PaperBoy68
-
Posts
23 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by PaperBoy68
-
-
I've run all scans and attached results. About the protection logs, they aren't where they are supposed to be. I can't find the Aplication Data folder at all. Thats where MBAM says they're stored but i can't find them. All I can find are the logs in the program interface.
Something id definitely wrong. Everytime I try to close MBAM it freezes and stops responding. I have to end it with task mngr.
-
here are some protection logs.
2013/03/11 16:06:50 -0500 EMACHINELAPTOP Scott ERROR IP protection failed: PfMakeLog failed with error code 85
2013/03/11 16:11:08 -0500 EMACHINELAPTOP Scott MESSAGE Starting IP protection
2013/03/11 16:11:08 -0500 EMACHINELAPTOP Scott ERROR IP protection failed: PfMakeLog failed with error code 85
2013/03/11 16:14:28 -0500 EMACHINELAPTOP Scott MESSAGE Starting IP protection
2013/03/11 16:14:28 -0500 EMACHINELAPTOP Scott ERROR IP protection failed: PfMakeLog failed with error code 85
2013/03/11 16:14:38 -0500 EMACHINELAPTOP Scott MESSAGE Starting IP protection
2013/03/11 16:14:38 -0500 EMACHINELAPTOP Scott ERROR IP protection failed: PfMakeLog failed with error code 85
-
I entered all the exceptions you suggested but it didn't fix the problem. I've run numerous scans with MBAM and MBAR, I even uninstalled and reinstalled Malwarebytes Pro, but the same thing keeps happening. When I start Windows MBAM starts normally, with all protections in place. Within a few minutes the malicious website blocker turns off and can't be turned back on. When you try to check the box nothing happens.
Please advise.
Thank you
-
For some reason I can't get the protection mode in MBAM to stay on. It will come on when I start Windows but in a few minutes, the maliciuos webpage blocker is unchecked and can't be rechecked.
I know that I had to go in and make cetain exceptions when I was running Avast AV. Could there be a compatability issue with ESET Nod32 AV 4.2 ?
My OS is Win xp pro SP3 , I'm using MBAM Pro 1.7
What could be causing this?
Thanks in advance (PB)
-
Have followed through with all recomendations. System seems to be running better. Hasn't frozen since. Will check back if any more problems occur.
Thank you so much for your assistance. It is very much apprieciated.
Have a Merry Christmas & A Happy New Year!
-
Here are the dds logs:
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_37
Run by Scott at 9:32:13 on 2012-11-24
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.207 [GMT -6:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: AVG Firewall *Disabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uLocal Page = \blank.htm
uInternet Connection Wizard,ShellNext = iexplore
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1321955101078
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1342642089984
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
TCP: NameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{0807342D-7035-4ECF-8F78-1971866BB6A2} : DHCPNameServer = 192.168.0.1 205.171.3.25
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\scott\application data\mozilla\firefox\profiles\dulce39n.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Startpage HTTPS
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - component: c:\program files\avg\avg2012\firefox\components\avgssff.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: 2012-11-02 10:30; wrc@avast.com; c:\program files\avast software\avast\webrep\FF
FF - ExtSQL: 2012-11-08 20:14; {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}; c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - ExtSQL: 2012-11-09 12:39; jqs@sun.com; c:\program files\java\jre6\lib\deploy\jqs\ff
FF - ExtSQL: 2012-11-09 12:40; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-11-2 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-11-2 361032]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-11-2 21256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-11-2 44808]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-11-2 399432]
R2 ubsbm;Unibrain 1394 SBM Driver;c:\windows\system32\drivers\UBSBM.sys [2005-7-27 14080]
R2 ubumapi;Unibrain 1394 FireAPI Driver;c:\windows\system32\drivers\UBUMAPI.sys [2005-7-27 36352]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-11-24 40776]
R3 ubohci;Unibrain 1394 OHCI Driver;c:\windows\system32\drivers\ubohci.sys [2005-7-27 77056]
R4 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-11-2 22856]
S3 HSFHWVIA;HSFHWVIA;c:\windows\system32\drivers\HSFHWVIA.sys [2006-7-9 193152]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-11-16 35144]
.
=============== Created Last 30 ================
.
2012-11-24 15:23:48 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-11-16 20:26:54 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-11-09 18:40:03 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-11-09 02:14:24 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-11-06 19:54:41 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-11-06 19:54:41 -------- d-----w- c:\windows\system32\wbem\Repository
2012-11-02 23:52:49 -------- d-----w- c:\documents and settings\scott\local settings\application data\Sun
2012-11-02 20:06:32 -------- d-----w- c:\documents and settings\scott\application data\vlc(2)
2012-11-02 19:43:03 -------- d-----w- c:\program files\common files\Adobe(2)
2012-11-02 19:43:03 -------- d-----w- c:\program files\Adobe(2)
2012-11-02 19:21:36 -------- d-----w- c:\program files\common files\Java(2)
2012-11-02 15:45:30 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-02 15:45:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-11-02 15:30:53 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-11-02 15:29:12 41224 ----a-w- c:\windows\avastSS.scr
2012-11-02 15:28:25 -------- d-----w- c:\program files\AVAST Software
2012-11-02 15:28:25 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2012-11-02 01:44:57 -------- d-----w- c:\windows\system32\drivers\AVG
2012-11-02 01:44:57 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2012-11-02 01:44:49 -------- d-----w- c:\program files\ESET(2)
2012-11-02 01:44:49 -------- d-----w- c:\program files\ESET
2012-11-02 01:44:48 -------- d-----w- c:\documents and settings\all users\application data\ESET(2)
2012-11-02 01:44:47 -------- d-----w- c:\documents and settings\all users\application data\Norton
.
==================== Find3M ====================
.
2012-11-09 18:39:37 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-02 18:56:28 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-02 18:56:28 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-22 08:37:31 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-02 18:04:21 58368 ----a-w- c:\windows\system32\synceng.dll
2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14:53 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14:52 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07:15 385024 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 9:33:20.40 ===============
Attach
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/9/2006 12:44:38 PM
System Uptime: 11/24/2012 9:12:11 AM (0 hours ago)
.
Motherboard: eMachine | | Shadow-K8
Processor: Mobile AMD Athlon 64 Processor 3400+ | Socket 754 | 2205/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 75 GiB total, 45.962 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: VIA Rhine II Fast Ethernet Adapter
Device ID: PCI\VEN_1106&DEV_3065&SUBSYS_01021106&REV_74\3&61AAA01&0&90
Manufacturer: VIA Technologies, Inc.
Name: VIA Rhine II Fast Ethernet Adapter
PNP Device ID: PCI\VEN_1106&DEV_3065&SUBSYS_01021106&REV_74\3&61AAA01&0&90
Service: FET5X86V
.
==== System Restore Points ===================
.
RP59: 1/27/2012 4:10:08 PM - Software Distribution Service 3.0
RP60: 2/15/2012 10:04:27 AM - Software Distribution Service 3.0
RP61: 2/15/2012 6:50:43 PM - Software Distribution Service 3.0
RP62: 3/14/2012 9:34:10 AM - Software Distribution Service 3.0
RP63: 3/30/2012 6:21:17 PM - System Checkpoint
RP64: 4/17/2012 2:04:14 PM - Software Distribution Service 3.0
RP65: 5/18/2012 7:52:27 PM - Software Distribution Service 3.0
RP66: 6/19/2012 2:34:55 PM - Software Distribution Service 3.0
RP67: 6/19/2012 3:11:41 PM - Removed ESET NOD32 Antivirus
RP68: 6/19/2012 3:12:35 PM - Installed ESET NOD32 Antivirus
RP69: 6/19/2012 3:57:33 PM - Restore Operation
RP70: 6/19/2012 4:18:17 PM - Removed ESET NOD32 Antivirus
RP71: 6/19/2012 4:47:36 PM - No Antivirus
RP72: 7/18/2012 1:50:21 PM - Software Distribution Service 3.0
RP73: 7/18/2012 2:17:20 PM - Restore Operation
RP74: 7/18/2012 2:58:00 PM - Software Distribution Service 3.0
RP75: 7/18/2012 3:12:04 PM - Software Distribution Service 3.0
RP76: 7/18/2012 3:18:57 PM - No Ativirus, Windows Updated
RP77: 7/18/2012 4:27:47 PM - Configured Driver Detective
RP78: 11/1/2012 8:43:53 PM - Restore Operation
RP79: 11/1/2012 9:15:14 PM - Configured Driver Detective
RP80: 11/1/2012 10:08:29 PM - Before Avast A/V Install
RP81: 11/2/2012 9:50:05 AM - Software Distribution Service 3.0
RP82: 11/2/2012 10:22:32 AM - updated windows. No A/V
RP83: 11/2/2012 10:28:25 AM - avast! Free Antivirus Setup
RP84: 11/2/2012 11:13:34 AM - Removed QuickTime
RP85: 11/2/2012 2:01:11 PM - Removed Java 6 Update 11
RP86: 11/2/2012 2:18:01 PM - Installed Java 7 Update 9
RP87: 11/2/2012 3:22:27 PM - All updates installed. Running stable
RP88: 11/5/2012 5:59:37 PM - System Checkpoint
RP89: 11/6/2012 1:11:27 PM - Restore Operation
RP90: 11/6/2012 1:44:17 PM - Restore Operation
RP91: 11/8/2012 8:04:43 PM - Uninstalled MP3 rocket
RP92: 11/9/2012 12:38:32 PM - Installed Java 6 Update 37
RP93: 11/10/2012 9:39:24 AM - Before graphics update
RP94: 11/12/2012 10:51:29 AM - System Checkpoint
RP95: 11/13/2012 9:48:37 PM - Software Distribution Service 3.0
RP96: 11/16/2012 2:53:26 PM - run fix damage mbar
RP97: 11/21/2012 9:17:09 PM - System Checkpoint
.
==== Installed Programs ======================
.
Actiontec Gateway
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 8.1.3
Adobe Shockwave Player 11
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
AusLogics Disk Defrag
avast! Free Antivirus
Broadcom 802.11 Network Adapter
Bubble Shooter Deluxe
CCleaner
Creative WebCam Monitor
Creative WebCam NX Driver (1.00.08.0514)
Digital Media Reader
G-Force
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
Java Auto Updater
Java 6 Update 37
Java SE Runtime Environment 6 Update 1
Lexmark Z600 Series
LightScribe 1.4.119.1
Malwarebytes Anti-Malware version 1.65.1.1000
MathPlayer
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Motorola SM56 Speakerphone Modem
Mozilla Firefox 11.0 (x86 en-US)
MP3 Rocket
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
neroxml
PC Pitstop Optimize 1.5
Platform
QuickConnect
Qwest eChat Support Tools
Realtek AC'97 Audio
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219-v2)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135-v2)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847-v2)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
SoftK56 Data Fax CARP
Synaptics Pointing Device Driver
ubCore
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2632503)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC 9.0 Runtime
VIA Platform Device Manager
VIA Rhine-Family Fast-Ethernet Adapter
VLC media player 2.0.4
WebFldrs XP
WhiteCap
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live installer
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell 1.0
Windows XP Service Pack 3
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
11/21/2012 7:37:51 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the avast! Antivirus service.
11/21/2012 6:08:44 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
11/21/2012 6:08:44 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
All exceptions for MBAM have recently been added to Avast a/v
-
Laptop W/ xp professional sp3 x 64bit. System starts slow, runs slow, freezes frequently, scr saver stopped working,
I have run multiple scans w/ MBAM, Avast AV, TDSkiller, Norton Power eraser, MBAR Beta, nothing found. Cant support 2 monitors. Second monitor lags. I'm out of leads. Is it time to reinstal OS? Please advise.
Thank You...
-
The pop-up's have disappeared. The webcam gadget was the culprit.
Thanks again for all the help.
It is very much appreciated.
-
I do have the "World wide webcam" gadget on my "I Google" home page.
I will remove this gadget and see what happens...
Thanks for the tip!!
-
Here is the ComboFix log:
ComboFix 12-04-28.01 - Scott 04/28/2012 6:43.2.1 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.1471.798 [GMT -5:00]
Running from: c:\users\Scott\Desktop\ComboFix.exe
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\bdaplgin.ax
c:\windows\SysWow64\cero.rs
c:\windows\SysWow64\csrr.rs
c:\windows\SysWow64\esrb.rs
c:\windows\SysWow64\g711codc.ax
c:\windows\SysWow64\grb.rs
c:\windows\SysWow64\iac25_32.ax
c:\windows\SysWow64\ir41_32.ax
c:\windows\SysWow64\ivfsrc.ax
c:\windows\SysWow64\ksproxy.ax
c:\windows\SysWow64\kstvtune.ax
c:\windows\SysWow64\Kswdmcap.ax
c:\windows\SysWow64\ksxbar.ax
c:\windows\SysWow64\Mpeg2Data.ax
c:\windows\SysWow64\mpg2splt.ax
c:\windows\SysWow64\MSDvbNP.ax
c:\windows\SysWow64\MSNP.ax
c:\windows\SysWow64\oflc.rs
c:\windows\SysWow64\pegi-fi.rs
c:\windows\SysWow64\pegi-pt.rs
c:\windows\SysWow64\pegi.rs
c:\windows\SysWow64\pegibbfc.rs
c:\windows\SysWow64\psisrndr.ax
c:\windows\SysWow64\usk.rs
c:\windows\SysWow64\VBICodec.ax
c:\windows\SysWow64\vbisurf.ax
c:\windows\SysWow64\vidcap.ax
c:\windows\SysWow64\WEB.rs
c:\windows\SysWow64\WSTPager.ax
.
.
((((((((((((((((((((((((( Files Created from 2012-03-28 to 2012-04-28 )))))))))))))))))))))))))))))))
.
.
