SVCHOST.exe infected with Trojan.Agent

BigBK · April 3, 2012

Several of my Desktop Icons are gone and all files appear to have been set to hidden status. I ran Malware Quick Scan and it detects svchost.exe infected with Trojan.Agent. Upon cleaning and rebooting they seem to come back. Any help you can provide is greatly appreciated. Attached are the DDS and Attach logs. Thanks.

DDS.txt

Attach.txt

BigBK · April 3, 2012

Here is the DDS.txt file:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30

Run by Brian at 9:59:21 on 2012-04-03

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6140.3042 [GMT -4:00]

.

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\PROGRA~2\AVG\AVG2012\avgrsa.exe

C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\Hpservice.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe

C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

C:\Windows\system32\Dwm.exe

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe

C:\Program Files (x86)\AVG\AVG2012\avgemca.exe

C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\SysWOW64\WebUpdateSvc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe

C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

C:\Windows\system32\svchost.exe -k HPService

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe

C:\Program Files (x86)\QuickBooks Online Backup\OnlineBackup.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

C:\Windows\System32\spool\drivers\x64\3\E_YATIHVA.EXE

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe

C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\AVG\AVG2012\avgtray.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Program Files (x86)\AVG Secure Search\vprot.exe

C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe

C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe

C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe

C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe

C:\Program Files (x86)\SeaMonkey\seamonkey.exe

-netsvcs

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\SeaMonkey\plugin-container.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/ig

uInternet Settings,ProxyServer = 188.138.24.221:8080

mWinlogon: Userinit=userinit.exe,

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL

BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll

BHO: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll

TB: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW

uRun: [OnlineBackupScheduler] C:\Program Files (x86)\QuickBooks Online Backup\OnlineBackup.exe

uRun: [Google Update] "C:\Users\Brian\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

uRun: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe

uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet

uRun: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHVA.EXE /EPT "EPLTarget\P0000000000000000" /M "WorkForce 645"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"

mRun: [Corel File Shell Monitor] C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup

mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe

mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

mRun: [<NO NAME>]

mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12

mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"

mRun: [FUFAXRCV] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"

mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"

dRun: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe

StartupFolder: C:\Users\Brian\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EPSONA~1.LNK - C:\Users\Brian\AppData\Roaming\Leadertech\PowerRegister\Epson all-in-one Registration.exe

StartupFolder: C:\Users\Brian\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

StartupFolder: C:\Users\Brian\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab

DPF: {22945A69-1191-4DCF-9E6F-409BDE94D101} - hxxp://chil.solidworks.com/htdocs/pdownload/edrawings/e2011sp02/cab//eModelsStandard.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

TCP: DhcpNameServer = 192.168.254.254

TCP: Interfaces\{28FD0F17-7081-48B6-96E8-AABF7ACC4DB5} : DhcpNameServer = 192.168.254.254

TCP: Interfaces\{28FD0F17-7081-48B6-96E8-AABF7ACC4DB5}\0343A5431313336313139323 : DhcpNameServer = 192.168.1.1 192.168.1.1

TCP: Interfaces\{28FD0F17-7081-48B6-96E8-AABF7ACC4DB5}\039364850333037333238393 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{28FD0F17-7081-48B6-96E8-AABF7ACC4DB5}\130364851303137333734383 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{28FD0F17-7081-48B6-96E8-AABF7ACC4DB5}\14962707F62747 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{28FD0F17-7081-48B6-96E8-AABF7ACC4DB5}\34963736F61353236313 : DhcpNameServer = 216.111.202.15 216.111.202.20

TCP: Interfaces\{28FD0F17-7081-48B6-96E8-AABF7ACC4DB5}\36F6D666F6274713 : DhcpNameServer = 68.87.68.162 68.87.74.162

TCP: Interfaces\{3F1076DD-9D1D-45FD-B1E4-20B43BAAE7F7} : DhcpNameServer = 192.168.1.1 192.168.1.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll

BHO-X64: 0x1 - No File

BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO-X64: HP Print Enhancer - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

BHO-X64: Increase performance and video formats for your HTML5 <video> - No File

BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll

BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll

BHO-X64: FrostWire Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

BHO-X64: Ask Toolbar BHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll

BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

BHO-X64: HP Smart BHO Class - No File

TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll

TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll

TB-X64: FrostWire Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"

mRun-x64: [Corel File Shell Monitor] C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup

mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe

mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

mRun-x64: [(Default)]

mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12

mRun-x64: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"

mRun-x64: [FUFAXRCV] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"

mRun-x64: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"

Hosts: 94.63.147.16 www.google.com

Hosts: 94.63.147.17 www.bing.com

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\69hmrk01.default\

FF - prefs.js: browser.startup.homepage - hxxp://batheo.clapalong.com/?action=webgame!gamelogin&sid=19

FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff4.dll

FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff5.dll

FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff6.dll

FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff7.dll

FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff8.dll

FF - component: C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\69hmrk01.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\XPATLCOM.dll

FF - component: C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\69hmrk01.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll

FF - component: C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\69hmrk01.default\extensions\avg@toolbar\components\toolbarhomewmp.dll

FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npbasic.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Brian\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: C:\Users\Brian\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll

FF - plugin: C:\Users\Brian\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Users\Brian\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\Brian\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]

R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]

R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-5-14 759048]

R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-3-2 89600]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]

R2 EpsonCustomerParticipation;EpsonCustomerParticipation;C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-6-9 555392]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-1-25 92216]

R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]

R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]

R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]

R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys --> C:\Windows\system32\DRIVERS\enecir.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-4 136176]

S3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-10-30 228408]

S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-4 136176]

S3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]

S3 LiveTurbineMessageService;Turbine Message Service - Live;C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineMessageService.exe [2010-3-9 271856]

S3 LiveTurbineNetworkService;Turbine Network Service - Live;C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineNetworkService.exe [2010-3-9 218608]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-04-03 13:43:56 -------- d-----w- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE

2012-04-03 12:23:55 20480 ----a-w- C:\Windows\svchost.exe

2012-03-31 12:06:40 -------- d--h--w- C:\Users\Brian\AppData\Roaming\Malwarebytes

2012-03-31 12:06:35 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-03-31 12:06:35 -------- d-----w- C:\ProgramData\Malwarebytes

2012-03-31 12:06:34 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-03-24 01:53:00 -------- d-----w- C:\Users\Brian\AppData\Local\ABBYY

2012-03-24 01:50:28 -------- d-----w- C:\ProgramData\ABBYY

2012-03-24 01:50:28 -------- d-----w- C:\Program Files (x86)\ABBYY FineReader 9.0 Sprint

2012-03-24 01:50:27 -------- d-----w- C:\Program Files (x86)\Common Files\ABBYY

2012-03-24 01:44:08 -------- d-----w- C:\Program Files\Common Files\EPSON

2012-03-24 01:42:13 -------- d-----w- C:\Program Files\EPSON

2012-03-24 01:41:53 558592 ----a-w- C:\Windows\System32\ensppmon.dll

2012-03-24 01:41:53 558592 ----a-w- C:\Windows\System32\enppmon.dll

2012-03-24 01:41:53 538112 ----a-w- C:\Windows\System32\ensppui.dll

2012-03-24 01:41:53 538112 ----a-w- C:\Windows\System32\enppui.dll

2012-03-24 01:41:53 250880 ----a-w- C:\Windows\System32\enspres.dll

2012-03-24 01:41:53 250880 ----a-w- C:\Windows\System32\enpres.dll

2012-03-24 01:41:53 -------- d-----w- C:\Program Files\EpsonNet

2012-03-24 01:41:27 -------- d-----w- C:\Program Files (x86)\Common Files\EPSON

2012-03-24 01:39:54 -------- d-----w- C:\Program Files (x86)\Epson America Inc

2012-03-24 01:39:20 -------- d-----w- C:\Program Files (x86)\Epson Software

2012-03-24 01:37:44 118784 ----a-w- C:\Windows\System32\E_YLMHVA.DLL

2012-03-24 01:37:42 83456 ----a-w- C:\Windows\System32\E_YD4BHVA.DLL

2012-03-24 01:37:31 -------- d-----w- C:\ProgramData\EPSON

2012-03-24 01:37:19 464384 ----a-w- C:\Windows\System32\esxw2ud.dll

2012-03-24 01:37:19 13824 ----a-w- C:\Windows\System32\esxcdev.dll

2012-03-24 01:37:19 132560 ----a-w- C:\Windows\System32\esdevapp.exe

2012-03-24 01:37:15 -------- d-----w- C:\Program Files (x86)\epson

2012-03-21 04:30:22 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll

2012-03-21 04:30:22 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll

2012-03-15 07:09:17 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-03-15 07:09:15 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-03-15 07:09:15 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-03-14 12:33:40 3145728 ----a-w- C:\Windows\System32\win32k.sys

2012-03-14 12:33:37 1544192 ----a-w- C:\Windows\System32\DWrite.dll

2012-03-14 12:33:37 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-03-14 12:32:56 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-03-14 12:32:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-03-14 12:32:56 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-03-14 12:32:54 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll

2012-03-14 12:32:54 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

2012-03-14 12:32:54 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-03-14 12:32:54 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

.

==================== Find3M ====================

.

2012-03-12 01:13:56 952 --sha-w- C:\ProgramData\KGyGaAvL.sys

.

============= FINISH: 10:01:51.53 ===============

BigBK · April 3, 2012

And the Attach.txt file:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 2/21/2010 6:36:25 PM

System Uptime: 4/3/2012 8:21:58 AM (2 hours ago)

.

Motherboard: Hewlett-Packard | | 363A

Processor: AMD Turion II Ultra Dual-Core Mobile M620 | Socket S1G3 | 2500/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 578 GiB total, 450.142 GiB free.

D: is FIXED (NTFS) - 17 GiB total, 2.822 GiB free.

E: is FIXED (FAT32) - 0 GiB total, 0.091 GiB free.

F: is CDROM ()

G: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP196: 3/7/2012 1:59:20 PM - Scheduled Checkpoint

RP197: 3/15/2012 3:00:17 AM - Windows Update

RP198: 3/23/2012 9:38:13 PM - Installed Epson Event Manager

RP199: 3/23/2012 9:39:38 PM - Installed Epson Connect

RP200: 3/23/2012 9:40:32 PM - Installed FAX Utility

RP201: 3/23/2012 9:41:43 PM - Installed EpsonNet Print

RP202: 3/23/2012 9:48:43 PM - Installed ABBYY FineReader 9.0 Sprint

RP203: 4/1/2012 8:23:20 AM - Scheduled Checkpoint

RP204: 4/3/2012 9:46:05 AM - Removed FriendFinder Messenger v4.1

.

==== Installed Programs ======================

.

3100_3200_3300_Help

3100_3200_3300trb

3200

5600

5600_Help

5600Trb

AA3Deploy

ABBYY FineReader 9.0 Sprint

Acrobat.com

ActiveCheck component for HP Active Support Library

Adobe AIR

Adobe Flash Player 10 Plugin

Adobe Reader 9.5.0 MUI

Adobe Shockwave Player

AIO_CDB_ProductContext

AIO_CDB_Software

AIO_Scan

Amaya

AMD USB Filter Driver

America's Army 3

Apple Application Support

Apple Software Update

Ask Toolbar

Atheros Driver Installation Program

Auction Client

Autodesk DWF Viewer 7

AVG Security Toolbar

Battlefield 2

BufferChm

CamStudio OSS Desktop Recorder

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Common

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Compatibility Pack for the 2007 Office system

Copy

Corel Paint Shop Pro Photo X2

Corel VideoStudio 12

CyberLink DVD Suite

D3DX10

DAEMON Tools Lite

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Destinations

DeviceDiscovery

DivX Setup

DocProc

Dungeons & Dragons Online - Eberron Unlimited™

DVD Menu Pack for HP MediaSmart Video

Epson Connect

Epson Download Navigator

Epson Event Manager

Epson FAX Utility

Epson PC-FAX Driver

EPSON Scan

EpsonNet Print

eReg

erLT

Fax

FileZilla Client 3.3.4.1

Flight Simulator X

Flight Simulator X Service Pack 1

FLV Player

Free DWG Viewer 6.3

Free Mouse and Keyboard Recorder 3.1.3.2

GIMP 2.6.11

Google Chrome

Google Earth Plug-in

Google SketchUp 8

Google Talk Plugin

Google Toolbar for Internet Explorer

Google Update Helper

GPBaseService2

HP Advisor

HP Customer Experience Enhancements

HP Games

HP MediaSmart DVD

HP MediaSmart Internet TV

HP MediaSmart Live TV

HP MediaSmart Music/Photo/Video

HP MediaSmart SlingPlayer

HP MediaSmart Software Notebook Demo

HP MediaSmart Webcam

HP MediaSmart/TouchSmart Netflix

HP Quick Launch Buttons

HP Setup

HP Support Assistant

HP Update

HP User Guides 0153

HP Wireless Assistant

HPAsset component for HP Active Support Library

HPDiagnosticAlert

HPPhotoGadget

HPPhotoSmartDiscLabelContent1

HPPhotosmartEssential

HPProductAssistant

HPSSupply

Hulu Desktop

IDT Audio

Java Auto Updater

Java 6 Update 20

Java 6 Update 30

JMicron Flash Media Controller Driver

Junk Mail filter update

LabelPrint

LightScribe System Software

Malwarebytes Anti-Malware version 1.60.1.1000

MarketResearch

Mesh Runtime

Messenger Companion

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB953297)

Microsoft Flight Simulator X

Microsoft Flight Simulator X: Acceleration

Microsoft Live Search Toolbar

Microsoft Office 2007 Primary Interop Assemblies

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Home and Student 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Suite Activation Assistant

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable - KB2467175

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual Studio 2005 Tools for Office Runtime

Microsoft Works

Movie Theme Pack for HP MediaSmart Video

Mozilla Firefox 11.0 (x86 en-US)

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

NetObjects Fusion Essentials

Norton Online Backup

OpenOffice.org 3.2

Opera 11.61

PictureMover

Power2Go

PowerDirector

PunkBuster Services

QLBCASL

QuickBooks

QuickBooks Online Backup

QuickBooks Pro 2010

QuickTime

RcCAD

Realtek 8136 8168 8169 Ethernet Driver

Recovery Manager

Ruby 1.9.2-p0

Safari

Scan

SeaMonkey (2.8)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition

SimCity 4 Deluxe

SmartWebPrinting

SolutionCenter

SPCA1528 PC Driver

Status

Steam

STK02N 2.3

System Requirements Lab

System Requirements Lab CYRI

Toolbox

TrayApp

Turbine Download Manager

Unity Web Player

UnloadSupport

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition

Update for Microsoft Outlook Social Connector (KB2583935)

Update Installer for WildTangent Games App

Utherverse 3D Client

VC80CRTRedist - 8.0.50727.6195

VideoStudio

Visual C++ 8.0 Runtime Setup Package (x64)

Visual Studio 2008 x64 Redistributables

Web Update Wizard Version 3.00

WebReg

WildTangent Games App (HP Games)

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Media Encoder 9 Series

Winfoil 3

WinRAR 4.00 beta 2 (32-bit)

Xvid Video Codec

Yahoo! Detect

Yahoo! Messenger

Yahoo! Software Update

Yahoo! Toolbar

.

==== Event Viewer Messages From Past Week ========

.

4/3/2012 8:26:06 AM, Error: Microsoft-Windows-WMPNSS-Service [14346] - A new media server was not initialized because RegisterRunningDevice() encountered error '0x80070005'. Restart your computer, and then restart the WMPNetworkSvc service.

4/3/2012 8:25:15 AM, Error: Service Control Manager [7023] - The Peer Name Resolution Protocol service terminated with the following error: Access is denied.

4/3/2012 8:25:15 AM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: Access is denied.

4/3/2012 8:25:15 AM, Error: Microsoft-Windows-PNRPSvc [102] - The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80070005.

4/3/2012 8:23:12 AM, Error: Service Control Manager [7000] - The SPCA1528 Video Camera Service service failed to start due to the following error: The system cannot find the file specified.

4/3/2012 8:22:58 AM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

4/3/2012 8:22:52 AM, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter

4/3/2012 8:07:15 AM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: The service has not been started.

4/2/2012 9:55:33 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.

4/2/2012 10:11:43 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.

4/2/2012 10:11:43 PM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

4/2/2012 10:09:47 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the AVGIDSAgent service to connect.

