Jump to content

Smart HDD Google Redirects and Other Fun


Recommended Posts

OK, so my cable company stopped carrying my local hockey team. Watching them on pirate websites has taken it's toll on my rig (again)...

Her are the logs and thanks in advance for your help.

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by Shane at 8:48:11 on 2012-04-08

Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3582.2099 [GMT -4:00]

.

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\PROGRA~1\AVG\AVG2012\avgrsx.exe

C:\Program Files\AVG\AVG2012\avgcsrvx.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskhost.exe

C:\Windows\Explorer.EXE

C:\Program Files\AVG\AVG2012\avgwdsvc.exe

C:\Windows\System32\bgsvcgen.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Microsoft Dynamics NAV\60\Service\Microsoft.Dynamics.Nav.Server.exe

C:\Program Files\AVG\AVG2012\avgnsx.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Windows\V0650Mon.exe

C:\Program Files\Citrix\ICA Client\concentr.exe

C:\Windows\WindowsMobile\wmdc.exe

C:\Program Files\Citrix\ICA Client\wfcrun32.exe

C:\Program Files\AVG\AVG2012\avgemcx.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\AVG\AVG2012\avgtray.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Users\Shane\AppData\Roaming\Dropbox\bin\Dropbox.exe

c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

C:\Windows\System32\svchost.exe -k HPZ12

c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\svchost.exe -k WindowsMobile

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

mURLSearchHooks: H - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~1\office14\GROOVEEX.DLL

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~1\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll

uRun: [Facebook Update] "c:\users\shane\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [V0650Mon.exe] c:\windows\V0650Mon.exe

mRun: [Rocket Live! Central 2] "c:\program files\rocketfish hd webcam\live! central\RFLVCentral2.exe" /mode2

mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup

mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

StartupFolder: c:\users\shane\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\shane\appdata\roaming\dropbox\bin\Dropbox.exe

StartupFolder: c:\users\shane\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Trusted Zone: caplugs.com\citrix

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{09E9C12D-B854-4F27-BBA9-0425849B4188} : DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{C1EEF202-5EBC-4682-A820-E45D6359DE9B} : DhcpNameServer = 10.1.0.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~1\office14\GROOVEEX.DLL

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]

R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-9-8 65584]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-4-7 652360]

R2 MicrosoftDynamicsNavServer;Microsoft Dynamics NAV Server;c:\program files\microsoft dynamics nav\60\service\Microsoft.Dynamics.Nav.Server.exe [2009-8-14 141184]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-4-7 20464]

R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 srv1A8;srv1A8;c:\windows\system32\svchost.exe -k netsvcs [2009-7-13 20992]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2011-1-20 144640]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]

S3 MicrosoftDynamicsNavWS;Microsoft Dynamics NAV Business Web Services;c:\program files\microsoft dynamics nav\60\service\Microsoft.Dynamics.Nav.Server.exe [2009-8-14 141184]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 V0650Vid;Rocketfish HD Webcam Driver;c:\windows\system32\drivers\V0650Vid.sys [2011-1-16 322176]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-9-25 1343400]

.

=============== Created Last 30 ================

.

2012-04-07 18:48:38 -------- d-sh--w- C:\$RECYCLE.BIN

2012-04-07 18:48:36 -------- d-----w- c:\users\shane\appdata\local\temp

2012-04-07 17:47:33 98816 ----a-w- c:\windows\sed.exe

2012-04-07 17:47:33 518144 ----a-w- c:\windows\SWREG.exe

2012-04-07 17:47:33 256000 ----a-w- c:\windows\PEV.exe

2012-04-07 17:47:33 208896 ----a-w- c:\windows\MBR.exe

2012-04-07 17:22:29 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-04-07 17:22:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-04-07 16:42:38 -------- d-----w- C:\TDSSKiller_Quarantine

2012-04-05 23:24:50 117760 ----a-w- c:\programdata\microsoft\windows\drm\D5C6.tmp

2012-03-29 02:10:17 -------- d-----w- c:\users\shane\appdata\roaming\NVIDIA

2012-03-14 11:17:10 3957616 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-03-14 11:17:08 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-03-13 22:36:22 2341376 ----a-w- c:\windows\system32\win32k.sys

2012-03-13 22:36:21 739840 ----a-w- c:\windows\system32\d2d1.dll

2012-03-13 22:36:21 218624 ----a-w- c:\windows\system32\d3d10_1core.dll

2012-03-13 22:36:21 161792 ----a-w- c:\windows\system32\d3d10_1.dll

2012-03-13 22:36:21 1170944 ----a-w- c:\windows\system32\d3d10warp.dll

2012-03-13 22:36:21 1074176 ----a-w- c:\windows\system32\DWrite.dll

2012-03-13 22:36:02 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-03-13 22:36:02 57856 ----a-w- c:\windows\system32\rdpwsx.dll

2012-03-13 22:36:02 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-03-13 22:36:00 826368 ----a-w- c:\windows\system32\rdpcore.dll

2012-03-13 22:36:00 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-03-13 22:36:00 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys

.

==================== Find3M ====================

.

2012-04-07 16:43:26 387584 ----a-w- c:\windows\system32\drivers\csc.sys

2012-03-02 23:04:41 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

============= FINISH: 8:50:29.70 ===============

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-06-23.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 9/24/2010 9:20:35 PM

System Uptime: 4/8/2012 8:31:08 AM (0 hours ago)

.

Motherboard: Dell Inc. | | 0JM680

Processor: Intel® Core2 Duo CPU T9300 @ 2.50GHz | Microprocessor | 2501/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 233 GiB total, 92.582 GiB free.

D: is CDROM ()

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP165: 2/23/2012 6:32:07 AM - Windows Update

RP166: 3/2/2012 7:48:13 PM - Scheduled Checkpoint

RP167: 3/11/2012 10:24:49 AM - Scheduled Checkpoint

RP169: 3/14/2012 7:16:45 AM - Windows Modules Installer

RP171: 3/22/2012 7:47:33 PM - Scheduled Checkpoint

RP172: 3/30/2012 10:44:19 PM - Scheduled Checkpoint

RP173: 4/7/2012 11:38:49 AM - Restore Operation

.

==== Installed Programs ======================

.

µTorrent

Adobe AIR

Adobe Digital Editions

Adobe Flash Player 11 ActiveX

Adobe Reader X (10.1.1)

Advanced Audio FX Engine

Amazon MP3 Downloader 1.0.12

American Module for Microsoft Dynamics NAV Classic Client

American Module for Microsoft Dynamics NAV Documentation

American Module for Microsoft Dynamics NAV Outlook Add-In

American Module for Microsoft Dynamics NAV Role Tailored Client

American Module for Microsoft Dynamics NAV Server

Apple Application Support

Apple Mobile Device Support

Apple Software Update

AVG 2012

Bonjour

Canadian Module for Microsoft Dynamics NAV Classic Client

Canadian Module for Microsoft Dynamics NAV Documentation

Canadian Module for Microsoft Dynamics NAV Outlook Add-In

Canadian Module for Microsoft Dynamics NAV Role Tailored Client

Canadian Module for Microsoft Dynamics NAV Server

Citrix online plug-in - web

Citrix online plug-in (DV)

Citrix online plug-in (HDX)

Citrix online plug-in (USB)

Citrix online plug-in (Web)

Counter-Strike

Coupon Printer for Windows

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Dell Driver Download Manager

Dell Touchpad

Documentation

Dropbox

ESET Online Scanner v3

Facebook Video Calling 1.2.0.159

FLV Player

GMATPrep

iTunes

Java Auto Updater

Java 6 Update 26

Java 7

Live! Cam Avatar Creator

Magic ISO Maker v5.5 (build 0281)

MagicDisc 2.7.106

Malwarebytes Anti-Malware version 1.60.1.1000

MediaMonkey 3.2

Mexican Module for Microsoft Dynamics NAV Classic Client

Mexican Module for Microsoft Dynamics NAV Documentation

Mexican Module for Microsoft Dynamics NAV Outlook Add-In

Mexican Module for Microsoft Dynamics NAV Role Tailored Client

Mexican Module for Microsoft Dynamics NAV Server

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)

Microsoft Dynamics NAV 2009 Classic

Microsoft Dynamics NAV 2009 Outlook Add-in

Microsoft Dynamics NAV 2009 RoleTailored Client

Microsoft Dynamics NAV 2009 Service

Microsoft Dynamics NAV 2009 SP1

Microsoft Dynamics NAV 6-0 Database for SQL Server

Microsoft Dynamics NAV 6.0 Setup

Microsoft Dynamics NAV Components for Microsoft SQL Server

Microsoft IntelliPoint 8.2

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Report Viewer Redistributable 2008 (KB971119)

Microsoft Silverlight

Microsoft SQL Server 2005

Microsoft SQL Server 2005 Express Edition

Microsoft SQL Server Compact 3.5 SP2 ENU

Microsoft SQL Server Native Client

Microsoft SQL Server Setup Support Files (English)

Microsoft SQL Server VSS Writer

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

NHL® 09

NVIDIA Install Application

PHOTOfunSTUDIO 5.0 HD Edition

PrimoPDF -- brought to you by Nitro PDF Software

QuickTime

RICOH R5C83x/84x Media Driver x86 Ver.3.34.03

Rocketfish HD Webcam (1.00.06.00)

Rocketfish Live! Central

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition

SILKYPIX Developer Studio 3.1 SE

Skype Click to Call

Skype™ 5.5

Steam

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition

Update for Microsoft Outlook Social Connector (KB2583935)

Windows Mobile Device Center

Yahoo! BrowserPlus 2.9.8

Yahoo! Detect

.

