
23:31:51.0112 2724 Mup - ok
23:31:51.0152 2724 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
23:31:51.0222 2724 napagent - ok
23:31:51.0392 2724 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
23:31:51.0462 2724 NativeWifiP - ok
23:31:51.0622 2724 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
23:31:51.0662 2724 NDIS - ok
23:31:51.0812 2724 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
23:31:51.0892 2724 NdisCap - ok
23:31:52.0062 2724 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
23:31:52.0132 2724 NdisTapi - ok
23:31:52.0282 2724 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
23:31:52.0382 2724 Ndisuio - ok
23:31:52.0512 2724 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
23:31:52.0612 2724 NdisWan - ok
23:31:52.0702 2724 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
23:31:52.0762 2724 NDProxy - ok
23:31:52.0892 2724 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
23:31:52.0972 2724 NetBIOS - ok
23:31:53.0082 2724 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
23:31:53.0132 2724 NetBT - ok
23:31:53.0212 2724 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
23:31:53.0242 2724 Netlogon - ok
23:31:53.0372 2724 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
23:31:53.0442 2724 Netman - ok
23:31:53.0542 2724 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
23:31:53.0632 2724 netprofm - ok
23:31:53.0762 2724 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:31:53.0782 2724 NetTcpPortSharing - ok
23:31:53.0892 2724 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
23:31:53.0922 2724 nfrd960 - ok
23:31:54.0012 2724 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\windows\system32\DRIVERS\NisDrvWFP.sys
23:31:54.0032 2724 NisDrv - ok
23:31:54.0162 2724 NisSrv (566ddd5d82520da01d75f81428ac4c38) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
23:31:54.0192 2724 NisSrv - ok
23:31:54.0322 2724 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
23:31:54.0402 2724 NlaSvc - ok
23:31:54.0492 2724 Norton PC Checkup Application Launcher - ok
23:31:54.0642 2724 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
23:31:54.0692 2724 Npfs - ok
23:31:54.0782 2724 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
23:31:54.0832 2724 nsi - ok
23:31:54.0942 2724 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
23:31:55.0032 2724 nsiproxy - ok
23:31:55.0232 2724 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
23:31:55.0282 2724 Ntfs - ok
23:31:55.0392 2724 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
23:31:55.0432 2724 Null - ok
23:31:55.0602 2724 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
23:31:55.0632 2724 nvraid - ok
23:31:55.0732 2724 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
23:31:55.0752 2724 nvstor - ok
23:31:55.0852 2724 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
23:31:55.0882 2724 nv_agp - ok
23:31:55.0902 2724 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
23:31:55.0922 2724 ohci1394 - ok
23:31:56.0042 2724 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:31:56.0062 2724 ose - ok
23:31:56.0302 2724 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
23:31:56.0482 2724 osppsvc - ok
23:31:56.0602 2724 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
23:31:56.0652 2724 p2pimsvc - ok
23:31:56.0802 2724 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
23:31:56.0832 2724 p2psvc - ok
23:31:56.0942 2724 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
23:31:56.0972 2724 Parport - ok
23:31:57.0072 2724 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys
23:31:57.0092 2724 partmgr - ok
23:31:57.0192 2724 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
23:31:57.0272 2724 PcaSvc - ok
23:31:57.0362 2724 PCCUJobMgr (2f86be1818c2d7ac90478e3323ee7fcb) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
23:31:57.0382 2724 PCCUJobMgr - ok
23:31:57.0472 2724 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
23:31:57.0502 2724 pci - ok
23:31:57.0612 2724 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
23:31:57.0632 2724 pciide - ok
23:31:57.0762 2724 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
23:31:57.0792 2724 pcmcia - ok
23:31:57.0892 2724 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
23:31:57.0912 2724 pcw - ok
23:31:58.0086 2724 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
23:31:58.0180 2724 PEAUTH - ok
23:31:58.0282 2724 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
23:31:58.0331 2724 PerfHost - ok
23:31:58.0455 2724 PGEffect (91111cebbde8015e822c46120ed9537c) C:\windows\system32\DRIVERS\pgeffect.sys