2012-04-28 11:50 . 2012-04-28 11:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-26 11:57 . 2012-04-26 11:57 -------- d-----w- c:\users\Scott\AppData\Roaming\AVG2012
2012-04-26 11:57 . 2012-04-26 11:57 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-04-26 11:55 . 2012-04-28 11:14 -------- d-----w- c:\programdata\AVG2012
2012-04-26 11:55 . 2012-04-28 09:04 -------- d-----w- c:\windows\system32\drivers\AVG
2012-04-26 11:55 . 2012-04-26 11:55 -------- d-----w- C:\$AVG
2012-04-26 02:30 . 2012-04-28 10:58 -------- d-----w- c:\users\Scott\AppData\Local\NPE
2012-04-26 02:30 . 2012-04-26 02:30 -------- d-----w- c:\programdata\Norton
2012-04-25 01:12 . 2012-04-25 01:12 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-21 12:55 . 2012-04-21 12:55 -------- d-----w- c:\users\Scott\AppData\Local\ElevatedDiagnostics
2012-04-19 09:50 . 2012-04-19 09:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2012-04-15 09:50 . 2012-04-15 09:50 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-12 08:36 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-12 08:36 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-12 08:36 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-12 08:35 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 08:35 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 08:35 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 08:35 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 08:35 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 08:35 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 08:35 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-11 13:24 . 2012-04-11 13:24 -------- d-----w- c:\users\Scott\AppData\Local\Apps
2012-04-11 13:21 . 2012-04-11 13:21 -------- d-----w- c:\users\Scott\AppData\Roaming\FastStone
2012-04-11 13:20 . 2012-04-11 13:20 -------- d-----w- c:\program files (x86)\FastStone Image Viewer
2012-03-31 08:21 . 2012-03-31 08:21 -------- d-----w- c:\users\Sherry
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-15 09:50 . 2011-11-24 16:33 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-04 20:56 . 2011-11-26 22:23 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-19 10:17 . 2012-03-19 10:17 383808 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2012-02-22 10:25 . 2012-02-22 10:25 289872 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2012-02-20 15:16 . 2011-11-26 22:48 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-17 06:38 . 2012-03-14 10:48 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-02-17 06:38 . 2012-03-14 10:48 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 10:48 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 10:48 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 10:48 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-16 11:53 . 2012-02-16 11:53 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-02-16 11:53 . 2012-02-16 11:53 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-02-16 11:53 . 2012-02-16 11:53 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-02-16 11:53 . 2012-02-16 11:53 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-02-10 06:36 . 2012-03-14 10:49 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 10:49 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-03 04:34 . 2012-03-14 10:49 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 09:46 . 2012-01-31 09:46 36944 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Nero PhotoShow Media Manager"="c:\progra~2\Nero\NERO7~1\NEROPH~2\data\Xtras\mssysmgr.exe" [2006-05-10 249856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 253088]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 VST64_DPV;VST64_DPV;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 VST64HWBS2;VST64HWBS2;c:\windows\system32\DRIVERS\VSTBS26.SYS [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe [2012-03-23 2321520]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-04-08 5158992]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-08-10 227184]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [x]
S3 CAXHWBS2;CAXHWBS2;c:\windows\system32\DRIVERS\CAXHWBS2.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 09:50]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: {{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files (x86)\AVG\AVG2012\avgdtiex.dll
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
FF - ProfilePath - c:\users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\p64mlj5p.default\
FF - prefs.js: browser.search.selectedEngine - Startpage HTTPS
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-ShockwaveFlash - c:\windows\system32\Macromed\Flash\UninstFl.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3651193171-666663103-883258570-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
.
**************************************************************************
.
Completion time: 2012-04-28 07:00:15 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-28 12:00
.
Pre-Run: 85,681,127,424 bytes free
Post-Run: 85,347,999,744 bytes free
.
- - End Of File - - 58299BF72F6DD973B702F9DEB1C580EC
-
Here is the latest TDSSKiller log: (Only one Unsigned file found)
04:14:34.0816 2844 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
04:14:36.0826 2844 ============================================================
04:14:36.0826 2844 Current date / time: 2012/04/28 04:14:36.0826
04:14:36.0826 2844 SystemInfo:
04:14:36.0826 2844
04:14:36.0826 2844 OS Version: 6.1.7601 ServicePack: 1.0
04:14:36.0826 2844 Product type: Workstation
04:14:36.0826 2844 ComputerName: SCOTT-PC
04:14:36.0831 2844 UserName: Scott
04:14:36.0831 2844 Windows directory: C:\Windows
04:14:36.0831 2844 System windows directory: C:\Windows
04:14:36.0831 2844 Running under WOW64
04:14:36.0831 2844 Processor architecture: Intel x64
04:14:36.0831 2844 Number of processors: 1
04:14:36.0831 2844 Page size: 0x1000
04:14:36.0831 2844 Boot type: Normal boot
04:14:36.0831 2844 ============================================================
04:14:38.0898 2844 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3C91, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
04:14:38.0982 2844 ============================================================
04:14:38.0982 2844 \Device\Harddisk0\DR0:
04:14:38.0990 2844 MBR partitions:
04:14:38.0990 2844 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xCF2A6B1
04:14:38.0990 2844 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0xCF2E200, BlocksNum 0x1065210
04:14:38.0990 2844 ============================================================
04:14:39.0010 2844 C: <-> \Device\Harddisk0\DR0\Partition0
04:14:39.0038 2844 D: <-> \Device\Harddisk0\DR0\Partition1
04:14:39.0079 2844 ============================================================
04:14:39.0080 2844 Initialize success
04:14:39.0080 2844 ============================================================
04:15:31.0098 1268 ============================================================
04:15:31.0098 1268 Scan started
04:15:31.0098 1268 Mode: Manual; SigCheck; TDLFS;
04:15:31.0098 1268 ============================================================
04:15:32.0142 1268 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
04:15:32.0664 1268 1394ohci - ok
04:15:32.0732 1268 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
04:15:32.0760 1268 ACPI - ok
04:15:32.0803 1268 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
04:15:32.0916 1268 AcpiPmi - ok
04:15:33.0036 1268 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
04:15:33.0068 1268 AdobeARMservice - ok
04:15:33.0421 1268 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
04:15:33.0510 1268 AdobeFlashPlayerUpdateSvc - ok
04:15:33.0606 1268 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
04:15:33.0685 1268 adp94xx - ok
04:15:33.0750 1268 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
04:15:33.0784 1268 adpahci - ok
04:15:33.0846 1268 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
04:15:33.0873 1268 adpu320 - ok
04:15:33.0916 1268 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
04:15:34.0055 1268 AeLookupSvc - ok
04:15:34.0138 1268 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
04:15:34.0433 1268 AFD - ok
04:15:34.0528 1268 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
04:15:34.0563 1268 agp440 - ok
04:15:34.0648 1268 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
04:15:34.0692 1268 ALG - ok
04:15:34.0747 1268 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
04:15:34.0762 1268 aliide - ok
04:15:34.0819 1268 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
04:15:34.0846 1268 amdide - ok
04:15:34.0918 1268 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
04:15:35.0000 1268 AmdK8 - ok
04:15:35.0047 1268 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
04:15:35.0107 1268 AmdPPM - ok
04:15:35.0160 1268 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
04:15:35.0360 1268 amdsata - ok
04:15:35.0425 1268 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
04:15:35.0472 1268 amdsbs - ok
04:15:35.0518 1268 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
04:15:35.0545 1268 amdxata - ok
04:15:35.0595 1268 androidusb (4de0d5d747a73797c95a97dcce5018b5) C:\Windows\system32\Drivers\ssadadb.sys
04:15:35.0759 1268 androidusb - ok
04:15:35.0823 1268 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
04:15:36.0041 1268 AppID - ok
04:15:36.0092 1268 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
04:15:36.0163 1268 AppIDSvc - ok
04:15:36.0399 1268 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
04:15:36.0454 1268 Appinfo - ok
04:15:36.0505 1268 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
04:15:36.0581 1268 AppMgmt - ok
04:15:36.0651 1268 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
04:15:36.0708 1268 arc - ok
04:15:36.0767 1268 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
04:15:36.0788 1268 arcsas - ok
04:15:36.0828 1268 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
04:15:36.0903 1268 AsyncMac - ok
04:15:36.0948 1268 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
04:15:36.0965 1268 atapi - ok
04:15:37.0058 1268 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
04:15:37.0151 1268 AudioEndpointBuilder - ok
04:15:37.0355 1268 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
04:15:37.0407 1268 AudioSrv - ok
04:15:37.0495 1268 Avgfwfd (96b4456f1dca4eda506ed31c7d2d6b05) C:\Windows\system32\DRIVERS\avgfwd6a.sys
04:15:37.0507 1268 Avgfwfd - ok
04:15:37.0803 1268 avgfws (3f246752bc1309f71a737c6a90dd5295) C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
04:15:37.0918 1268 avgfws - ok
04:15:38.0521 1268 AVGIDSAgent (2fa777badbb92b29fbd2f3d3d382ef96) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
04:15:38.0757 1268 AVGIDSAgent - ok
04:15:38.0927 1268 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys
04:15:38.0971 1268 AVGIDSDriver - ok
04:15:39.0029 1268 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys
04:15:39.0043 1268 AVGIDSFilter - ok
04:15:39.0110 1268 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys
04:15:39.0141 1268 AVGIDSHA - ok
04:15:39.0398 1268 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
04:15:39.0430 1268 Avgldx64 - ok
04:15:39.0488 1268 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
04:15:39.0505 1268 Avgmfx64 - ok
04:15:39.0571 1268 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
04:15:39.0598 1268 Avgrkx64 - ok
04:15:39.0675 1268 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS\avgtdia.sys
04:15:39.0714 1268 Avgtdia - ok
04:15:39.0874 1268 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
04:15:39.0890 1268 avgwd - ok
04:15:39.0951 1268 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
04:15:40.0071 1268 AxInstSV - ok
04:15:40.0155 1268 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
04:15:40.0398 1268 b06bdrv - ok
04:15:40.0463 1268 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
04:15:40.0516 1268 b57nd60a - ok
04:15:40.0586 1268 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
04:15:40.0655 1268 BDESVC - ok
04:15:40.0708 1268 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
04:15:40.0761 1268 Beep - ok
04:15:40.0849 1268 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
04:15:40.0925 1268 BFE - ok
04:15:41.0018 1268 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
04:15:41.0118 1268 BITS - ok
04:15:41.0365 1268 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
04:15:41.0409 1268 blbdrive - ok
04:15:41.0449 1268 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
04:15:41.0534 1268 bowser - ok
04:15:41.0586 1268 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
04:15:41.0692 1268 BrFiltLo - ok
04:15:41.0728 1268 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
04:15:41.0782 1268 BrFiltUp - ok
04:15:41.0825 1268 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
04:15:41.0883 1268 BridgeMP - ok
04:15:41.0927 1268 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
04:15:42.0001 1268 Browser - ok
04:15:42.0051 1268 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
04:15:42.0120 1268 Brserid - ok
04:15:42.0160 1268 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
04:15:42.0374 1268 BrSerWdm - ok
04:15:42.0411 1268 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
04:15:42.0447 1268 BrUsbMdm - ok
04:15:42.0485 1268 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
04:15:42.0540 1268 BrUsbSer - ok
04:15:42.0583 1268 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
04:15:42.0616 1268 BTHMODEM - ok
04:15:42.0678 1268 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
04:15:42.0770 1268 bthserv - ok
04:15:42.0854 1268 CAXHWBS2 (46f088d1247e825b313200254edd9e5b) C:\Windows\system32\DRIVERS\CAXHWBS2.sys
04:15:42.0922 1268 CAXHWBS2 - ok
04:15:42.0977 1268 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
04:15:43.0044 1268 cdfs - ok
04:15:43.0108 1268 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
04:15:43.0152 1268 cdrom - ok
04:15:43.0403 1268 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
04:15:43.0463 1268 CertPropSvc - ok
04:15:43.0502 1268 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
04:15:43.0545 1268 circlass - ok
04:15:43.0600 1268 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
04:15:43.0636 1268 CLFS - ok
04:15:43.0744 1268 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
04:15:43.0828 1268 clr_optimization_v2.0.50727_32 - ok
04:15:43.0912 1268 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
04:15:43.0960 1268 clr_optimization_v2.0.50727_64 - ok
04:15:44.0048 1268 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
04:15:44.0152 1268 clr_optimization_v4.0.30319_32 - ok
04:15:44.0408 1268 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
04:15:44.0468 1268 clr_optimization_v4.0.30319_64 - ok
04:15:44.0525 1268 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
04:15:44.0581 1268 CmBatt - ok
04:15:44.0624 1268 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
04:15:44.0653 1268 cmdide - ok
04:15:44.0717 1268 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
04:15:44.0827 1268 CNG - ok
04:15:44.0864 1268 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
04:15:44.0880 1268 Compbatt - ok
04:15:44.0933 1268 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
04:15:44.0969 1268 CompositeBus - ok
04:15:44.0996 1268 COMSysApp - ok
04:15:45.0039 1268 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
04:15:45.0064 1268 crcdisk - ok
04:15:45.0139 1268 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
04:15:45.0411 1268 CryptSvc - ok
04:15:45.0476 1268 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
04:15:45.0550 1268 CSC - ok
04:15:45.0647 1268 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
04:15:45.0719 1268 CscService - ok
04:15:45.0784 1268 dc3d (1ca90212a99db6975c344826d11055c9) C:\Windows\system32\DRIVERS\dc3d.sys
04:15:45.0802 1268 dc3d - ok
04:15:45.0892 1268 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
04:15:45.0969 1268 DcomLaunch - ok
04:15:46.0019 1268 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
04:15:46.0091 1268 defragsvc - ok
04:15:46.0160 1268 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
04:15:46.0395 1268 DfsC - ok
04:15:46.0478 1268 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
04:15:46.0578 1268 Dhcp - ok
04:15:46.0625 1268 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
04:15:46.0685 1268 discache - ok
04:15:46.0734 1268 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
04:15:46.0750 1268 Disk - ok
04:15:46.0795 1268 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
04:15:46.0865 1268 Dnscache - ok
04:15:46.0906 1268 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
04:15:46.0977 1268 dot3svc - ok
04:15:47.0032 1268 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
04:15:47.0102 1268 DPS - ok
04:15:47.0159 1268 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
04:15:47.0368 1268 drmkaud - ok
04:15:47.0456 1268 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
04:15:47.0513 1268 DXGKrnl - ok
04:15:47.0554 1268 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
04:15:47.0639 1268 EapHost - ok
04:15:47.0826 1268 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
04:15:47.0978 1268 ebdrv - ok
04:15:48.0088 1268 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
04:15:48.0348 1268 EFS - ok
04:15:48.0443 1268 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
04:15:48.0530 1268 ehRecvr - ok
04:15:48.0570 1268 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
04:15:48.0674 1268 ehSched - ok
04:15:48.0786 1268 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
04:15:48.0823 1268 elxstor - ok
04:15:48.0864 1268 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