==== Event Viewer Messages From Past Week ========

.

4/8/2012 8:32:46 AM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.

4/8/2012 8:32:27 AM, Error: Service Control Manager [7023] - The srv1A8 service terminated with the following error: The specified module could not be found.

4/8/2012 8:32:27 AM, Error: Service Control Manager [7023] - The Avgio service terminated with the following error: The specified module could not be found.

4/8/2012 8:32:27 AM, Error: Service Control Manager [7003] - The Internet Connection Sharing (ICS) service depends the following service: BFE. This service might not be installed.

4/8/2012 8:31:56 AM, Error: Service Control Manager [7023] - The WavxDMgr service terminated with the following error: The specified module could not be found.

4/8/2012 8:31:56 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

4/7/2012 2:48:46 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

4/7/2012 2:48:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

4/7/2012 2:48:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

4/7/2012 2:48:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

4/7/2012 2:48:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

4/7/2012 2:47:43 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

4/7/2012 2:39:55 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86 Avgmfx86 ctxusbm discache spldr Wanarpv6

4/7/2012 12:43:40 PM, Error: Microsoft-Windows-Eventlog [22] - The event logging service encountered an error while initializing publishing resources for channel DebugChannel. If channel type is Analytic or Debug, then this could mean there was an error initializing logging resources as well.

4/7/2012 11:50:32 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

4/7/2012 11:42:25 AM, Error: Service Control Manager [7023] - The WavxDMgr service terminated with the following error: Access is denied.

4/7/2012 11:41:29 AM, Error: Service Control Manager [7023] - The Avgio service terminated with the following error: Access is denied.

4/7/2012 11:34:56 AM, Error: Service Control Manager [7023] - The Peer Name Resolution Protocol service terminated with the following error: Access is denied.

4/7/2012 11:34:56 AM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: Access is denied.

4/7/2012 11:34:56 AM, Error: Microsoft-Windows-PNRPSvc [102] - The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80070005.

4/7/2012 11:34:53 AM, Error: Microsoft-Windows-WMPNSS-Service [14346] - A new media server was not initialized because RegisterRunningDevice() encountered error '0x80070005'. Restart your computer, and then restart the WMPNetworkSvc service.

4/7/2012 11:33:56 AM, Error: Service Control Manager [7023] - The Sdcplh service terminated with the following error: Access is denied.

4/7/2012 11:33:47 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007a (0xc0461398, 0xc000000e, 0x90d35860, 0x8c273fda). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 040712-69904-01.

4/7/2012 11:12:53 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.

4/7/2012 11:12:53 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Profile Service service, but this action failed with the following error: An instance of the service is already running.

4/7/2012 11:12:53 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.

4/7/2012 11:12:53 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

4/7/2012 11:12:53 AM, Error: Service Control Manager [7001] - The IKE and AuthIP IPsec Keying Modules service depends on the Base Filtering Engine service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

4/7/2012 11:11:53 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.

4/7/2012 11:11:53 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Application Experience service, but this action failed with the following error: An instance of the service is already running.

4/7/2012 11:10:53 AM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s).

4/7/2012 11:10:53 AM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

4/7/2012 11:10:53 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

4/7/2012 11:10:53 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

4/7/2012 11:10:53 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

4/7/2012 11:10:53 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

4/7/2012 11:10:53 AM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

4/7/2012 11:10:53 AM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

4/7/2012 11:10:53 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

4/7/2012 11:10:53 AM, Error: Service Control Manager [7031] - The Secondary Logon service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

4/7/2012 11:10:53 AM, Error: Service Control Manager [7031] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

4/7/2012 11:10:53 AM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

4/7/2012 11:10:53 AM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

4/7/2012 11:10:53 AM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

4/7/2012 11:10:53 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

4/7/2012 11:10:53 AM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

4/7/2012 11:10:53 AM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

4/7/2012 11:10:53 AM, Error: Service Control Manager [7031] - The Certificate Propagation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

4/7/2012 11:10:53 AM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

4/7/2012 11:10:53 AM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

4/7/2012 1:47:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

4/7/2012 1:38:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}

4/7/2012 1:38:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

4/5/2012 8:05:25 PM, Error: Schannel [36887] - The following fatal alert was received: 40.

4/5/2012 8:03:55 PM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.

4/5/2012 7:35:50 PM, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.

4/5/2012 7:30:49 PM, Error: Service Control Manager [7000] - The Diagnostic System Host service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.

4/5/2012 10:01:20 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running.

.

==== End Of File ===========================

Link to post
Share on other sites

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system (don't run any other options)

Post back the report.

MrC

Link to post
Share on other sites

RogueKiller V7.3.2 [03/20/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 32 bits version

Started in : Normal mode

User: Shane [Admin rights]

Mode: Scan -- Date: 04/09/2012 19:16:29

¤¤¤ Bad processes: 1 ¤¤¤

[sUSP PATH] V0650Mon.exe -- C:\Windows\V0650Mon.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 10 ¤¤¤

[sUSP PATH] HKLM\[...]\Run : V0650Mon.exe (C:\Windows\V0650Mon.exe) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS723225L9A362 ATA Device +++++

--- User ---

[MBR] be9661f0a67815957b5bf46d56ce0152

[bSP] e7a4d88e39462edee4d9ce59ade9badd : Windows 7 MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 101 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 208845 | Size: 238372 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

As requested.

S

Link to post
Share on other sites

OK...first, please download and run unhide:

http://www.bleepingc...ti-virus/unhide

---------------------------------

Nest:

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

tdss_1.jpg

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg

------------------------

Click the Start Scan button.

tdss_3.jpg

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

tdss_4.jpg

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

tdss_5.jpg

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

MrC

Link to post
Share on other sites

20:01:25.0267 2108 TDSS rootkit removing tool 2.7.27.0 Apr 9 2012 09:53:37

20:01:25.0907 2108 ============================================================

20:01:25.0907 2108 Current date / time: 2012/04/09 20:01:25.0907

20:01:25.0907 2108 SystemInfo:

20:01:25.0907 2108

20:01:25.0907 2108 OS Version: 6.1.7600 ServicePack: 0.0

20:01:25.0907 2108 Product type: Workstation

20:01:25.0907 2108 ComputerName: SHANES-LAPTOP

20:01:25.0907 2108 UserName: Shane

20:01:25.0907 2108 Windows directory: C:\Windows

20:01:25.0907 2108 System windows directory: C:\Windows

20:01:25.0907 2108 Processor architecture: Intel x86

20:01:25.0907 2108 Number of processors: 2

20:01:25.0907 2108 Page size: 0x1000

20:01:25.0907 2108 Boot type: Normal boot

20:01:25.0907 2108 ============================================================

20:01:26.0997 2108 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

20:01:26.0997 2108 \Device\Harddisk0\DR0:

20:01:26.0997 2108 MBR used

20:01:26.0997 2108 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32FCD, BlocksNum 0x1D192000

20:01:27.0027 2108 Initialize success

20:01:27.0027 2108 ============================================================

20:01:51.0665 7648 ============================================================

20:01:51.0665 7648 Scan started

20:01:51.0665 7648 Mode: Manual; SigCheck; TDLFS;

20:01:51.0665 7648 ============================================================

20:01:53.0954 7648 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys

20:01:54.0094 7648 1394ohci - ok

20:01:54.0124 7648 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys

20:01:54.0144 7648 ACPI - ok

20:01:54.0154 7648 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys

20:01:54.0224 7648 AcpiPmi - ok

20:01:54.0324 7648 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

20:01:54.0344 7648 AdobeARMservice - ok

20:01:54.0454 7648 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys

20:01:54.0474 7648 adp94xx - ok

20:01:54.0524 7648 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys

20:01:54.0544 7648 adpahci - ok

20:01:54.0564 7648 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys

20:01:54.0574 7648 adpu320 - ok

20:01:54.0604 7648 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll

20:01:54.0644 7648 AeLookupSvc - ok

20:01:54.0804 7648 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys

20:01:54.0854 7648 AFD - ok

20:01:54.0884 7648 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys

20:01:54.0894 7648 agp440 - ok

20:01:54.0924 7648 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys

20:01:54.0934 7648 aic78xx - ok

20:01:54.0984 7648 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe

20:01:55.0014 7648 ALG - ok

20:01:55.0124 7648 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys

20:01:55.0134 7648 aliide - ok

20:01:55.0144 7648 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys

20:01:55.0154 7648 amdagp - ok

20:01:55.0174 7648 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys

20:01:55.0184 7648 amdide - ok

20:01:55.0224 7648 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

20:01:55.0254 7648 AmdK8 - ok

20:01:55.0284 7648 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys

20:01:55.0314 7648 AmdPPM - ok

20:01:55.0434 7648 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys

20:01:55.0444 7648 amdsata - ok

20:01:55.0484 7648 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys

20:01:55.0494 7648 amdsbs - ok

20:01:55.0564 7648 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys

20:01:55.0574 7648 amdxata - ok

20:01:55.0604 7648 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys

20:01:55.0644 7648 AppID - ok

20:01:55.0684 7648 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll

20:01:55.0744 7648 AppIDSvc - ok

20:01:55.0784 7648 Appinfo (7dead9e3f65dcb2794f2711003bbf650) C:\Windows\System32\appinfo.dll