23:31:58.0475 2724 PGEffect - ok
23:31:58.0597 2724 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
23:31:58.0670 2724 pla - ok
23:31:58.0811 2724 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
23:31:58.0856 2724 PlugPlay - ok
23:31:58.0942 2724 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
23:31:58.0994 2724 PNRPAutoReg - ok
23:31:59.0100 2724 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
23:31:59.0140 2724 PNRPsvc - ok
23:31:59.0270 2724 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
23:31:59.0360 2724 PolicyAgent - ok
23:31:59.0470 2724 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
23:31:59.0570 2724 Power - ok
23:31:59.0670 2724 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
23:31:59.0760 2724 PptpMiniport - ok
23:31:59.0890 2724 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
23:31:59.0950 2724 Processor - ok
23:32:00.0155 2724 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\windows\system32\profsvc.dll
23:32:00.0233 2724 ProfSvc - ok
23:32:00.0384 2724 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
23:32:00.0409 2724 ProtectedStorage - ok
23:32:00.0521 2724 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
23:32:00.0581 2724 Psched - ok
23:32:00.0911 2724 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
23:32:00.0980 2724 ql2300 - ok
23:32:01.0107 2724 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
23:32:01.0135 2724 ql40xx - ok
23:32:01.0241 2724 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
23:32:01.0278 2724 QWAVE - ok
23:32:01.0393 2724 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
23:32:01.0447 2724 QWAVEdrv - ok
23:32:01.0585 2724 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
23:32:01.0670 2724 RasAcd - ok
23:32:01.0839 2724 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
23:32:01.0910 2724 RasAgileVpn - ok
23:32:02.0020 2724 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
23:32:02.0096 2724 RasAuto - ok
23:32:02.0207 2724 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
23:32:02.0298 2724 Rasl2tp - ok
23:32:02.0409 2724 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
23:32:02.0455 2724 RasMan - ok
23:32:02.0616 2724 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
23:32:02.0668 2724 RasPppoe - ok
23:32:02.0819 2724 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
23:32:02.0908 2724 RasSstp - ok
23:32:03.0005 2724 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
23:32:03.0081 2724 rdbss - ok
23:32:03.0184 2724 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
23:32:03.0224 2724 rdpbus - ok
23:32:03.0368 2724 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
23:32:03.0446 2724 RDPCDD - ok
23:32:03.0590 2724 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
23:32:03.0675 2724 RDPENCDD - ok
23:32:03.0789 2724 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
23:32:03.0835 2724 RDPREFMP - ok
23:32:04.0009 2724 RDPWD (6d76e6433574b058adcb0c50df834492) C:\windows\system32\drivers\RDPWD.sys
23:32:04.0079 2724 RDPWD - ok
23:32:04.0251 2724 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
23:32:04.0275 2724 rdyboost - ok
23:32:04.0353 2724 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
23:32:04.0434 2724 RemoteAccess - ok
23:32:04.0587 2724 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
23:32:04.0667 2724 RemoteRegistry - ok
23:32:04.0754 2724 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
23:32:04.0836 2724 RpcEptMapper - ok
23:32:04.0892 2724 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
23:32:04.0917 2724 RpcLocator - ok
23:32:04.0980 2724 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
23:32:05.0038 2724 RpcSs - ok
23:32:05.0163 2724 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
23:32:05.0235 2724 rspndr - ok
23:32:05.0373 2724 RSUSBSTOR (0e3dcf76f11dc431b088a2dfd7265cda) C:\windows\system32\Drivers\RtsUStor.sys
23:32:05.0409 2724 RSUSBSTOR - ok
23:32:05.0565 2724 RTL8192Ce (64fdf4fe366ca42da2b7d9d424b6e39b) C:\windows\system32\DRIVERS\rtl8192Ce.sys
23:32:05.0603 2724 RTL8192Ce - ok
23:32:05.0684 2724 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
23:32:05.0711 2724 SamSs - ok
23:32:05.0910 2724 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
23:32:05.0933 2724 sbp2port - ok
23:32:06.0199 2724 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
23:32:06.0252 2724 SBSDWSCService - ok
23:32:06.0343 2724 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
23:32:06.0392 2724 SCardSvr - ok
23:32:06.0573 2724 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