04:15:48.0907 1268 ErrDev - ok
04:15:48.0987 1268 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
04:15:49.0060 1268 EventSystem - ok
04:15:49.0104 1268 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
04:15:49.0165 1268 exfat - ok
04:15:49.0396 1268 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
04:15:49.0471 1268 fastfat - ok
04:15:49.0558 1268 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
04:15:49.0652 1268 Fax - ok
04:15:49.0697 1268 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
04:15:49.0779 1268 fdc - ok
04:15:49.0834 1268 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
04:15:49.0920 1268 fdPHost - ok
04:15:49.0969 1268 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
04:15:50.0032 1268 FDResPub - ok
04:15:50.0073 1268 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
04:15:50.0092 1268 FileInfo - ok
04:15:50.0120 1268 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
04:15:50.0369 1268 Filetrace - ok
04:15:50.0401 1268 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
04:15:50.0418 1268 flpydisk - ok
04:15:50.0485 1268 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
04:15:50.0511 1268 FltMgr - ok
04:15:50.0610 1268 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
04:15:50.0748 1268 FontCache - ok
04:15:50.0862 1268 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
04:15:50.0900 1268 FontCache3.0.0.0 - ok
04:15:50.0963 1268 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
04:15:50.0982 1268 FsDepends - ok
04:15:51.0031 1268 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
04:15:51.0045 1268 Fs_Rec - ok
04:15:51.0111 1268 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
04:15:51.0142 1268 fvevol - ok
04:15:51.0359 1268 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
04:15:51.0398 1268 gagp30kx - ok
04:15:51.0468 1268 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
04:15:51.0559 1268 gpsvc - ok
04:15:51.0595 1268 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
04:15:51.0665 1268 hcw85cir - ok
04:15:51.0734 1268 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
04:15:51.0786 1268 HdAudAddService - ok
04:15:51.0834 1268 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
04:15:51.0869 1268 HDAudBus - ok
04:15:51.0912 1268 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
04:15:51.0958 1268 HidBatt - ok
04:15:51.0995 1268 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
04:15:52.0041 1268 HidBth - ok
04:15:52.0087 1268 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
04:15:52.0132 1268 HidIr - ok
04:15:52.0346 1268 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
04:15:52.0414 1268 hidserv - ok
04:15:52.0486 1268 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
04:15:52.0505 1268 HidUsb - ok
04:15:52.0553 1268 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
04:15:52.0630 1268 hkmsvc - ok
04:15:52.0690 1268 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
04:15:52.0762 1268 HomeGroupListener - ok
04:15:52.0818 1268 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
04:15:52.0876 1268 HomeGroupProvider - ok
04:15:52.0927 1268 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
04:15:52.0943 1268 HpSAMD - ok
04:15:53.0042 1268 HsfXAudioService (447256d1c026654c5cd3cc17e7b20631) C:\Windows\SysWOW64\XAudio64.dll
04:15:53.0108 1268 HsfXAudioService - ok
04:15:53.0410 1268 HSF_DP (64667d9808fd09fabedccf62e8f52662) C:\Windows\system32\DRIVERS\CAX_DP.sys
04:15:53.0547 1268 HSF_DP - ok
04:15:53.0714 1268 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
04:15:53.0805 1268 HTTP - ok
04:15:53.0850 1268 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
04:15:53.0865 1268 hwpolicy - ok
04:15:53.0937 1268 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
04:15:53.0984 1268 i8042prt - ok
04:15:54.0059 1268 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
04:15:54.0111 1268 iaStorV - ok
04:15:54.0427 1268 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
04:15:54.0502 1268 idsvc - ok
04:15:54.0538 1268 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
04:15:54.0563 1268 iirsp - ok
04:15:54.0651 1268 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
04:15:54.0731 1268 IKEEXT - ok
04:15:54.0901 1268 IntcAzAudAddService (bfbabcb231628a4551dbb10d0ea25d62) C:\Windows\system32\drivers\RTKVHD64.sys
04:15:55.0356 1268 IntcAzAudAddService - ok
04:15:55.0510 1268 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
04:15:55.0549 1268 intelide - ok
04:15:55.0607 1268 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
04:15:55.0649 1268 intelppm - ok
04:15:55.0695 1268 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
04:15:55.0781 1268 IPBusEnum - ok
04:15:55.0839 1268 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
04:15:55.0912 1268 IpFilterDriver - ok
04:15:55.0978 1268 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
04:15:56.0059 1268 iphlpsvc - ok
04:15:56.0112 1268 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
04:15:56.0145 1268 IPMIDRV - ok
04:15:56.0359 1268 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
04:15:56.0432 1268 IPNAT - ok
04:15:56.0478 1268 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
04:15:56.0573 1268 IRENUM - ok
04:15:56.0641 1268 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
04:15:56.0669 1268 isapnp - ok
04:15:56.0730 1268 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
04:15:56.0761 1268 iScsiPrt - ok
04:15:56.0808 1268 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
04:15:56.0824 1268 kbdclass - ok
04:15:56.0876 1268 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
04:15:56.0899 1268 kbdhid - ok
04:15:56.0928 1268 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
04:15:56.0950 1268 KeyIso - ok
04:15:56.0990 1268 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
04:15:57.0012 1268 KSecDD - ok
04:15:57.0061 1268 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
04:15:57.0089 1268 KSecPkg - ok
04:15:57.0136 1268 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
04:15:57.0371 1268 ksthunk - ok
04:15:57.0432 1268 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
04:15:57.0506 1268 KtmRm - ok
04:15:57.0573 1268 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
04:15:57.0653 1268 LanmanServer - ok
04:15:57.0705 1268 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
04:15:57.0774 1268 LanmanWorkstation - ok
04:15:57.0827 1268 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
04:15:57.0940 1268 lltdio - ok
04:15:57.0990 1268 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
04:15:58.0065 1268 lltdsvc - ok
04:15:58.0094 1268 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
04:15:58.0141 1268 lmhosts - ok
04:15:58.0363 1268 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
04:15:58.0400 1268 LSI_FC - ok
04:15:58.0451 1268 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
04:15:58.0476 1268 LSI_SAS - ok
04:15:58.0525 1268 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
04:15:58.0568 1268 LSI_SAS2 - ok
04:15:58.0621 1268 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
04:15:58.0649 1268 LSI_SCSI - ok
04:15:58.0698 1268 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
04:15:58.0769 1268 luafv - ok
04:15:58.0833 1268 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
04:15:58.0853 1268 MBAMProtector - ok
04:15:58.0998 1268 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
04:15:59.0050 1268 MBAMService - ok
04:15:59.0095 1268 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
04:15:59.0135 1268 Mcx2Svc - ok
04:15:59.0352 1268 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
04:15:59.0410 1268 mdmxsdk - ok
04:15:59.0445 1268 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
04:15:59.0473 1268 megasas - ok
04:15:59.0529 1268 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
04:15:59.0556 1268 MegaSR - ok
04:15:59.0618 1268 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
04:15:59.0677 1268 MMCSS - ok
04:15:59.0708 1268 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
04:15:59.0767 1268 Modem - ok
04:15:59.0825 1268 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
04:15:59.0865 1268 monitor - ok
04:15:59.0920 1268 motmodem (060f0ef84f430802df3788f3dcfd009c) C:\Windows\system32\DRIVERS\motmodem.sys
04:15:59.0978 1268 motmodem - ok
04:16:00.0099 1268 MotoHelper (98a10ac4257a3ba48c9611338544ee49) C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
04:16:00.0154 1268 MotoHelper - ok
04:16:00.0375 1268 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
04:16:00.0391 1268 mouclass - ok
04:16:00.0448 1268 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
04:16:00.0483 1268 mouhid - ok
04:16:00.0534 1268 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
04:16:00.0560 1268 mountmgr - ok
04:16:00.0614 1268 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
04:16:00.0673 1268 mpio - ok
04:16:00.0725 1268 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
04:16:00.0784 1268 mpsdrv - ok
04:16:00.0869 1268 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
04:16:00.0958 1268 MpsSvc - ok
04:16:01.0016 1268 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
04:16:01.0077 1268 MRxDAV - ok
04:16:01.0127 1268 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
04:16:01.0354 1268 mrxsmb - ok
04:16:01.0404 1268 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
04:16:01.0468 1268 mrxsmb10 - ok
04:16:01.0509 1268 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
04:16:01.0539 1268 mrxsmb20 - ok
04:16:01.0587 1268 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
04:16:01.0619 1268 msahci - ok
04:16:01.0668 1268 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
04:16:01.0694 1268 msdsm - ok
04:16:01.0735 1268 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
04:16:01.0780 1268 MSDTC - ok
04:16:01.0841 1268 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
04:16:01.0885 1268 Msfs - ok
04:16:01.0934 1268 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
04:16:01.0992 1268 mshidkmdf - ok
04:16:02.0027 1268 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
04:16:02.0044 1268 msisadrv - ok
04:16:02.0117 1268 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
04:16:02.0367 1268 MSiSCSI - ok
04:16:02.0384 1268 msiserver - ok
04:16:02.0432 1268 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
04:16:02.0492 1268 MSKSSRV - ok
04:16:02.0541 1268 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
04:16:02.0594 1268 MSPCLOCK - ok
04:16:02.0632 1268 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
04:16:02.0684 1268 MSPQM - ok
04:16:02.0736 1268 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
04:16:02.0808 1268 MsRPC - ok
04:16:02.0867 1268 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
04:16:02.0881 1268 mssmbios - ok
04:16:02.0964 1268 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
04:16:03.0028 1268 MSTEE - ok
04:16:03.0055 1268 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
04:16:03.0084 1268 MTConfig - ok
04:16:03.0129 1268 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
04:16:03.0145 1268 Mup - ok
04:16:03.0387 1268 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
04:16:03.0469 1268 napagent - ok
04:16:03.0531 1268 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
04:16:03.0582 1268 NativeWifiP - ok
04:16:03.0753 1268 NBService (2637f26312ecceeb6f110e95f1ece243) C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
04:16:04.0070 1268 NBService ( UnsignedFile.Multi.Generic ) - warning
04:16:04.0070 1268 NBService - detected UnsignedFile.Multi.Generic (1)
04:16:04.0353 1268 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
04:16:04.0408 1268 NDIS - ok
04:16:04.0463 1268 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
04:16:04.0526 1268 NdisCap - ok
04:16:04.0578 1268 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
04:16:04.0655 1268 NdisTapi - ok
04:16:04.0713 1268 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
04:16:04.0788 1268 Ndisuio - ok
04:16:04.0836 1268 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
04:16:04.0906 1268 NdisWan - ok
04:16:04.0945 1268 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
04:16:04.0994 1268 NDProxy - ok
04:16:05.0045 1268 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
04:16:05.0106 1268 NetBIOS - ok
04:16:05.0162 1268 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
04:16:05.0414 1268 NetBT - ok
04:16:05.0450 1268 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
04:16:05.0482 1268 Netlogon - ok
04:16:05.0551 1268 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
04:16:05.0625 1268 Netman - ok
04:16:05.0697 1268 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
04:16:05.0780 1268 netprofm - ok
04:16:05.0909 1268 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
04:16:05.0942 1268 NetTcpPortSharing - ok
04:16:05.0981 1268 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
04:16:06.0009 1268 nfrd960 - ok
04:16:06.0085 1268 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
04:16:06.0159 1268 NlaSvc - ok
04:16:06.0371 1268 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
04:16:06.0418 1268 Npfs - ok
04:16:06.0456 1268 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
04:16:06.0517 1268 nsi - ok
04:16:06.0545 1268 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
04:16:06.0605 1268 nsiproxy - ok
04:16:06.0733 1268 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
04:16:06.0811 1268 Ntfs - ok
04:16:06.0950 1268 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
04:16:07.0069 1268 Null - ok
04:16:07.0144 1268 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
04:16:07.0375 1268 NVENETFD - ok
04:16:07.0976 1268 nvlddmkm (dd81fbc57ab9134cddc5ce90880bfd80) C:\Windows\system32\DRIVERS\nvlddmkm.sys
04:16:08.0585 1268 nvlddmkm - ok
04:16:08.0757 1268 NVNET (909eedcbd365bb81027d8e742e6b3416) C:\Windows\system32\DRIVERS\nvmf6264.sys
04:16:08.0803 1268 NVNET - ok
04:16:08.0848 1268 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
04:16:08.0875 1268 nvraid - ok
04:16:08.0931 1268 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
04:16:08.0948 1268 nvstor - ok
04:16:08.0991 1268 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
04:16:09.0032 1268 nv_agp - ok
04:16:09.0077 1268 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
04:16:09.0109 1268 ohci1394 - ok
04:16:09.0353 1268 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
04:16:09.0431 1268 p2pimsvc - ok
04:16:09.0492 1268 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
04:16:09.0527 1268 p2psvc - ok
04:16:09.0568 1268 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
04:16:09.0607 1268 Parport - ok
04:16:09.0646 1268 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
04:16:09.0663 1268 partmgr - ok
04:16:09.0702 1268 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
04:16:09.0750 1268 PcaSvc - ok
04:16:09.0799 1268 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
04:16:09.0827 1268 pci - ok
04:16:09.0865 1268 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
04:16:09.0885 1268 pciide - ok
04:16:09.0930 1268 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
04:16:09.0964 1268 pcmcia - ok
04:16:09.0990 1268 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
04:16:10.0005 1268 pcw - ok
04:16:10.0075 1268 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
04:16:10.0382 1268 PEAUTH - ok
04:16:10.0491 1268 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
04:16:10.0592 1268 PeerDistSvc - ok
04:16:10.0688 1268 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
04:16:10.0777 1268 PerfHost - ok
04:16:10.0989 1268 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
04:16:11.0093 1268 pla - ok
04:16:11.0163 1268 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
04:16:11.0416 1268 PlugPlay - ok
04:16:11.0466 1268 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
04:16:11.0487 1268 PNRPAutoReg - ok
04:16:11.0536 1268 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
04:16:11.0559 1268 PNRPsvc - ok
04:16:11.0642 1268 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
04:16:11.0670 1268 Point64 - ok
04:16:11.0747 1268 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
04:16:11.0824 1268 PolicyAgent - ok
04:16:11.0886 1268 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
04:16:11.0962 1268 Power - ok
04:16:12.0027 1268 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
04:16:12.0112 1268 PptpMiniport - ok
04:16:12.0157 1268 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
04:16:12.0362 1268 Processor - ok
04:16:12.0418 1268 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
04:16:12.0487 1268 ProfSvc - ok
04:16:12.0528 1268 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
04:16:12.0553 1268 ProtectedStorage - ok
04:16:12.0615 1268 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
04:16:12.0678 1268 Psched - ok
04:16:12.0791 1268 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
04:16:12.0863 1268 ql2300 - ok
04:16:12.0994 1268 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
04:16:13.0036 1268 ql40xx - ok
04:16:13.0099 1268 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
04:16:13.0156 1268 QWAVE - ok
04:16:13.0349 1268 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
04:16:13.0475 1268 QWAVEdrv - ok
04:16:13.0522 1268 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
04:16:13.0580 1268 RasAcd - ok
04:16:13.0628 1268 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
04:16:13.0697 1268 RasAgileVpn - ok
04:16:13.0737 1268 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
04:16:13.0827 1268 RasAuto - ok
04:16:13.0887 1268 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
04:16:13.0960 1268 Rasl2tp - ok