20:01:55.0844 7648 Appinfo - ok

20:01:55.0974 7648 Apple Mobile Device (018857ead9a077a56aedfc0e5ef7a24a) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

20:01:55.0984 7648 Apple Mobile Device - ok

20:01:56.0074 7648 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll

20:01:56.0114 7648 AppMgmt - ok

20:01:56.0174 7648 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys

20:01:56.0184 7648 arc - ok

20:01:56.0214 7648 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys

20:01:56.0224 7648 arcsas - ok

20:01:56.0274 7648 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

20:01:56.0374 7648 AsyncMac - ok

20:01:56.0504 7648 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys

20:01:56.0514 7648 atapi - ok

20:01:56.0564 7648 AudioEndpointBuilder (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll

20:01:56.0634 7648 AudioEndpointBuilder - ok

20:01:56.0644 7648 Audiosrv (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll

20:01:56.0674 7648 Audiosrv - ok

20:01:56.0894 7648 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

20:01:56.0994 7648 AVGIDSAgent - ok

20:01:57.0124 7648 AVGIDSDriver (f6878b90a8a9795116bce335238e65af) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys

20:01:57.0154 7648 AVGIDSDriver - ok

20:01:57.0184 7648 AVGIDSEH (19a08a6728a6e02099d64268218cd799) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys

20:01:57.0194 7648 AVGIDSEH - ok

20:01:57.0214 7648 AVGIDSFilter (f8927ab1dd086edeff2924a64dc89869) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys

20:01:57.0224 7648 AVGIDSFilter - ok

20:01:57.0264 7648 AVGIDSShim (dadca567891033dcf2ec4a3f9da46ae4) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys

20:01:57.0274 7648 AVGIDSShim - ok

20:01:57.0374 7648 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\Windows\system32\DRIVERS\avgldx86.sys

20:01:57.0384 7648 Avgldx86 - ok

20:01:57.0424 7648 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\Windows\system32\DRIVERS\avgmfx86.sys

20:01:57.0434 7648 Avgmfx86 - ok

20:01:57.0504 7648 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\Windows\system32\DRIVERS\avgrkx86.sys

20:01:57.0504 7648 Avgrkx86 - ok

20:01:57.0574 7648 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\Windows\system32\DRIVERS\avgtdix.sys

20:01:57.0584 7648 Avgtdix - ok

20:01:57.0724 7648 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe

20:01:57.0774 7648 avgwd - ok

20:01:57.0824 7648 AxInstSV (dd6a431b43e34b91a767d1ce33728175) C:\Windows\System32\AxInstSV.dll

20:01:57.0904 7648 AxInstSV - ok

20:01:57.0984 7648 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys

20:01:58.0034 7648 b06bdrv - ok

20:01:58.0094 7648 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

20:01:58.0144 7648 b57nd60x - ok

20:01:58.0194 7648 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll

20:01:58.0224 7648 BDESVC - ok

20:01:58.0284 7648 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

20:01:58.0334 7648 Beep - ok

20:01:58.0414 7648 bgsvcgen (acc9c8c560c567fad6f79c977ab2ea09) C:\Windows\System32\bgsvcgen.exe

20:01:58.0424 7648 bgsvcgen - ok

20:01:58.0474 7648 BITS (53f476476f55a27f580661bde09c4ec4) C:\Windows\system32\qmgr.dll

20:01:58.0534 7648 BITS - ok

20:01:58.0574 7648 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

20:01:58.0604 7648 blbdrive - ok

20:01:58.0744 7648 Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files\Bonjour\mDNSResponder.exe

20:01:58.0754 7648 Bonjour Service - ok

20:01:58.0914 7648 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys

20:01:58.0984 7648 bowser - ok

20:01:59.0004 7648 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys

20:01:59.0044 7648 BrFiltLo - ok

20:01:59.0074 7648 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys

20:01:59.0104 7648 BrFiltUp - ok

20:01:59.0214 7648 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys

20:01:59.0264 7648 BridgeMP - ok

20:01:59.0304 7648 Browser (598e1280e7ff3744f4b8329366cc5635) C:\Windows\System32\browser.dll

20:01:59.0344 7648 Browser - ok

20:01:59.0394 7648 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

20:01:59.0444 7648 Brserid - ok

20:01:59.0544 7648 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

20:01:59.0574 7648 BrSerWdm - ok

20:01:59.0604 7648 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

20:01:59.0644 7648 BrUsbMdm - ok

20:01:59.0674 7648 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

20:01:59.0704 7648 BrUsbSer - ok

20:01:59.0744 7648 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

20:01:59.0774 7648 BTHMODEM - ok

20:01:59.0854 7648 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll

20:01:59.0904 7648 bthserv - ok

20:02:00.0004 7648 catchme - ok

20:02:00.0054 7648 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

20:02:00.0104 7648 cdfs - ok

20:02:00.0174 7648 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys

20:02:00.0214 7648 cdrom - ok

20:02:00.0294 7648 CertPropSvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll

20:02:00.0354 7648 CertPropSvc - ok

20:02:00.0394 7648 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys

20:02:00.0414 7648 circlass - ok

20:02:00.0474 7648 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

20:02:00.0494 7648 CLFS - ok

20:02:00.0584 7648 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

20:02:00.0624 7648 clr_optimization_v2.0.50727_32 - ok

20:02:00.0754 7648 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

20:02:00.0774 7648 clr_optimization_v4.0.30319_32 - ok

20:02:00.0854 7648 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

20:02:00.0904 7648 CmBatt - ok

20:02:00.0934 7648 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys

20:02:00.0944 7648 cmdide - ok

20:02:01.0004 7648 CNG (36c252e474b2ffa0f0fbbff20d92a640) C:\Windows\system32\Drivers\cng.sys

20:02:01.0024 7648 CNG - ok

20:02:01.0064 7648 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

20:02:01.0074 7648 Compbatt - ok

20:02:01.0084 7648 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys

20:02:01.0094 7648 CompositeBus - ok

20:02:01.0144 7648 COMSysApp - ok

20:02:01.0204 7648 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys

20:02:01.0214 7648 crcdisk - ok

20:02:01.0244 7648 CryptSvc (9c231178ce4fb385f4b54b0a9080b8a4) C:\Windows\system32\cryptsvc.dll

20:02:01.0294 7648 CryptSvc - ok

20:02:01.0354 7648 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys

20:02:01.0404 7648 CSC - ok

20:02:01.0474 7648 CscService (56fb5f222ea30d3d3fc459879772cb73) C:\Windows\System32\cscsvc.dll

20:02:01.0514 7648 CscService - ok

20:02:01.0634 7648 CtClsFlt (d7d3bb3a3df1193ec0fdbb24d4540fb5) C:\Windows\system32\DRIVERS\CtClsFlt.sys

20:02:01.0664 7648 CtClsFlt - ok

20:02:01.0764 7648 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\Windows\system32\DRIVERS\ctxusbm.sys

20:02:01.0774 7648 ctxusbm - ok

20:02:01.0854 7648 dc3d (7caaf4af453ef3582fef65dd72caa0aa) C:\Windows\system32\DRIVERS\dc3d.sys

20:02:01.0924 7648 dc3d - ok

20:02:01.0964 7648 DcomLaunch (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll

20:02:02.0054 7648 DcomLaunch - ok

20:02:02.0114 7648 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll

20:02:02.0164 7648 defragsvc - ok

20:02:02.0224 7648 Dell1100_FUService - ok

20:02:02.0304 7648 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys

20:02:02.0324 7648 DfsC - ok

20:02:02.0374 7648 Dhcp (c56495fbd770712367cad35e5de72da6) C:\Windows\system32\dhcpcore.dll

20:02:02.0444 7648 Dhcp - ok

20:02:02.0494 7648 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

20:02:02.0544 7648 discache - ok

20:02:02.0654 7648 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

20:02:02.0664 7648 Disk - ok

20:02:02.0714 7648 Dnscache (b15be77a2bacf9c3177d27518afe26a9) C:\Windows\System32\dnsrslvr.dll

20:02:02.0744 7648 Dnscache - ok

20:02:02.0794 7648 dot3svc (4408c85c21eea48eb0ce486baeef0502) C:\Windows\System32\dot3svc.dll

20:02:02.0844 7648 dot3svc - ok

20:02:02.0874 7648 DPS (7fa81c6e11caa594adb52084da73a1e5) C:\Windows\system32\dps.dll