23:32:06.0662 2724 scfilter - ok
23:32:06.0819 2724 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
23:32:06.0913 2724 Schedule - ok
23:32:07.0037 2724 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
23:32:07.0083 2724 SCPolicySvc - ok
23:32:07.0212 2724 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
23:32:07.0265 2724 SDRSVC - ok
23:32:07.0396 2724 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
23:32:07.0488 2724 secdrv - ok
23:32:07.0676 2724 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
23:32:07.0735 2724 seclogon - ok
23:32:07.0764 2724 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\system32\sens.dll
23:32:07.0826 2724 SENS - ok
23:32:07.0912 2724 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
23:32:07.0964 2724 SensrSvc - ok
23:32:08.0093 2724 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
23:32:08.0139 2724 Serenum - ok
23:32:08.0321 2724 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
23:32:08.0370 2724 Serial - ok
23:32:08.0524 2724 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
23:32:08.0581 2724 sermouse - ok
23:32:08.0698 2724 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
23:32:08.0780 2724 SessionEnv - ok
23:32:08.0888 2724 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
23:32:08.0941 2724 sffdisk - ok
23:32:09.0066 2724 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
23:32:09.0149 2724 sffp_mmc - ok
23:32:09.0277 2724 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
23:32:09.0341 2724 sffp_sd - ok
23:32:09.0467 2724 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
23:32:09.0535 2724 sfloppy - ok
23:32:09.0790 2724 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\windows\system32\DRIVERS\Sftfslh.sys
23:32:09.0820 2724 Sftfs - ok
23:32:09.0994 2724 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
23:32:10.0029 2724 sftlist - ok
23:32:10.0159 2724 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\windows\system32\DRIVERS\Sftplaylh.sys
23:32:10.0184 2724 Sftplay - ok
23:32:10.0330 2724 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\windows\system32\DRIVERS\Sftredirlh.sys
23:32:10.0349 2724 Sftredir - ok
23:32:10.0482 2724 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\windows\system32\DRIVERS\Sftvollh.sys
23:32:10.0500 2724 Sftvol - ok
23:32:10.0653 2724 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
23:32:10.0679 2724 sftvsa - ok
23:32:10.0829 2724 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
23:32:10.0879 2724 SharedAccess - ok
23:32:10.0966 2724 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
23:32:11.0026 2724 ShellHWDetection - ok
23:32:11.0168 2724 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
23:32:11.0191 2724 SiSRaid2 - ok
23:32:11.0337 2724 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
23:32:11.0354 2724 SiSRaid4 - ok
23:32:11.0483 2724 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
23:32:11.0540 2724 Smb - ok
23:32:11.0689 2724 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
23:32:11.0743 2724 SNMPTRAP - ok
23:32:11.0797 2724 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
23:32:11.0811 2724 spldr - ok
23:32:11.0945 2724 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
23:32:12.0009 2724 Spooler - ok
23:32:12.0201 2724 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
23:32:12.0323 2724 sppsvc - ok
23:32:12.0414 2724 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
23:32:12.0483 2724 sppuinotify - ok
23:32:12.0615 2724 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
23:32:12.0701 2724 srv - ok
23:32:12.0831 2724 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
23:32:12.0892 2724 srv2 - ok
23:32:13.0017 2724 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
23:32:13.0042 2724 srvnet - ok
23:32:13.0198 2724 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
23:32:13.0283 2724 SSDPSRV - ok
23:32:13.0397 2724 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
23:32:13.0456 2724 SstpSvc - ok
23:32:13.0567 2724 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
23:32:13.0590 2724 stexstor - ok
23:32:13.0731 2724 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
23:32:13.0773 2724 stisvc - ok
23:32:13.0886 2724 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
23:32:13.0905 2724 swenum - ok
23:32:14.0012 2724 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
23:32:14.0094 2724 swprv - ok
23:32:14.0272 2724 SynTP (470c47daba9ca3966f0ab3f835d7d135) C:\windows\system32\DRIVERS\SynTP.sys
23:32:14.0299 2724 SynTP - ok