4/2/2012 10:09:47 PM, Error: Service Control Manager [7000] - The AVGIDSAgent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

4/2/2012 10:07:53 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Web Update Service by PowerProgrammer service to connect.

4/2/2012 10:06:21 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002f8b7da, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 040212-50528-01.

4/2/2012 10:01:22 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000ed, 0x0000000000000002, 0x0000000000000001, 0xfffff80002d05045). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 040212-57205-01.

4/1/2012 7:47:10 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.

4/1/2012 7:47:10 AM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

3/28/2012 1:09:17 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.

.

==== End Of File ===========================

MrCharlie · April 5, 2012

Welcome to the forum.

Download and run unhide.exe:

http://download.blee...nler/unhide.exe

That should make your files visible.

------------------------------

Then.......

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system (don't run any other options)

Post back the report.

MrC

BigBK · April 6, 2012

Thanks for the help MrC. I ran the unhide.exe and that appears to have restored all of the files from their hidden state.

I then downloaded and ran RogueKiller. RogueKiller runs its prescan and then I clicked on Scan. It starts to scan for a bit and the I get a dialog box saying that RogueKiller has stopped working and windows is checking for a solution. Then it doesn't find a solution and I click close program. I have attached the RK_Quarantine debug file.

debug.log

MrCharlie · April 6, 2012

Lets do this instead:

Please make sure system restore is running and create a new restore point before continuing.

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

------------------------

Click the Start Scan button.

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

MrC

BigBK · April 8, 2012

Sorry for the delay MrC...below is the contents of the TDSSKiller log file. Thank you for your continued help.

02:13:57.0607 6192 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02

02:13:58.0375 6192 ============================================================

02:13:58.0375 6192 Current date / time: 2012/04/08 02:13:58.0375

02:13:58.0375 6192 SystemInfo:

02:13:58.0375 6192

02:13:58.0375 6192 OS Version: 6.1.7601 ServicePack: 1.0

02:13:58.0375 6192 Product type: Workstation

02:13:58.0375 6192 ComputerName: BRIAN-PC

02:13:58.0389 6192 UserName: Brian

02:13:58.0389 6192 Windows directory: C:\Windows

02:13:58.0389 6192 System windows directory: C:\Windows

02:13:58.0389 6192 Running under WOW64

02:13:58.0389 6192 Processor architecture: Intel x64

02:13:58.0389 6192 Number of processors: 2

02:13:58.0389 6192 Page size: 0x1000

02:13:58.0389 6192 Boot type: Normal boot

02:13:58.0389 6192 ============================================================

02:14:00.0554 6192 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

02:14:00.0559 6192 \Device\Harddisk0\DR0:

02:14:00.0559 6192 MBR used

02:14:00.0559 6192 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800

02:14:00.0559 6192 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x484E2000

02:14:00.0559 6192 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x48546000, BlocksNum 0x22DE000

02:14:00.0559 6192 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x4A824000, BlocksNum 0x33AB0

02:14:00.0850 6192 Initialize success

02:14:00.0850 6192 ============================================================

02:14:31.0785 1780 ============================================================

02:14:31.0785 1780 Scan started

02:14:31.0785 1780 Mode: Manual; SigCheck; TDLFS;

02:14:31.0785 1780 ============================================================

02:14:36.0213 1780 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

02:14:36.0405 1780 1394ohci - ok

02:14:36.0548 1780 ABBYY.Licensing.FineReader.Sprint.9.0 (b33cf4de909a5b30f526d82053a63c8e) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe

02:14:36.0570 1780 ABBYY.Licensing.FineReader.Sprint.9.0 - ok

02:14:36.0665 1780 Accelerometer (7bb93bb5a578984090748f310ed895ef) C:\Windows\system32\DRIVERS\Accelerometer.sys

02:14:36.0796 1780 Accelerometer - ok

02:14:37.0123 1780 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

02:14:37.0139 1780 ACPI - ok

02:14:37.0186 1780 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

02:14:37.0290 1780 AcpiPmi - ok

02:14:37.0443 1780 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

02:14:37.0468 1780 adp94xx - ok

02:14:37.0575 1780 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

02:14:37.0596 1780 adpahci - ok

02:14:37.0704 1780 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

02:14:37.0739 1780 adpu320 - ok

02:14:37.0832 1780 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

02:14:38.0003 1780 AeLookupSvc - ok

02:14:38.0289 1780 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe

02:14:38.0373 1780 AESTFilters - ok

02:14:38.0555 1780 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

02:14:38.0642 1780 AFD - ok

02:14:38.0902 1780 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys

02:14:39.0018 1780 AgereSoftModem - ok

02:14:39.0164 1780 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

02:14:39.0182 1780 agp440 - ok

02:14:39.0289 1780 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

02:14:39.0403 1780 ALG - ok

02:14:39.0503 1780 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

02:14:39.0513 1780 aliide - ok

02:14:39.0582 1780 AMD External Events Utility (bcc32bf5ebb5dfd4380fa053d3651949) C:\Windows\system32\atiesrxx.exe

02:14:39.0675 1780 AMD External Events Utility - ok

02:14:39.0820 1780 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

02:14:39.0838 1780 amdide - ok

02:14:39.0908 1780 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

02:14:40.0021 1780 AmdK8 - ok

02:14:40.0321 1780 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

02:14:40.0458 1780 AmdPPM - ok

02:14:40.0577 1780 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

02:14:40.0590 1780 amdsata - ok

02:14:40.0645 1780 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

02:14:40.0660 1780 amdsbs - ok

02:14:40.0818 1780 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

02:14:40.0835 1780 amdxata - ok

02:14:40.0954 1780 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

02:14:41.0198 1780 AppID - ok

02:14:41.0293 1780 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

02:14:41.0410 1780 AppIDSvc - ok

02:14:41.0537 1780 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

02:14:41.0689 1780 Appinfo - ok

02:14:41.0798 1780 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

02:14:41.0814 1780 arc - ok

02:14:41.0936 1780 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

02:14:41.0971 1780 arcsas - ok

02:14:42.0226 1780 aspnet_state - ok

02:14:42.0341 1780 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

02:14:42.0438 1780 AsyncMac - ok

02:14:42.0481 1780 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

02:14:42.0494 1780 atapi - ok

02:14:42.0981 1780 athr (38562a6a9cb10844759eaf2b01a7fcd3) C:\Windows\system32\DRIVERS\athrx.sys

02:14:43.0109 1780 athr - ok

02:14:43.0277 1780 AtiHdmiService (3b9014fb7ce9e20fd726321c7db7d8b0) C:\Windows\system32\drivers\AtiHdmi.sys

02:14:43.0290 1780 AtiHdmiService - ok

02:14:43.0585 1780 atikmdag (a29087680a1c3b049e3c05438e8ff2b8) C:\Windows\system32\DRIVERS\atikmdag.sys

02:14:43.0918 1780 atikmdag - ok

02:14:44.0037 1780 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys

02:14:44.0052 1780 AtiPcie - ok

02:14:44.0114 1780 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

02:14:44.0227 1780 AudioEndpointBuilder - ok

02:14:44.0238 1780 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

02:14:44.0285 1780 AudioSrv - ok

02:14:44.0517 1780 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe

02:14:44.0698 1780 AVGIDSAgent - ok

02:14:44.0800 1780 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys

02:14:44.0821 1780 AVGIDSDriver - ok

02:14:44.0874 1780 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys

02:14:44.0929 1780 AVGIDSEH - ok

02:14:44.0983 1780 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys

02:14:45.0035 1780 AVGIDSFilter - ok

02:14:45.0330 1780 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys

02:14:45.0351 1780 Avgldx64 - ok

02:14:45.0401 1780 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys

02:14:45.0417 1780 Avgmfx64 - ok

02:14:45.0518 1780 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys

02:14:45.0534 1780 Avgrkx64 - ok

02:14:45.0579 1780 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys

02:14:45.0599 1780 Avgtdia - ok

02:14:45.0796 1780 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

02:14:45.0809 1780 avgwd - ok

02:14:45.0907 1780 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

02:14:46.0025 1780 AxInstSV - ok

02:14:46.0124 1780 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

02:14:46.0248 1780 b06bdrv - ok

02:14:46.0348 1780 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

02:14:46.0435 1780 b57nd60a - ok

02:14:46.0651 1780 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

02:14:46.0740 1780 BDESVC - ok

02:14:46.0808 1780 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

02:14:46.0857 1780 Beep - ok

02:14:46.0984 1780 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

02:14:47.0070 1780 BFE - ok

02:14:47.0841 1780 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll

02:14:48.0127 1780 BITS - ok

02:14:48.0967 1780 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

02:14:49.0023 1780 blbdrive - ok

02:14:49.0177 1780 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

02:14:49.0206 1780 bowser - ok

02:14:49.0293 1780 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

02:14:49.0409 1780 BrFiltLo - ok

02:14:49.0643 1780 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

02:14:49.0662 1780 BrFiltUp - ok

02:14:49.0692 1780 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

02:14:49.0794 1780 Browser - ok

02:14:49.0987 1780 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

02:14:50.0128 1780 Brserid - ok

02:14:50.0214 1780 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

02:14:50.0265 1780 BrSerWdm - ok

02:14:50.0390 1780 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

02:14:50.0436 1780 BrUsbMdm - ok

02:14:50.0459 1780 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

02:14:50.0486 1780 BrUsbSer - ok

02:14:50.0581 1780 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

02:14:50.0619 1780 BTHMODEM - ok

02:14:50.0922 1780 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

02:14:50.0962 1780 bthserv - ok

02:14:51.0130 1780 Bulk1528 - ok

02:14:51.0211 1780 Ca1528av - ok

02:14:51.0289 1780 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

02:14:51.0422 1780 cdfs - ok

02:14:51.0589 1780 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

02:14:51.0621 1780 cdrom - ok

02:14:51.0725 1780 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

02:14:51.0812 1780 CertPropSvc - ok

02:14:51.0939 1780 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

02:14:51.0979 1780 circlass - ok

02:14:52.0119 1780 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

02:14:52.0140 1780 CLFS - ok

02:14:52.0235 1780 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

02:14:52.0250 1780 clr_optimization_v2.0.50727_32 - ok

02:14:52.0310 1780 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

02:14:52.0323 1780 clr_optimization_v2.0.50727_64 - ok

02:14:52.0459 1780 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

02:14:52.0475 1780 clr_optimization_v4.0.30319_32 - ok

02:14:52.0600 1780 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

02:14:52.0610 1780 clr_optimization_v4.0.30319_64 - ok

02:14:52.0699 1780 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

02:14:52.0740 1780 CmBatt - ok

02:14:52.0776 1780 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

02:14:52.0790 1780 cmdide - ok

02:14:52.0965 1780 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

02:14:53.0071 1780 CNG - ok

02:14:53.0579 1780 Com4QLBEx (f9a79c5b27037821112c50a9c8fb367a) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

02:14:53.0597 1780 Com4QLBEx - ok

02:14:53.0703 1780 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

02:14:53.0717 1780 Compbatt - ok

02:14:53.0769 1780 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

02:14:53.0848 1780 CompositeBus - ok

02:14:53.0956 1780 COMSysApp - ok

02:14:54.0030 1780 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

02:14:54.0041 1780 crcdisk - ok

02:14:54.0373 1780 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll

02:14:54.0504 1780 CryptSvc - ok

02:14:54.0604 1780 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

02:14:54.0680 1780 DcomLaunch - ok

02:14:54.0813 1780 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

02:14:54.0889 1780 defragsvc - ok

02:14:55.0055 1780 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

02:14:55.0120 1780 DfsC - ok

02:14:55.0314 1780 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

02:14:55.0392 1780 Dhcp - ok

02:14:55.0656 1780 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

02:14:55.0751 1780 discache - ok

02:14:55.0995 1780 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

02:14:56.0044 1780 Disk - ok

02:14:56.0220 1780 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

02:14:56.0305 1780 Dnscache - ok

02:14:56.0366 1780 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

02:14:56.0416 1780 dot3svc - ok

02:14:56.0571 1780 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys

02:14:56.0613 1780 Dot4 - ok

02:14:56.0725 1780 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys

02:14:56.0753 1780 Dot4Print - ok

02:14:56.0871 1780 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys

02:14:56.0904 1780 dot4usb - ok

02:14:56.0981 1780 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

02:14:57.0037 1780 DPS - ok

02:14:57.0174 1780 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

02:14:57.0218 1780 drmkaud - ok

02:14:57.0354 1780 dtsoftbus01 (d3d64cf7b2bceaa34a270f45a3fffb36) C:\Windows\system32\DRIVERS\dtsoftbus01.sys

02:14:57.0374 1780 dtsoftbus01 - ok

02:14:57.0899 1780 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

02:14:57.0928 1780 DXGKrnl - ok

02:14:58.0022 1780 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

02:14:58.0082 1780 EapHost - ok

02:14:58.0465 1780 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

02:14:58.0734 1780 ebdrv - ok

02:14:58.0919 1780 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

02:14:59.0056 1780 EFS - ok

02:14:59.0447 1780 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

02:14:59.0542 1780 ehRecvr - ok

02:14:59.0673 1780 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

02:14:59.0839 1780 ehSched - ok

02:15:00.0237 1780 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

02:15:00.0477 1780 elxstor - ok

02:15:00.0571 1780 enecir (524c79054636d2e5751169005006460b) C:\Windows\system32\DRIVERS\enecir.sys

02:15:00.0633 1780 enecir - ok

02:15:00.0868 1780 EpsonCustomerParticipation (757305c7ad34222f4a46d86fe0bee241) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe

02:15:00.0890 1780 EpsonCustomerParticipation - ok

02:15:01.0280 1780 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

02:15:01.0319 1780 ErrDev - ok

02:15:01.0436 1780 esgiguard (df96c3cd6ae15f6d0a6bcb70f9c1e88d) C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys

02:15:01.0453 1780 esgiguard - ok

02:15:01.0682 1780 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

02:15:01.0986 1780 EventSystem - ok

02:15:02.0190 1780 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

02:15:02.0248 1780 exfat - ok

02:15:02.0661 1780 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

02:15:02.0771 1780 fastfat - ok

02:15:02.0901 1780 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

02:15:03.0007 1780 Fax - ok

02:15:03.0153 1780 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

02:15:03.0216 1780 fdc - ok

02:15:03.0356 1780 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

02:15:03.0639 1780 fdPHost - ok

02:15:04.0116 1780 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

02:15:04.0251 1780 FDResPub - ok

02:15:04.0504 1780 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

02:15:04.0517 1780 FileInfo - ok

02:15:04.0562 1780 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

02:15:04.0616 1780 Filetrace - ok

02:15:04.0870 1780 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

02:15:04.0889 1780 flpydisk - ok

02:15:04.0992 1780 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

02:15:05.0038 1780 FltMgr - ok

02:15:05.0294 1780 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

02:15:05.0433 1780 FontCache - ok

02:15:05.0536 1780 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

02:15:05.0545 1780 FontCache3.0.0.0 - ok

02:15:05.0661 1780 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

02:15:05.0680 1780 FsDepends - ok

02:15:05.0801 1780 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys

02:15:05.0844 1780 fssfltr - ok

02:15:06.0174 1780 fsssvc (40cdfad174b3d5e80f95dda003c0b97f) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe

02:15:06.0247 1780 fsssvc - ok

02:15:06.0532 1780 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

02:15:06.0546 1780 Fs_Rec - ok

02:15:06.0668 1780 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

02:15:06.0684 1780 fvevol - ok

02:15:06.0776 1780 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

02:15:06.0791 1780 gagp30kx - ok

02:15:06.0909 1780 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

02:15:06.0942 1780 GamesAppService - ok

02:15:07.0141 1780 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

02:15:07.0285 1780 gpsvc - ok

02:15:07.0449 1780 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

02:15:07.0459 1780 gupdate - ok

02:15:07.0516 1780 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

02:15:07.0528 1780 gupdatem - ok

02:15:07.0667 1780 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

02:15:07.0678 1780 gusvc - ok

02:15:07.0796 1780 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

02:15:07.0876 1780 hcw85cir - ok

02:15:08.0114 1780 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

02:15:08.0147 1780 HdAudAddService - ok

02:15:08.0374 1780 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

02:15:08.0454 1780 HDAudBus - ok

02:15:08.0532 1780 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

02:15:08.0577 1780 HidBatt - ok

02:15:08.0621 1780 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

02:15:08.0662 1780 HidBth - ok

02:15:08.0773 1780 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

02:15:08.0825 1780 HidIr - ok

02:15:09.0030 1780 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

02:15:09.0150 1780 hidserv - ok

02:15:09.0293 1780 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys

02:15:09.0481 1780 HidUsb - ok

02:15:09.0684 1780 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

02:15:09.0788 1780 hkmsvc - ok

02:15:09.0828 1780 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

02:15:09.0932 1780 HomeGroupListener - ok

02:15:09.0981 1780 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

02:15:10.0082 1780 HomeGroupProvider - ok

02:15:10.0234 1780 HP Health Check Service (45a12cacb97b4f15858fcfd59355a1e9) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