04:16:14.0014 1268 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
04:16:14.0095 1268 RasMan - ok
04:16:14.0143 1268 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
04:16:14.0361 1268 RasPppoe - ok
04:16:14.0428 1268 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
04:16:14.0508 1268 RasSstp - ok
04:16:14.0562 1268 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
04:16:14.0634 1268 rdbss - ok
04:16:14.0675 1268 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
04:16:14.0723 1268 rdpbus - ok
04:16:14.0751 1268 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
04:16:14.0833 1268 RDPCDD - ok
04:16:14.0890 1268 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
04:16:14.0970 1268 RDPDR - ok
04:16:15.0020 1268 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
04:16:15.0080 1268 RDPENCDD - ok
04:16:15.0133 1268 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
04:16:15.0352 1268 RDPREFMP - ok
04:16:15.0416 1268 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
04:16:15.0481 1268 RdpVideoMiniport - ok
04:16:15.0528 1268 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
04:16:15.0630 1268 RDPWD - ok
04:16:15.0710 1268 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
04:16:15.0760 1268 rdyboost - ok
04:16:15.0812 1268 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
04:16:15.0883 1268 RemoteAccess - ok
04:16:15.0935 1268 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
04:16:16.0008 1268 RemoteRegistry - ok
04:16:16.0063 1268 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
04:16:16.0125 1268 RpcEptMapper - ok
04:16:16.0165 1268 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
04:16:16.0366 1268 RpcLocator - ok
04:16:16.0438 1268 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
04:16:16.0488 1268 RpcSs - ok
04:16:16.0541 1268 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
04:16:16.0601 1268 rspndr - ok
04:16:16.0648 1268 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
04:16:16.0708 1268 s3cap - ok
04:16:16.0750 1268 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
04:16:16.0766 1268 SamSs - ok
04:16:16.0813 1268 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
04:16:16.0833 1268 sbp2port - ok
04:16:16.0876 1268 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
04:16:16.0954 1268 SCardSvr - ok
04:16:16.0991 1268 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
04:16:17.0043 1268 scfilter - ok
04:16:17.0135 1268 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
04:16:17.0430 1268 Schedule - ok
04:16:17.0481 1268 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
04:16:17.0524 1268 SCPolicySvc - ok
04:16:17.0575 1268 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
04:16:17.0629 1268 SDRSVC - ok
04:16:17.0708 1268 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
04:16:17.0770 1268 secdrv - ok
04:16:17.0817 1268 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
04:16:17.0861 1268 seclogon - ok
04:16:17.0907 1268 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
04:16:17.0953 1268 SENS - ok
04:16:17.0983 1268 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
04:16:18.0052 1268 SensrSvc - ok
04:16:18.0085 1268 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
04:16:18.0127 1268 Serenum - ok
04:16:18.0348 1268 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
04:16:18.0389 1268 Serial - ok
04:16:18.0438 1268 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
04:16:18.0488 1268 sermouse - ok
04:16:18.0560 1268 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
04:16:18.0625 1268 SessionEnv - ok
04:16:18.0671 1268 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
04:16:18.0757 1268 sffdisk - ok
04:16:18.0800 1268 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
04:16:18.0862 1268 sffp_mmc - ok
04:16:18.0894 1268 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
04:16:18.0934 1268 sffp_sd - ok
04:16:18.0996 1268 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
04:16:19.0030 1268 sfloppy - ok
04:16:19.0091 1268 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
04:16:19.0376 1268 SharedAccess - ok
04:16:19.0435 1268 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
04:16:19.0506 1268 ShellHWDetection - ok
04:16:19.0553 1268 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
04:16:19.0581 1268 SiSRaid2 - ok
04:16:19.0599 1268 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
04:16:19.0627 1268 SiSRaid4 - ok
04:16:19.0683 1268 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
04:16:19.0806 1268 Smb - ok
04:16:19.0877 1268 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
04:16:19.0922 1268 SNMPTRAP - ok
04:16:19.0948 1268 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
04:16:19.0962 1268 spldr - ok
04:16:20.0030 1268 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
04:16:20.0098 1268 Spooler - ok
04:16:20.0494 1268 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
04:16:20.0709 1268 sppsvc - ok
04:16:20.0808 1268 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
04:16:20.0888 1268 sppuinotify - ok
04:16:20.0996 1268 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
04:16:21.0105 1268 srv - ok
04:16:21.0153 1268 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
04:16:21.0360 1268 srv2 - ok
04:16:21.0412 1268 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
04:16:21.0442 1268 srvnet - ok
04:16:21.0501 1268 ssadbus (8f8324ed1de63ffc7b1a02cd2d963c72) C:\Windows\system32\DRIVERS\ssadbus.sys
04:16:21.0600 1268 ssadbus - ok
04:16:21.0656 1268 ssadmdfl (58221efcb74167b73667f0024c661ce0) C:\Windows\system32\DRIVERS\ssadmdfl.sys
04:16:21.0725 1268 ssadmdfl - ok
04:16:21.0781 1268 ssadmdm (4da7c71bfac5ad71255b7e4cab980163) C:\Windows\system32\DRIVERS\ssadmdm.sys
04:16:21.0823 1268 ssadmdm - ok
04:16:21.0873 1268 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
04:16:21.0956 1268 SSDPSRV - ok
04:16:22.0004 1268 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
04:16:22.0059 1268 SstpSvc - ok
04:16:22.0101 1268 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
04:16:22.0128 1268 stexstor - ok
04:16:22.0372 1268 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
04:16:22.0431 1268 stisvc - ok
04:16:22.0490 1268 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
04:16:22.0505 1268 storflt - ok
04:16:22.0542 1268 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
04:16:22.0557 1268 storvsc - ok
04:16:22.0585 1268 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
04:16:22.0600 1268 swenum - ok
04:16:22.0664 1268 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
04:16:22.0746 1268 swprv - ok
04:16:22.0784 1268 Synth3dVsc - ok
04:16:22.0919 1268 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
04:16:23.0049 1268 SysMain - ok
04:16:23.0410 1268 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
04:16:23.0497 1268 TabletInputService - ok
04:16:23.0554 1268 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
04:16:23.0632 1268 TapiSrv - ok
04:16:23.0679 1268 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
04:16:23.0758 1268 TBS - ok
04:16:23.0919 1268 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
04:16:24.0015 1268 Tcpip - ok
04:16:24.0452 1268 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
04:16:24.0507 1268 TCPIP6 - ok
04:16:24.0646 1268 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
04:16:24.0724 1268 tcpipreg - ok
04:16:24.0767 1268 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
04:16:24.0812 1268 TDPIPE - ok
04:16:24.0852 1268 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
04:16:24.0904 1268 TDTCP - ok
04:16:24.0962 1268 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
04:16:25.0019 1268 tdx - ok
04:16:25.0071 1268 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
04:16:25.0086 1268 TermDD - ok
04:16:25.0164 1268 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
04:16:25.0426 1268 TermService - ok
04:16:25.0466 1268 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
04:16:25.0510 1268 Themes - ok
04:16:25.0556 1268 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
04:16:25.0605 1268 THREADORDER - ok
04:16:25.0675 1268 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
04:16:25.0739 1268 TrkWks - ok
04:16:25.0817 1268 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
04:16:25.0896 1268 TrustedInstaller - ok
04:16:25.0938 1268 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
04:16:26.0006 1268 tssecsrv - ok
04:16:26.0056 1268 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
04:16:26.0097 1268 TsUsbFlt - ok
04:16:26.0112 1268 tsusbhub - ok
04:16:26.0342 1268 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
04:16:26.0406 1268 tunnel - ok
04:16:26.0447 1268 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
04:16:26.0469 1268 uagp35 - ok
04:16:26.0532 1268 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
04:16:26.0608 1268 udfs - ok
04:16:26.0664 1268 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
04:16:26.0699 1268 UI0Detect - ok
04:16:26.0751 1268 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
04:16:26.0768 1268 uliagpkx - ok
04:16:26.0820 1268 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
04:16:26.0853 1268 umbus - ok
04:16:26.0893 1268 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
04:16:26.0935 1268 UmPass - ok
04:16:26.0990 1268 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
04:16:27.0034 1268 UmRdpService - ok
04:16:27.0087 1268 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
04:16:27.0166 1268 upnphost - ok
04:16:27.0402 1268 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
04:16:27.0468 1268 usbccgp - ok
04:16:27.0528 1268 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
04:16:27.0599 1268 usbcir - ok
04:16:27.0643 1268 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
04:16:27.0694 1268 usbehci - ok
04:16:27.0756 1268 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
04:16:27.0792 1268 usbhub - ok
04:16:27.0832 1268 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
04:16:27.0868 1268 usbohci - ok
04:16:27.0920 1268 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
04:16:27.0966 1268 usbprint - ok
04:16:28.0017 1268 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
04:16:28.0082 1268 USBSTOR - ok
04:16:28.0123 1268 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
04:16:28.0166 1268 usbuhci - ok
04:16:28.0468 1268 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
04:16:28.0545 1268 UxSms - ok
04:16:28.0587 1268 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
04:16:28.0613 1268 VaultSvc - ok
04:16:28.0673 1268 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
04:16:28.0688 1268 vdrvroot - ok
04:16:28.0756 1268 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
04:16:28.0826 1268 vds - ok
04:16:28.0875 1268 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
04:16:28.0909 1268 vga - ok
04:16:28.0949 1268 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
04:16:29.0013 1268 VgaSave - ok
04:16:29.0041 1268 VGPU - ok
04:16:29.0097 1268 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
04:16:29.0128 1268 vhdmp - ok
04:16:29.0352 1268 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
04:16:29.0375 1268 viaide - ok
04:16:29.0424 1268 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
04:16:29.0453 1268 vmbus - ok
04:16:29.0506 1268 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
04:16:29.0543 1268 VMBusHID - ok
04:16:29.0594 1268 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
04:16:29.0625 1268 volmgr - ok
04:16:29.0673 1268 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
04:16:29.0709 1268 volmgrx - ok
04:16:29.0763 1268 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
04:16:29.0795 1268 volsnap - ok
04:16:29.0834 1268 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
04:16:29.0863 1268 vsmraid - ok
04:16:29.0980 1268 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
04:16:30.0103 1268 VSS - ok
04:16:30.0510 1268 VST64HWBS2 (93132c69394a99d992095d8cfe464801) C:\Windows\system32\DRIVERS\VSTBS26.SYS
04:16:30.0593 1268 VST64HWBS2 - ok
04:16:30.0739 1268 VST64_DPV (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
04:16:30.0813 1268 VST64_DPV - ok
04:16:30.0949 1268 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
04:16:30.0986 1268 vwifibus - ok
04:16:31.0043 1268 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
04:16:31.0108 1268 W32Time - ok
04:16:31.0156 1268 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
04:16:31.0422 1268 WacomPen - ok
04:16:31.0488 1268 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
04:16:31.0558 1268 WANARP - ok
04:16:31.0581 1268 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
04:16:31.0629 1268 Wanarpv6 - ok
04:16:31.0736 1268 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
04:16:31.0874 1268 WatAdminSvc - ok
04:16:31.0993 1268 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
04:16:32.0085 1268 wbengine - ok
04:16:32.0365 1268 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
04:16:32.0403 1268 WbioSrvc - ok
04:16:32.0462 1268 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
04:16:32.0577 1268 wcncsvc - ok
04:16:32.0627 1268 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
04:16:32.0660 1268 WcsPlugInService - ok
04:16:32.0722 1268 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
04:16:32.0737 1268 Wd - ok
04:16:32.0795 1268 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
04:16:32.0841 1268 Wdf01000 - ok
04:16:32.0877 1268 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
04:16:32.0993 1268 WdiServiceHost - ok
04:16:33.0015 1268 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
04:16:33.0053 1268 WdiSystemHost - ok
04:16:33.0112 1268 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
04:16:33.0342 1268 WebClient - ok
04:16:33.0395 1268 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
04:16:33.0465 1268 Wecsvc - ok
04:16:33.0517 1268 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
04:16:33.0585 1268 wercplsupport - ok
04:16:33.0638 1268 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
04:16:33.0696 1268 WerSvc - ok
04:16:33.0833 1268 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
04:16:33.0911 1268 WfpLwf - ok
04:16:33.0974 1268 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
04:16:34.0002 1268 WIMMount - ok
04:16:34.0071 1268 winachsf (a6ea7a3fc4b00f48535b506db1e86efd) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
04:16:34.0149 1268 winachsf - ok
04:16:34.0379 1268 WinDefend - ok
04:16:34.0402 1268 WinHttpAutoProxySvc - ok
04:16:34.0484 1268 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
04:16:34.0641 1268 Winmgmt - ok
04:16:34.0776 1268 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
04:16:35.0138 1268 WinRM - ok
04:16:35.0731 1268 WinUSB (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
04:16:35.0778 1268 WinUSB - ok
04:16:35.0856 1268 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
04:16:35.0932 1268 Wlansvc - ok
04:16:35.0974 1268 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
04:16:36.0027 1268 WmiAcpi - ok
04:16:36.0114 1268 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
04:16:36.0166 1268 wmiApSrv - ok
04:16:36.0404 1268 WMPNetworkSvc - ok
04:16:36.0548 1268 WMZuneComm (83b6ca03c846fcd47f9883d77d1eb27b) C:\Program Files\Zune\WMZuneComm.exe
04:16:36.0625 1268 WMZuneComm - ok
04:16:36.0675 1268 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
04:16:36.0713 1268 WPCSvc - ok
04:16:36.0760 1268 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
04:16:36.0819 1268 WPDBusEnum - ok
04:16:36.0865 1268 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
04:16:36.0929 1268 ws2ifsl - ok
04:16:36.0970 1268 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
04:16:37.0028 1268 wscsvc - ok
04:16:37.0042 1268 WSearch - ok
04:16:37.0369 1268 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
04:16:37.0536 1268 wuauserv - ok
04:16:37.0662 1268 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
04:16:37.0724 1268 WudfPf - ok
04:16:37.0785 1268 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
04:16:37.0844 1268 WUDFRd - ok
04:16:37.0897 1268 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
04:16:37.0946 1268 wudfsvc - ok
04:16:37.0999 1268 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
04:16:38.0053 1268 WwanSvc - ok
04:16:38.0098 1268 XAudio (e8f3fa126a06f8e7088f63757112a186) C:\Windows\system32\DRIVERS\XAudio64.sys
04:16:38.0136 1268 XAudio - ok
04:16:38.0787 1268 ZuneNetworkSvc (67b787c34fb2888d01b130ae007042d8) C:\Program Files\Zune\ZuneNss.exe
04:16:39.0125 1268 ZuneNetworkSvc - ok
04:16:39.0418 1268 ZuneWlanCfgSvc (4d89fc1c20cf655739efac5da81a67bc) C:\Program Files\Zune\ZuneWlanCfgSvc.exe
04:16:39.0454 1268 ZuneWlanCfgSvc - ok
04:16:39.0512 1268 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
04:16:39.0637 1268 \Device\Harddisk0\DR0 - ok
04:16:39.0667 1268 Boot (0x1200) (e376c8c4ab5392a4ccea97eea69739cf) \Device\Harddisk0\DR0\Partition0
04:16:39.0668 1268 \Device\Harddisk0\DR0\Partition0 - ok
04:16:39.0718 1268 Boot (0x1200) (07a77afee5dcb272c2e01dd6548c5938) \Device\Harddisk0\DR0\Partition1
04:16:39.0719 1268 \Device\Harddisk0\DR0\Partition1 - ok
04:16:39.0725 1268 ============================================================
04:16:39.0725 1268 Scan finished
04:16:39.0725 1268 ============================================================
04:16:39.0751 3944 Detected object count: 1
04:16:39.0751 3944 Actual detected object count: 1
04:18:38.0917 3944 NBService ( UnsignedFile.Multi.Generic ) - skipped by user
04:18:38.0917 3944 NBService ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:19:52.0035 1132 Deinitialize success
-
Actually, I'm still getting the Pop-ups from "axview".