23:32:14.0503 2724 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
23:32:14.0580 2724 SysMain - ok
23:32:14.0706 2724 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
23:32:14.0761 2724 TabletInputService - ok
23:32:14.0859 2724 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
23:32:14.0955 2724 TapiSrv - ok
23:32:15.0074 2724 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
23:32:15.0133 2724 TBS - ok
23:32:15.0334 2724 Tcpip (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys
23:32:15.0383 2724 Tcpip - ok
23:32:15.0609 2724 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys
23:32:15.0673 2724 TCPIP6 - ok
23:32:15.0828 2724 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
23:32:15.0922 2724 tcpipreg - ok
23:32:16.0039 2724 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
23:32:16.0059 2724 tdcmdpst - ok
23:32:16.0116 2724 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
23:32:16.0140 2724 TDPIPE - ok
23:32:16.0221 2724 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
23:32:16.0255 2724 TDTCP - ok
23:32:16.0420 2724 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
23:32:16.0478 2724 tdx - ok
23:32:16.0598 2724 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys
23:32:16.0623 2724 TermDD - ok
23:32:16.0751 2724 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
23:32:16.0831 2724 TermService - ok
23:32:16.0942 2724 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
23:32:16.0994 2724 Themes - ok
23:32:17.0051 2724 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
23:32:17.0102 2724 THREADORDER - ok
23:32:17.0222 2724 TMachInfo (71c321649b28638ee80a2eeb164c1dc8) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
23:32:17.0252 2724 TMachInfo - ok
23:32:17.0350 2724 TODDSrv (8e2c799d3476eac32c3ba0df7ce6af19) C:\windows\system32\TODDSrv.exe
23:32:17.0360 2724 TODDSrv - ok
23:32:17.0506 2724 TosCoSrv (1c73689b900428c7d054a41c4687f55c) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
23:32:17.0531 2724 TosCoSrv - ok
23:32:17.0659 2724 TOSHIBA HDD SSD Alert Service (29d0886cf250fcef1bf9e65ab8d2c0c8) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
23:32:17.0697 2724 TOSHIBA HDD SSD Alert Service - ok
23:32:17.0919 2724 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys
23:32:17.0953 2724 tos_sps64 - ok
23:32:18.0070 2724 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
23:32:18.0186 2724 TrkWks - ok
23:32:18.0281 2724 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
23:32:18.0347 2724 TrustedInstaller - ok
23:32:18.0553 2724 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
23:32:18.0620 2724 tssecsrv - ok
23:32:18.0769 2724 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
23:32:18.0793 2724 TsUsbFlt - ok
23:32:18.0914 2724 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
23:32:18.0957 2724 TsUsbGD - ok
23:32:19.0124 2724 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
23:32:19.0212 2724 tunnel - ok
23:32:19.0318 2724 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
23:32:19.0337 2724 TVALZ - ok
23:32:19.0430 2724 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
23:32:19.0453 2724 uagp35 - ok
23:32:19.0576 2724 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
23:32:19.0656 2724 udfs - ok
23:32:19.0811 2724 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
23:32:19.0841 2724 UI0Detect - ok
23:32:19.0952 2724 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
23:32:19.0971 2724 uliagpkx - ok
23:32:20.0123 2724 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
23:32:20.0174 2724 umbus - ok
23:32:20.0297 2724 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
23:32:20.0345 2724 UmPass - ok
23:32:20.0710 2724 UNS (7a78ed1088890114dfde2c4ab038d6b6) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
23:32:20.0802 2724 UNS - ok
23:32:20.0907 2724 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
23:32:20.0971 2724 upnphost - ok
23:32:21.0059 2724 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
23:32:21.0071 2724 usbccgp - ok
23:32:21.0191 2724 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
23:32:21.0222 2724 usbcir - ok
23:32:21.0326 2724 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
23:32:21.0371 2724 usbehci - ok
23:32:21.0478 2724 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
23:32:21.0504 2724 usbhub - ok
23:32:21.0620 2724 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
23:32:21.0670 2724 usbohci - ok
23:32:21.0785 2724 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\drivers\usbprint.sys
23:32:21.0835 2724 usbprint - ok