02:15:10.0259 1780 HP Health Check Service - ok

02:15:10.0340 1780 HPDrvMntSvc.exe (f55442690a70a0278a7eed4faaebf576) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

02:15:10.0349 1780 HPDrvMntSvc.exe - ok

02:15:10.0447 1780 hpdskflt (0193c30760032cc044ef47a1919f20dc) C:\Windows\system32\DRIVERS\hpdskflt.sys

02:15:10.0537 1780 hpdskflt - ok

02:15:10.0734 1780 hpqcxs08 (1dae5c46d42b02a6d5862e1482efb390) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll

02:15:10.0833 1780 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning

02:15:10.0833 1780 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)

02:15:11.0234 1780 hpqddsvc (99e8eef42fe2f4af29b08c3355dd7685) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll

02:15:11.0389 1780 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning

02:15:11.0389 1780 hpqddsvc - detected UnsignedFile.Multi.Generic (1)

02:15:11.0752 1780 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys

02:15:11.0830 1780 HpqKbFiltr - ok

02:15:12.0002 1780 hpqwmiex (640e51db253265c3eac075866b3d2b33) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

02:15:12.0027 1780 hpqwmiex - ok

02:15:12.0164 1780 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

02:15:12.0178 1780 HpSAMD - ok

02:15:12.0424 1780 HPSLPSVC (f37882f128efacefe353e0bae2766909) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL

02:15:12.0562 1780 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning

02:15:12.0562 1780 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)

02:15:12.0809 1780 hpsrv (65a2b4b003d733c6faa16f22212bb86d) C:\Windows\system32\Hpservice.exe

02:15:12.0891 1780 hpsrv - ok

02:15:13.0069 1780 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

02:15:13.0172 1780 HTTP - ok

02:15:13.0372 1780 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

02:15:13.0385 1780 hwpolicy - ok

02:15:13.0452 1780 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

02:15:13.0486 1780 i8042prt - ok

02:15:13.0696 1780 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

02:15:13.0714 1780 iaStorV - ok

02:15:13.0817 1780 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

02:15:13.0932 1780 IDriverT ( UnsignedFile.Multi.Generic ) - warning

02:15:13.0932 1780 IDriverT - detected UnsignedFile.Multi.Generic (1)

02:15:14.0075 1780 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

02:15:14.0130 1780 idsvc - ok

02:15:14.0583 1780 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys

02:15:15.0244 1780 igfx - ok

02:15:15.0355 1780 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

02:15:15.0366 1780 iirsp - ok

02:15:15.0548 1780 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

02:15:15.0664 1780 IKEEXT - ok

02:15:15.0866 1780 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

02:15:15.0881 1780 intelide - ok

02:15:15.0921 1780 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

02:15:16.0058 1780 intelppm - ok

02:15:16.0141 1780 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

02:15:16.0269 1780 IPBusEnum - ok

02:15:16.0512 1780 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

02:15:16.0694 1780 IpFilterDriver - ok

02:15:16.0983 1780 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

02:15:17.0082 1780 iphlpsvc - ok

02:15:17.0264 1780 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

02:15:17.0363 1780 IPMIDRV - ok

02:15:17.0502 1780 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

02:15:17.0631 1780 IPNAT - ok

02:15:17.0789 1780 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

02:15:17.0893 1780 IRENUM - ok

02:15:18.0258 1780 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

02:15:18.0298 1780 isapnp - ok

02:15:18.0508 1780 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

02:15:18.0540 1780 iScsiPrt - ok

02:15:18.0616 1780 JMCR (f8844b00c10e386c704c610e95a9847d) C:\Windows\system32\DRIVERS\jmcr.sys

02:15:18.0691 1780 JMCR - ok

02:15:18.0927 1780 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

02:15:18.0977 1780 kbdclass - ok

02:15:19.0082 1780 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

02:15:19.0126 1780 kbdhid - ok

02:15:19.0174 1780 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

02:15:19.0209 1780 KeyIso - ok

02:15:19.0320 1780 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

02:15:19.0336 1780 KSecDD - ok

02:15:19.0539 1780 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

02:15:19.0551 1780 KSecPkg - ok

02:15:19.0582 1780 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

02:15:19.0633 1780 ksthunk - ok

02:15:19.0852 1780 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

02:15:19.0916 1780 KtmRm - ok

02:15:19.0991 1780 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll

02:15:20.0044 1780 LanmanServer - ok

02:15:20.0172 1780 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

02:15:20.0335 1780 LanmanWorkstation - ok

02:15:20.0570 1780 LBTServ (7447f069ce66633dafa0b2deee7af5ba) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe

02:15:20.0640 1780 LBTServ - ok

02:15:20.0915 1780 LHidFilt (0a7d6ed578d85f0c35353424ee3f5245) C:\Windows\system32\DRIVERS\LHidFilt.Sys

02:15:20.0946 1780 LHidFilt - ok

02:15:21.0200 1780 LightScribeService (2238b91ac1a12cc6cc4c4fed41258b2a) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

02:15:21.0219 1780 LightScribeService ( UnsignedFile.Multi.Generic ) - warning

02:15:21.0219 1780 LightScribeService - detected UnsignedFile.Multi.Generic (1)

02:15:21.0444 1780 LiveTurbineMessageService (ad36b5f8ac7c2bafb32973b743a65265) C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineMessageService.exe

02:15:21.0524 1780 LiveTurbineMessageService - ok

02:15:21.0665 1780 LiveTurbineNetworkService (ffdff7e4d8fda5c1bfa50f9dbfb780ce) C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineNetworkService.exe

02:15:21.0818 1780 LiveTurbineNetworkService - ok

02:15:22.0034 1780 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

02:15:22.0120 1780 lltdio - ok

02:15:22.0229 1780 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

02:15:22.0306 1780 lltdsvc - ok

02:15:22.0812 1780 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

02:15:22.0866 1780 lmhosts - ok

02:15:23.0654 1780 LMouFilt (6542e2e6db58118fbb1b82a68ce3aff9) C:\Windows\system32\DRIVERS\LMouFilt.Sys

02:15:23.0679 1780 LMouFilt - ok

02:15:24.0295 1780 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

02:15:24.0309 1780 LSI_FC - ok

02:15:24.0525 1780 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

02:15:25.0941 1780 LSI_SAS - ok

02:15:26.0045 1780 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

02:15:26.0075 1780 LSI_SAS2 - ok

02:15:26.0109 1780 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

02:15:26.0130 1780 LSI_SCSI - ok

02:15:26.0155 1780 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

02:15:26.0215 1780 luafv - ok

02:15:26.0244 1780 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

02:15:26.0264 1780 Mcx2Svc - ok

02:15:26.0300 1780 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

02:15:26.0315 1780 megasas - ok

02:15:26.0351 1780 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

02:15:26.0368 1780 MegaSR - ok

02:15:26.0403 1780 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

02:15:26.0470 1780 MMCSS - ok

02:15:26.0526 1780 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

02:15:26.0577 1780 Modem - ok

02:15:26.0676 1780 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

02:15:26.0715 1780 monitor - ok

02:15:26.0812 1780 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys

02:15:26.0831 1780 mouclass - ok

02:15:26.0901 1780 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

02:15:26.0948 1780 mouhid - ok

02:15:27.0052 1780 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

02:15:27.0068 1780 mountmgr - ok

02:15:27.0098 1780 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

02:15:27.0124 1780 mpio - ok

02:15:27.0160 1780 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

02:15:27.0216 1780 mpsdrv - ok

02:15:27.0269 1780 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

02:15:27.0350 1780 MpsSvc - ok

02:15:27.0447 1780 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

02:15:27.0488 1780 MRxDAV - ok

02:15:27.0528 1780 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

02:15:27.0563 1780 mrxsmb - ok

02:15:27.0605 1780 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

02:15:27.0667 1780 mrxsmb10 - ok

02:15:27.0777 1780 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

02:15:27.0818 1780 mrxsmb20 - ok

02:15:27.0849 1780 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

02:15:27.0891 1780 msahci - ok

02:15:27.0914 1780 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

02:15:27.0934 1780 msdsm - ok

02:15:27.0984 1780 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

02:15:28.0038 1780 MSDTC - ok

02:15:28.0104 1780 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

02:15:28.0157 1780 Msfs - ok

02:15:28.0175 1780 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

02:15:28.0239 1780 mshidkmdf - ok

02:15:28.0273 1780 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

02:15:28.0300 1780 msisadrv - ok

02:15:28.0340 1780 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

02:15:28.0416 1780 MSiSCSI - ok

02:15:28.0424 1780 msiserver - ok

02:15:28.0489 1780 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

02:15:28.0577 1780 MSKSSRV - ok

02:15:28.0673 1780 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

02:15:28.0744 1780 MSPCLOCK - ok

02:15:28.0776 1780 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

02:15:28.0832 1780 MSPQM - ok

02:15:28.0872 1780 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

02:15:28.0934 1780 MsRPC - ok

02:15:29.0060 1780 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

02:15:29.0076 1780 mssmbios - ok

02:15:29.0181 1780 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

02:15:29.0249 1780 MSTEE - ok

02:15:29.0347 1780 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

02:15:29.0402 1780 MTConfig - ok

02:15:29.0512 1780 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

02:15:29.0539 1780 Mup - ok

02:15:29.0648 1780 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

02:15:29.0729 1780 napagent - ok

02:15:29.0860 1780 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

02:15:29.0924 1780 NativeWifiP - ok

02:15:29.0995 1780 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

02:15:30.0041 1780 NDIS - ok

02:15:30.0171 1780 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

02:15:30.0285 1780 NdisCap - ok

02:15:30.0317 1780 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

02:15:30.0359 1780 NdisTapi - ok

02:15:30.0415 1780 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

02:15:30.0511 1780 Ndisuio - ok

02:15:30.0993 1780 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

02:15:31.0100 1780 NdisWan - ok

02:15:31.0225 1780 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

02:15:31.0315 1780 NDProxy - ok

02:15:31.0457 1780 Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll

02:15:31.0479 1780 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

02:15:31.0479 1780 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

02:15:31.0535 1780 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

02:15:31.0596 1780 NetBIOS - ok

02:15:31.0713 1780 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

02:15:31.0796 1780 NetBT - ok

02:15:31.0841 1780 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

02:15:31.0872 1780 Netlogon - ok

02:15:31.0912 1780 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

02:15:32.0003 1780 Netman - ok

02:15:32.0026 1780 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

02:15:32.0103 1780 netprofm - ok

02:15:32.0167 1780 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

02:15:32.0184 1780 NetTcpPortSharing - ok

02:15:32.0375 1780 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys

02:15:32.0572 1780 netw5v64 - ok

02:15:32.0668 1780 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

02:15:32.0697 1780 nfrd960 - ok

02:15:32.0808 1780 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

02:15:32.0864 1780 NlaSvc - ok

02:15:32.0901 1780 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

02:15:32.0954 1780 Npfs - ok

02:15:33.0588 1780 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

02:15:33.0710 1780 nsi - ok

02:15:33.0840 1780 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

02:15:33.0891 1780 nsiproxy - ok

02:15:33.0969 1780 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

02:15:34.0035 1780 Ntfs - ok

02:15:34.0131 1780 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

02:15:34.0194 1780 Null - ok

02:15:34.0260 1780 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

02:15:34.0279 1780 nvraid - ok

02:15:34.0342 1780 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

02:15:34.0359 1780 nvstor - ok

02:15:34.0422 1780 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

02:15:34.0440 1780 nv_agp - ok

02:15:34.0485 1780 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

02:15:34.0520 1780 ohci1394 - ok

02:15:34.0594 1780 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

02:15:34.0606 1780 ose - ok

02:15:34.0781 1780 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

02:15:35.0055 1780 osppsvc - ok

02:15:35.0394 1780 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

02:15:35.0498 1780 p2pimsvc - ok

02:15:35.0606 1780 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

02:15:35.0678 1780 p2psvc - ok

02:15:35.0768 1780 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

02:15:35.0820 1780 Parport - ok

02:15:35.0855 1780 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

02:15:35.0876 1780 partmgr - ok

02:15:35.0923 1780 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

02:15:36.0064 1780 PcaSvc - ok

02:15:36.0159 1780 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

02:15:36.0176 1780 pci - ok

02:15:36.0200 1780 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

02:15:36.0210 1780 pciide - ok

02:15:36.0254 1780 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

02:15:36.0273 1780 pcmcia - ok

02:15:36.0302 1780 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

02:15:36.0342 1780 pcw - ok

02:15:36.0369 1780 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

02:15:36.0533 1780 PEAUTH - ok

02:15:36.0636 1780 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

02:15:36.0676 1780 PerfHost - ok

02:15:36.0772 1780 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

02:15:36.0932 1780 pla - ok

02:15:37.0188 1780 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

02:15:37.0406 1780 PlugPlay - ok

02:15:37.0574 1780 Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll

02:15:37.0604 1780 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

02:15:37.0604 1780 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

02:15:37.0701 1780 PnkBstrA - ok

02:15:37.0997 1780 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

02:15:38.0068 1780 PNRPAutoReg - ok

02:15:38.0160 1780 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

02:15:38.0179 1780 PNRPsvc - ok

02:15:38.0228 1780 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

02:15:38.0379 1780 PolicyAgent - ok

02:15:38.0502 1780 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

02:15:38.0698 1780 Power - ok

02:15:38.0912 1780 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

02:15:38.0992 1780 PptpMiniport - ok

02:15:39.0418 1780 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

02:15:39.0526 1780 Processor - ok

02:15:39.0621 1780 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll

02:15:39.0692 1780 ProfSvc - ok

02:15:39.0774 1780 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

02:15:39.0812 1780 ProtectedStorage - ok

02:15:39.0886 1780 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

02:15:39.0942 1780 Psched - ok

02:15:40.0015 1780 PSI_SVC_2 (a6a7ad767bf5141665f5c675f671b3e1) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

02:15:40.0034 1780 PSI_SVC_2 - ok

02:15:40.0076 1780 QBCFMonitorService (67bfd5fbe6a5497076b85ac93bfb188b) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

02:15:40.0132 1780 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - warning

02:15:40.0132 1780 QBCFMonitorService - detected UnsignedFile.Multi.Generic (1)

02:15:40.0190 1780 QBFCService (6bee1814470dc12fa20c53dfc3c97ebb) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe

02:15:40.0256 1780 QBFCService ( UnsignedFile.Multi.Generic ) - warning

02:15:40.0257 1780 QBFCService - detected UnsignedFile.Multi.Generic (1)

02:15:40.0352 1780 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

02:15:40.0435 1780 ql2300 - ok

02:15:40.0524 1780 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

02:15:40.0540 1780 ql40xx - ok

02:15:40.0569 1780 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

02:15:40.0600 1780 QWAVE - ok

02:15:40.0648 1780 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

02:15:40.0700 1780 QWAVEdrv - ok

02:15:40.0796 1780 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

02:15:40.0859 1780 RasAcd - ok

02:15:40.0950 1780 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

02:15:41.0004 1780 RasAgileVpn - ok

02:15:41.0034 1780 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

02:15:41.0223 1780 RasAuto - ok

02:15:41.0555 1780 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

02:15:41.0631 1780 Rasl2tp - ok

02:15:41.0729 1780 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

02:15:41.0823 1780 RasMan - ok

02:15:41.0874 1780 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

02:15:41.0928 1780 RasPppoe - ok

02:15:42.0028 1780 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

02:15:42.0121 1780 RasSstp - ok

02:15:42.0160 1780 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

02:15:42.0255 1780 rdbss - ok

02:15:42.0285 1780 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

02:15:42.0368 1780 rdpbus - ok

02:15:42.0398 1780 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

02:15:42.0470 1780 RDPCDD - ok

02:15:42.0480 1780 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

02:15:42.0549 1780 RDPENCDD - ok

02:15:42.0577 1780 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

02:15:42.0635 1780 RDPREFMP - ok

02:15:42.0734 1780 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys

02:15:42.0816 1780 RDPWD - ok

02:15:42.0930 1780 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

02:15:42.0967 1780 rdyboost - ok

02:15:43.0381 1780 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

02:15:43.0504 1780 RemoteAccess - ok

02:15:43.0877 1780 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

02:15:43.0967 1780 RemoteRegistry - ok

02:15:44.0067 1780 RichVideo (498eb62a160674e793fa40fd65390625) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