20:02:02.0914 7648 DPS - ok

20:02:03.0034 7648 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

20:02:03.0084 7648 drmkaud - ok

20:02:03.0174 7648 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys

20:02:03.0194 7648 DXGKrnl - ok

20:02:03.0274 7648 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll

20:02:03.0324 7648 EapHost - ok

20:02:03.0434 7648 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys

20:02:03.0494 7648 ebdrv - ok

20:02:03.0604 7648 EFS (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\System32\lsass.exe

20:02:03.0644 7648 EFS - ok

20:02:03.0714 7648 ehRecvr (1697c39978cd69f6fbc15302edcece1f) C:\Windows\ehome\ehRecvr.exe

20:02:03.0764 7648 ehRecvr - ok

20:02:03.0794 7648 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe

20:02:03.0824 7648 ehSched - ok

20:02:03.0894 7648 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys

20:02:03.0904 7648 elxstor - ok

20:02:03.0984 7648 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys

20:02:04.0034 7648 ErrDev - ok

20:02:04.0134 7648 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll

20:02:04.0194 7648 EventSystem - ok

20:02:04.0214 7648 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

20:02:04.0244 7648 exfat - ok

20:02:04.0274 7648 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

20:02:04.0294 7648 fastfat - ok

20:02:04.0334 7648 Fax (f7ea23cc5e6bf2181f3f399d54f6efc1) C:\Windows\system32\fxssvc.exe

20:02:04.0384 7648 Fax - ok

20:02:04.0494 7648 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

20:02:04.0524 7648 fdc - ok

20:02:04.0564 7648 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll

20:02:04.0604 7648 fdPHost - ok

20:02:04.0634 7648 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll

20:02:04.0684 7648 FDResPub - ok

20:02:04.0714 7648 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

20:02:04.0724 7648 FileInfo - ok

20:02:04.0844 7648 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

20:02:04.0874 7648 Filetrace - ok

20:02:04.0894 7648 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys

20:02:04.0924 7648 flpydisk - ok

20:02:04.0974 7648 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

20:02:04.0984 7648 FltMgr - ok

20:02:05.0044 7648 FontCache (7fe4995528a7529a761875151ee3d512) C:\Windows\system32\FntCache.dll

20:02:05.0094 7648 FontCache - ok

20:02:05.0194 7648 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

20:02:05.0194 7648 FontCache3.0.0.0 - ok

20:02:05.0274 7648 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

20:02:05.0284 7648 FsDepends - ok

20:02:05.0294 7648 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys

20:02:05.0304 7648 Fs_Rec - ok

20:02:05.0344 7648 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys

20:02:05.0354 7648 fvevol - ok

20:02:05.0394 7648 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys

20:02:05.0404 7648 gagp30kx - ok

20:02:05.0494 7648 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

20:02:05.0504 7648 GEARAspiWDM - ok

20:02:05.0554 7648 gpsvc (8ba3c04702bf8f927ab36ae8313ca4ee) C:\Windows\System32\gpsvc.dll

20:02:05.0604 7648 gpsvc - ok

20:02:05.0694 7648 guardian2 (f058c5f64dff28a2c8d7d1d04171e604) C:\Windows\system32\Drivers\oz776.sys

20:02:05.0704 7648 guardian2 - ok

20:02:05.0734 7648 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

20:02:05.0774 7648 hcw85cir - ok

20:02:05.0844 7648 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys

20:02:05.0874 7648 HdAudAddService - ok

20:02:05.0964 7648 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys

20:02:06.0004 7648 HDAudBus - ok

20:02:06.0044 7648 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys

20:02:06.0074 7648 HidBatt - ok

20:02:06.0104 7648 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

20:02:06.0134 7648 HidBth - ok

20:02:06.0184 7648 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys

20:02:06.0224 7648 HidIr - ok

20:02:06.0264 7648 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll

20:02:06.0314 7648 hidserv - ok

20:02:06.0364 7648 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys

20:02:06.0404 7648 HidUsb - ok

20:02:06.0434 7648 hkmsvc (741c2a45ca8407e374aaba3e330b7872) C:\Windows\system32\kmsvc.dll

20:02:06.0484 7648 hkmsvc - ok

20:02:06.0514 7648 HomeGroupListener (a768ca158bb06782a2835b907f4873c3) C:\Windows\system32\ListSvc.dll

20:02:06.0554 7648 HomeGroupListener - ok

20:02:06.0614 7648 HomeGroupProvider (fb08dec5ef43d0c66d83b8e9694e7549) C:\Windows\system32\provsvc.dll

20:02:06.0654 7648 HomeGroupProvider - ok

20:02:06.0754 7648 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys

20:02:06.0764 7648 HpSAMD - ok

20:02:06.0804 7648 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys

20:02:06.0854 7648 HTTP - ok

20:02:06.0904 7648 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys

20:02:06.0914 7648 hwpolicy - ok

20:02:07.0004 7648 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys

20:02:07.0044 7648 i8042prt - ok

20:02:07.0114 7648 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys

20:02:07.0124 7648 iaStorV - ok

20:02:07.0234 7648 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

20:02:07.0274 7648 IDriverT ( UnsignedFile.Multi.Generic ) - warning

20:02:07.0274 7648 IDriverT - detected UnsignedFile.Multi.Generic (1)

20:02:07.0394 7648 idsvc (5af815eb5bc9802e5a064e2ba62bfc0c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

20:02:07.0414 7648 idsvc - ok

20:02:07.0514 7648 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys

20:02:07.0534 7648 iirsp - ok

20:02:07.0604 7648 IKEEXT (fac0ee6562b121b1399d6e855583f7a5) C:\Windows\System32\ikeext.dll

20:02:07.0654 7648 IKEEXT - ok

20:02:07.0744 7648 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys

20:02:07.0754 7648 intelide - ok

20:02:07.0784 7648 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

20:02:07.0824 7648 intelppm - ok

20:02:07.0874 7648 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll

20:02:07.0934 7648 IPBusEnum - ok

20:02:07.0954 7648 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

20:02:08.0014 7648 IpFilterDriver - ok

20:02:08.0084 7648 iphlpsvc (477397b432a256a50ee7e4339eb9ea14) C:\Windows\System32\iphlpsvc.dll

20:02:08.0144 7648 iphlpsvc - ok

20:02:08.0214 7648 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys

20:02:08.0254 7648 IPMIDRV - ok

20:02:08.0284 7648 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

20:02:08.0334 7648 IPNAT - ok

20:02:08.0424 7648 iPod Service (6e27978a4755f4789f912f5f49392f7c) C:\Program Files\iPod\bin\iPodService.exe

20:02:08.0474 7648 iPod Service - ok

20:02:08.0564 7648 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

20:02:08.0574 7648 IRENUM - ok

20:02:08.0614 7648 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys

20:02:08.0624 7648 isapnp - ok

20:02:08.0644 7648 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys

20:02:08.0664 7648 iScsiPrt - ok

20:02:08.0694 7648 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys

20:02:08.0704 7648 kbdclass - ok

20:02:08.0734 7648 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys

20:02:08.0764 7648 kbdhid - ok

20:02:08.0804 7648 KeyIso (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe

20:02:08.0814 7648 KeyIso - ok

20:02:08.0864 7648 KSecDD (0263364acb9c834ace52fb85c2c064ec) C:\Windows\system32\Drivers\ksecdd.sys

20:02:08.0874 7648 KSecDD - ok

20:02:08.0974 7648 KSecPkg (27391db553be2a4e2b0adeea2873b2af) C:\Windows\system32\Drivers\ksecpkg.sys

20:02:08.0984 7648 KSecPkg - ok

20:02:09.0024 7648 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll

20:02:09.0074 7648 KtmRm - ok

20:02:09.0184 7648 LanmanServer (8f6bf790d3168224c16f2af68a84438c) C:\Windows\System32\srvsvc.dll

20:02:09.0224 7648 LanmanServer - ok

20:02:09.0294 7648 LanmanWorkstation (b9891f885dcf1f0513a51cb58493cb1f) C:\Windows\System32\wkssvc.dll

20:02:09.0344 7648 LanmanWorkstation - ok

20:02:09.0494 7648 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

20:02:09.0534 7648 lltdio - ok

20:02:09.0574 7648 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll

20:02:09.0634 7648 lltdsvc - ok

20:02:09.0654 7648 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll

20:02:09.0714 7648 lmhosts - ok

20:02:09.0784 7648 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys

20:02:09.0794 7648 LSI_FC - ok

20:02:09.0834 7648 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys

20:02:09.0854 7648 LSI_SAS - ok

20:02:09.0874 7648 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys

20:02:09.0884 7648 LSI_SAS2 - ok

20:02:09.0914 7648 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys

20:02:09.0934 7648 LSI_SCSI - ok

20:02:09.0964 7648 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

20:02:10.0014 7648 luafv - ok

20:02:10.0054 7648 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys

20:02:10.0074 7648 MBAMProtector - ok

20:02:10.0164 7648 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

20:02:10.0184 7648 MBAMService - ok

20:02:10.0314 7648 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\Windows\system32\DRIVERS\mcdbus.sys

20:02:10.0344 7648 mcdbus ( UnsignedFile.Multi.Generic ) - warning

20:02:10.0344 7648 mcdbus - detected UnsignedFile.Multi.Generic (1)