-
It turns out that I still have this problem. After all the help I received on this forum, and all the scans and logs, the pop-up returned an hour after I finished.
I am trying a couple of different rootkit removal programs. If I have any success or learn any thing else about this problem, I'll post back here to let everyone know.
If anyone else has any info about these pop-ups I would love to hear from you.
Thank You
PB68
-
Can I delete the RK Quarantined registry entrys?
-
Working great!
Thanks again...
-
MBAM quick scan log:
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.04.25.04
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Scott :: SCOTT-PC [administrator]
Protection: Enabled
4/25/2012 9:37:35 AM
mbam-log-2012-04-25 (09-37-35).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 216629
Time elapsed: 2 minute(s), 34 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Thank you for your assistance.
-
Thank You MrCharlie:
Here's the ComboFix log:
ComboFix 12-04-24.05 - Scott 04/24/2012 20:44:17.1.1 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.1471.904 [GMT -5:00]
Running from: c:\users\Scott\Desktop\ComboFix.exe
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\p64mlj5p.default\weave\toFetch
D:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2012-03-25 to 2012-04-25 )))))))))))))))))))))))))))))))
.
.
2012-04-25 01:12 . 2012-04-25 01:12 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-21 12:55 . 2012-04-21 12:55 -------- d-----w- c:\users\Scott\AppData\Local\ElevatedDiagnostics
2012-04-15 09:50 . 2012-04-15 09:50 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-12 08:36 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-12 08:36 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-12 08:36 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-12 08:35 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 08:35 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 08:35 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 08:35 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 08:35 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 08:35 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 08:35 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-11 13:24 . 2012-04-11 13:24 -------- d-----w- c:\users\Scott\AppData\Local\Apps
2012-04-11 13:21 . 2012-04-11 13:21 -------- d-----w- c:\users\Scott\AppData\Roaming\FastStone
2012-04-11 13:20 . 2012-04-11 13:20 -------- d-----w- c:\program files (x86)\FastStone Image Viewer
2012-03-31 08:21 . 2012-03-31 08:21 -------- d-----w- c:\users\Sherry
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-15 09:50 . 2011-11-24 16:33 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-04 20:56 . 2011-11-26 22:23 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-20 15:16 . 2011-11-26 22:48 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-17 06:38 . 2012-03-14 10:48 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-02-17 06:38 . 2012-03-14 10:48 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 10:48 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 10:48 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 10:48 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-16 11:53 . 2012-02-16 11:53 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-02-16 11:53 . 2012-02-16 11:53 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-02-16 11:53 . 2012-02-16 11:53 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-02-16 11:53 . 2012-02-16 11:53 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-02-10 06:36 . 2012-03-14 10:49 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 10:49 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-03 04:34 . 2012-03-14 10:49 3145728 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Nero PhotoShow Media Manager"="c:\progra~2\Nero\NERO7~1\NEROPH~2\data\Xtras\mssysmgr.exe" [2006-05-10 249856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 253088]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 VST64_DPV;VST64_DPV;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 VST64HWBS2;VST64HWBS2;c:\windows\system32\DRIVERS\VSTBS26.SYS [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe [2011-11-23 2391832]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-08-10 227184]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 CAXHWBS2;CAXHWBS2;c:\windows\system32\DRIVERS\CAXHWBS2.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 09:50]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
FF - ProfilePath - c:\users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\p64mlj5p.default\
FF - prefs.js: browser.search.selectedEngine - Startpage HTTPS
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-ShockwaveFlash - c:\windows\system32\Macromed\Flash\UninstFl.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3651193171-666663103-883258570-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
.
**************************************************************************
.
Completion time: 2012-04-24 21:00:18 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-25 02:00
.
Pre-Run: 82,605,613,056 bytes free
Post-Run: 82,093,047,808 bytes free
.
- - End Of File - - DFE73CBBE08175BDEAEBAD9FA57DC605
-
TDSS Killer log:
20:04:49.0588 1164 TDSS rootkit removing tool 2.7.32.0 Apr 23 2012 19:12:34
20:04:50.0129 1164 ============================================================
20:04:50.0129 1164 Current date / time: 2012/04/24 20:04:50.0129
20:04:50.0129 1164 SystemInfo:
20:04:50.0129 1164
20:04:50.0130 1164 OS Version: 6.1.7601 ServicePack: 1.0
20:04:50.0130 1164 Product type: Workstation
20:04:50.0130 1164 ComputerName: SCOTT-PC
20:04:50.0131 1164 UserName: Scott
20:04:50.0131 1164 Windows directory: C:\Windows
20:04:50.0131 1164 System windows directory: C:\Windows
20:04:50.0131 1164 Running under WOW64
20:04:50.0131 1164 Processor architecture: Intel x64
20:04:50.0131 1164 Number of processors: 1
20:04:50.0131 1164 Page size: 0x1000
20:04:50.0131 1164 Boot type: Normal boot
20:04:50.0131 1164 ============================================================
20:04:50.0648 1164 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3C91, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
20:04:50.0870 1164 ============================================================
20:04:50.0870 1164 \Device\Harddisk0\DR0:
20:04:50.0881 1164 MBR partitions:
20:04:50.0881 1164 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xCF2A6B1
20:04:50.0881 1164 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0xCF2E200, BlocksNum 0x1065210
20:04:50.0881 1164 ============================================================
20:04:50.0902 1164 C: <-> \Device\Harddisk0\DR0\Partition0
20:04:50.0929 1164 D: <-> \Device\Harddisk0\DR0\Partition1
20:04:50.0930 1164 ============================================================
20:04:50.0930 1164 Initialize success
20:04:50.0930 1164 ============================================================
20:05:21.0298 3040 ============================================================
20:05:21.0298 3040 Scan started
20:05:21.0299 3040 Mode: Manual; SigCheck; TDLFS;
20:05:21.0299 3040 ============================================================
20:05:21.0864 3040 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
20:05:22.0052 3040 1394ohci - ok
20:05:22.0126 3040 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
20:05:22.0150 3040 ACPI - ok
20:05:22.0206 3040 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
20:05:22.0321 3040 AcpiPmi - ok
20:05:22.0445 3040 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:05:22.0466 3040 AdobeARMservice - ok
20:05:22.0655 3040 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:05:22.0670 3040 AdobeFlashPlayerUpdateSvc - ok
20:05:22.0895 3040 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
20:05:22.0921 3040 adp94xx - ok
20:05:22.0987 3040 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
20:05:23.0026 3040 adpahci - ok
20:05:23.0092 3040 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
20:05:23.0125 3040 adpu320 - ok
20:05:23.0199 3040 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
20:05:23.0357 3040 AeLookupSvc - ok
20:05:23.0468 3040 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
20:05:23.0554 3040 AFD - ok
20:05:23.0618 3040 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
20:05:23.0634 3040 agp440 - ok
20:05:23.0825 3040 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
20:05:23.0876 3040 ALG - ok
20:05:23.0929 3040 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
20:05:23.0945 3040 aliide - ok
20:05:23.0994 3040 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
20:05:24.0007 3040 amdide - ok
20:05:24.0083 3040 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
20:05:24.0160 3040 AmdK8 - ok
20:05:24.0221 3040 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
20:05:24.0274 3040 AmdPPM - ok
20:05:24.0339 3040 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
20:05:24.0367 3040 amdsata - ok
20:05:24.0428 3040 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
20:05:24.0448 3040 amdsbs - ok
20:05:24.0486 3040 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
20:05:24.0500 3040 amdxata - ok
20:05:24.0546 3040 androidusb (4de0d5d747a73797c95a97dcce5018b5) C:\Windows\system32\Drivers\ssadadb.sys
20:05:24.0952 3040 androidusb - ok
20:05:25.0015 3040 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
20:05:25.0233 3040 AppID - ok
20:05:25.0268 3040 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
20:05:25.0341 3040 AppIDSvc - ok
20:05:25.0410 3040 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
20:05:25.0479 3040 Appinfo - ok
20:05:25.0532 3040 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
20:05:25.0577 3040 AppMgmt - ok
20:05:25.0635 3040 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
20:05:25.0650 3040 arc - ok
20:05:25.0843 3040 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
20:05:25.0859 3040 arcsas - ok
20:05:25.0904 3040 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:05:25.0962 3040 AsyncMac - ok
20:05:26.0025 3040 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
20:05:26.0039 3040 atapi - ok
20:05:26.0140 3040 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:05:26.0263 3040 AudioEndpointBuilder - ok
20:05:26.0292 3040 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:05:26.0344 3040 AudioSrv - ok
20:05:26.0414 3040 Avgfwfd (96b4456f1dca4eda506ed31c7d2d6b05) C:\Windows\system32\DRIVERS\avgfwd6a.sys
20:05:26.0428 3040 Avgfwfd - ok
20:05:26.0638 3040 avgfws (5cd22eb540f82c70e33e530003f3903b) C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
20:05:26.0842 3040 avgfws - ok
20:05:27.0194 3040 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
20:05:27.0298 3040 AVGIDSAgent - ok
20:05:27.0440 3040 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
20:05:27.0457 3040 AVGIDSDriver - ok
20:05:27.0490 3040 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
20:05:27.0503 3040 AVGIDSEH - ok
20:05:27.0546 3040 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
20:05:27.0560 3040 AVGIDSFilter - ok
20:05:27.0616 3040 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
20:05:27.0635 3040 Avgldx64 - ok
20:05:27.0803 3040 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
20:05:27.0817 3040 Avgmfx64 - ok
20:05:27.0874 3040 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
20:05:27.0889 3040 Avgrkx64 - ok
20:05:27.0950 3040 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
20:05:27.0971 3040 Avgtdia - ok
20:05:28.0072 3040 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
20:05:28.0106 3040 avgwd - ok
20:05:28.0178 3040 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
20:05:28.0274 3040 AxInstSV - ok
20:05:28.0348 3040 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
20:05:28.0400 3040 b06bdrv - ok
20:05:28.0476 3040 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:05:28.0529 3040 b57nd60a - ok
20:05:28.0603 3040 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
20:05:28.0658 3040 BDESVC - ok
20:05:28.0842 3040 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:05:28.0913 3040 Beep - ok
20:05:29.0006 3040 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
20:05:29.0069 3040 BFE - ok
20:05:29.0151 3040 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
20:05:29.0228 3040 BITS - ok
20:05:29.0308 3040 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:05:29.0362 3040 blbdrive - ok
20:05:29.0409 3040 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
20:05:29.0435 3040 bowser - ok
20:05:29.0488 3040 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:05:29.0576 3040 BrFiltLo - ok
20:05:29.0605 3040 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:05:29.0625 3040 BrFiltUp - ok
20:05:29.0811 3040 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
20:05:29.0871 3040 Browser - ok
20:05:29.0929 3040 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:05:30.0006 3040 Brserid - ok
20:05:30.0044 3040 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:05:30.0102 3040 BrSerWdm - ok
20:05:30.0145 3040 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:05:30.0185 3040 BrUsbMdm - ok
20:05:30.0228 3040 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:05:30.0264 3040 BrUsbSer - ok
20:05:30.0309 3040 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
20:05:30.0354 3040 BTHMODEM - ok
20:05:30.0422 3040 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
20:05:30.0481 3040 bthserv - ok
20:05:30.0561 3040 CAXHWBS2 (46f088d1247e825b313200254edd9e5b) C:\Windows\system32\DRIVERS\CAXHWBS2.sys
20:05:30.0615 3040 CAXHWBS2 - ok
20:05:30.0662 3040 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:05:30.0838 3040 cdfs - ok
20:05:30.0901 3040 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
20:05:30.0937 3040 cdrom - ok
20:05:30.0998 3040 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:05:31.0062 3040 CertPropSvc - ok
20:05:31.0112 3040 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
20:05:31.0147 3040 circlass - ok
20:05:31.0224 3040 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:05:31.0245 3040 CLFS - ok
20:05:31.0346 3040 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:05:31.0387 3040 clr_optimization_v2.0.50727_32 - ok
20:05:31.0453 3040 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:05:31.0465 3040 clr_optimization_v2.0.50727_64 - ok
20:05:31.0613 3040 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:05:31.0626 3040 clr_optimization_v4.0.30319_32 - ok
20:05:31.0824 3040 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:05:31.0837 3040 clr_optimization_v4.0.30319_64 - ok
20:05:31.0900 3040 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
20:05:31.0931 3040 CmBatt - ok
20:05:31.0973 3040 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
20:05:31.0990 3040 cmdide - ok
20:05:32.0053 3040 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
20:05:32.0104 3040 CNG - ok
20:05:32.0140 3040 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
20:05:32.0157 3040 Compbatt - ok
20:05:32.0209 3040 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
20:05:32.0247 3040 CompositeBus - ok
20:05:32.0273 3040 COMSysApp - ok
20:05:32.0315 3040 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
20:05:32.0333 3040 crcdisk - ok