02:15:44.0107 1780 RichVideo - ok

02:15:44.0223 1780 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

02:15:44.0316 1780 RpcEptMapper - ok

02:15:44.0430 1780 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

02:15:44.0490 1780 RpcLocator - ok

02:15:44.0561 1780 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

02:15:44.0623 1780 RpcSs - ok

02:15:44.0668 1780 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

02:15:44.0749 1780 rspndr - ok

02:15:44.0849 1780 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys

02:15:44.0921 1780 RTL8167 - ok

02:15:45.0063 1780 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

02:15:45.0107 1780 SamSs - ok

02:15:45.0153 1780 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

02:15:45.0169 1780 sbp2port - ok

02:15:45.0260 1780 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

02:15:45.0367 1780 SCardSvr - ok

02:15:45.0432 1780 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

02:15:45.0515 1780 scfilter - ok

02:15:45.0573 1780 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

02:15:45.0688 1780 Schedule - ok

02:15:45.0736 1780 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

02:15:45.0882 1780 SCPolicySvc - ok

02:15:46.0007 1780 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys

02:15:46.0026 1780 sdbus - ok

02:15:46.0073 1780 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

02:15:46.0171 1780 SDRSVC - ok

02:15:46.0202 1780 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

02:15:46.0242 1780 secdrv - ok

02:15:46.0284 1780 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

02:15:46.0388 1780 seclogon - ok

02:15:46.0434 1780 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

02:15:46.0486 1780 SENS - ok

02:15:46.0517 1780 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

02:15:46.0771 1780 SensrSvc - ok

02:15:46.0867 1780 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

02:15:46.0934 1780 Serenum - ok

02:15:46.0957 1780 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

02:15:47.0097 1780 Serial - ok

02:15:47.0133 1780 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

02:15:47.0183 1780 sermouse - ok

02:15:47.0238 1780 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

02:15:47.0306 1780 SessionEnv - ok

02:15:47.0351 1780 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

02:15:47.0424 1780 sffdisk - ok

02:15:47.0527 1780 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

02:15:47.0574 1780 sffp_mmc - ok

02:15:47.0671 1780 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

02:15:47.0733 1780 sffp_sd - ok

02:15:47.0777 1780 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

02:15:47.0816 1780 sfloppy - ok

02:15:47.0938 1780 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

02:15:48.0017 1780 SharedAccess - ok

02:15:48.0065 1780 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

02:15:48.0206 1780 ShellHWDetection - ok

02:15:48.0267 1780 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

02:15:48.0283 1780 SiSRaid2 - ok

02:15:48.0303 1780 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

02:15:48.0319 1780 SiSRaid4 - ok

02:15:48.0357 1780 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

02:15:48.0457 1780 Smb - ok

02:15:48.0513 1780 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

02:15:48.0551 1780 SNMPTRAP - ok

02:15:48.0655 1780 SolidWorks Licensing Service (4945020bc094c322571184a6e8056b3a) C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe

02:15:48.0744 1780 SolidWorks Licensing Service ( UnsignedFile.Multi.Generic ) - warning

02:15:48.0744 1780 SolidWorks Licensing Service - detected UnsignedFile.Multi.Generic (1)

02:15:48.0834 1780 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

02:15:48.0851 1780 spldr - ok

02:15:48.0899 1780 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

02:15:48.0973 1780 Spooler - ok

02:15:49.0065 1780 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

02:15:49.0227 1780 sppsvc - ok

02:15:49.0317 1780 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

02:15:49.0401 1780 sppuinotify - ok

02:15:49.0463 1780 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

02:15:49.0523 1780 srv - ok

02:15:49.0615 1780 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

02:15:49.0640 1780 srv2 - ok

02:15:49.0690 1780 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS

02:15:49.0758 1780 SrvHsfHDA - ok

02:15:49.0883 1780 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS

02:15:50.0007 1780 SrvHsfV92 - ok

02:15:50.0121 1780 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS

02:15:50.0208 1780 SrvHsfWinac - ok

02:15:50.0310 1780 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

02:15:50.0351 1780 srvnet - ok

02:15:50.0437 1780 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

02:15:50.0493 1780 SSDPSRV - ok

02:15:50.0525 1780 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

02:15:50.0670 1780 SstpSvc - ok

02:15:50.0799 1780 STacSV (7595d53ee8e8b0baa9a2ddde867ebb0c) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe

02:15:50.0930 1780 STacSV - ok

02:15:51.0385 1780 Steam Client Service - ok

02:15:51.0640 1780 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

02:15:51.0664 1780 stexstor - ok

02:15:51.0812 1780 STHDA (dffbc024dfc7bb05b2129e05cbc7a201) C:\Windows\system32\DRIVERS\stwrt64.sys

02:15:51.0889 1780 STHDA - ok

02:15:52.0409 1780 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

02:15:52.0496 1780 stisvc - ok

02:15:52.0584 1780 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

02:15:52.0606 1780 swenum - ok

02:15:52.0650 1780 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

02:15:52.0833 1780 swprv - ok

02:15:52.0968 1780 SynTP (3a706a967295e16511e40842b1a2761d) C:\Windows\system32\DRIVERS\SynTP.sys

02:15:53.0055 1780 SynTP - ok

02:15:53.0173 1780 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

02:15:53.0302 1780 SysMain - ok

02:15:53.0399 1780 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

02:15:53.0435 1780 TabletInputService - ok

02:15:53.0487 1780 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

02:15:53.0549 1780 TapiSrv - ok

02:15:53.0580 1780 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

02:15:53.0624 1780 TBS - ok

02:15:53.0712 1780 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

02:15:53.0818 1780 Tcpip - ok

02:15:54.0001 1780 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

02:15:54.0051 1780 TCPIP6 - ok

02:15:54.0107 1780 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

02:15:54.0280 1780 tcpipreg - ok

02:15:54.0311 1780 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

02:15:54.0381 1780 TDPIPE - ok

02:15:54.0416 1780 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

02:15:54.0473 1780 TDTCP - ok

02:15:54.0573 1780 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

02:15:54.0610 1780 tdx - ok

02:15:54.0647 1780 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

02:15:54.0658 1780 TermDD - ok

02:15:54.0700 1780 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

02:15:54.0766 1780 TermService - ok

02:15:54.0811 1780 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

02:15:54.0917 1780 Themes - ok

02:15:55.0203 1780 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

02:15:55.0255 1780 THREADORDER - ok

02:15:55.0503 1780 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

02:15:55.0595 1780 TrkWks - ok

02:15:55.0671 1780 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

02:15:55.0762 1780 TrustedInstaller - ok

02:15:55.0842 1780 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

02:15:55.0935 1780 tssecsrv - ok

02:15:56.0065 1780 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

02:15:56.0115 1780 TsUsbFlt - ok

02:15:56.0167 1780 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

02:15:56.0231 1780 tunnel - ok

02:15:56.0259 1780 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

02:15:56.0276 1780 uagp35 - ok

02:15:56.0319 1780 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

02:15:56.0415 1780 udfs - ok

02:15:56.0454 1780 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

02:15:56.0499 1780 UI0Detect - ok

02:15:56.0550 1780 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

02:15:56.0562 1780 uliagpkx - ok

02:15:56.0595 1780 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

02:15:56.0627 1780 umbus - ok

02:15:56.0664 1780 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

02:15:56.0749 1780 UmPass - ok

02:15:56.0847 1780 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

02:15:56.0918 1780 upnphost - ok

02:15:57.0041 1780 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

02:15:57.0102 1780 usbccgp - ok

02:15:57.0200 1780 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

02:15:57.0246 1780 usbcir - ok

02:15:57.0341 1780 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

02:15:57.0367 1780 usbehci - ok

02:15:57.0699 1780 usbfilter (44d9c773febff10593b50ddfc2d6bc27) C:\Windows\system32\DRIVERS\usbfilter.sys

02:15:57.0740 1780 usbfilter - ok

02:15:57.0844 1780 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

02:15:57.0943 1780 usbhub - ok

02:15:58.0062 1780 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys

02:15:58.0147 1780 usbohci - ok

02:15:58.0178 1780 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

02:15:58.0274 1780 usbprint - ok

02:15:58.0360 1780 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

02:15:58.0437 1780 usbscan - ok

02:15:58.0491 1780 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

02:15:58.0561 1780 USBSTOR - ok

02:15:58.0652 1780 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys

02:15:58.0696 1780 usbuhci - ok

02:15:58.0907 1780 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys

02:15:58.0950 1780 usbvideo - ok

02:15:58.0997 1780 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

02:15:59.0087 1780 UxSms - ok

02:15:59.0141 1780 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

02:15:59.0157 1780 VaultSvc - ok

02:15:59.0206 1780 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

02:15:59.0223 1780 vdrvroot - ok

02:15:59.0268 1780 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

02:15:59.0326 1780 vds - ok

02:15:59.0362 1780 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

02:15:59.0382 1780 vga - ok

02:15:59.0400 1780 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

02:15:59.0459 1780 VgaSave - ok

02:15:59.0506 1780 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

02:15:59.0526 1780 vhdmp - ok

02:15:59.0567 1780 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

02:15:59.0580 1780 viaide - ok

02:15:59.0595 1780 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

02:15:59.0612 1780 volmgr - ok

02:15:59.0661 1780 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

02:15:59.0680 1780 volmgrx - ok

02:15:59.0712 1780 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

02:15:59.0814 1780 volsnap - ok

02:15:59.0858 1780 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

02:15:59.0874 1780 vsmraid - ok

02:15:59.0941 1780 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

02:16:00.0101 1780 VSS - ok

02:16:00.0186 1780 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

02:16:00.0243 1780 vwifibus - ok

02:16:00.0346 1780 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

02:16:00.0400 1780 vwififlt - ok

02:16:00.0442 1780 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

02:16:00.0509 1780 W32Time - ok

02:16:00.0552 1780 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

02:16:00.0615 1780 WacomPen - ok

02:16:00.0668 1780 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

02:16:00.0730 1780 WANARP - ok

02:16:00.0734 1780 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

02:16:00.0793 1780 Wanarpv6 - ok

02:16:00.0909 1780 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

02:16:00.0964 1780 WatAdminSvc - ok

02:16:01.0131 1780 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

02:16:01.0267 1780 wbengine - ok

02:16:01.0350 1780 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

02:16:01.0372 1780 WbioSrvc - ok

02:16:01.0406 1780 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

02:16:01.0531 1780 wcncsvc - ok

02:16:01.0569 1780 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

02:16:01.0626 1780 WcsPlugInService - ok

02:16:01.0704 1780 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

02:16:01.0718 1780 Wd - ok

02:16:01.0757 1780 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

02:16:01.0784 1780 Wdf01000 - ok

02:16:01.0815 1780 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

02:16:01.0920 1780 WdiServiceHost - ok

02:16:01.0935 1780 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

02:16:01.0965 1780 WdiSystemHost - ok

02:16:02.0071 1780 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

02:16:02.0124 1780 WebClient - ok

02:16:02.0227 1780 WebUpdate (12129e3be5afc0da136fa556a90296af) C:\Windows\SysWOW64\WebUpdateSvc.exe

02:16:02.0282 1780 WebUpdate ( UnsignedFile.Multi.Generic ) - warning

02:16:02.0282 1780 WebUpdate - detected UnsignedFile.Multi.Generic (1)

02:16:02.0339 1780 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

02:16:02.0425 1780 Wecsvc - ok

02:16:02.0453 1780 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

02:16:02.0569 1780 wercplsupport - ok

02:16:02.0596 1780 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

02:16:02.0655 1780 WerSvc - ok

02:16:02.0690 1780 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

02:16:02.0772 1780 WfpLwf - ok

02:16:02.0795 1780 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

02:16:02.0809 1780 WIMMount - ok

02:16:02.0844 1780 WinDefend - ok

02:16:02.0851 1780 WinHttpAutoProxySvc - ok

02:16:02.0980 1780 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

02:16:03.0065 1780 Winmgmt - ok

02:16:03.0204 1780 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

02:16:03.0338 1780 WinRM - ok

02:16:03.0468 1780 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

02:16:03.0630 1780 Wlansvc - ok

02:16:03.0929 1780 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

02:16:04.0006 1780 wlcrasvc - ok

02:16:04.0471 1780 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

02:16:04.0586 1780 wlidsvc - ok

02:16:04.0697 1780 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

02:16:04.0761 1780 WmiAcpi - ok

02:16:04.0888 1780 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

02:16:04.0955 1780 wmiApSrv - ok

02:16:04.0989 1780 WMPNetworkSvc - ok

02:16:05.0194 1780 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

02:16:05.0277 1780 WPCSvc - ok

02:16:05.0352 1780 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

02:16:05.0413 1780 WPDBusEnum - ok

02:16:05.0572 1780 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

02:16:05.0674 1780 ws2ifsl - ok

02:16:05.0794 1780 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll

02:16:05.0911 1780 wscsvc - ok

02:16:06.0011 1780 WSearch - ok

02:16:06.0439 1780 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll

02:16:06.0781 1780 wuauserv - ok

02:16:07.0057 1780 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

02:16:07.0248 1780 WudfPf - ok

02:16:07.0790 1780 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

02:16:07.0866 1780 WUDFRd - ok

02:16:08.0127 1780 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

02:16:08.0172 1780 wudfsvc - ok

02:16:08.0525 1780 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

02:16:08.0610 1780 WwanSvc - ok

02:16:08.0824 1780 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

02:16:09.0152 1780 YahooAUService - ok

02:16:10.0036 1780 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys

02:16:10.0106 1780 yukonw7 - ok

02:16:10.0152 1780 MBR (0x1B8) (e3e91e98346c8b0475259c238728e9e3) \Device\Harddisk0\DR0

02:16:10.0234 1780 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected

02:16:10.0234 1780 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)

02:16:16.0780 1780 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

02:16:16.0780 1780 \Device\Harddisk0\DR0 - detected TDSS File System (1)

02:16:16.0819 1780 Boot (0x1200) (85b23e6519cd4ef196d7bbc4f2bac0c3) \Device\Harddisk0\DR0\Partition0

02:16:16.0821 1780 \Device\Harddisk0\DR0\Partition0 - ok

02:16:16.0841 1780 Boot (0x1200) (c971dbdcd495e794e9c484e6222dee7c) \Device\Harddisk0\DR0\Partition1

02:16:16.0843 1780 \Device\Harddisk0\DR0\Partition1 - ok

02:16:16.0877 1780 Boot (0x1200) (a4a4b8e1ba8a61716f1b879eecc310a6) \Device\Harddisk0\DR0\Partition2

02:16:16.0879 1780 \Device\Harddisk0\DR0\Partition2 - ok

02:16:16.0890 1780 Boot (0x1200) (9143ba43b45077786159449c5d813500) \Device\Harddisk0\DR0\Partition3

02:16:16.0891 1780 \Device\Harddisk0\DR0\Partition3 - ok

02:16:16.0892 1780 ============================================================

02:16:16.0892 1780 Scan finished

02:16:16.0892 1780 ============================================================

02:16:16.0904 3548 Detected object count: 13

02:16:16.0904 3548 Actual detected object count: 13

02:18:01.0983 3548 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user

02:18:01.0983 3548 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip

02:18:01.0986 3548 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user

02:18:01.0986 3548 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip

02:18:01.0988 3548 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user

02:18:01.0988 3548 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip

02:18:01.0990 3548 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user

02:18:01.0990 3548 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip

02:18:01.0992 3548 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user

02:18:01.0992 3548 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip

02:18:01.0993 3548 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

02:18:01.0994 3548 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip

02:18:01.0995 3548 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

02:18:01.0995 3548 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip

02:18:01.0997 3548 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - skipped by user

02:18:01.0997 3548 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - User select action: Skip

02:18:01.0999 3548 QBFCService ( UnsignedFile.Multi.Generic ) - skipped by user

02:18:01.0999 3548 QBFCService ( UnsignedFile.Multi.Generic ) - User select action: Skip

02:18:02.0001 3548 SolidWorks Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user

02:18:02.0001 3548 SolidWorks Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

02:18:02.0003 3548 WebUpdate ( UnsignedFile.Multi.Generic ) - skipped by user

02:18:02.0003 3548 WebUpdate ( UnsignedFile.Multi.Generic ) - User select action: Skip

02:18:02.0071 3548 \Device\Harddisk0\DR0\# - copied to quarantine

02:18:02.0071 3548 \Device\Harddisk0\DR0 - copied to quarantine

02:18:02.0116 3548 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine

02:18:02.0118 3548 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine

02:18:02.0122 3548 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine

02:18:02.0127 3548 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine

02:18:02.0149 3548 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine

02:18:02.0157 3548 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine

02:18:02.0158 3548 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine

02:18:02.0159 3548 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine

02:18:02.0161 3548 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine

02:18:02.0163 3548 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine

02:18:02.0166 3548 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine

02:18:02.0167 3548 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine

02:18:02.0199 3548 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot

02:18:02.0200 3548 \Device\Harddisk0\DR0 - ok

02:18:04.0657 3548 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure

02:18:05.0069 3548 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine

02:18:05.0073 3548 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine

02:18:05.0084 3548 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine

02:18:05.0094 3548 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine

02:18:05.0151 3548 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine

02:18:05.0162 3548 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine

02:18:05.0179 3548 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine

02:18:05.0184 3548 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine

02:18:05.0186 3548 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine

02:18:05.0192 3548 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine

02:18:05.0194 3548 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine

02:18:05.0196 3548 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine

02:18:05.0196 3548 \Device\Harddisk0\DR0\TDLFS - deleted

02:18:05.0196 3548 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete

02:18:30.0154 3392 Deinitialize success

MrCharlie · April 8, 2012

Great, TDSSKiller found the rootkit and MBR infection.