20:02:10.0384 7648 Mcx2Svc (e2b0887816ed336685954e3d8fdaa51d) C:\Windows\system32\Mcx2Svc.dll

20:02:10.0424 7648 Mcx2Svc - ok

20:02:10.0464 7648 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys

20:02:10.0474 7648 megasas - ok

20:02:10.0584 7648 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys

20:02:10.0604 7648 MegaSR - ok

20:02:10.0684 7648 Microsoft SharePoint Workspace Audit Service - ok

20:02:10.0764 7648 MicrosoftDynamicsNavServer (5da917ccfcceed280cfddbe94aae9b3f) C:\Program Files\Microsoft Dynamics NAV\60\Service\Microsoft.Dynamics.Nav.Server.exe

20:02:10.0774 7648 MicrosoftDynamicsNavServer - ok

20:02:10.0774 7648 MicrosoftDynamicsNavWS (5da917ccfcceed280cfddbe94aae9b3f) C:\Program Files\Microsoft Dynamics NAV\60\Service\Microsoft.Dynamics.Nav.Server.exe

20:02:10.0784 7648 MicrosoftDynamicsNavWS - ok

20:02:10.0854 7648 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll

20:02:10.0904 7648 MMCSS - ok

20:02:10.0954 7648 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

20:02:11.0004 7648 Modem - ok

20:02:11.0044 7648 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

20:02:11.0074 7648 monitor - ok

20:02:11.0114 7648 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys

20:02:11.0124 7648 mouclass - ok

20:02:11.0164 7648 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

20:02:11.0194 7648 mouhid - ok

20:02:11.0294 7648 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys

20:02:11.0304 7648 mountmgr - ok

20:02:11.0324 7648 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys

20:02:11.0344 7648 mpio - ok

20:02:11.0364 7648 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

20:02:11.0434 7648 mpsdrv - ok

20:02:11.0474 7648 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys

20:02:11.0494 7648 MRxDAV - ok

20:02:11.0544 7648 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys

20:02:11.0594 7648 mrxsmb - ok

20:02:11.0714 7648 mrxsmb10 (c108952d3660375dcb716b222912e868) C:\Windows\system32\DRIVERS\mrxsmb10.sys

20:02:11.0744 7648 mrxsmb10 - ok

20:02:11.0764 7648 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys

20:02:11.0784 7648 mrxsmb20 - ok

20:02:11.0824 7648 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys

20:02:11.0834 7648 msahci - ok

20:02:11.0864 7648 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys

20:02:11.0874 7648 msdsm - ok

20:02:11.0914 7648 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe

20:02:11.0954 7648 MSDTC - ok

20:02:12.0034 7648 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

20:02:12.0064 7648 Msfs - ok

20:02:12.0074 7648 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

20:02:12.0124 7648 mshidkmdf - ok

20:02:12.0174 7648 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys

20:02:12.0184 7648 msisadrv - ok

20:02:12.0214 7648 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll

20:02:12.0244 7648 MSiSCSI - ok

20:02:12.0254 7648 msiserver - ok

20:02:12.0294 7648 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

20:02:12.0334 7648 MSKSSRV - ok

20:02:12.0424 7648 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

20:02:12.0474 7648 MSPCLOCK - ok

20:02:12.0524 7648 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

20:02:12.0554 7648 MSPQM - ok

20:02:12.0574 7648 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

20:02:12.0584 7648 MsRPC - ok

20:02:12.0604 7648 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys

20:02:12.0614 7648 mssmbios - ok

20:02:12.0764 7648 MSSQLSERVER - ok

20:02:12.0844 7648 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe

20:02:12.0854 7648 MSSQLServerADHelper - ok

20:02:12.0944 7648 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

20:02:12.0974 7648 MSTEE - ok

20:02:13.0004 7648 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys

20:02:13.0044 7648 MTConfig - ok

20:02:13.0074 7648 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

20:02:13.0084 7648 Mup - ok

20:02:13.0114 7648 napagent (80284f1985c70c86f0b5f86da2dfe1df) C:\Windows\system32\qagentRT.dll

20:02:13.0164 7648 napagent - ok

20:02:13.0204 7648 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

20:02:13.0244 7648 NativeWifiP - ok

20:02:13.0284 7648 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys

20:02:13.0314 7648 NDIS - ok

20:02:13.0414 7648 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

20:02:13.0464 7648 NdisCap - ok

20:02:13.0504 7648 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

20:02:13.0544 7648 NdisTapi - ok

20:02:13.0584 7648 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys

20:02:13.0634 7648 Ndisuio - ok

20:02:13.0744 7648 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys

20:02:13.0774 7648 NdisWan - ok

20:02:13.0794 7648 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys

20:02:13.0824 7648 NDProxy - ok

20:02:13.0844 7648 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

20:02:13.0894 7648 NetBIOS - ok

20:02:13.0924 7648 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys

20:02:13.0974 7648 NetBT - ok

20:02:14.0014 7648 Netlogon (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe

20:02:14.0034 7648 Netlogon - ok

20:02:14.0094 7648 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll

20:02:14.0144 7648 Netman - ok

20:02:14.0194 7648 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll

20:02:14.0244 7648 netprofm - ok

20:02:14.0314 7648 NetTcpPortSharing (fe2aa5a684b0dd9b1fae57b7817c198b) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

20:02:14.0324 7648 NetTcpPortSharing - ok

20:02:14.0434 7648 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys

20:02:14.0554 7648 netw5v32 - ok

20:02:14.0684 7648 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys

20:02:14.0694 7648 nfrd960 - ok

20:02:14.0734 7648 NlaSvc (2226496e34bd40734946a054b1cd657f) C:\Windows\System32\nlasvc.dll

20:02:14.0794 7648 NlaSvc - ok

20:02:14.0814 7648 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

20:02:14.0854 7648 Npfs - ok

20:02:14.0874 7648 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll

20:02:14.0904 7648 nsi - ok

20:02:14.0924 7648 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

20:02:14.0974 7648 nsiproxy - ok

20:02:15.0124 7648 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys

20:02:15.0164 7648 Ntfs - ok

20:02:15.0174 7648 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

20:02:15.0214 7648 Null - ok

20:02:15.0534 7648 nvlddmkm (66b4bf606fcc7f0622d4a21bb1461089) C:\Windows\system32\DRIVERS\nvlddmkm.sys

20:02:15.0824 7648 nvlddmkm - ok

20:02:15.0994 7648 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys

20:02:16.0014 7648 nvraid - ok

20:02:16.0024 7648 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys

20:02:16.0034 7648 nvstor - ok

20:02:16.0084 7648 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys

20:02:16.0104 7648 nv_agp - ok

20:02:16.0124 7648 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys

20:02:16.0164 7648 ohci1394 - ok

20:02:16.0224 7648 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

20:02:16.0234 7648 ose - ok

20:02:16.0404 7648 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

20:02:16.0524 7648 osppsvc - ok

20:02:16.0604 7648 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll

20:02:16.0644 7648 p2pimsvc - ok

20:02:16.0684 7648 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll

20:02:16.0724 7648 p2psvc - ok

20:02:16.0774 7648 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

20:02:16.0815 7648 Parport - ok

20:02:16.0831 7648 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys

20:02:16.0846 7648 partmgr - ok

20:02:16.0862 7648 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

20:02:16.0919 7648 Parvdm - ok

20:02:16.0999 7648 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll

20:02:17.0019 7648 PcaSvc - ok

20:02:17.0039 7648 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys

20:02:17.0049 7648 pci - ok

20:02:17.0069 7648 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys

20:02:17.0079 7648 pciide - ok

20:02:17.0109 7648 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys

20:02:17.0119 7648 pcmcia - ok

20:02:17.0139 7648 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

20:02:17.0159 7648 pcw - ok

20:02:17.0209 7648 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

20:02:17.0279 7648 PEAUTH - ok

20:02:17.0369 7648 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll

20:02:17.0419 7648 PeerDistSvc - ok

20:02:17.0489 7648 pla (9c1bff7910c89a1d12e57343475840cb) C:\Windows\system32\pla.dll

20:02:17.0559 7648 pla - ok

20:02:17.0679 7648 PlugPlay (71def5ec79774c798342d0ea16e41780) C:\Windows\system32\umpnpmgr.dll

20:02:17.0729 7648 PlugPlay - ok

20:02:17.0819 7648 Pml Driver HPZ12 (13fbe33e8ab8284c6a3c6ce86fa59ea0) C:\Windows\system32\HPZipm12.dll

20:02:17.0859 7648 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

20:02:17.0859 7648 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

20:02:17.0899 7648 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll

20:02:17.0939 7648 PNRPAutoReg - ok

20:02:17.0969 7648 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll

20:02:17.0989 7648 PNRPsvc - ok

20:02:18.0109 7648 Point32 (896d916de06f5502d301e8c4dc442ae8) C:\Windows\system32\DRIVERS\point32.sys

20:02:18.0119 7648 Point32 - ok

20:02:18.0149 7648 PolicyAgent (48e1b75c6dc0232fd92baae4bd344721) C:\Windows\System32\ipsecsvc.dll