20:05:32.0410 3040 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
20:05:32.0474 3040 CryptSvc - ok
20:05:32.0534 3040 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
20:05:32.0598 3040 CSC - ok
20:05:32.0820 3040 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
20:05:32.0877 3040 CscService - ok
20:05:32.0945 3040 dc3d (1ca90212a99db6975c344826d11055c9) C:\Windows\system32\DRIVERS\dc3d.sys
20:05:32.0957 3040 dc3d - ok
20:05:33.0041 3040 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:05:33.0107 3040 DcomLaunch - ok
20:05:33.0153 3040 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
20:05:33.0219 3040 defragsvc - ok
20:05:33.0278 3040 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
20:05:33.0347 3040 DfsC - ok
20:05:33.0417 3040 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
20:05:33.0483 3040 Dhcp - ok
20:05:33.0527 3040 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:05:33.0593 3040 discache - ok
20:05:33.0648 3040 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
20:05:33.0663 3040 Disk - ok
20:05:33.0854 3040 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
20:05:33.0925 3040 Dnscache - ok
20:05:33.0990 3040 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
20:05:34.0070 3040 dot3svc - ok
20:05:34.0126 3040 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
20:05:34.0193 3040 DPS - ok
20:05:34.0235 3040 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:05:34.0273 3040 drmkaud - ok
20:05:34.0365 3040 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
20:05:34.0402 3040 DXGKrnl - ok
20:05:34.0441 3040 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
20:05:34.0507 3040 EapHost - ok
20:05:34.0831 3040 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
20:05:34.0907 3040 ebdrv - ok
20:05:35.0016 3040 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
20:05:35.0084 3040 EFS - ok
20:05:35.0183 3040 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
20:05:35.0257 3040 ehRecvr - ok
20:05:35.0297 3040 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
20:05:35.0333 3040 ehSched - ok
20:05:35.0433 3040 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
20:05:35.0478 3040 elxstor - ok
20:05:35.0525 3040 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
20:05:35.0558 3040 ErrDev - ok
20:05:35.0648 3040 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
20:05:35.0863 3040 EventSystem - ok
20:05:35.0904 3040 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:05:35.0970 3040 exfat - ok
20:05:36.0023 3040 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:05:36.0098 3040 fastfat - ok
20:05:36.0195 3040 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
20:05:36.0305 3040 Fax - ok
20:05:36.0341 3040 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
20:05:36.0379 3040 fdc - ok
20:05:36.0428 3040 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
20:05:36.0503 3040 fdPHost - ok
20:05:36.0546 3040 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
20:05:36.0609 3040 FDResPub - ok
20:05:36.0650 3040 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:05:36.0666 3040 FileInfo - ok
20:05:36.0822 3040 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:05:36.0890 3040 Filetrace - ok
20:05:36.0918 3040 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
20:05:36.0941 3040 flpydisk - ok
20:05:37.0006 3040 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
20:05:37.0039 3040 FltMgr - ok
20:05:37.0137 3040 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
20:05:37.0223 3040 FontCache - ok
20:05:37.0341 3040 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:05:37.0362 3040 FontCache3.0.0.0 - ok
20:05:37.0424 3040 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:05:37.0445 3040 FsDepends - ok
20:05:37.0490 3040 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
20:05:37.0504 3040 Fs_Rec - ok
20:05:37.0565 3040 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:05:37.0606 3040 fvevol - ok
20:05:37.0649 3040 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:05:37.0665 3040 gagp30kx - ok
20:05:37.0871 3040 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
20:05:37.0962 3040 gpsvc - ok
20:05:37.0998 3040 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:05:38.0058 3040 hcw85cir - ok
20:05:38.0136 3040 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
20:05:38.0189 3040 HdAudAddService - ok
20:05:38.0243 3040 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
20:05:38.0288 3040 HDAudBus - ok
20:05:38.0331 3040 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
20:05:38.0361 3040 HidBatt - ok
20:05:38.0393 3040 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
20:05:38.0445 3040 HidBth - ok
20:05:38.0490 3040 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
20:05:38.0527 3040 HidIr - ok
20:05:38.0570 3040 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
20:05:38.0633 3040 hidserv - ok
20:05:38.0822 3040 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
20:05:38.0842 3040 HidUsb - ok
20:05:38.0886 3040 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
20:05:38.0966 3040 hkmsvc - ok
20:05:39.0013 3040 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
20:05:39.0081 3040 HomeGroupListener - ok
20:05:39.0137 3040 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
20:05:39.0203 3040 HomeGroupProvider - ok
20:05:39.0246 3040 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
20:05:39.0262 3040 HpSAMD - ok
20:05:39.0361 3040 HsfXAudioService (447256d1c026654c5cd3cc17e7b20631) C:\Windows\SysWOW64\XAudio64.dll
20:05:39.0411 3040 HsfXAudioService - ok
20:05:39.0522 3040 HSF_DP (64667d9808fd09fabedccf62e8f52662) C:\Windows\system32\DRIVERS\CAX_DP.sys
20:05:39.0595 3040 HSF_DP - ok
20:05:39.0908 3040 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
20:05:39.0998 3040 HTTP - ok
20:05:40.0044 3040 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
20:05:40.0058 3040 hwpolicy - ok
20:05:40.0128 3040 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
20:05:40.0155 3040 i8042prt - ok
20:05:40.0226 3040 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
20:05:40.0261 3040 iaStorV - ok
20:05:40.0418 3040 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:05:40.0489 3040 idsvc - ok
20:05:40.0523 3040 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
20:05:40.0541 3040 iirsp - ok
20:05:40.0625 3040 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
20:05:40.0840 3040 IKEEXT - ok
20:05:40.0986 3040 IntcAzAudAddService (bfbabcb231628a4551dbb10d0ea25d62) C:\Windows\system32\drivers\RTKVHD64.sys
20:05:41.0078 3040 IntcAzAudAddService - ok
20:05:41.0230 3040 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
20:05:41.0256 3040 intelide - ok
20:05:41.0310 3040 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:05:41.0344 3040 intelppm - ok
20:05:41.0391 3040 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
20:05:41.0467 3040 IPBusEnum - ok
20:05:41.0525 3040 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:05:41.0597 3040 IpFilterDriver - ok
20:05:41.0664 3040 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
20:05:41.0862 3040 iphlpsvc - ok
20:05:41.0915 3040 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
20:05:41.0948 3040 IPMIDRV - ok
20:05:41.0985 3040 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:05:42.0059 3040 IPNAT - ok
20:05:42.0105 3040 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:05:42.0187 3040 IRENUM - ok
20:05:42.0234 3040 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
20:05:42.0248 3040 isapnp - ok
20:05:42.0307 3040 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
20:05:42.0338 3040 iScsiPrt - ok
20:05:42.0393 3040 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
20:05:42.0415 3040 kbdclass - ok
20:05:42.0461 3040 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
20:05:42.0486 3040 kbdhid - ok
20:05:42.0512 3040 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:05:42.0535 3040 KeyIso - ok
20:05:42.0562 3040 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
20:05:42.0583 3040 KSecDD - ok
20:05:42.0634 3040 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
20:05:42.0664 3040 KSecPkg - ok
20:05:42.0839 3040 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:05:42.0899 3040 ksthunk - ok
20:05:42.0958 3040 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
20:05:43.0035 3040 KtmRm - ok
20:05:43.0100 3040 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
20:05:43.0183 3040 LanmanServer - ok
20:05:43.0232 3040 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
20:05:43.0301 3040 LanmanWorkstation - ok
20:05:43.0354 3040 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:05:43.0419 3040 lltdio - ok
20:05:43.0487 3040 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
20:05:43.0568 3040 lltdsvc - ok
20:05:43.0597 3040 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
20:05:43.0645 3040 lmhosts - ok
20:05:43.0840 3040 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:05:43.0861 3040 LSI_FC - ok
20:05:43.0913 3040 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:05:43.0952 3040 LSI_SAS - ok
20:05:44.0010 3040 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:05:44.0041 3040 LSI_SAS2 - ok
20:05:44.0097 3040 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:05:44.0124 3040 LSI_SCSI - ok
20:05:44.0178 3040 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:05:44.0247 3040 luafv - ok
20:05:44.0328 3040 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
20:05:44.0348 3040 MBAMProtector - ok
20:05:44.0488 3040 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
20:05:44.0540 3040 MBAMService - ok
20:05:44.0583 3040 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
20:05:44.0629 3040 Mcx2Svc - ok
20:05:44.0801 3040 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
20:05:44.0844 3040 mdmxsdk - ok
20:05:44.0875 3040 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
20:05:44.0889 3040 megasas - ok
20:05:44.0940 3040 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
20:05:44.0967 3040 MegaSR - ok
20:05:45.0029 3040 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:05:45.0088 3040 MMCSS - ok
20:05:45.0117 3040 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:05:45.0180 3040 Modem - ok
20:05:45.0235 3040 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:05:45.0276 3040 monitor - ok
20:05:45.0321 3040 motmodem (060f0ef84f430802df3788f3dcfd009c) C:\Windows\system32\DRIVERS\motmodem.sys
20:05:45.0407 3040 motmodem - ok
20:05:45.0527 3040 MotoHelper (98a10ac4257a3ba48c9611338544ee49) C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
20:05:45.0551 3040 MotoHelper - ok
20:05:45.0612 3040 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
20:05:45.0629 3040 mouclass - ok
20:05:45.0819 3040 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:05:45.0852 3040 mouhid - ok
20:05:45.0905 3040 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
20:05:45.0930 3040 mountmgr - ok
20:05:45.0983 3040 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
20:05:46.0024 3040 mpio - ok
20:05:46.0067 3040 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:05:46.0128 3040 mpsdrv - ok
20:05:46.0213 3040 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
20:05:46.0302 3040 MpsSvc - ok
20:05:46.0350 3040 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
20:05:46.0396 3040 MRxDAV - ok
20:05:46.0453 3040 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:05:46.0518 3040 mrxsmb - ok
20:05:46.0582 3040 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:05:46.0629 3040 mrxsmb10 - ok
20:05:46.0804 3040 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:05:46.0838 3040 mrxsmb20 - ok
20:05:46.0881 3040 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
20:05:46.0898 3040 msahci - ok
20:05:46.0948 3040 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
20:05:46.0970 3040 msdsm - ok
20:05:47.0021 3040 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
20:05:47.0066 3040 MSDTC - ok
20:05:47.0135 3040 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:05:47.0186 3040 Msfs - ok
20:05:47.0253 3040 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:05:47.0320 3040 mshidkmdf - ok
20:05:47.0355 3040 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
20:05:47.0369 3040 msisadrv - ok
20:05:47.0438 3040 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
20:05:47.0510 3040 MSiSCSI - ok
20:05:47.0528 3040 msiserver - ok
20:05:47.0577 3040 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:05:47.0636 3040 MSKSSRV - ok
20:05:47.0844 3040 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:05:47.0905 3040 MSPCLOCK - ok
20:05:47.0944 3040 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:05:48.0003 3040 MSPQM - ok
20:05:48.0058 3040 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
20:05:48.0091 3040 MsRPC - ok
20:05:48.0145 3040 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
20:05:48.0160 3040 mssmbios - ok
20:05:48.0207 3040 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:05:48.0272 3040 MSTEE - ok
20:05:48.0301 3040 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
20:05:48.0337 3040 MTConfig - ok
20:05:48.0376 3040 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:05:48.0395 3040 Mup - ok
20:05:48.0456 3040 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
20:05:48.0539 3040 napagent - ok
20:05:48.0600 3040 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:05:48.0667 3040 NativeWifiP - ok
20:05:48.0970 3040 NBService (2637f26312ecceeb6f110e95f1ece243) C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
20:05:49.0047 3040 NBService ( UnsignedFile.Multi.Generic ) - warning
20:05:49.0047 3040 NBService - detected UnsignedFile.Multi.Generic (1)
20:05:49.0138 3040 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
20:05:49.0199 3040 NDIS - ok
20:05:49.0250 3040 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:05:49.0312 3040 NdisCap - ok
20:05:49.0364 3040 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:05:49.0424 3040 NdisTapi - ok
20:05:49.0474 3040 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
20:05:49.0531 3040 Ndisuio - ok
20:05:49.0581 3040 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
20:05:49.0650 3040 NdisWan - ok
20:05:49.0825 3040 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
20:05:49.0874 3040 NDProxy - ok
20:05:49.0939 3040 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:05:50.0000 3040 NetBIOS - ok
20:05:50.0056 3040 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
20:05:50.0141 3040 NetBT - ok
20:05:50.0175 3040 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:05:50.0200 3040 Netlogon - ok
20:05:50.0269 3040 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
20:05:50.0352 3040 Netman - ok
20:05:50.0424 3040 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
20:05:50.0514 3040 netprofm - ok
20:05:50.0635 3040 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:05:50.0663 3040 NetTcpPortSharing - ok
20:05:50.0832 3040 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
20:05:50.0847 3040 nfrd960 - ok
20:05:50.0920 3040 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
20:05:50.0995 3040 NlaSvc - ok
20:05:51.0043 3040 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:05:51.0093 3040 Npfs - ok
20:05:51.0139 3040 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