23:32:21.0980 2724 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
23:32:22.0030 2724 USBSTOR - ok
23:32:22.0146 2724 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
23:32:22.0191 2724 usbuhci - ok
23:32:22.0329 2724 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
23:32:22.0365 2724 usbvideo - ok
23:32:22.0463 2724 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
23:32:22.0555 2724 UxSms - ok
23:32:22.0686 2724 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
23:32:22.0707 2724 VaultSvc - ok
23:32:22.0827 2724 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
23:32:22.0846 2724 vdrvroot - ok
23:32:22.0948 2724 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
23:32:23.0025 2724 vds - ok
23:32:23.0130 2724 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
23:32:23.0165 2724 vga - ok
23:32:23.0275 2724 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
23:32:23.0368 2724 VgaSave - ok
23:32:23.0461 2724 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
23:32:23.0488 2724 vhdmp - ok
23:32:23.0604 2724 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
23:32:23.0621 2724 viaide - ok
23:32:23.0731 2724 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
23:32:23.0756 2724 volmgr - ok
23:32:23.0894 2724 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
23:32:23.0927 2724 volmgrx - ok
23:32:24.0036 2724 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\windows\system32\drivers\volsnap.sys
23:32:24.0070 2724 volsnap - ok
23:32:24.0178 2724 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
23:32:24.0204 2724 vsmraid - ok
23:32:24.0383 2724 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
23:32:24.0464 2724 VSS - ok
23:32:24.0629 2724 vToolbarUpdater10.2.0 (3080f1f093869a19fb3d1f0226c73809) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
23:32:24.0667 2724 vToolbarUpdater10.2.0 - ok
23:32:24.0765 2724 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
23:32:24.0824 2724 vwifibus - ok
23:32:24.0967 2724 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
23:32:25.0032 2724 vwififlt - ok
23:32:25.0201 2724 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
23:32:25.0265 2724 W32Time - ok
23:32:25.0468 2724 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
23:32:25.0525 2724 WacomPen - ok
23:32:25.0702 2724 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
23:32:25.0791 2724 WANARP - ok
23:32:25.0834 2724 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
23:32:25.0869 2724 Wanarpv6 - ok
23:32:26.0002 2724 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
23:32:26.0047 2724 WatAdminSvc - ok
23:32:26.0286 2724 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
23:32:26.0342 2724 wbengine - ok
23:32:26.0449 2724 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
23:32:26.0493 2724 WbioSrvc - ok
23:32:26.0589 2724 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
23:32:26.0689 2724 wcncsvc - ok
23:32:26.0799 2724 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
23:32:26.0830 2724 WcsPlugInService - ok
23:32:26.0924 2724 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
23:32:26.0946 2724 Wd - ok
23:32:27.0086 2724 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
23:32:27.0116 2724 Wdf01000 - ok
23:32:27.0196 2724 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
23:32:27.0256 2724 WdiServiceHost - ok
23:32:27.0256 2724 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
23:32:27.0276 2724 WdiSystemHost - ok
23:32:27.0386 2724 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
23:32:27.0416 2724 WebClient - ok
23:32:27.0634 2724 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
23:32:27.0718 2724 Wecsvc - ok
23:32:27.0832 2724 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
23:32:27.0881 2724 wercplsupport - ok
23:32:28.0000 2724 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
23:32:28.0086 2724 WerSvc - ok
23:32:28.0222 2724 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
23:32:28.0282 2724 WfpLwf - ok
23:32:28.0438 2724 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
23:32:28.0461 2724 WIMMount - ok
23:32:28.0502 2724 WinDefend - ok
23:32:28.0515 2724 WinHttpAutoProxySvc - ok
23:32:28.0696 2724 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
23:32:28.0755 2724 Winmgmt - ok
23:32:28.0901 2724 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
23:32:28.0962 2724 WinRM - ok
23:32:29.0148 2724 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
23:32:29.0213 2724 Wlansvc - ok
23:32:29.0332 2724 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