20:02:18.0209 7648 PolicyAgent - ok

20:02:18.0249 7648 Power (dbff83f709a91049621c1d35dd45c92c) C:\Windows\system32\umpo.dll

20:02:18.0289 7648 Power - ok

20:02:18.0379 7648 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

20:02:18.0439 7648 PptpMiniport - ok

20:02:18.0549 7648 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys

20:02:18.0589 7648 Processor - ok

20:02:18.0649 7648 ProfSvc (630cf26f0227498b7d5a92b12548960f) C:\Windows\system32\profsvc.dll

20:02:18.0709 7648 ProfSvc - ok

20:02:18.0779 7648 ProtectedStorage (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe

20:02:18.0799 7648 ProtectedStorage - ok

20:02:18.0889 7648 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

20:02:18.0939 7648 Psched - ok

20:02:18.0985 7648 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys

20:02:19.0017 7648 ql2300 - ok

20:02:19.0126 7648 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys

20:02:19.0141 7648 ql40xx - ok

20:02:19.0173 7648 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll

20:02:19.0219 7648 QWAVE - ok

20:02:19.0235 7648 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

20:02:19.0266 7648 QWAVEdrv - ok

20:02:19.0329 7648 RapiMgr (8f97d374ad1857e1eed85a79f29a1d3d) C:\Windows\WindowsMobile\rapimgr.dll

20:02:19.0344 7648 RapiMgr - ok

20:02:19.0360 7648 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

20:02:19.0407 7648 RasAcd - ok

20:02:19.0563 7648 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

20:02:19.0594 7648 RasAgileVpn - ok

20:02:19.0609 7648 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll

20:02:19.0641 7648 RasAuto - ok

20:02:19.0672 7648 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

20:02:19.0719 7648 Rasl2tp - ok

20:02:19.0765 7648 RasMan (0ce66ec736b7fc526d78f7624c7d2a94) C:\Windows\System32\rasmans.dll

20:02:19.0828 7648 RasMan - ok

20:02:19.0953 7648 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

20:02:19.0999 7648 RasPppoe - ok

20:02:20.0046 7648 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

20:02:20.0077 7648 RasSstp - ok

20:02:20.0093 7648 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys

20:02:20.0124 7648 rdbss - ok

20:02:20.0140 7648 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

20:02:20.0155 7648 rdpbus - ok

20:02:20.0187 7648 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys

20:02:20.0218 7648 RDPCDD - ok

20:02:20.0311 7648 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys

20:02:20.0343 7648 RDPDR - ok

20:02:20.0405 7648 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

20:02:20.0436 7648 RDPENCDD - ok

20:02:20.0467 7648 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

20:02:20.0530 7648 RDPREFMP - ok

20:02:20.0561 7648 RDPWD (0399c725a9c95a6f1862b93f008ddf4a) C:\Windows\system32\drivers\RDPWD.sys

20:02:20.0577 7648 RDPWD - ok

20:02:20.0608 7648 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys

20:02:20.0623 7648 rdyboost - ok

20:02:20.0686 7648 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll

20:02:20.0717 7648 RemoteAccess - ok

20:02:20.0764 7648 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll

20:02:20.0811 7648 RemoteRegistry - ok

20:02:20.0873 7648 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys

20:02:20.0935 7648 rimmptsk - ok

20:02:20.0951 7648 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys

20:02:20.0967 7648 rimsptsk - ok

20:02:20.0982 7648 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys

20:02:20.0998 7648 rismxdp - ok

20:02:21.0013 7648 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll

20:02:21.0076 7648 RpcEptMapper - ok

20:02:21.0154 7648 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe

20:02:21.0185 7648 RpcLocator - ok

20:02:21.0232 7648 RpcSs (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll

20:02:21.0263 7648 RpcSs - ok

20:02:21.0310 7648 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

20:02:21.0372 7648 rspndr - ok

20:02:21.0403 7648 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys

20:02:21.0450 7648 s3cap - ok

20:02:21.0481 7648 SamSs (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe

20:02:21.0497 7648 SamSs - ok

20:02:21.0575 7648 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys

20:02:21.0591 7648 sbp2port - ok

20:02:21.0637 7648 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll

20:02:21.0684 7648 SCardSvr - ok

20:02:21.0731 7648 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys

20:02:21.0793 7648 scfilter - ok

20:02:21.0840 7648 Schedule (df1e5c82e4d09cf8105cc644980c4803) C:\Windows\system32\schedsvc.dll

20:02:21.0903 7648 Schedule - ok

20:02:21.0965 7648 SCPolicySvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll

20:02:21.0996 7648 SCPolicySvc - ok

20:02:22.0074 7648 sdbus (aa826e35f6d28a8e5d1efeb337f24ba2) C:\Windows\system32\drivers\sdbus.sys

20:02:22.0137 7648 sdbus - ok

20:02:22.0168 7648 SDRSVC (5fd90abdbfaee85986802622cbb03446) C:\Windows\System32\SDRSVC.dll

20:02:22.0199 7648 SDRSVC - ok

20:02:22.0293 7648 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

20:02:22.0324 7648 secdrv - ok

20:02:22.0386 7648 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll

20:02:22.0433 7648 seclogon - ok

20:02:22.0464 7648 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll

20:02:22.0511 7648 SENS - ok

20:02:22.0558 7648 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll

20:02:22.0620 7648 SensrSvc - ok

20:02:22.0667 7648 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

20:02:22.0683 7648 Serenum - ok

20:02:22.0698 7648 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

20:02:22.0714 7648 Serial - ok

20:02:22.0761 7648 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys

20:02:22.0792 7648 sermouse - ok

20:02:22.0839 7648 SessionEnv (8f55ce568c543d5adf45c409d16718fc) C:\Windows\system32\sessenv.dll

20:02:22.0885 7648 SessionEnv - ok

20:02:22.0932 7648 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys

20:02:22.0963 7648 sffdisk - ok

20:02:22.0995 7648 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys

20:02:22.0995 7648 sffp_mmc - ok

20:02:23.0041 7648 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\drivers\sffp_sd.sys

20:02:23.0073 7648 sffp_sd - ok

20:02:23.0104 7648 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys

20:02:23.0135 7648 sfloppy - ok

20:02:23.0213 7648 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll

20:02:23.0275 7648 SharedAccess - ok

20:02:23.0322 7648 ShellHWDetection (cd2e48fa5b29ee2b3b5858056d246ef2) C:\Windows\System32\shsvcs.dll

20:02:23.0369 7648 ShellHWDetection - ok

20:02:23.0400 7648 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys

20:02:23.0400 7648 sisagp - ok

20:02:23.0463 7648 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys

20:02:23.0478 7648 SiSRaid2 - ok

20:02:23.0494 7648 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys

20:02:23.0509 7648 SiSRaid4 - ok

20:02:23.0572 7648 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

20:02:23.0619 7648 Smb - ok

20:02:23.0650 7648 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe

20:02:23.0681 7648 SNMPTRAP - ok

20:02:23.0697 7648 sonicstagemonitoring - ok

20:02:23.0728 7648 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

20:02:23.0743 7648 spldr - ok

20:02:23.0775 7648 Spooler (d1bb750eb51694de183e08b9c33be5b2) C:\Windows\System32\spoolsv.exe

20:02:23.0821 7648 Spooler - ok

20:02:23.0915 7648 sppsvc (4c287f9069fedbd791178876ee9de536) C:\Windows\system32\sppsvc.exe

20:02:24.0009 7648 sppsvc - ok

20:02:24.0087 7648 sppuinotify (d8e3e19eebdab49dd4a8d3062ead4ec7) C:\Windows\system32\sppuinotify.dll

20:02:24.0133 7648 sppuinotify - ok

20:02:24.0284 7648 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

20:02:24.0299 7648 SQLBrowser - ok

20:02:24.0346 7648 SQLWriter (d89083c4eb02daca8f944b0e05e57f9d) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

20:02:24.0362 7648 SQLWriter - ok

20:02:24.0409 7648 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys

20:02:24.0471 7648 srv - ok

20:02:24.0502 7648 srv1A8 - ok

20:02:24.0549 7648 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys

20:02:24.0580 7648 srv2 - ok

20:02:24.0611 7648 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS

20:02:24.0658 7648 SrvHsfHDA - ok

20:02:24.0689 7648 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS

20:02:24.0736 7648 SrvHsfV92 - ok

20:02:24.0767 7648 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS

20:02:24.0799 7648 SrvHsfWinac - ok

20:02:24.0892 7648 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys

20:02:24.0923 7648 srvnet - ok

20:02:24.0970 7648 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll

20:02:25.0001 7648 SSDPSRV - ok

20:02:25.0017 7648 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll

20:02:25.0079 7648 SstpSvc - ok

20:02:25.0142 7648 Steam Client Service - ok

20:02:25.0173 7648 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys

20:02:25.0189 7648 stexstor - ok

20:02:25.0267 7648 StiSvc (a22825e7bb7018e8af3e229a5af17221) C:\Windows\System32\wiaservc.dll