20:05:51.0215 3040 nsi - ok
20:05:51.0250 3040 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:05:51.0308 3040 nsiproxy - ok
20:05:51.0446 3040 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
20:05:51.0577 3040 Ntfs - ok
20:05:51.0835 3040 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:05:51.0899 3040 Null - ok
20:05:51.0977 3040 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
20:05:52.0028 3040 NVENETFD - ok
20:05:52.0650 3040 nvlddmkm (dd81fbc57ab9134cddc5ce90880bfd80) C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:05:53.0234 3040 nvlddmkm - ok
20:05:53.0412 3040 NVNET (909eedcbd365bb81027d8e742e6b3416) C:\Windows\system32\DRIVERS\nvmf6264.sys
20:05:53.0456 3040 NVNET - ok
20:05:53.0500 3040 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
20:05:53.0530 3040 nvraid - ok
20:05:53.0589 3040 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
20:05:53.0608 3040 nvstor - ok
20:05:53.0654 3040 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
20:05:53.0810 3040 nv_agp - ok
20:05:53.0860 3040 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
20:05:53.0895 3040 ohci1394 - ok
20:05:53.0956 3040 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:05:54.0030 3040 p2pimsvc - ok
20:05:54.0086 3040 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
20:05:54.0130 3040 p2psvc - ok
20:05:54.0173 3040 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
20:05:54.0207 3040 Parport - ok
20:05:54.0250 3040 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
20:05:54.0272 3040 partmgr - ok
20:05:54.0316 3040 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
20:05:54.0374 3040 PcaSvc - ok
20:05:54.0421 3040 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
20:05:54.0447 3040 pci - ok
20:05:54.0494 3040 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
20:05:54.0507 3040 pciide - ok
20:05:54.0556 3040 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
20:05:54.0591 3040 pcmcia - ok
20:05:54.0626 3040 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:05:54.0641 3040 pcw - ok
20:05:54.0830 3040 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:05:54.0928 3040 PEAUTH - ok
20:05:55.0020 3040 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
20:05:55.0163 3040 PeerDistSvc - ok
20:05:55.0258 3040 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
20:05:55.0301 3040 PerfHost - ok
20:05:55.0486 3040 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
20:05:55.0604 3040 pla - ok
20:05:55.0860 3040 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
20:05:55.0952 3040 PlugPlay - ok
20:05:55.0984 3040 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
20:05:56.0011 3040 PNRPAutoReg - ok
20:05:56.0051 3040 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:05:56.0079 3040 PNRPsvc - ok
20:05:56.0174 3040 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
20:05:56.0197 3040 Point64 - ok
20:05:56.0268 3040 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
20:05:56.0353 3040 PolicyAgent - ok
20:05:56.0419 3040 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
20:05:56.0499 3040 Power - ok
20:05:56.0563 3040 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
20:05:56.0632 3040 PptpMiniport - ok
20:05:56.0805 3040 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
20:05:56.0845 3040 Processor - ok
20:05:56.0907 3040 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
20:05:56.0982 3040 ProfSvc - ok
20:05:57.0022 3040 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:05:57.0056 3040 ProtectedStorage - ok
20:05:57.0113 3040 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
20:05:57.0193 3040 Psched - ok
20:05:57.0342 3040 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
20:05:57.0438 3040 ql2300 - ok
20:05:57.0571 3040 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
20:05:57.0590 3040 ql40xx - ok
20:05:57.0643 3040 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
20:05:57.0833 3040 QWAVE - ok
20:05:57.0869 3040 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:05:57.0915 3040 QWAVEdrv - ok
20:05:57.0958 3040 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:05:58.0024 3040 RasAcd - ok
20:05:58.0071 3040 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:05:58.0128 3040 RasAgileVpn - ok
20:05:58.0170 3040 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
20:05:58.0247 3040 RasAuto - ok
20:05:58.0306 3040 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:05:58.0389 3040 Rasl2tp - ok
20:05:58.0444 3040 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
20:05:58.0523 3040 RasMan - ok
20:05:58.0571 3040 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:05:58.0627 3040 RasPppoe - ok
20:05:58.0820 3040 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:05:58.0931 3040 RasSstp - ok
20:05:58.0994 3040 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
20:05:59.0071 3040 rdbss - ok
20:05:59.0109 3040 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:05:59.0151 3040 rdpbus - ok
20:05:59.0179 3040 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:05:59.0246 3040 RDPCDD - ok
20:05:59.0302 3040 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
20:05:59.0348 3040 RDPDR - ok
20:05:59.0389 3040 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:05:59.0450 3040 RDPENCDD - ok
20:05:59.0496 3040 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:05:59.0545 3040 RDPREFMP - ok
20:05:59.0621 3040 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
20:05:59.0667 3040 RdpVideoMiniport - ok
20:05:59.0845 3040 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
20:05:59.0907 3040 RDPWD - ok
20:05:59.0965 3040 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
20:05:59.0994 3040 rdyboost - ok
20:06:00.0038 3040 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
20:06:00.0114 3040 RemoteAccess - ok
20:06:00.0164 3040 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
20:06:00.0246 3040 RemoteRegistry - ok
20:06:00.0299 3040 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
20:06:00.0373 3040 RpcEptMapper - ok
20:06:00.0416 3040 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
20:06:00.0453 3040 RpcLocator - ok
20:06:00.0519 3040 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:06:00.0578 3040 RpcSs - ok
20:06:00.0636 3040 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:06:00.0820 3040 rspndr - ok
20:06:00.0868 3040 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
20:06:00.0912 3040 s3cap - ok
20:06:00.0955 3040 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:06:00.0978 3040 SamSs - ok
20:06:01.0016 3040 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
20:06:01.0036 3040 sbp2port - ok
20:06:01.0083 3040 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
20:06:01.0165 3040 SCardSvr - ok
20:06:01.0220 3040 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
20:06:01.0280 3040 scfilter - ok
20:06:01.0380 3040 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
20:06:01.0523 3040 Schedule - ok
20:06:01.0575 3040 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:06:01.0625 3040 SCPolicySvc - ok
20:06:01.0806 3040 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
20:06:01.0866 3040 SDRSVC - ok
20:06:01.0943 3040 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:06:01.0998 3040 secdrv - ok
20:06:02.0038 3040 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
20:06:02.0087 3040 seclogon - ok
20:06:02.0126 3040 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
20:06:02.0181 3040 SENS - ok
20:06:02.0219 3040 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
20:06:02.0271 3040 SensrSvc - ok
20:06:02.0296 3040 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
20:06:02.0338 3040 Serenum - ok
20:06:02.0380 3040 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
20:06:02.0409 3040 Serial - ok
20:06:02.0447 3040 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
20:06:02.0499 3040 sermouse - ok
20:06:02.0572 3040 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
20:06:02.0644 3040 SessionEnv - ok
20:06:02.0815 3040 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
20:06:02.0869 3040 sffdisk - ok
20:06:02.0905 3040 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
20:06:02.0938 3040 sffp_mmc - ok
20:06:02.0970 3040 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
20:06:03.0013 3040 sffp_sd - ok
20:06:03.0053 3040 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
20:06:03.0099 3040 sfloppy - ok
20:06:03.0153 3040 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
20:06:03.0241 3040 SharedAccess - ok
20:06:03.0296 3040 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
20:06:03.0382 3040 ShellHWDetection - ok
20:06:03.0432 3040 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:06:03.0457 3040 SiSRaid2 - ok
20:06:03.0478 3040 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
20:06:03.0497 3040 SiSRaid4 - ok
20:06:03.0553 3040 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:06:03.0639 3040 Smb - ok
20:06:03.0835 3040 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
20:06:03.0883 3040 SNMPTRAP - ok
20:06:03.0910 3040 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:06:03.0923 3040 spldr - ok
20:06:03.0991 3040 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
20:06:04.0060 3040 Spooler - ok
20:06:04.0258 3040 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
20:06:04.0472 3040 sppsvc - ok
20:06:04.0569 3040 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
20:06:04.0633 3040 sppuinotify - ok
20:06:04.0853 3040 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
20:06:04.0922 3040 srv - ok
20:06:04.0979 3040 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
20:06:05.0024 3040 srv2 - ok
20:06:05.0071 3040 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
20:06:05.0108 3040 srvnet - ok
20:06:05.0171 3040 ssadbus (8f8324ed1de63ffc7b1a02cd2d963c72) C:\Windows\system32\DRIVERS\ssadbus.sys
20:06:05.0229 3040 ssadbus - ok
20:06:05.0284 3040 ssadmdfl (58221efcb74167b73667f0024c661ce0) C:\Windows\system32\DRIVERS\ssadmdfl.sys
20:06:05.0335 3040 ssadmdfl - ok
20:06:05.0400 3040 ssadmdm (4da7c71bfac5ad71255b7e4cab980163) C:\Windows\system32\DRIVERS\ssadmdm.sys
20:06:05.0451 3040 ssadmdm - ok
20:06:05.0508 3040 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
20:06:05.0592 3040 SSDPSRV - ok
20:06:05.0643 3040 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
20:06:05.0825 3040 SstpSvc - ok
20:06:05.0873 3040 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
20:06:05.0887 3040 stexstor - ok
20:06:05.0960 3040 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
20:06:06.0026 3040 stisvc - ok
20:06:06.0084 3040 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
20:06:06.0099 3040 storflt - ok
20:06:06.0137 3040 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
20:06:06.0152 3040 storvsc - ok
20:06:06.0180 3040 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
20:06:06.0208 3040 swenum - ok
20:06:06.0275 3040 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
20:06:06.0366 3040 swprv - ok
20:06:06.0404 3040 Synth3dVsc - ok
20:06:06.0532 3040 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
20:06:06.0812 3040 SysMain - ok
20:06:06.0926 3040 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
20:06:06.0975 3040 TabletInputService - ok
20:06:07.0024 3040 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
20:06:07.0106 3040 TapiSrv - ok
20:06:07.0147 3040 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
20:06:07.0222 3040 TBS - ok
20:06:07.0395 3040 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
20:06:07.0497 3040 Tcpip - ok
20:06:07.0897 3040 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
20:06:07.0982 3040 TCPIP6 - ok
20:06:08.0142 3040 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
20:06:08.0210 3040 tcpipreg - ok
20:06:08.0261 3040 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:06:08.0307 3040 TDPIPE - ok
20:06:08.0355 3040 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
20:06:08.0390 3040 TDTCP - ok
20:06:08.0458 3040 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
20:06:08.0519 3040 tdx - ok
20:06:08.0577 3040 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
20:06:08.0599 3040 TermDD - ok
20:06:08.0803 3040 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
20:06:08.0896 3040 TermService - ok
20:06:08.0936 3040 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
20:06:08.0980 3040 Themes - ok
20:06:09.0027 3040 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:06:09.0080 3040 THREADORDER - ok
20:06:09.0148 3040 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
20:06:09.0234 3040 TrkWks - ok
20:06:09.0311 3040 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
20:06:09.0392 3040 TrustedInstaller - ok
20:06:09.0443 3040 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:06:09.0509 3040 tssecsrv - ok
20:06:09.0559 3040 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
20:06:09.0609 3040 TsUsbFlt - ok
20:06:09.0626 3040 tsusbhub - ok
20:06:09.0817 3040 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
20:06:09.0892 3040 tunnel - ok
20:06:09.0933 3040 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
20:06:09.0952 3040 uagp35 - ok
20:06:10.0010 3040 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
20:06:10.0085 3040 udfs - ok
20:06:10.0142 3040 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
20:06:10.0184 3040 UI0Detect - ok
20:06:10.0230 3040 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
20:06:10.0247 3040 uliagpkx - ok
20:06:10.0297 3040 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
20:06:10.0340 3040 umbus - ok
20:06:10.0380 3040 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
20:06:10.0421 3040 UmPass - ok
20:06:10.0467 3040 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
20:06:10.0520 3040 UmRdpService - ok
20:06:10.0576 3040 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
20:06:10.0661 3040 upnphost - ok
20:06:10.0849 3040 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
20:06:10.0895 3040 usbccgp - ok
20:06:10.0937 3040 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
20:06:10.0978 3040 usbcir - ok
20:06:11.0026 3040 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
20:06:11.0053 3040 usbehci - ok
20:06:11.0119 3040 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
20:06:11.0159 3040 usbhub - ok
20:06:11.0204 3040 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
20:06:11.0246 3040 usbohci - ok
20:06:11.0290 3040 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:06:11.0338 3040 usbprint - ok
20:06:11.0390 3040 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:06:11.0435 3040 USBSTOR - ok
20:06:11.0477 3040 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
20:06:11.0519 3040 usbuhci - ok
20:06:11.0561 3040 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
20:06:11.0642 3040 UxSms - ok
20:06:11.0801 3040 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:06:11.0827 3040 VaultSvc - ok
20:06:11.0901 3040 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
20:06:11.0916 3040 vdrvroot - ok
20:06:11.0991 3040 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
20:06:12.0068 3040 vds - ok
20:06:12.0132 3040 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:06:12.0163 3040 vga - ok