23:32:29.0352 2724 wlcrasvc - ok
23:32:29.0521 2724 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:32:29.0618 2724 wlidsvc - ok
23:32:29.0738 2724 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
23:32:29.0790 2724 WmiAcpi - ok
23:32:29.0928 2724 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
23:32:29.0980 2724 wmiApSrv - ok
23:32:30.0040 2724 WMPNetworkSvc - ok
23:32:30.0179 2724 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
23:32:30.0209 2724 WPCSvc - ok
23:32:30.0326 2724 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
23:32:30.0351 2724 WPDBusEnum - ok
23:32:30.0501 2724 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
23:32:30.0555 2724 ws2ifsl - ok
23:32:30.0641 2724 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\system32\wscsvc.dll
23:32:30.0720 2724 wscsvc - ok
23:32:30.0798 2724 WSearch - ok
23:32:30.0877 2724 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\windows\system32\wuaueng.dll
23:32:30.0985 2724 wuauserv - ok
23:32:31.0114 2724 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
23:32:31.0195 2724 WudfPf - ok
23:32:31.0339 2724 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
23:32:31.0428 2724 WUDFRd - ok
23:32:31.0562 2724 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
23:32:31.0622 2724 wudfsvc - ok
23:32:31.0724 2724 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
23:32:31.0785 2724 WwanSvc - ok
23:32:31.0829 2724 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
23:32:31.0991 2724 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
23:32:31.0991 2724 \Device\Harddisk0\DR0 - detected TDSS File System (1)
23:32:32.0009 2724 Boot (0x1200) (f35360472a297c6edd472b5a8fe5d58b) \Device\Harddisk0\DR0\Partition0
23:32:32.0012 2724 \Device\Harddisk0\DR0\Partition0 - ok
23:32:32.0013 2724 Scan finished
23:32:32.0032 2120 Detected object count: 1
23:32:32.0032 2120 Actual detected object count: 1
23:33:27.0848 2120 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
23:33:27.0850 2120 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
23:33:27.0853 2120 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
23:33:27.0856 2120 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
23:33:27.0865 2120 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
23:33:27.0900 2120 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
23:33:27.0969 2120 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
23:33:27.0971 2120 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
23:33:27.0974 2120 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
23:33:27.0978 2120 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
23:33:27.0982 2120 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
23:33:27.0984 2120 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
23:33:27.0985 2120 \Device\Harddisk0\DR0\TDLFS - deleted
23:33:27.0985 2120 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
23:42:07.0478 1652 Deinitialize success
spaceycayce
2012-03-30, 09:50
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-16 15:10:05
-----------------------------
15:10:05.386 OS Version: Windows x64 6.1.7601 Service Pack 1
15:10:05.387 Number of processors: 2 586 0x2A07
15:10:05.387 ComputerName: OWNER-PC UserName: owner
15:10:07.367 Initialize success
15:10:14.661 AVAST engine defs: 12031600
15:10:37.900 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:10:37.902 Disk 0 Vendor: TOSHIBA_ GT00 Size: 305245MB BusType: 3
15:10:37.904 Device \Driver\iaStor -> MajorFunction fffffa8005ddb5c4
15:10:37.917 Disk 0 MBR read successfully
15:10:37.919 Disk 0 MBR scan
15:10:37.926 Disk 0 Windows VISTA default MBR code
15:10:37.952 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
15:10:37.975 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 289747 MB offset 3074048
15:10:38.022 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 13997 MB offset 596475904
15:10:38.083 Disk 0 scanning C:\windows\system32\drivers
15:10:48.512 Service scanning
15:11:27.905 Modules scanning
15:11:27.913 Disk 0 trace - called modules:
15:11:27.927 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8005ddb5c4]<<
15:11:27.931 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800578b490]
15:11:27.935 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8003fe1050]
15:11:27.940 \Driver\iaStor[0xfffffa8005c47da0] -> IRP_MJ_CREATE -> 0xfffffa8005ddb5c4
15:11:32.465 AVAST engine scan C:\
16:08:01.720 Scan finished successfully
16:20:49.180 Disk 0 MBR has been saved successfully to "C:\Users\owner\Desktop\MBR.dat"