20:02:25.0313 7648 StiSvc - ok

20:02:25.0345 7648 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys

20:02:25.0360 7648 storflt - ok

20:02:25.0376 7648 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll

20:02:25.0391 7648 StorSvc - ok

20:02:25.0423 7648 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys

20:02:25.0423 7648 storvsc - ok

20:02:25.0454 7648 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys

20:02:25.0454 7648 swenum - ok

20:02:25.0501 7648 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll

20:02:25.0547 7648 swprv - ok

20:02:25.0672 7648 SynTP (451e8037e2eb6da6bdf0a66f65d1810b) C:\Windows\system32\DRIVERS\SynTP.sys

20:02:25.0688 7648 SynTP - ok

20:02:25.0750 7648 SysMain (04105c8da62353589c29bdaeb8d88bd8) C:\Windows\system32\sysmain.dll

20:02:25.0813 7648 SysMain - ok

20:02:25.0891 7648 TabletInputService (fcfb6c552fbc0da299799cbd50ad9fd4) C:\Windows\System32\TabSvc.dll

20:02:25.0937 7648 TabletInputService - ok

20:02:25.0969 7648 TapiSrv (2f46b0c70a4adc8c90cf825da3b4feaf) C:\Windows\System32\tapisrv.dll

20:02:26.0000 7648 TapiSrv - ok

20:02:26.0015 7648 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll

20:02:26.0062 7648 TBS - ok

20:02:26.0156 7648 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\drivers\tcpip.sys

20:02:26.0203 7648 Tcpip - ok

20:02:26.0265 7648 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\DRIVERS\tcpip.sys

20:02:26.0312 7648 TCPIP6 - ok

20:02:26.0343 7648 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys

20:02:26.0374 7648 tcpipreg - ok

20:02:26.0405 7648 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys

20:02:26.0437 7648 TDPIPE - ok

20:02:26.0483 7648 TDTCP (7156308896d34ea75a582f9a09e50c17) C:\Windows\system32\drivers\tdtcp.sys

20:02:26.0515 7648 TDTCP - ok

20:02:26.0561 7648 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys

20:02:26.0624 7648 tdx - ok

20:02:26.0702 7648 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys

20:02:26.0702 7648 TermDD - ok

20:02:26.0749 7648 TermService (a01e50a04d7b1960b33e92b9080e6a94) C:\Windows\System32\termsrv.dll

20:02:26.0800 7648 TermService - ok

20:02:26.0830 7648 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll

20:02:26.0850 7648 Themes - ok

20:02:26.0880 7648 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll

20:02:26.0910 7648 THREADORDER - ok

20:02:26.0940 7648 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll

20:02:26.0990 7648 TrkWks - ok

20:02:27.0060 7648 TrustedInstaller (41a4c781d2286208d397d72099304133) C:\Windows\servicing\TrustedInstaller.exe

20:02:27.0080 7648 TrustedInstaller - ok

20:02:27.0160 7648 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys

20:02:27.0220 7648 tssecsrv - ok

20:02:27.0250 7648 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys

20:02:27.0290 7648 tunnel - ok

20:02:27.0310 7648 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys

20:02:27.0320 7648 uagp35 - ok

20:02:27.0370 7648 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys

20:02:27.0430 7648 udfs - ok

20:02:27.0490 7648 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe

20:02:27.0530 7648 UI0Detect - ok

20:02:27.0590 7648 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys

20:02:27.0600 7648 uliagpkx - ok

20:02:27.0630 7648 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys

20:02:27.0670 7648 umbus - ok

20:02:27.0710 7648 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys

20:02:27.0750 7648 UmPass - ok

20:02:27.0810 7648 UmRdpService (8ecaca5454844f66386f7be4ae0d7cd1) C:\Windows\System32\umrdp.dll

20:02:27.0840 7648 UmRdpService - ok

20:02:27.0910 7648 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll

20:02:27.0950 7648 upnphost - ok

20:02:28.0010 7648 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys

20:02:28.0020 7648 USBAAPL - ok

20:02:28.0080 7648 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys

20:02:28.0120 7648 usbaudio - ok

20:02:28.0160 7648 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys

20:02:28.0200 7648 usbccgp - ok

20:02:28.0320 7648 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys

20:02:28.0350 7648 usbcir - ok

20:02:28.0380 7648 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\DRIVERS\usbehci.sys

20:02:28.0400 7648 usbehci - ok

20:02:28.0440 7648 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys

20:02:28.0470 7648 usbhub - ok

20:02:28.0510 7648 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\drivers\usbohci.sys

20:02:28.0550 7648 usbohci - ok

20:02:28.0580 7648 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

20:02:28.0630 7648 usbprint - ok

20:02:28.0760 7648 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS

20:02:28.0790 7648 USBSTOR - ok

20:02:28.0810 7648 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\DRIVERS\usbuhci.sys

20:02:28.0851 7648 usbuhci - ok

20:02:28.0929 7648 usb_rndisx (d82f43d15fdaa666856c0190cb73e7c9) C:\Windows\system32\DRIVERS\usb8023x.sys

20:02:28.0945 7648 usb_rndisx - ok

20:02:28.0976 7648 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll

20:02:29.0038 7648 UxSms - ok

20:02:29.0179 7648 V0650Vid (d52dfef8e9c947369e46c24b4fa70e9a) C:\Windows\system32\DRIVERS\V0650Vid.sys

20:02:29.0210 7648 V0650Vid - ok

20:02:29.0257 7648 VaultSvc (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe

20:02:29.0257 7648 VaultSvc - ok

20:02:29.0288 7648 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys

20:02:29.0303 7648 vdrvroot - ok

20:02:29.0319 7648 vds (8c4e7c49d3641bc9e299e466a7f8867d) C:\Windows\System32\vds.exe

20:02:29.0366 7648 vds - ok

20:02:29.0491 7648 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

20:02:29.0506 7648 vga - ok

20:02:29.0537 7648 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

20:02:29.0569 7648 VgaSave - ok

20:02:29.0600 7648 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys

20:02:29.0615 7648 vhdmp - ok

20:02:29.0647 7648 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys

20:02:29.0647 7648 viaagp - ok

20:02:29.0678 7648 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys

20:02:29.0709 7648 ViaC7 - ok

20:02:29.0740 7648 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys

20:02:29.0756 7648 viaide - ok

20:02:29.0865 7648 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys

20:02:29.0881 7648 vmbus - ok

20:02:29.0912 7648 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys

20:02:29.0927 7648 VMBusHID - ok

20:02:29.0959 7648 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys

20:02:29.0974 7648 volmgr - ok

20:02:29.0990 7648 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

20:02:30.0005 7648 volmgrx - ok

20:02:30.0037 7648 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys

20:02:30.0052 7648 volsnap - ok

20:02:30.0146 7648 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys

20:02:30.0161 7648 vsmraid - ok

20:02:30.0208 7648 VSS (7ea2bcd94d9cfaf4c556f5cc94532a6c) C:\Windows\system32\vssvc.exe

20:02:30.0255 7648 VSS - ok

20:02:30.0380 7648 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys

20:02:30.0411 7648 vwifibus - ok

20:02:30.0442 7648 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll

20:02:30.0505 7648 W32Time - ok

20:02:30.0536 7648 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys

20:02:30.0551 7648 WacomPen - ok

20:02:30.0583 7648 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys

20:02:30.0614 7648 WANARP - ok

20:02:30.0614 7648 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys

20:02:30.0661 7648 Wanarpv6 - ok

20:02:30.0754 7648 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe

20:02:30.0817 7648 WatAdminSvc - ok

20:02:30.0863 7648 wbengine (7790b77fe1e5ee47dcc66247095bb4c9) C:\Windows\system32\wbengine.exe

20:02:30.0910 7648 wbengine - ok

20:02:30.0957 7648 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll

20:02:31.0004 7648 WbioSrvc - ok

20:02:31.0082 7648 WcesComm (59e19bd13c3bdb857646b9e436ba27f7) C:\Windows\WindowsMobile\wcescomm.dll

20:02:31.0097 7648 WcesComm - ok

20:02:31.0160 7648 wcncsvc (6d9b75275c3e3a5f51aef81affadb2b6) C:\Windows\System32\wcncsvc.dll

20:02:31.0191 7648 wcncsvc - ok

20:02:31.0222 7648 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll

20:02:31.0253 7648 WcsPlugInService - ok

20:02:31.0285 7648 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys

20:02:31.0300 7648 Wd - ok

20:02:31.0316 7648 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

20:02:31.0347 7648 Wdf01000 - ok

20:02:31.0407 7648 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll

20:02:31.0447 7648 WdiServiceHost - ok

20:02:31.0457 7648 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll

20:02:31.0477 7648 WdiSystemHost - ok

20:02:31.0517 7648 WebClient (bb5ec38f8d4600119b4720bc5d4211f1) C:\Windows\System32\webclnt.dll