20:06:12.0201 3040 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:06:12.0267 3040 VgaSave - ok
20:06:12.0295 3040 VGPU - ok
20:06:12.0357 3040 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
20:06:12.0384 3040 vhdmp - ok
20:06:12.0424 3040 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
20:06:12.0439 3040 viaide - ok
20:06:12.0492 3040 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
20:06:12.0526 3040 vmbus - ok
20:06:12.0569 3040 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
20:06:12.0605 3040 VMBusHID - ok
20:06:12.0648 3040 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
20:06:12.0664 3040 volmgr - ok
20:06:12.0857 3040 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
20:06:12.0888 3040 volmgrx - ok
20:06:12.0940 3040 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
20:06:12.0986 3040 volsnap - ok
20:06:13.0030 3040 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
20:06:13.0058 3040 vsmraid - ok
20:06:13.0175 3040 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
20:06:13.0305 3040 VSS - ok
20:06:13.0456 3040 VST64HWBS2 (93132c69394a99d992095d8cfe464801) C:\Windows\system32\DRIVERS\VSTBS26.SYS
20:06:13.0511 3040 VST64HWBS2 - ok
20:06:13.0623 3040 VST64_DPV (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
20:06:13.0842 3040 VST64_DPV - ok
20:06:13.0967 3040 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
20:06:14.0018 3040 vwifibus - ok
20:06:14.0090 3040 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
20:06:14.0159 3040 W32Time - ok
20:06:14.0208 3040 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
20:06:14.0250 3040 WacomPen - ok
20:06:14.0318 3040 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:06:14.0395 3040 WANARP - ok
20:06:14.0419 3040 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:06:14.0472 3040 Wanarpv6 - ok
20:06:14.0578 3040 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
20:06:14.0657 3040 WatAdminSvc - ok
20:06:14.0898 3040 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
20:06:14.0998 3040 wbengine - ok
20:06:15.0108 3040 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
20:06:15.0154 3040 WbioSrvc - ok
20:06:15.0210 3040 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
20:06:15.0272 3040 wcncsvc - ok
20:06:15.0318 3040 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
20:06:15.0355 3040 WcsPlugInService - ok
20:06:15.0417 3040 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
20:06:15.0432 3040 Wd - ok
20:06:15.0489 3040 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:06:15.0529 3040 Wdf01000 - ok
20:06:15.0564 3040 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:06:15.0814 3040 WdiServiceHost - ok
20:06:15.0830 3040 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:06:15.0867 3040 WdiSystemHost - ok
20:06:15.0921 3040 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
20:06:15.0984 3040 WebClient - ok
20:06:16.0039 3040 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
20:06:16.0119 3040 Wecsvc - ok
20:06:16.0171 3040 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
20:06:16.0248 3040 wercplsupport - ok
20:06:16.0295 3040 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
20:06:16.0353 3040 WerSvc - ok
20:06:16.0433 3040 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:06:16.0494 3040 WfpLwf - ok
20:06:16.0529 3040 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:06:16.0543 3040 WIMMount - ok
20:06:16.0614 3040 winachsf (a6ea7a3fc4b00f48535b506db1e86efd) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
20:06:16.0819 3040 winachsf - ok
20:06:16.0885 3040 WinDefend - ok
20:06:16.0919 3040 WinHttpAutoProxySvc - ok
20:06:17.0003 3040 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
20:06:17.0083 3040 Winmgmt - ok
20:06:17.0224 3040 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
20:06:17.0353 3040 WinRM - ok
20:06:17.0533 3040 WinUSB (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
20:06:17.0577 3040 WinUSB - ok
20:06:17.0652 3040 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
20:06:17.0861 3040 Wlansvc - ok
20:06:17.0903 3040 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
20:06:17.0947 3040 WmiAcpi - ok
20:06:18.0036 3040 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
20:06:18.0121 3040 wmiApSrv - ok
20:06:18.0192 3040 WMPNetworkSvc - ok
20:06:18.0324 3040 WMZuneComm (83b6ca03c846fcd47f9883d77d1eb27b) C:\Program Files\Zune\WMZuneComm.exe
20:06:18.0357 3040 WMZuneComm - ok
20:06:18.0405 3040 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
20:06:18.0443 3040 WPCSvc - ok
20:06:18.0489 3040 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
20:06:18.0544 3040 WPDBusEnum - ok
20:06:18.0584 3040 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:06:18.0655 3040 ws2ifsl - ok
20:06:18.0827 3040 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
20:06:18.0881 3040 wscsvc - ok
20:06:18.0900 3040 WSearch - ok
20:06:19.0042 3040 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
20:06:19.0183 3040 wuauserv - ok
20:06:19.0333 3040 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
20:06:19.0423 3040 WudfPf - ok
20:06:19.0481 3040 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:06:19.0549 3040 WUDFRd - ok
20:06:19.0601 3040 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
20:06:19.0656 3040 wudfsvc - ok
20:06:19.0828 3040 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
20:06:19.0890 3040 WwanSvc - ok
20:06:19.0934 3040 XAudio (e8f3fa126a06f8e7088f63757112a186) C:\Windows\system32\DRIVERS\XAudio64.sys
20:06:19.0970 3040 XAudio - ok
20:06:20.0473 3040 ZuneNetworkSvc (67b787c34fb2888d01b130ae007042d8) C:\Program Files\Zune\ZuneNss.exe
20:06:20.0951 3040 ZuneNetworkSvc - ok
20:06:21.0105 3040 ZuneWlanCfgSvc (4d89fc1c20cf655739efac5da81a67bc) C:\Program Files\Zune\ZuneWlanCfgSvc.exe
20:06:21.0158 3040 ZuneWlanCfgSvc - ok
20:06:21.0216 3040 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:06:21.0304 3040 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
20:06:21.0304 3040 \Device\Harddisk0\DR0 - detected TDSS File System (1)
20:06:21.0319 3040 Boot (0x1200) (e376c8c4ab5392a4ccea97eea69739cf) \Device\Harddisk0\DR0\Partition0
20:06:21.0321 3040 \Device\Harddisk0\DR0\Partition0 - ok
20:06:21.0364 3040 Boot (0x1200) (e15b387fcd9cf3b3c1ddd29343943c59) \Device\Harddisk0\DR0\Partition1
20:06:21.0365 3040 \Device\Harddisk0\DR0\Partition1 - ok
20:06:21.0371 3040 ============================================================
20:06:21.0371 3040 Scan finished
20:06:21.0371 3040 ============================================================
20:06:21.0397 1520 Detected object count: 2
20:06:21.0397 1520 Actual detected object count: 2
20:12:20.0863 1520 NBService ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:20.0863 1520 NBService ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:12:20.0920 1520 \Device\Harddisk0\DR0\TDLFS\cfg.ini - copied to quarantine
20:12:20.0922 1520 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
20:12:20.0923 1520 \Device\Harddisk0\DR0\TDLFS\bckfg.tmp - copied to quarantine
20:12:20.0932 1520 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
20:12:20.0934 1520 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
20:12:20.0937 1520 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
20:12:20.0940 1520 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
20:12:20.0950 1520 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
20:12:20.0956 1520 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
20:12:20.0963 1520 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
20:12:20.0992 1520 \Device\Harddisk0\DR0\TDLFS\sspr - copied to quarantine
20:12:20.0997 1520 \Device\Harddisk0\DR0\TDLFS\r.dll - copied to quarantine
20:12:20.0998 1520 \Device\Harddisk0\DR0\TDLFS - deleted
20:12:20.0998 1520 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
20:13:26.0388 0384 Deinitialize success
-
Deleted the 6 HJ registry entries.
Thank you.
-
RK log:
RogueKiller V7.3.3 [04/22/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Scott [Admin rights]
Mode: Scan -- Date: 04/24/2012 19:43:53
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Registry Entries: 6 ¤¤¤
[HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowDownloads (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowVideos (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST312021 3AS SCSI Disk Device +++++
--- User ---
[MBR] e1ca38b1a169bd73b3f87feefdefc78b
[bSP] 66ea49a97b20ef3eecde3787a2414395 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 106068 Mo
1 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 217244160 | Size: 8394 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[1].txt >>
RKreport[1].txt
-
Thank you MrCharlie, for repying to my post.
Here are the DDS logs:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Scott at 19:21:21 on 2012-04-24
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.1471.830 [GMT -5:00]
.
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files (x86)\Nero\Nero 7\Nero PhotoShow 4\data\Xtras\mssysmgr.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Nero PhotoShow Media Manager] C:\PROGRA~2\Nero\NERO7~1\NEROPH~2\data\Xtras\mssysmgr.exe
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Scott\Desktop\PartyPoker.lnk
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{B11A958E-3007-46C8-AE62-BEC6BF778EB7} : DhcpNameServer = 192.168.0.1 205.171.3.25
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
IE-X64: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Scott\Desktop\PartyPoker.lnk
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\p64mlj5p.default\
FF - prefs.js: browser.search.selectedEngine - Startpage HTTPS
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6a.sys --> C:\Windows\system32\DRIVERS\avgfwd6a.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-9 654408]
R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-8-10 227184]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 CAXHWBS2;CAXHWBS2;C:\Windows\system32\DRIVERS\CAXHWBS2.sys --> C:\Windows\system32\DRIVERS\CAXHWBS2.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2011-10-24 2391832]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-15 253088]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\system32\Drivers\ssadadb.sys --> C:\Windows\system32\Drivers\ssadadb.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 VST64_DPV;VST64_DPV;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 VST64HWBS2;VST64HWBS2;C:\Windows\system32\DRIVERS\VSTBS26.SYS --> C:\Windows\system32\DRIVERS\VSTBS26.SYS [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2011-8-5 306400]
.
=============== Created Last 30 ================
.
2012-04-21 12:55:20 -------- d-----w- C:\Users\Scott\AppData\Local\ElevatedDiagnostics
2012-04-15 09:50:03 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-12 08:36:09 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-12 08:36:08 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-04-12 08:36:08 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-12 08:35:23 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-12 08:35:22 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-12 08:35:22 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-12 08:35:21 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-12 08:35:21 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-12 08:35:21 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-12 08:35:21 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-11 13:24:42 -------- d-----w- C:\Users\Scott\AppData\Local\Apps
2012-04-11 13:21:27 -------- d-----w- C:\Users\Scott\AppData\Roaming\FastStone
2012-04-11 13:20:17 -------- d-----w- C:\Program Files (x86)\FastStone Image Viewer
.
==================== Find3M ====================
.
2012-04-15 09:50:03 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-04 20:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-20 15:16:39 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-02-17 06:38:27 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll
2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-02-16 11:53:00 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2012-02-16 11:53:00 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2012-02-16 11:53:00 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2012-02-16 11:53:00 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 19:22:28.13 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 11/24/2011 6:09:51 AM
System Uptime: 4/24/2012 6:38:33 PM (1 hours ago)
.
Motherboard: ASUSTek Computer INC. | | NAGAMI2L
Processor: AMD Athlon 64 Processor 3500+ | Socket 939 | 2200/199mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 104 GiB total, 77.022 GiB free.
D: is FIXED (FAT32) - 8 GiB total, 0.479 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
K: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: ACPI\AWY0001\2&DABA3FF&1
Manufacturer:
Name:
PNP Device ID: ACPI\AWY0001\2&DABA3FF&1
Service:
.
==== System Restore Points ===================
.
RP51: 4/12/2012 3:32:17 AM - Windows Update
RP52: 4/12/2012 10:02:46 PM - Windows Update
RP53: 4/14/2012 11:26:07 PM - Installed HiJackThis
RP54: 4/15/2012 1:39:56 AM - Installed HiJackThis
RP55: 4/24/2012 4:03:33 AM - Removed HiJackThis
RP56: 4/24/2012 4:08:10 AM - Installed HiJackThis
RP57: 4/24/2012 4:42:11 AM - Removed HiJackThis
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Reader X (10.1.3)
Adobe Shockwave Player 11.6
Auslogics Disk Defrag
DVD Shrink 3.2
FastStone Image Viewer 4.6
Java Auto Updater
Java 6 Update 31
K-Lite Codec Pack 7.0.0 (Standard)
LG USB Modem Driver
Macromedia Flash Player 8
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MotoHelper 2.0.53 Driver 5.2.0
MotoHelper MergeModules
Mozilla Firefox 11.0 (x86 en-US)
MP3 Rocket
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 7 Ultra Edition
Nero PhotoShow Express 4
OpenAL
PartyPoker
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
swMSM
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Visual Studio 2008 x64 Redistributables
VLC media player 1.1.11
.
==== Event Viewer Messages From Past Week ========
.
4/23/2012 3:43:40 PM, Error: Microsoft-Windows-Eventlog [23] - The event logging service encountered an error (res=32) while initializing logging resources for channel Microsoft-Windows-Known Folders API Service.
4/22/2012 6:13:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
4/22/2012 6:13:12 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.
4/22/2012 6:13:12 PM, Error: Service Control Manager [7000] - The Windows Modules Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/19/2012 5:40:37 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
4/19/2012 5:40:37 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
.
==== End Of File ===========================
Thank you for your assistance.
-
For the last two weeks I've been getting pop-up's that say "Authentication Requested".
It asks for a user name and password. It says the request is coming from "AxView".
I always close the window but it keeps coming back.
Have run multiple scans with MBAM with no detections.
(HJT logfile attached)
Please advise.
Thank You.
Compatability Issues? Nessesary exceptions not entered?
in Malwarebytes for Windows Support Forum
Posted
Found the correct folder but those two log files are the only ones in it.