16:20:49.180 The log file has been saved successfully to "C:\Users\owner\Desktop\aswMBR.txt"
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-29 23:34:08
-----------------------------
23:34:08.037 OS Version: Windows x64 6.1.7601 Service Pack 1
23:34:08.037 Number of processors: 2 586 0x2A07
23:34:08.038 ComputerName: OWNER-PC UserName: owner
23:34:08.949 Initialize success
23:34:58.785 AVAST engine defs: 12033000
23:35:17.222 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:35:17.227 Disk 0 Vendor: TOSHIBA_ GT00 Size: 305245MB BusType: 3
23:35:17.371 Disk 0 MBR read successfully
23:35:17.376 Disk 0 MBR scan
23:35:17.385 Disk 0 Windows VISTA default MBR code
23:35:17.427 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
23:35:17.449 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 289747 MB offset 3074048
23:35:17.486 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 13997 MB offset 596475904
23:35:17.539 Disk 0 scanning C:\windows\system32\drivers
23:35:25.809 Service scanning
23:36:01.563 Modules scanning
23:36:01.579 Disk 0 trace - called modules:
23:36:01.608 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
23:36:01.950 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004f17420]
23:36:01.961 3 CLASSPNP.SYS[fffff880018ae43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004a33050]
23:36:02.695 AVAST engine scan C:\windows
23:36:06.003 AVAST engine scan C:\windows\system32
23:38:16.542 AVAST engine scan C:\windows\system32\drivers
23:38:24.832 AVAST engine scan C:\Users\owner
23:39:15.015 AVAST engine scan C:\ProgramData
23:39:53.581 Scan finished successfully
23:40:47.426 Disk 0 MBR has been saved successfully to "C:\Users\owner\Desktop\MBR.dat"
23:40:47.431 The log file has been saved successfully to "C:\Users\owner\Desktop\aswMBR.txt"
oldman960
2012-03-31, 06:25
Hi spaceycayce,
Let's get you down to one antivirus.
Click on the Start button > Control Panel
Depending on your setings, either
click on the Uninstall a program option under the Programs category.
If you are using the Classic View of the Control Panel, then you would double-click on the Programs and Features icon instead.
Uninstall the following program
Microsoft Security Essentials
Next
Your java is out of date. Go to Start > Control Panel , switch to Classic View if it isn't already.
Locate the Java icon (it looks like a coffee cup)
double click it to open it
click the Update tab
Click update now
Next
Download TFC (http://oldtimer.geekstogo.com/TFC.exe) to your desktop
Close any open windows.
Double click the TFC icon to run the program
TFC will close all open programs itself in order to run,
Click the Start button to begin the process.
Allow TFC to run uninterrupted.
The program should not take long to finish it's job
Once its finished it should automatically reboot your machine,
if it doesn't, manually reboot to ensure a complete clean
Next
Download and save to your desktop Malwarebytes Anti-Malware (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
Please post back with
MBAM log
How's the computer?
spaceycayce
2012-04-02, 19:51
The computer is good.
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org
Database version: v2012.04.02.03
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
owner :: OWNER-PC [administrator]
4/2/2012 12:24:26 AM
mbam-log-2012-04-02 (00-24-26).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 196814
Time elapsed: 4 minute(s), 11 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
oldman960
2012-04-03, 05:36
Hi spaceycayce
Looks good so far. Let's check for stragglers.
As a Vista/Win7 user you will need to right click your browser icon and select "Run as Administrator" in order to run this scan.
Do not use this instance of your browser for anything besides doing this scan
When the scan is complete and the results saved, close that instance of your browser
Open a new one the usual way and post the results in this topic.
*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.
Go here to run an online scannner from
ESET (http://www.eset.eu/online-scanner)
(Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Disable your Antivirus software. You can usually do this with its Notfication Tray icon near the clock
Click Start
Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is Checked.
Click Scan.
Wait for the scan to finish.
When the scan completes, click List of found threats
click Export to Text file and save the file to your desktop using a unique name, such as ESETScan.
Include the contents of this report in your next reply
Note - when ESET doesn't find any threats, no report will be created.