Please delete your copy of TDSSKiller and download and run a fresh copy, post the results.

Those UnsignedFile.Multi.Generic files are OK.

MrC

BigBK · April 8, 2012

Sounds like we are making some progress.

Fresh TDSSKiller downloaded and ran, here is the new log:

09:17:28.0152 4416 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02

09:17:28.0548 4416 ============================================================

09:17:28.0548 4416 Current date / time: 2012/04/08 09:17:28.0548

09:17:28.0549 4416 SystemInfo:

09:17:28.0549 4416

09:17:28.0549 4416 OS Version: 6.1.7601 ServicePack: 1.0

09:17:28.0549 4416 Product type: Workstation

09:17:28.0549 4416 ComputerName: BRIAN-PC

09:17:28.0549 4416 UserName: Brian

09:17:28.0549 4416 Windows directory: C:\Windows

09:17:28.0550 4416 System windows directory: C:\Windows

09:17:28.0550 4416 Running under WOW64

09:17:28.0550 4416 Processor architecture: Intel x64

09:17:28.0550 4416 Number of processors: 2

09:17:28.0550 4416 Page size: 0x1000

09:17:28.0550 4416 Boot type: Normal boot

09:17:28.0550 4416 ============================================================

09:17:29.0825 4416 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

09:17:29.0834 4416 \Device\Harddisk0\DR0:

09:17:29.0835 4416 MBR used

09:17:29.0835 4416 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800

09:17:29.0835 4416 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x484E2000

09:17:29.0835 4416 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x48546000, BlocksNum 0x22DE000

09:17:29.0835 4416 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x4A824000, BlocksNum 0x33AB0

09:17:29.0942 4416 Initialize success

09:17:29.0943 4416 ============================================================

09:17:38.0846 4348 ============================================================

09:17:38.0846 4348 Scan started

09:17:38.0846 4348 Mode: Manual; SigCheck; TDLFS;

09:17:38.0846 4348 ============================================================

09:17:40.0696 4348 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

09:17:40.0839 4348 1394ohci - ok

09:17:40.0970 4348 ABBYY.Licensing.FineReader.Sprint.9.0 (b33cf4de909a5b30f526d82053a63c8e) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe

09:17:41.0044 4348 ABBYY.Licensing.FineReader.Sprint.9.0 - ok

09:17:41.0127 4348 Accelerometer (7bb93bb5a578984090748f310ed895ef) C:\Windows\system32\DRIVERS\Accelerometer.sys

09:17:41.0229 4348 Accelerometer - ok

09:17:41.0275 4348 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

09:17:41.0331 4348 ACPI - ok

09:17:41.0413 4348 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

09:17:41.0491 4348 AcpiPmi - ok

09:17:41.0630 4348 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

09:17:41.0683 4348 adp94xx - ok

09:17:41.0805 4348 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

09:17:41.0859 4348 adpahci - ok

09:17:41.0898 4348 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

09:17:41.0948 4348 adpu320 - ok

09:17:41.0994 4348 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

09:17:42.0084 4348 AeLookupSvc - ok

09:17:42.0161 4348 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe

09:17:42.0229 4348 AESTFilters - ok

09:17:42.0360 4348 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

09:17:42.0461 4348 AFD - ok

09:17:42.0555 4348 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys

09:17:42.0649 4348 AgereSoftModem - ok

09:17:42.0773 4348 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

09:17:42.0827 4348 agp440 - ok

09:17:42.0883 4348 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

09:17:42.0936 4348 ALG - ok

09:17:43.0053 4348 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

09:17:43.0110 4348 aliide - ok

09:17:43.0278 4348 AMD External Events Utility (bcc32bf5ebb5dfd4380fa053d3651949) C:\Windows\system32\atiesrxx.exe

09:17:43.0374 4348 AMD External Events Utility - ok

09:17:43.0468 4348 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

09:17:43.0529 4348 amdide - ok

09:17:43.0569 4348 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

09:17:43.0686 4348 AmdK8 - ok

09:17:43.0793 4348 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

09:17:43.0902 4348 AmdPPM - ok

09:17:44.0005 4348 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

09:17:44.0058 4348 amdsata - ok

09:17:44.0106 4348 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

09:17:44.0125 4348 amdsbs - ok

09:17:44.0168 4348 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

09:17:44.0198 4348 amdxata - ok

09:17:44.0315 4348 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

09:17:44.0427 4348 AppID - ok

09:17:44.0477 4348 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

09:17:44.0565 4348 AppIDSvc - ok

09:17:44.0687 4348 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

09:17:44.0777 4348 Appinfo - ok

09:17:44.0860 4348 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

09:17:44.0914 4348 arc - ok

09:17:45.0019 4348 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

09:17:45.0071 4348 arcsas - ok

09:17:45.0166 4348 aspnet_state - ok

09:17:45.0269 4348 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

09:17:45.0365 4348 AsyncMac - ok

09:17:45.0476 4348 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

09:17:45.0538 4348 atapi - ok

09:17:45.0648 4348 athr (38562a6a9cb10844759eaf2b01a7fcd3) C:\Windows\system32\DRIVERS\athrx.sys

09:17:45.0742 4348 athr - ok

09:17:45.0883 4348 AtiHdmiService (3b9014fb7ce9e20fd726321c7db7d8b0) C:\Windows\system32\drivers\AtiHdmi.sys

09:17:45.0904 4348 AtiHdmiService - ok

09:17:46.0163 4348 atikmdag (a29087680a1c3b049e3c05438e8ff2b8) C:\Windows\system32\DRIVERS\atikmdag.sys

09:17:46.0394 4348 atikmdag - ok

09:17:46.0498 4348 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys

09:17:46.0546 4348 AtiPcie - ok

09:17:46.0613 4348 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

09:17:46.0722 4348 AudioEndpointBuilder - ok

09:17:46.0733 4348 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

09:17:46.0787 4348 AudioSrv - ok

09:17:47.0000 4348 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe

09:17:47.0089 4348 AVGIDSAgent - ok

09:17:47.0218 4348 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys

09:17:47.0298 4348 AVGIDSDriver - ok

09:17:47.0357 4348 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys

09:17:47.0394 4348 AVGIDSEH - ok

09:17:47.0422 4348 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys

09:17:47.0445 4348 AVGIDSFilter - ok

09:17:47.0516 4348 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys

09:17:47.0568 4348 Avgldx64 - ok

09:17:47.0606 4348 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys

09:17:47.0635 4348 Avgmfx64 - ok

09:17:47.0768 4348 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys

09:17:47.0820 4348 Avgrkx64 - ok

09:17:47.0876 4348 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys

09:17:47.0915 4348 Avgtdia - ok

09:17:48.0026 4348 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

09:17:48.0078 4348 avgwd - ok

09:17:48.0203 4348 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

09:17:48.0267 4348 AxInstSV - ok

09:17:48.0434 4348 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

09:17:48.0527 4348 b06bdrv - ok

09:17:48.0646 4348 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

09:17:48.0771 4348 b57nd60a - ok

09:17:48.0891 4348 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

09:17:48.0953 4348 BDESVC - ok

09:17:49.0070 4348 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

09:17:49.0172 4348 Beep - ok

09:17:49.0307 4348 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

09:17:49.0436 4348 BFE - ok

09:17:49.0577 4348 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll

09:17:49.0714 4348 BITS - ok

09:17:49.0818 4348 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

09:17:49.0915 4348 blbdrive - ok

09:17:50.0029 4348 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

09:17:50.0080 4348 bowser - ok

09:17:50.0110 4348 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

09:17:50.0155 4348 BrFiltLo - ok

09:17:50.0172 4348 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

09:17:50.0207 4348 BrFiltUp - ok

09:17:50.0254 4348 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

09:17:50.0345 4348 Browser - ok

09:17:50.0463 4348 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

09:17:50.0546 4348 Brserid - ok

09:17:50.0687 4348 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

09:17:50.0750 4348 BrSerWdm - ok

09:17:50.0863 4348 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

09:17:50.0935 4348 BrUsbMdm - ok

09:17:50.0955 4348 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

09:17:50.0995 4348 BrUsbSer - ok

09:17:51.0032 4348 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

09:17:51.0084 4348 BTHMODEM - ok

09:17:51.0207 4348 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

09:17:51.0294 4348 bthserv - ok

09:17:51.0325 4348 Bulk1528 - ok

09:17:51.0345 4348 Ca1528av - ok

09:17:51.0493 4348 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

09:17:51.0553 4348 cdfs - ok

09:17:51.0672 4348 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

09:17:51.0707 4348 cdrom - ok

09:17:51.0965 4348 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

09:17:52.0129 4348 CertPropSvc - ok

09:17:52.0234 4348 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

09:17:52.0310 4348 circlass - ok

09:17:52.0416 4348 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

09:17:52.0485 4348 CLFS - ok

09:17:52.0552 4348 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

09:17:52.0594 4348 clr_optimization_v2.0.50727_32 - ok

09:17:52.0639 4348 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

09:17:52.0686 4348 clr_optimization_v2.0.50727_64 - ok

09:17:52.0830 4348 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

09:17:52.0892 4348 clr_optimization_v4.0.30319_32 - ok

09:17:52.0951 4348 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

09:17:53.0011 4348 clr_optimization_v4.0.30319_64 - ok

09:17:53.0104 4348 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

09:17:53.0183 4348 CmBatt - ok

09:17:53.0226 4348 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

09:17:53.0258 4348 cmdide - ok

09:17:53.0319 4348 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

09:17:53.0380 4348 CNG - ok

09:17:53.0553 4348 Com4QLBEx (f9a79c5b27037821112c50a9c8fb367a) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

09:17:53.0612 4348 Com4QLBEx - ok

09:17:53.0707 4348 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

09:17:53.0763 4348 Compbatt - ok

09:17:53.0853 4348 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

09:17:53.0934 4348 CompositeBus - ok

09:17:53.0996 4348 COMSysApp - ok

09:17:54.0036 4348 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

09:17:54.0092 4348 crcdisk - ok

09:17:54.0203 4348 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll

09:17:54.0308 4348 CryptSvc - ok

09:17:54.0424 4348 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

09:17:54.0534 4348 DcomLaunch - ok

09:17:54.0563 4348 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

09:17:54.0641 4348 defragsvc - ok

09:17:54.0706 4348 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

09:17:54.0804 4348 DfsC - ok

09:17:54.0909 4348 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

09:17:54.0978 4348 Dhcp - ok

09:17:55.0028 4348 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

09:17:55.0082 4348 discache - ok

09:17:55.0188 4348 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

09:17:55.0238 4348 Disk - ok

09:17:55.0283 4348 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

09:17:55.0346 4348 Dnscache - ok

09:17:55.0383 4348 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

09:17:55.0456 4348 dot3svc - ok

09:17:55.0566 4348 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys

09:17:55.0644 4348 Dot4 - ok

09:17:55.0763 4348 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys

09:17:55.0828 4348 Dot4Print - ok

09:17:55.0943 4348 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys

09:17:56.0040 4348 dot4usb - ok

09:17:56.0088 4348 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

09:17:56.0179 4348 DPS - ok

09:17:56.0236 4348 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

09:17:56.0295 4348 drmkaud - ok

09:17:56.0406 4348 dtsoftbus01 (d3d64cf7b2bceaa34a270f45a3fffb36) C:\Windows\system32\DRIVERS\dtsoftbus01.sys

09:17:56.0455 4348 dtsoftbus01 - ok

09:17:56.0523 4348 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

09:17:56.0583 4348 DXGKrnl - ok

09:17:56.0628 4348 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

09:17:56.0714 4348 EapHost - ok

09:17:56.0835 4348 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

09:17:56.0912 4348 ebdrv - ok

09:17:57.0014 4348 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

09:17:57.0095 4348 EFS - ok

09:17:57.0198 4348 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

09:17:57.0283 4348 ehRecvr - ok

09:17:57.0379 4348 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

09:17:57.0431 4348 ehSched - ok

09:17:57.0502 4348 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

09:17:57.0555 4348 elxstor - ok

09:17:57.0597 4348 enecir (524c79054636d2e5751169005006460b) C:\Windows\system32\DRIVERS\enecir.sys

09:17:57.0672 4348 enecir - ok

09:17:57.0756 4348 EpsonCustomerParticipation (757305c7ad34222f4a46d86fe0bee241) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe

09:17:57.0818 4348 EpsonCustomerParticipation - ok

09:17:57.0897 4348 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

09:17:57.0956 4348 ErrDev - ok

09:17:58.0096 4348 esgiguard (df96c3cd6ae15f6d0a6bcb70f9c1e88d) C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys

09:17:58.0145 4348 esgiguard - ok

09:17:58.0246 4348 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

09:17:58.0340 4348 EventSystem - ok

09:17:58.0384 4348 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

09:17:58.0457 4348 exfat - ok

09:17:58.0769 4348 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

09:17:58.0859 4348 fastfat - ok

09:17:58.0988 4348 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

09:17:59.0043 4348 Fax - ok

09:17:59.0092 4348 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

09:17:59.0156 4348 fdc - ok

09:17:59.0184 4348 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

09:17:59.0249 4348 fdPHost - ok

09:17:59.0266 4348 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

09:17:59.0320 4348 FDResPub - ok

09:17:59.0377 4348 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

09:17:59.0407 4348 FileInfo - ok

09:17:59.0502 4348 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

09:17:59.0577 4348 Filetrace - ok

09:17:59.0677 4348 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

09:17:59.0734 4348 flpydisk - ok

09:17:59.0778 4348 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

09:17:59.0829 4348 FltMgr - ok

09:17:59.0898 4348 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

09:18:00.0004 4348 FontCache - ok

09:18:00.0087 4348 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

09:18:00.0148 4348 FontCache3.0.0.0 - ok

09:18:00.0222 4348 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

09:18:00.0275 4348 FsDepends - ok

09:18:00.0318 4348 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys

09:18:00.0361 4348 fssfltr - ok

09:18:00.0510 4348 fsssvc (40cdfad174b3d5e80f95dda003c0b97f) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe

09:18:00.0569 4348 fsssvc - ok

09:18:00.0660 4348 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

09:18:00.0720 4348 Fs_Rec - ok

09:18:00.0842 4348 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

09:18:00.0896 4348 fvevol - ok

09:18:00.0938 4348 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

09:18:00.0971 4348 gagp30kx - ok

09:18:01.0072 4348 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

09:18:01.0127 4348 GamesAppService - ok

09:18:01.0231 4348 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

09:18:01.0358 4348 gpsvc - ok

09:18:01.0512 4348 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

09:18:01.0564 4348 gupdate - ok

09:18:01.0623 4348 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

09:18:01.0680 4348 gupdatem - ok

09:18:01.0830 4348 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

09:18:01.0890 4348 gusvc - ok

09:18:01.0980 4348 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

09:18:02.0058 4348 hcw85cir - ok

09:18:02.0178 4348 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

09:18:02.0235 4348 HdAudAddService - ok

09:18:02.0280 4348 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

09:18:02.0353 4348 HDAudBus - ok

09:18:02.0449 4348 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

09:18:02.0513 4348 HidBatt - ok

09:18:02.0561 4348 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

09:18:02.0638 4348 HidBth - ok

09:18:02.0746 4348 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

09:18:02.0818 4348 HidIr - ok

09:18:02.0857 4348 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

09:18:02.0913 4348 hidserv - ok

09:18:03.0009 4348 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys

09:18:03.0074 4348 HidUsb - ok

09:18:03.0111 4348 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

09:18:03.0174 4348 hkmsvc - ok

09:18:03.0210 4348 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

09:18:03.0254 4348 HomeGroupListener - ok

09:18:03.0297 4348 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

09:18:03.0346 4348 HomeGroupProvider - ok

09:18:03.0473 4348 HP Health Check Service (45a12cacb97b4f15858fcfd59355a1e9) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

09:18:03.0502 4348 HP Health Check Service - ok

09:18:03.0612 4348 HPDrvMntSvc.exe (f55442690a70a0278a7eed4faaebf576) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

09:18:03.0663 4348 HPDrvMntSvc.exe - ok

09:18:03.0752 4348 hpdskflt (0193c30760032cc044ef47a1919f20dc) C:\Windows\system32\DRIVERS\hpdskflt.sys

09:18:03.0809 4348 hpdskflt - ok

09:18:03.0941 4348 hpqcxs08 (1dae5c46d42b02a6d5862e1482efb390) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll

09:18:04.0013 4348 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning

09:18:04.0013 4348 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)

09:18:04.0133 4348 hpqddsvc (99e8eef42fe2f4af29b08c3355dd7685) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll

09:18:04.0195 4348 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning

09:18:04.0195 4348 hpqddsvc - detected UnsignedFile.Multi.Generic (1)

09:18:04.0301 4348 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys

09:18:04.0369 4348 HpqKbFiltr - ok

09:18:04.0469 4348 hpqwmiex (640e51db253265c3eac075866b3d2b33) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

09:18:04.0569 4348 hpqwmiex - ok

09:18:04.0670 4348 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

09:18:04.0736 4348 HpSAMD - ok

09:18:04.0892 4348 HPSLPSVC (f37882f128efacefe353e0bae2766909) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL

09:18:05.0005 4348 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning

09:18:05.0005 4348 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)

09:18:05.0103 4348 hpsrv (65a2b4b003d733c6faa16f22212bb86d) C:\Windows\system32\Hpservice.exe

09:18:05.0156 4348 hpsrv - ok

09:18:05.0242 4348 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

09:18:05.0319 4348 HTTP - ok

09:18:05.0411 4348 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

09:18:05.0450 4348 hwpolicy - ok

09:18:05.0548 4348 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

09:18:05.0602 4348 i8042prt - ok

09:18:05.0661 4348 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

09:18:05.0713 4348 iaStorV - ok

09:18:05.0801 4348 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

09:18:05.0888 4348 IDriverT ( UnsignedFile.Multi.Generic ) - warning

09:18:05.0888 4348 IDriverT - detected UnsignedFile.Multi.Generic (1)

09:18:05.0986 4348 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

09:18:06.0046 4348 idsvc - ok

09:18:06.0267 4348 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys

09:18:06.0498 4348 igfx - ok

09:18:06.0606 4348 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

09:18:06.0675 4348 iirsp - ok

09:18:06.0721 4348 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

09:18:06.0802 4348 IKEEXT - ok

09:18:06.0906 4348 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

09:18:06.0968 4348 intelide - ok

09:18:07.0005 4348 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

09:18:07.0081 4348 intelppm - ok

09:18:07.0170 4348 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

09:18:07.0304 4348 IPBusEnum - ok

09:18:07.0397 4348 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

09:18:07.0485 4348 IpFilterDriver - ok

09:18:07.0618 4348 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

09:18:07.0729 4348 iphlpsvc - ok

09:18:07.0793 4348 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

09:18:07.0853 4348 IPMIDRV - ok

09:18:07.0886 4348 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

09:18:07.0969 4348 IPNAT - ok

09:18:08.0073 4348 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

09:18:08.0150 4348 IRENUM - ok

09:18:08.0263 4348 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

09:18:08.0329 4348 isapnp - ok

09:18:08.0376 4348 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

09:18:08.0421 4348 iScsiPrt - ok

09:18:08.0479 4348 JMCR (f8844b00c10e386c704c610e95a9847d) C:\Windows\system32\DRIVERS\jmcr.sys

09:18:08.0539 4348 JMCR - ok

09:18:08.0645 4348 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

09:18:08.0715 4348 kbdclass - ok

09:18:08.0755 4348 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

09:18:08.0827 4348 kbdhid - ok

09:18:08.0870 4348 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

09:18:08.0938 4348 KeyIso - ok

09:18:08.0960 4348 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

09:18:09.0000 4348 KSecDD - ok

09:18:09.0023 4348 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

09:18:09.0063 4348 KSecPkg - ok

09:18:09.0121 4348 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

09:18:09.0222 4348 ksthunk - ok

09:18:09.0317 4348 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

09:18:09.0422 4348 KtmRm - ok

09:18:09.0488 4348 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll

09:18:09.0577 4348 LanmanServer - ok

09:18:09.0679 4348 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

09:18:09.0776 4348 LanmanWorkstation - ok

09:18:09.0923 4348 LBTServ (7447f069ce66633dafa0b2deee7af5ba) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe

09:18:09.0978 4348 LBTServ - ok

09:18:10.0089 4348 LHidFilt (0a7d6ed578d85f0c35353424ee3f5245) C:\Windows\system32\DRIVERS\LHidFilt.Sys

09:18:10.0109 4348 LHidFilt - ok

09:18:10.0196 4348 LightScribeService (2238b91ac1a12cc6cc4c4fed41258b2a) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

09:18:10.0208 4348 LightScribeService ( UnsignedFile.Multi.Generic ) - warning

09:18:10.0208 4348 LightScribeService - detected UnsignedFile.Multi.Generic (1)

09:18:10.0308 4348 LiveTurbineMessageService (ad36b5f8ac7c2bafb32973b743a65265) C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineMessageService.exe

09:18:10.0336 4348 LiveTurbineMessageService - ok

09:18:10.0361 4348 LiveTurbineNetworkService (ffdff7e4d8fda5c1bfa50f9dbfb780ce) C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineNetworkService.exe

09:18:10.0375 4348 LiveTurbineNetworkService - ok

09:18:10.0496 4348 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

09:18:10.0570 4348 lltdio - ok

09:18:10.0660 4348 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

09:18:10.0739 4348 lltdsvc - ok

09:18:10.0774 4348 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

09:18:10.0808 4348 lmhosts - ok

09:18:10.0861 4348 LMouFilt (6542e2e6db58118fbb1b82a68ce3aff9) C:\Windows\system32\DRIVERS\LMouFilt.Sys

09:18:10.0882 4348 LMouFilt - ok

09:18:10.0991 4348 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

09:18:11.0019 4348 LSI_FC - ok

09:18:11.0054 4348 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

09:18:11.0064 4348 LSI_SAS - ok

09:18:11.0152 4348 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

09:18:11.0176 4348 LSI_SAS2 - ok

09:18:11.0272 4348 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

09:18:11.0297 4348 LSI_SCSI - ok

09:18:11.0328 4348 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

09:18:11.0389 4348 luafv - ok

09:18:11.0474 4348 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

09:18:11.0506 4348 Mcx2Svc - ok

09:18:11.0562 4348 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

09:18:11.0587 4348 megasas - ok

09:18:11.0637 4348 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

09:18:11.0658 4348 MegaSR - ok

09:18:11.0744 4348 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

09:18:11.0822 4348 MMCSS - ok

09:18:11.0876 4348 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

09:18:11.0934 4348 Modem - ok

09:18:12.0037 4348 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

09:18:12.0078 4348 monitor - ok

09:18:12.0129 4348 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys

09:18:12.0138 4348 mouclass - ok

09:18:12.0184 4348 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

09:18:12.0219 4348 mouhid - ok

09:18:12.0334 4348 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

09:18:12.0362 4348 mountmgr - ok

09:18:12.0403 4348 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

09:18:12.0419 4348 mpio - ok

09:18:12.0455 4348 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

09:18:12.0500 4348 mpsdrv - ok

09:18:12.0552 4348 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

09:18:12.0625 4348 MpsSvc - ok

09:18:12.0688 4348 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

09:18:12.0758 4348 MRxDAV - ok

09:18:12.0801 4348 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

09:18:12.0842 4348 mrxsmb - ok

09:18:12.0891 4348 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

09:18:12.0937 4348 mrxsmb10 - ok

09:18:12.0984 4348 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

09:18:13.0011 4348 mrxsmb20 - ok

09:18:13.0043 4348 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

09:18:13.0056 4348 msahci - ok

09:18:13.0086 4348 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

09:18:13.0097 4348 msdsm - ok

09:18:13.0134 4348 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

09:18:13.0165 4348 MSDTC - ok

09:18:13.0221 4348 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

09:18:13.0278 4348 Msfs - ok

09:18:13.0314 4348 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

09:18:13.0353 4348 mshidkmdf - ok

09:18:13.0389 4348 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

09:18:13.0398 4348 msisadrv - ok

09:18:13.0435 4348 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

09:18:13.0486 4348 MSiSCSI - ok

09:18:13.0551 4348 msiserver - ok

09:18:13.0617 4348 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

09:18:13.0677 4348 MSKSSRV - ok

09:18:13.0779 4348 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

09:18:13.0849 4348 MSPCLOCK - ok

09:18:13.0892 4348 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

09:18:13.0936 4348 MSPQM - ok

09:18:14.0058 4348 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

09:18:14.0089 4348 MsRPC - ok

09:18:14.0132 4348 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

09:18:14.0142 4348 mssmbios - ok

09:18:14.0187 4348 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

09:18:14.0242 4348 MSTEE - ok

09:18:14.0340 4348 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

09:18:14.0363 4348 MTConfig - ok

09:18:14.0395 4348 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

09:18:14.0409 4348 Mup - ok

09:18:14.0479 4348 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

09:18:14.0543 4348 napagent - ok

09:18:14.0679 4348 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

09:18:14.0726 4348 NativeWifiP - ok

09:18:14.0797 4348 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

09:18:14.0832 4348 NDIS - ok

09:18:14.0876 4348 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

09:18:14.0934 4348 NdisCap - ok

09:18:15.0033 4348 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

09:18:15.0092 4348 NdisTapi - ok

09:18:15.0152 4348 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

09:18:15.0237 4348 Ndisuio - ok

09:18:15.0277 4348 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

09:18:15.0328 4348 NdisWan - ok

09:18:15.0364 4348 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

09:18:15.0398 4348 NDProxy - ok

09:18:15.0519 4348 Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll

09:18:15.0541 4348 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

09:18:15.0541 4348 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

09:18:15.0596 4348 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

09:18:15.0659 4348 NetBIOS - ok

09:18:15.0696 4348 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

09:18:15.0754 4348 NetBT - ok

09:18:15.0814 4348 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

09:18:15.0836 4348 Netlogon - ok

09:18:15.0873 4348 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

09:18:15.0919 4348 Netman - ok

09:18:15.0942 4348 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

09:18:15.0994 4348 netprofm - ok

09:18:16.0063 4348 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

09:18:16.0088 4348 NetTcpPortSharing - ok

09:18:16.0280 4348 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys

09:18:16.0459 4348 netw5v64 - ok

09:18:16.0563 4348 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

09:18:16.0590 4348 nfrd960 - ok

09:18:16.0638 4348 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

09:18:16.0690 4348 NlaSvc - ok

09:18:16.0718 4348 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

09:18:16.0750 4348 Npfs - ok

09:18:16.0772 4348 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

09:18:16.0812 4348 nsi - ok

09:18:16.0857 4348 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

09:18:16.0900 4348 nsiproxy - ok

09:18:16.0963 4348 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

09:18:17.0018 4348 Ntfs - ok

09:18:17.0037 4348 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

09:18:17.0069 4348 Null - ok

09:18:17.0121 4348 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

09:18:17.0131 4348 nvraid - ok

09:18:17.0170 4348 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

09:18:17.0180 4348 nvstor - ok

09:18:17.0296 4348 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

09:18:17.0323 4348 nv_agp - ok

09:18:17.0358 4348 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

09:18:17.0381 4348 ohci1394 - ok

09:18:17.0456 4348 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

09:18:17.0477 4348 ose - ok

09:18:17.0665 4348 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

09:18:17.0830 4348 osppsvc - ok

09:18:17.0924 4348 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

09:18:17.0973 4348 p2pimsvc - ok

09:18:18.0007 4348 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

09:18:18.0032 4348 p2psvc - ok

09:18:18.0074 4348 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

09:18:18.0105 4348 Parport - ok

09:18:18.0138 4348 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

09:18:18.0148 4348 partmgr - ok

09:18:18.0173 4348 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

09:18:18.0213 4348 PcaSvc - ok

09:18:18.0322 4348 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

09:18:18.0348 4348 pci - ok

09:18:18.0362 4348 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

09:18:18.0374 4348 pciide - ok

09:18:18.0413 4348 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

09:18:18.0425 4348 pcmcia - ok

09:18:18.0452 4348 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

09:18:18.0461 4348 pcw - ok

09:18:18.0535 4348 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

09:18:18.0622 4348 PEAUTH - ok

09:18:18.0731 4348 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

09:18:18.0768 4348 PerfHost - ok

09:18:18.0863 4348 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

09:18:18.0987 4348 pla - ok

09:18:19.0086 4348 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

09:18:19.0139 4348 PlugPlay - ok

09:18:19.0258 4348 Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll

09:18:19.0287 4348 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

09:18:19.0287 4348 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

09:18:19.0295 4348 PnkBstrA - ok

09:18:19.0347 4348 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

09:18:19.0388 4348 PNRPAutoReg - ok

09:18:19.0435 4348 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

09:18:19.0466 4348 PNRPsvc - ok

09:18:19.0511 4348 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

09:18:19.0582 4348 PolicyAgent - ok

09:18:19.0618 4348 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

09:18:19.0667 4348 Power - ok

09:18:19.0729 4348 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

09:18:19.0806 4348 PptpMiniport - ok

09:18:19.0858 4348 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

09:18:19.0907 4348 Processor - ok

09:18:19.0949 4348 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll

09:18:20.0004 4348 ProfSvc - ok

09:18:20.0046 4348 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

09:18:20.0057 4348 ProtectedStorage - ok

09:18:20.0115 4348 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

09:18:20.0169 4348 Psched - ok

09:18:20.0256 4348 PSI_SVC_2 (a6a7ad767bf5141665f5c675f671b3e1) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

09:18:20.0284 4348 PSI_SVC_2 - ok

09:18:20.0327 4348 QBCFMonitorService (67bfd5fbe6a5497076b85ac93bfb188b) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

09:18:20.0359 4348 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - warning

09:18:20.0359 4348 QBCFMonitorService - detected UnsignedFile.Multi.Generic (1)

09:18:20.0419 4348 QBFCService (6bee1814470dc12fa20c53dfc3c97ebb) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe

09:18:20.0440 4348 QBFCService ( UnsignedFile.Multi.Generic ) - warning

09:18:20.0441 4348 QBFCService - detected UnsignedFile.Multi.Generic (1)