Push the back button.
Push Finish
Re-enable your Antivirus software.
Please post the ESET log if there is one.
spaceycayce
2012-04-03, 21:51
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\29.03.2012_00.24.03\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\29.03.2012_00.24.03\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AD trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\29.03.2012_00.24.03\mbr0000\tdlfs0000\tsk0002.dta Win32/Olmarik.AYH trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\29.03.2012_00.24.03\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AG trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\29.03.2012_00.24.03\mbr0000\tdlfs0000\tsk0004.dta a variant of Win32/Rootkit.Kryptik.KB trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\29.03.2012_00.24.03\mbr0000\tdlfs0000\tsk0005.dta Win64/Olmarik.AF trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\29.03.2012_00.24.03\mbr0000\tdlfs0000\tsk0009.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\29.03.2012_00.24.03\mbr0000\tdlfs0000\tsk0010.dta Win64/Olmarik.X trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\29.03.2012_23.30.56\tdlfs0000\tsk0000.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\29.03.2012_23.30.56\tdlfs0000\tsk0001.dta Win64/Olmarik.AD trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\29.03.2012_23.30.56\tdlfs0000\tsk0002.dta Win32/Olmarik.AYH trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\29.03.2012_23.30.56\tdlfs0000\tsk0003.dta Win64/Olmarik.AG trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\29.03.2012_23.30.56\tdlfs0000\tsk0004.dta a variant of Win32/Rootkit.Kryptik.KB trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\29.03.2012_23.30.56\tdlfs0000\tsk0005.dta Win64/Olmarik.AF trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\29.03.2012_23.30.56\tdlfs0000\tsk0009.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\29.03.2012_23.30.56\tdlfs0000\tsk0010.dta Win64/Olmarik.X trojan cleaned by deleting - quarantined
oldman960
2012-04-06, 08:57
Hi spaceycayce,
Everything looks good so we'll remove the tools. The ESET detections were files we have quarantined.
From your desktop, please delete, if present
any notepads/logs that we created
aswMBR
mbr.dat
mbr.zip
TDSSKiller
DDS.scr
You can also delete from the C:\ drive the file called TDSSKiller_* (* denotes version & date) and C:\TDSSKiller_Quarantine
Next
Click the Start button,in the search box type Run. At the top click run
Copy and paste the following line into the run box and click OK
Combofix /uninstall
Open OTL then click the Clean Up button. You may get prompted by your firewall that OTL wants to contact the internet - allow this. A cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will do some clean up tasks and delete some of the tools you have downloaded plus itself.
I suggest you keep MBAM. Keep it updated and use it regularly.
Some Recommendations and prevention tips
Basic security consists of 1 antivirus program, 1 resident antispyware program, 1 on demand antispyware program and a firewall. Those you have now provided you are using a firewall. Windows 7 has a built in firewall which is pretty good when set up. You can find some very good information HERE (http://www.addictivetips.com/windows-tips/windows-7-firewall-outbound-protection/) .
You should also use Spyware Blaster (http://www.javacoolsoftware.com/spywareblaster.html) to help immunize your computer.
- SpywareBlaster will add a large list of programs and sites into your Internet Explorer
settings that will protect you from running and downloading known malicious programs.
OR
A guide to understanding and using the hosts file.
Learn how your Hosts file can protect you and how you can protect it.
Besides the Hosts file information, there are links to a very good updated hosts file, a host file manager. and some programs that can protect your hosts file.
HOSTS (http://www.mvps.org/winhelp2002/hosts.htm)
Please read the info on disabling the DNS Client before installing a custom hosts file.
-Secure your Internet Explorer
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
- Make sure you have reset Windows Updates to your chosen option. Click your start button > Control Panel > System > Windows updates (lower left) > change settings
- Keep your antivirus program updated, as well as any other security programs you have.
-More tips and programs can be found HERE (http://forums.whatthetech.com/Preventing_Malware_Tools_Practices_Safe_Computing_t98700.html)
Please post back if you have any problems.
oldman960
2012-04-07, 10:55
Since this issue appears to be resolved ... this Topic has been closed.