09:18:20.0581 4348 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

09:18:20.0620 4348 ql2300 - ok

09:18:20.0662 4348 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

09:18:20.0672 4348 ql40xx - ok

09:18:20.0697 4348 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

09:18:20.0717 4348 QWAVE - ok

09:18:20.0754 4348 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

09:18:20.0782 4348 QWAVEdrv - ok

09:18:20.0801 4348 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

09:18:20.0848 4348 RasAcd - ok

09:18:20.0890 4348 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

09:18:20.0938 4348 RasAgileVpn - ok

09:18:20.0962 4348 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

09:18:21.0006 4348 RasAuto - ok

09:18:21.0073 4348 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

09:18:21.0137 4348 Rasl2tp - ok

09:18:21.0175 4348 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

09:18:21.0212 4348 RasMan - ok

09:18:21.0258 4348 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

09:18:21.0320 4348 RasPppoe - ok

09:18:21.0423 4348 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

09:18:21.0508 4348 RasSstp - ok

09:18:21.0558 4348 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

09:18:21.0620 4348 rdbss - ok

09:18:21.0647 4348 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

09:18:21.0673 4348 rdpbus - ok

09:18:21.0715 4348 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

09:18:21.0776 4348 RDPCDD - ok

09:18:21.0859 4348 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

09:18:21.0912 4348 RDPENCDD - ok

09:18:21.0938 4348 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

09:18:21.0971 4348 RDPREFMP - ok

09:18:22.0018 4348 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys

09:18:22.0072 4348 RDPWD - ok

09:18:22.0126 4348 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

09:18:22.0155 4348 rdyboost - ok

09:18:22.0187 4348 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

09:18:22.0245 4348 RemoteAccess - ok

09:18:22.0294 4348 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

09:18:22.0339 4348 RemoteRegistry - ok

09:18:22.0441 4348 RichVideo (498eb62a160674e793fa40fd65390625) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

09:18:22.0472 4348 RichVideo - ok

09:18:22.0539 4348 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

09:18:22.0596 4348 RpcEptMapper - ok

09:18:22.0635 4348 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

09:18:22.0676 4348 RpcLocator - ok

09:18:22.0720 4348 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

09:18:22.0767 4348 RpcSs - ok

09:18:22.0806 4348 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

09:18:22.0839 4348 rspndr - ok

09:18:22.0946 4348 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys

09:18:23.0007 4348 RTL8167 - ok

09:18:23.0058 4348 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

09:18:23.0075 4348 SamSs - ok

09:18:23.0116 4348 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

09:18:23.0144 4348 sbp2port - ok

09:18:23.0166 4348 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

09:18:23.0204 4348 SCardSvr - ok

09:18:23.0248 4348 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

09:18:23.0322 4348 scfilter - ok

09:18:23.0407 4348 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

09:18:23.0528 4348 Schedule - ok

09:18:23.0642 4348 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

09:18:23.0701 4348 SCPolicySvc - ok

09:18:23.0813 4348 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys

09:18:23.0845 4348 sdbus - ok

09:18:23.0891 4348 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

09:18:23.0931 4348 SDRSVC - ok

09:18:23.0962 4348 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

09:18:23.0996 4348 secdrv - ok

09:18:24.0079 4348 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

09:18:24.0144 4348 seclogon - ok

09:18:24.0196 4348 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

09:18:24.0248 4348 SENS - ok

09:18:24.0279 4348 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

09:18:24.0311 4348 SensrSvc - ok

09:18:24.0362 4348 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

09:18:24.0404 4348 Serenum - ok

09:18:24.0497 4348 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

09:18:24.0526 4348 Serial - ok

09:18:24.0639 4348 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

09:18:24.0678 4348 sermouse - ok

09:18:24.0731 4348 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

09:18:24.0799 4348 SessionEnv - ok

09:18:24.0843 4348 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

09:18:24.0866 4348 sffdisk - ok

09:18:24.0888 4348 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

09:18:24.0923 4348 sffp_mmc - ok

09:18:24.0941 4348 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

09:18:24.0967 4348 sffp_sd - ok

09:18:25.0005 4348 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

09:18:25.0048 4348 sfloppy - ok

09:18:25.0100 4348 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

09:18:25.0153 4348 SharedAccess - ok

09:18:25.0193 4348 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

09:18:25.0245 4348 ShellHWDetection - ok

09:18:25.0285 4348 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

09:18:25.0307 4348 SiSRaid2 - ok

09:18:25.0320 4348 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

09:18:25.0330 4348 SiSRaid4 - ok

09:18:25.0375 4348 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

09:18:25.0430 4348 Smb - ok

09:18:25.0474 4348 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

09:18:25.0511 4348 SNMPTRAP - ok

09:18:25.0606 4348 SolidWorks Licensing Service (4945020bc094c322571184a6e8056b3a) C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe

09:18:25.0636 4348 SolidWorks Licensing Service ( UnsignedFile.Multi.Generic ) - warning

09:18:25.0637 4348 SolidWorks Licensing Service - detected UnsignedFile.Multi.Generic (1)

09:18:25.0707 4348 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

09:18:25.0727 4348 spldr - ok

09:18:25.0771 4348 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

09:18:25.0813 4348 Spooler - ok

09:18:25.0930 4348 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

09:18:26.0066 4348 sppsvc - ok

09:18:26.0157 4348 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

09:18:26.0246 4348 sppuinotify - ok

09:18:26.0323 4348 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

09:18:26.0365 4348 srv - ok

09:18:26.0400 4348 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

09:18:26.0418 4348 srv2 - ok

09:18:26.0474 4348 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS

09:18:26.0508 4348 SrvHsfHDA - ok

09:18:26.0555 4348 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS

09:18:26.0656 4348 SrvHsfV92 - ok

09:18:26.0766 4348 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS

09:18:26.0840 4348 SrvHsfWinac - ok

09:18:26.0940 4348 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

09:18:26.0970 4348 srvnet - ok

09:18:27.0066 4348 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

09:18:27.0142 4348 SSDPSRV - ok

09:18:27.0164 4348 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

09:18:27.0198 4348 SstpSvc - ok

09:18:27.0284 4348 STacSV (7595d53ee8e8b0baa9a2ddde867ebb0c) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe

09:18:27.0325 4348 STacSV - ok

09:18:27.0400 4348 Steam Client Service - ok

09:18:27.0479 4348 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

09:18:27.0501 4348 stexstor - ok

09:18:27.0622 4348 STHDA (dffbc024dfc7bb05b2129e05cbc7a201) C:\Windows\system32\DRIVERS\stwrt64.sys

09:18:27.0684 4348 STHDA - ok

09:18:27.0805 4348 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

09:18:27.0881 4348 stisvc - ok

09:18:27.0945 4348 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

09:18:27.0971 4348 swenum - ok

09:18:28.0010 4348 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

09:18:28.0068 4348 swprv - ok

09:18:28.0198 4348 SynTP (3a706a967295e16511e40842b1a2761d) C:\Windows\system32\DRIVERS\SynTP.sys

09:18:28.0220 4348 SynTP - ok

09:18:28.0291 4348 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

09:18:28.0368 4348 SysMain - ok

09:18:28.0462 4348 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

09:18:28.0498 4348 TabletInputService - ok

09:18:28.0551 4348 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

09:18:28.0617 4348 TapiSrv - ok

09:18:28.0653 4348 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

09:18:28.0685 4348 TBS - ok

09:18:28.0786 4348 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

09:18:28.0829 4348 Tcpip - ok

09:18:28.0874 4348 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

09:18:28.0908 4348 TCPIP6 - ok

09:18:28.0946 4348 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

09:18:28.0997 4348 tcpipreg - ok

09:18:29.0040 4348 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

09:18:29.0063 4348 TDPIPE - ok

09:18:29.0100 4348 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

09:18:29.0132 4348 TDTCP - ok

09:18:29.0168 4348 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

09:18:29.0201 4348 tdx - ok

09:18:29.0242 4348 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

09:18:29.0253 4348 TermDD - ok

09:18:29.0311 4348 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

09:18:29.0425 4348 TermService - ok

09:18:29.0462 4348 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

09:18:29.0487 4348 Themes - ok

09:18:29.0521 4348 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

09:18:29.0553 4348 THREADORDER - ok

09:18:29.0609 4348 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

09:18:29.0657 4348 TrkWks - ok

09:18:29.0734 4348 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

09:18:29.0809 4348 TrustedInstaller - ok

09:18:29.0871 4348 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

09:18:29.0930 4348 tssecsrv - ok

09:18:30.0049 4348 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

09:18:30.0076 4348 TsUsbFlt - ok

09:18:30.0129 4348 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

09:18:30.0165 4348 tunnel - ok

09:18:30.0207 4348 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

09:18:30.0216 4348 uagp35 - ok

09:18:30.0257 4348 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

09:18:30.0317 4348 udfs - ok

09:18:30.0360 4348 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

09:18:30.0373 4348 UI0Detect - ok

09:18:30.0432 4348 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

09:18:30.0464 4348 uliagpkx - ok

09:18:30.0513 4348 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

09:18:30.0547 4348 umbus - ok

09:18:30.0582 4348 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

09:18:30.0618 4348 UmPass - ok

09:18:30.0653 4348 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

09:18:30.0697 4348 upnphost - ok

09:18:30.0759 4348 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

09:18:30.0792 4348 usbccgp - ok

09:18:30.0828 4348 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

09:18:30.0844 4348 usbcir - ok

09:18:30.0869 4348 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

09:18:30.0933 4348 usbehci - ok

09:18:31.0050 4348 usbfilter (44d9c773febff10593b50ddfc2d6bc27) C:\Windows\system32\DRIVERS\usbfilter.sys

09:18:31.0068 4348 usbfilter - ok

09:18:31.0125 4348 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

09:18:31.0171 4348 usbhub - ok

09:18:31.0269 4348 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys

09:18:31.0306 4348 usbohci - ok

09:18:31.0339 4348 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

09:18:31.0365 4348 usbprint - ok

09:18:31.0467 4348 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

09:18:31.0501 4348 usbscan - ok

09:18:31.0542 4348 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

09:18:31.0580 4348 USBSTOR - ok

09:18:31.0669 4348 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys

09:18:31.0716 4348 usbuhci - ok

09:18:31.0824 4348 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys

09:18:31.0855 4348 usbvideo - ok

09:18:31.0891 4348 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

09:18:31.0967 4348 UxSms - ok

09:18:32.0013 4348 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

09:18:32.0024 4348 VaultSvc - ok

09:18:32.0079 4348 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

09:18:32.0105 4348 vdrvroot - ok

09:18:32.0152 4348 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

09:18:32.0192 4348 vds - ok

09:18:32.0235 4348 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

09:18:32.0249 4348 vga - ok

09:18:32.0272 4348 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

09:18:32.0320 4348 VgaSave - ok

09:18:32.0366 4348 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

09:18:32.0378 4348 vhdmp - ok

09:18:32.0418 4348 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

09:18:32.0444 4348 viaide - ok

09:18:32.0479 4348 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

09:18:32.0490 4348 volmgr - ok

09:18:32.0534 4348 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

09:18:32.0567 4348 volmgrx - ok

09:18:32.0596 4348 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

09:18:32.0609 4348 volsnap - ok

09:18:32.0653 4348 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

09:18:32.0665 4348 vsmraid - ok

09:18:32.0746 4348 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

09:18:32.0857 4348 VSS - ok

09:18:32.0949 4348 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

09:18:32.0991 4348 vwifibus - ok

09:18:33.0097 4348 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

09:18:33.0143 4348 vwififlt - ok

09:18:33.0182 4348 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

09:18:33.0222 4348 W32Time - ok

09:18:33.0270 4348 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

09:18:33.0281 4348 WacomPen - ok

09:18:33.0642 4348 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

09:18:33.0698 4348 WANARP - ok

09:18:33.0710 4348 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

09:18:33.0741 4348 Wanarpv6 - ok

09:18:33.0858 4348 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

09:18:33.0900 4348 WatAdminSvc - ok

09:18:33.0982 4348 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

09:18:34.0077 4348 wbengine - ok

09:18:34.0124 4348 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

09:18:34.0161 4348 WbioSrvc - ok

09:18:34.0201 4348 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

09:18:34.0242 4348 wcncsvc - ok

09:18:34.0286 4348 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

09:18:34.0333 4348 WcsPlugInService - ok

09:18:34.0365 4348 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

09:18:34.0378 4348 Wd - ok

09:18:34.0417 4348 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

09:18:34.0435 4348 Wdf01000 - ok

09:18:34.0464 4348 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

09:18:34.0497 4348 WdiServiceHost - ok

09:18:34.0501 4348 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

09:18:34.0518 4348 WdiSystemHost - ok

09:18:34.0565 4348 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

09:18:34.0601 4348 WebClient - ok

09:18:34.0702 4348 WebUpdate (12129e3be5afc0da136fa556a90296af) C:\Windows\SysWOW64\WebUpdateSvc.exe

09:18:34.0723 4348 WebUpdate ( UnsignedFile.Multi.Generic ) - warning

09:18:34.0723 4348 WebUpdate - detected UnsignedFile.Multi.Generic (1)

09:18:34.0802 4348 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

09:18:34.0871 4348 Wecsvc - ok

09:18:34.0891 4348 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

09:18:34.0940 4348 wercplsupport - ok

09:18:34.0968 4348 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

09:18:35.0002 4348 WerSvc - ok

09:18:35.0051 4348 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

09:18:35.0099 4348 WfpLwf - ok

09:18:35.0123 4348 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

09:18:35.0133 4348 WIMMount - ok

09:18:35.0183 4348 WinDefend - ok

09:18:35.0198 4348 WinHttpAutoProxySvc - ok

09:18:35.0309 4348 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

09:18:35.0385 4348 Winmgmt - ok

09:18:35.0470 4348 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

09:18:35.0667 4348 WinRM - ok

09:18:35.0802 4348 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

09:18:35.0901 4348 Wlansvc - ok

09:18:36.0012 4348 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

09:18:36.0037 4348 wlcrasvc - ok

09:18:36.0183 4348 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

09:18:36.0292 4348 wlidsvc - ok

09:18:36.0380 4348 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

09:18:36.0407 4348 WmiAcpi - ok

09:18:36.0461 4348 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

09:18:36.0492 4348 wmiApSrv - ok

09:18:36.0540 4348 WMPNetworkSvc - ok

09:18:36.0598 4348 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

09:18:36.0631 4348 WPCSvc - ok

09:18:36.0680 4348 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

09:18:36.0711 4348 WPDBusEnum - ok

09:18:36.0744 4348 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

09:18:36.0784 4348 ws2ifsl - ok

09:18:36.0810 4348 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll

09:18:36.0838 4348 wscsvc - ok

09:18:36.0845 4348 WSearch - ok

09:18:36.0940 4348 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll

09:18:37.0072 4348 wuauserv - ok

09:18:37.0175 4348 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

09:18:37.0238 4348 WudfPf - ok

09:18:37.0283 4348 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

09:18:37.0346 4348 WUDFRd - ok

09:18:37.0443 4348 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

09:18:37.0492 4348 wudfsvc - ok

09:18:37.0519 4348 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

09:18:37.0551 4348 WwanSvc - ok

09:18:37.0634 4348 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

09:18:37.0674 4348 YahooAUService - ok

09:18:37.0794 4348 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys

09:18:37.0826 4348 yukonw7 - ok

09:18:37.0857 4348 MBR (0x1B8) (938f83583ccbfb10ccd7229fdec436d9) \Device\Harddisk0\DR0

09:18:37.0938 4348 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

09:18:37.0938 4348 \Device\Harddisk0\DR0 - detected TDSS File System (1)

09:18:37.0970 4348 Boot (0x1200) (85b23e6519cd4ef196d7bbc4f2bac0c3) \Device\Harddisk0\DR0\Partition0

09:18:37.0973 4348 \Device\Harddisk0\DR0\Partition0 - ok

09:18:37.0990 4348 Boot (0x1200) (c971dbdcd495e794e9c484e6222dee7c) \Device\Harddisk0\DR0\Partition1

09:18:37.0992 4348 \Device\Harddisk0\DR0\Partition1 - ok

09:18:38.0028 4348 Boot (0x1200) (a4a4b8e1ba8a61716f1b879eecc310a6) \Device\Harddisk0\DR0\Partition2

09:18:38.0031 4348 \Device\Harddisk0\DR0\Partition2 - ok

09:18:38.0052 4348 Boot (0x1200) (9143ba43b45077786159449c5d813500) \Device\Harddisk0\DR0\Partition3

09:18:38.0053 4348 \Device\Harddisk0\DR0\Partition3 - ok

09:18:38.0055 4348 ============================================================

09:18:38.0055 4348 Scan finished

09:18:38.0055 4348 ============================================================

09:18:38.0078 5412 Detected object count: 12

09:18:38.0078 5412 Actual detected object count: 12

09:19:04.0592 5412 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user

09:19:04.0592 5412 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:19:04.0593 5412 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user

09:19:04.0593 5412 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:19:04.0597 5412 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user

09:19:04.0597 5412 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:19:04.0601 5412 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user

09:19:04.0601 5412 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:19:04.0604 5412 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user

09:19:04.0604 5412 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:19:04.0606 5412 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

09:19:04.0607 5412 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:19:04.0608 5412 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

09:19:04.0608 5412 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:19:04.0610 5412 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - skipped by user

09:19:04.0610 5412 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:19:04.0612 5412 QBFCService ( UnsignedFile.Multi.Generic ) - skipped by user

09:19:04.0612 5412 QBFCService ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:19:04.0614 5412 SolidWorks Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user

09:19:04.0614 5412 SolidWorks Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:19:04.0616 5412 WebUpdate ( UnsignedFile.Multi.Generic ) - skipped by user

09:19:04.0616 5412 WebUpdate ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:19:04.0623 5412 \Device\Harddisk0\DR0\TDLFS - deleted

09:19:04.0623 5412 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete

09:19:15.0908 6100 Deinitialize success

MrCharlie · April 8, 2012

Great

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

Note:

If you get the message Illegal operation attempted on registry key that has been marked for deletion. after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

---------------------------------

After running ComboFix and posting the log......

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how it is.

Gone for most if the day, be back tonight....MrC

MrC

BigBK · April 9, 2012

Here is the ComboFix log:

ComboFix 12-04-08.01 - Brian 04/09/2012 1:32.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6140.4470 [GMT -4:00]

Running from: c:\users\Brian\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Install.exe

c:\program files (x86)\Mozilla Firefox\plugins\npbasic.dll

c:\users\Brian\AppData\Roaming\.#

c:\users\Brian\AppData\Roaming\app

c:\users\Brian\AppData\Roaming\app\Jerakine_lang.dat

c:\users\Brian\AppData\Roaming\app\Jerakine_lang_vesrion.dat

c:\users\Public\videos\HP MediaSmart Demo.exe

c:\windows\Fonts\N2BMLre6S.com

c:\windows\svchost.exe

c:\windows\SysWow64\zip32.dll

c:\windows\Tasks\At1.job

.

((((((((((((((((((((((((( Files Created from 2012-03-09 to 2012-04-09 )))))))))))))))))))))))))))))))

.

2012-04-09 05:56 . 2012-04-09 05:56 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-04-08 06:18 . 2012-04-08 13:19 -------- d-----w- C:\TDSSKiller_Quarantine

2012-04-04 07:06 . 2012-04-04 07:06 110080 ----a-r- c:\users\Brian\AppData\Roaming\Microsoft\Installer\{5B210B8A-B66E-4702-B44D-0D6F388D29EB}\IconF7A21AF7.exe

2012-04-04 07:06 . 2012-04-04 07:06 110080 ----a-r- c:\users\Brian\AppData\Roaming\Microsoft\Installer\{5B210B8A-B66E-4702-B44D-0D6F388D29EB}\IconD7F16134.exe

2012-04-04 07:06 . 2012-04-04 07:06 110080 ----a-r- c:\users\Brian\AppData\Roaming\Microsoft\Installer\{5B210B8A-B66E-4702-B44D-0D6F388D29EB}\Icon1226A4C5.exe

2012-04-04 07:06 . 2012-04-04 07:07 -------- d-----w- C:\sh4ldr

2012-04-04 07:06 . 2012-04-04 07:06 -------- d-----w- c:\program files\Enigma Software Group

2012-04-04 07:04 . 2012-04-04 07:07 -------- d-----w- c:\windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP

2012-04-04 07:04 . 2012-04-04 07:04 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard

2012-04-03 13:43 . 2012-04-03 13:43 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE

2012-03-31 12:06 . 2012-03-31 12:06 -------- d-----w- c:\users\Brian\AppData\Roaming\Malwarebytes

2012-03-31 12:06 . 2012-03-31 12:06 -------- d-----w- c:\programdata\Malwarebytes

2012-03-31 12:06 . 2011-12-10 19:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-31 12:06 . 2012-04-03 11:47 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-03-24 01:53 . 2012-03-24 01:53 -------- d-----w- c:\users\Brian\AppData\Local\ABBYY

2012-03-24 01:50 . 2012-03-24 01:54 -------- d-----w- c:\program files (x86)\ABBYY FineReader 9.0 Sprint

2012-03-24 01:50 . 2012-03-24 01:50 -------- d-----w- c:\programdata\ABBYY

2012-03-24 01:50 . 2012-03-24 01:50 -------- d-----w- c:\program files (x86)\Common Files\ABBYY

2012-03-24 01:44 . 2012-03-24 01:44 -------- d-----w- c:\program files\Common Files\EPSON

2012-03-24 01:42 . 2012-03-24 01:42 -------- d-----w- c:\program files\EPSON

2012-03-24 01:41 . 2012-03-24 01:41 -------- d-----w- c:\program files\EpsonNet

2012-03-24 01:41 . 2010-09-13 19:01 538112 ----a-w- c:\windows\system32\ensppui.dll

2012-03-24 01:41 . 2010-09-13 19:01 538112 ----a-w- c:\windows\system32\enppui.dll

2012-03-24 01:41 . 2010-09-13 19:00 558592 ----a-w- c:\windows\system32\ensppmon.dll

2012-03-24 01:41 . 2010-09-13 19:00 558592 ----a-w- c:\windows\system32\enppmon.dll

2012-03-24 01:41 . 2008-06-18 15:49 250880 ----a-w- c:\windows\system32\enspres.dll

2012-03-24 01:41 . 2008-06-18 15:49 250880 ----a-w- c:\windows\system32\enpres.dll

2012-03-24 01:41 . 2012-03-24 01:41 -------- d-----w- c:\program files (x86)\Common Files\EPSON

2012-03-24 01:40 . 2012-03-31 12:53 -------- d-----w- c:\users\Brian\AppData\Roaming\Epson

2012-03-24 01:39 . 2012-03-24 01:39 -------- d-----w- c:\program files (x86)\Epson America Inc

2012-03-24 01:39 . 2012-03-24 01:40 -------- d-----w- c:\program files (x86)\Epson Software

2012-03-24 01:37 . 2010-09-28 14:01 118784 ----a-w- c:\windows\system32\E_YLMHVA.DLL

2012-03-24 01:37 . 2010-08-09 14:02 83456 ----a-w- c:\windows\system32\E_YD4BHVA.DLL

2012-03-24 01:37 . 2012-03-24 01:44 -------- d-----w- c:\programdata\EPSON

2012-03-24 01:37 . 2009-12-09 04:00 464384 ----a-w- c:\windows\system32\esxw2ud.dll

2012-03-24 01:37 . 2009-10-16 04:00 13824 ----a-w- c:\windows\system32\esxcdev.dll

2012-03-24 01:37 . 2009-10-16 04:00 132560 ----a-w- c:\windows\system32\esdevapp.exe

2012-03-24 01:37 . 2012-03-24 01:46 -------- d-----w- c:\program files (x86)\epson

2012-03-21 04:30 . 2012-03-21 04:30 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll

2012-03-21 04:30 . 2012-03-21 04:30 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll

2012-03-15 07:09 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-03-15 07:09 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-03-15 07:09 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-03-14 12:33 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys

2012-03-14 12:33 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll

2012-03-14 12:33 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-03-14 12:32 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-03-14 12:32 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-03-14 12:32 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-03-14 12:32 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-03-14 12:32 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-03-14 12:32 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-03-14 12:32 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-03-12 01:13 . 2010-04-27 18:09 952 --sha-w- c:\programdata\KGyGaAvL.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-01-16 20:21 1811296 ----a-w- c:\program files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2010-09-29 03:44 1400712 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll" [2012-01-16 1811296]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392]

"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-09-29 1685048]

"OnlineBackupScheduler"="c:\program files (x86)\QuickBooks Online Backup\OnlineBackup.exe" [2007-11-02 610304]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]

"Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]

"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2011-11-24 6497592]

"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\x64\3\E_YATIHVA.EXE" [2011-04-24 239488]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-05 98304]

"HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"Corel File Shell Monitor"="c:\program files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2009-08-26 15544]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]

"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2010-10-19 1439496]

"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]

"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]

"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-01-16 939872]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]

"ROC_roc_dec12"="c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-16 928096]

"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]

"FUFAXRCV"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" [2011-03-09 495616]

"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2011-03-09 856064]

.

c:\users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]

OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R2 Ca1528av;SPCA1528 Video Camera Service;c:\windows\system32\Drivers\Ca1528av.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-04 136176]

R3 Bulk1528;SPCA1528 Still Camera Service;c:\windows\system32\Drivers\Bulk1528.sys [x]

R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]

R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-03-02 13088]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-04 136176]

R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]

R3 LiveTurbineMessageService;Turbine Message Service - Live;c:\program files (x86)\Turbine\Turbine Download Manager\TurbineMessageService.exe [2009-11-30 271856]

R3 LiveTurbineNetworkService;Turbine Network Service - Live;c:\program files (x86)\Turbine\Turbine Download Manager\TurbineNetworkService.exe [2009-11-30 218608]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]

S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-03-02 89600]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]

S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]

S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-06-09 555392]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-01-25 92216]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]

S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2009-08-20 21:24 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-04 18:44]

.

2012-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-04 18:44]

.

2012-04-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3571551730-3999895387-2625692946-1000Core.job

- c:\users\Brian\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-19 04:03]

.

2012-04-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3571551730-3999895387-2625692946-1000UA.job

- c:\users\Brian\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-19 04:03]

.

2012-04-09 c:\windows\Tasks\HPCeeScheduleForBrian.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 11:22]

.

--------- x86-64 -----------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-08-25 610872]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-31 171520]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-23 487424]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-06-26 1609296]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/ig/

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyServer = 188.138.24.221:8080

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.254.254

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll

FF - ProfilePath - c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\69hmrk01.default\

FF - prefs.js: browser.startup.homepage - hxxp://batheo.clapalong.com/?action=webgame!gamelogin&sid=19

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKU-Default-Run-dplaysvr - c:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe

AddRemove-Utherverse 3D Client - c:\program files (x86)\Utherverse Digital Inc\Utherverse VWW Client\Branding\{ff92d786-2e61-4410-8e67-5bc370db244d}\uninst.exe

AddRemove-{E92D47A1-D27D-430A-8368-0BAFD956507D} - c:\program files (x86)\InstallShield Installation Information\{E92D47A1-D27D-430A-8368-0BAFD956507D}\setup.exe

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]

@Denied: (A) (Everyone)

"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]

"Key"="ActionsPane"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

c:\program files (x86)\CyberLink\Shared files\RichVideo.exe

c:\windows\SysWOW64\WebUpdateSvc.exe

c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\program files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe

c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

c:\program files (x86)\Yahoo!\Messenger\ymsgr_tray.exe

.

**************************************************************************

.

Completion time: 2012-04-09 02:28:03 - machine was rebooted

ComboFix-quarantined-files.txt 2012-04-09 06:27

.

Pre-Run: 482,938,064,896 bytes free

Post-Run: 484,951,044,096 bytes free

.

- - End Of File - - 9B08092F10E02A40EE741E68C29AFC36

BigBK · April 9, 2012

And here is the MBAM log:

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.04.09.01

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Brian :: BRIAN-PC [administrator]

4/9/2012 2:45:08 AM

mbam-log-2012-04-09 (02-45-08).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 207185

Time elapsed: 4 minute(s), 29 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

MrCharlie · April 9, 2012

Did you set this proxy in Internet Explorer:

uInternet Settings,ProxyServer = 188.138.24.221:8080

http://images.ip2loc...om/22097213.png

---------------------------------

The rest looks OK.

How the computer running now? MrC

BigBK · April 9, 2012

No, I did not set that proxy.

BigBK · April 9, 2012

IE now loads google.com fine and overall the computer seems to be running much better. I haven't seen any more notices about AVG blocking some executables. I think I need to update my Java release.

MrCharlie · April 9, 2012

Yes you do,

Please go to your control panels add/remove programs and uninstall these:

Java™ 6 Update 20

Then go to your control panel > Java > Update Tab > Update Now.

Java™ 6 Update 30 <------should be 31

http://www.java.com/...d/installed.jsp <---verify your Java

---------------------------------------

See if you can RogueKiller now, if so we can fix that proxy setting.

MrC

BigBK · April 9, 2012

You have the recommended Java installed (Version 6 Update 31).

Trying RogueKiller again now.

BigBK · April 9, 2012

OK, RogueKiller ran successfully, here is the report from it:

RogueKiller V7.3.2 [03/20/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: Brian [Admin rights]

Mode: Scan -- Date: 04/09/2012 09:45:38

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 4 ¤¤¤

[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (188.138.24.221:8080) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD6400BEVT-60A0RT0 ATA Device +++++

--- User ---

[MBR] addcea1c050b6b007c48a9347babcfb1

[bSP] 2adf95c9b70d7083b6a5c92508ec901e : Windows Vista/7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 592324 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1213489152 | Size: 17852 Mo

3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 1250050048 | Size: 103 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

MrCharlie · April 9, 2012

OK...Good

This is what we want to fix:

¤¤¤ Registry Entries: 4 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (188.138.24.221:8080) -> FOUND

To fix that......

Run RogueKiller again > click scan > when the scan is done

Click on ProxyFix on the right hand column

The entry won't be deleted but set into the RK_Quarantine folder.

If there's any problems, all you have to do is open up the folder and double click on the reg file that's in there.

Let me know, we still have to uninstall all the tools we used. MrC

BigBK · April 9, 2012

Thank you so much for your help.

OK, Scanned again, clicked ProxyFix, ran a 2nd scan and it did not detect the Proxy setting anymore.

Awaiting your next instructions.

MrCharlie · April 9, 2012

OK...we're done

Just do this............

Please Uninstall ComboFix:

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

----------------------------------

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

BigBK · April 9, 2012

OK...ComboFix uninstalled and OTL ran, cleaned up, and rebooted.

I just noticed however that most of my start menu folders are (empty). Looks like all of those shortcuts have been erased. And I don't see MS Paint installed anymore. I also get an error on reboot about a 2nd instance of Open Office running. I tried to take a screenshot of the message but I don't have MS Paint to send the printscreen to.

Other than those things, everything seems to be back to normal now.

Thanks.

MrCharlie · April 9, 2012

http://www.bleepingcomputer.com/forums/topic405109.html

Download and run unhide as outline in the tutorial above.

MrC

BigBK · April 9, 2012

I ran unhide and start menu folders are still empty. Here is the log file for it:

Unhide by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

More Information about Unhide.exe can be found at this link:

http://www.bleepingcomputer.com/forums/topic405109.html

Program started at: 04/09/2012 12:07:22 PM

Windows Version: Windows 7

Please be patient while your files are made visible again.

Processing the C:\ drive

Finished processing the C:\ drive. 898732 files processed.

Processing the D:\ drive

Finished processing the D:\ drive. 104 files processed.

Processing the E:\ drive

Finished processing the E:\ drive. 14 files processed.

The C:\Users\Brian\AppData\Local\Temp\smtmp\ folder does not exist!!

Unhide cannot restore your missing shortcuts!!

Please see this topic in order to learn how to restore default

Start Menu shortcuts: http://www.bleepingcomputer.com/forums/topic405109.html

Searching for Windows Registry changes made by FakeHDD rogues.

- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System

- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop

- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced

No registry changes detected.

Restarting Explorer.exe in order to apply changes.

Program finished at: 04/09/2012 01:35:24 PM

Execution time: 1 hours(s), 28 minute(s), and 1 seconds(s)

Looks like I will have to just install the default start menu for now and slowly repair the other missing items?

MrCharlie · April 9, 2012

Yes, unfortunately that's what you have to do, if there gone there's nothing else you can do.

The link below may help also beside the one in the report.

Let me know, MrC

http://www.smartestcomputing.us.com/topic/46010-how-to-restore-start-menu-and-files-hiddendeleted-by-a-virus/

SVCHOST.exe infected with Trojan.Agent

Recommended Posts

Link to post

Share on other sites

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information