20:02:31.0557 7648 WebClient - ok

20:02:31.0587 7648 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll

20:02:31.0627 7648 Wecsvc - ok

20:02:31.0657 7648 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll

20:02:31.0697 7648 wercplsupport - ok

20:02:31.0717 7648 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll

20:02:31.0757 7648 WerSvc - ok

20:02:31.0807 7648 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

20:02:31.0847 7648 WfpLwf - ok

20:02:31.0897 7648 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

20:02:31.0907 7648 WIMMount - ok

20:02:31.0967 7648 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll

20:02:32.0007 7648 WinDefend - ok

20:02:32.0017 7648 WinHttpAutoProxySvc - ok

20:02:32.0067 7648 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll

20:02:32.0117 7648 Winmgmt - ok

20:02:32.0207 7648 WinRM (c4f5d3901d1b41d602ddc196e0b95b51) C:\Windows\system32\WsmSvc.dll

20:02:32.0257 7648 WinRM - ok

20:02:32.0307 7648 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUSB.sys

20:02:32.0337 7648 WinUsb - ok

20:02:32.0377 7648 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll

20:02:32.0437 7648 Wlansvc - ok

20:02:32.0567 7648 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys

20:02:32.0617 7648 WmiAcpi - ok

20:02:32.0687 7648 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe

20:02:32.0737 7648 wmiApSrv - ok

20:02:32.0837 7648 WMPNetworkSvc (77fbd400984cf72ba0fc4b3489d65f74) C:\Program Files\Windows Media Player\wmpnetwk.exe

20:02:32.0897 7648 WMPNetworkSvc - ok

20:02:32.0977 7648 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll

20:02:32.0997 7648 WPCSvc - ok

20:02:33.0017 7648 WPDBusEnum (b7f658a2ebc07129538ad9ab35212637) C:\Windows\system32\wpdbusenum.dll

20:02:33.0047 7648 WPDBusEnum - ok

20:02:33.0097 7648 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

20:02:33.0147 7648 ws2ifsl - ok

20:02:33.0227 7648 wscsvc (a661a76333057b383a06e65f0073222f) C:\Windows\system32\wscsvc.dll

20:02:33.0277 7648 wscsvc - ok

20:02:33.0287 7648 WSearch - ok

20:02:33.0347 7648 wuauserv (a33408cc036f9c08142b11be5e93f0a1) C:\Windows\system32\wuaueng.dll

20:02:33.0417 7648 wuauserv - ok

20:02:33.0547 7648 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys

20:02:33.0597 7648 WudfPf - ok

20:02:33.0617 7648 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys

20:02:33.0657 7648 WUDFRd - ok

20:02:33.0697 7648 wudfsvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\Windows\System32\WUDFSvc.dll

20:02:33.0757 7648 wudfsvc - ok

20:02:33.0797 7648 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll

20:02:33.0837 7648 WwanSvc - ok

20:02:33.0967 7648 xusb21 (c26c68bcbac1f33f890c226769759209) C:\Windows\system32\DRIVERS\xusb21.sys

20:02:34.0007 7648 xusb21 - ok

20:02:34.0047 7648 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

20:02:34.0154 7648 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

20:02:34.0154 7648 \Device\Harddisk0\DR0 - detected TDSS File System (1)

20:02:34.0154 7648 Boot (0x1200) (8e88f1c300f2dc34334438e92109adcd) \Device\Harddisk0\DR0\Partition0

20:02:34.0154 7648 \Device\Harddisk0\DR0\Partition0 - ok

20:02:34.0154 7648 ============================================================

20:02:34.0154 7648 Scan finished

20:02:34.0154 7648 ============================================================

20:02:34.0169 6608 Detected object count: 4

20:02:34.0169 6608 Actual detected object count: 4

20:04:06.0428 6608 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user

20:04:06.0428 6608 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:04:06.0428 6608 mcdbus ( UnsignedFile.Multi.Generic ) - skipped by user

20:04:06.0428 6608 mcdbus ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:04:06.0428 6608 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

20:04:06.0428 6608 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:04:06.0524 6608 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine

20:04:06.0534 6608 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine

20:04:06.0574 6608 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine

20:04:06.0574 6608 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine

20:04:06.0574 6608 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine

20:04:06.0584 6608 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine

20:04:06.0594 6608 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine

20:04:06.0594 6608 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine

20:04:06.0604 6608 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine

20:04:06.0604 6608 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine

20:04:06.0604 6608 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine

20:04:06.0614 6608 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine

20:04:06.0614 6608 \Device\Harddisk0\DR0\TDLFS - deleted

20:04:06.0614 6608 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete

20:04:31.0736 5256 Deinitialize success

Unhide restored most everything except the items when I first pop open my start menu - like the recently used programs and files...

Link to post
Share on other sites

OK, TDSSKiller found the rootkit > bad infection!

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

Note:

If you get the message Illegal operation attempted on registry key that has been marked for deletion. after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

ComboFix 12-04-09.05 - Shane 04/09/2012 20:27:57.5.2 - x86

Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3582.2661 [GMT -4:00]

Running from: c:\users\Shane\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((( Files Created from 2012-03-10 to 2012-04-10 )))))))))))))))))))))))))))))))

.

.

2012-04-10 00:33 . 2012-04-10 00:33 -------- d-----w- c:\users\Public\AppData\Local\temp

2012-04-10 00:33 . 2012-04-10 00:33 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-04-07 18:48 . 2012-04-10 00:40 -------- d-----w- c:\users\Shane\AppData\Local\temp

2012-04-07 17:22 . 2012-04-07 17:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-04-07 17:22 . 2011-12-10 19:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-04-07 16:42 . 2012-04-10 00:04 -------- d-----w- C:\TDSSKiller_Quarantine

2012-04-05 23:24 . 2012-04-05 23:24 117760 ----a-w- c:\programdata\Microsoft\Windows\DRM\D5C6.tmp

2012-03-29 02:10 . 2012-03-29 02:10 -------- d-----w- c:\users\Shane\AppData\Roaming\NVIDIA

2012-03-14 11:17 . 2011-11-19 14:25 3957616 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-03-14 11:17 . 2011-11-19 14:25 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-03-13 22:36 . 2012-02-03 04:01 2341376 ----a-w- c:\windows\system32\win32k.sys

2012-03-13 22:36 . 2012-02-10 05:41 1074176 ----a-w- c:\windows\system32\DWrite.dll

2012-03-13 22:36 . 2012-02-10 05:41 218624 ----a-w- c:\windows\system32\d3d10_1core.dll

2012-03-13 22:36 . 2012-02-10 05:41 161792 ----a-w- c:\windows\system32\d3d10_1.dll

2012-03-13 22:36 . 2012-02-10 05:41 1170944 ----a-w- c:\windows\system32\d3d10warp.dll

2012-03-13 22:36 . 2012-02-10 05:41 739840 ----a-w- c:\windows\system32\d2d1.dll

2012-03-13 22:36 . 2012-01-25 05:44 57856 ----a-w- c:\windows\system32\rdpwsx.dll

2012-03-13 22:36 . 2012-01-25 05:44 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-03-13 22:36 . 2012-01-25 05:40 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-03-13 22:36 . 2012-02-15 05:44 826368 ----a-w- c:\windows\system32\rdpcore.dll

2012-03-13 22:36 . 2012-02-15 04:22 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-03-13 22:36 . 2012-02-15 04:22 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-07 16:43 . 2009-07-13 23:15 387584 ----a-w- c:\windows\system32\drivers\csc.sys

2012-03-02 23:04 . 2011-08-24 00:38 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17 94208 ----a-w- c:\users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17 94208 ----a-w- c:\users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17 94208 ----a-w- c:\users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Facebook Update"="c:\users\Shane\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-08-28 137536]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]

"V0650Mon.exe"="c:\windows\V0650Mon.exe" [2010-02-23 28672]

"Rocket Live! Central 2"="c:\program files\Rocketfish HD Webcam\Live! Central\RFLVCentral2.exe" [2010-02-24 430247]

"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2009-09-13 103768]

"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-01-13 981680]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

.

c:\users\Shane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Shane\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]

MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2011-3-10 576000]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\srv1A8]

@="service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 srv1A8;srv1A8;c:\windows\system32\svchost.exe [2009-07-14 20992]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2010-03-26 144640]

R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 40320]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]

R3 MicrosoftDynamicsNavWS;Microsoft Dynamics NAV Business Web Services;c:\program files\Microsoft Dynamics NAV\60\Service\Microsoft.Dynamics.Nav.Server.exe [2009-08-14 141184]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]

R3 V0650Vid;Rocketfish HD Webcam Driver;c:\windows\system32\DRIVERS\V0650Vid.sys [2010-03-31 322176]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-25 1343400]

S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]

S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]

S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-10-07 230608]

S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]

S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-09-08 65584]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]

S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]

S2 MicrosoftDynamicsNavServer;Microsoft Dynamics NAV Server;c:\program files\Microsoft Dynamics NAV\60\Service\Microsoft.Dynamics.Nav.Server.exe [2009-08-14 141184]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134736]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272]

S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-10-04 16720]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]

S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]

S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]

S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]

S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

srv1A8

sonicstagemonitoring

ndasscsi

susbser

aracpi

AtcL002

Dell1100_FUService

cachemgr

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-6052232-4208316721-2272119812-1000Core.job

- c:\users\Shane\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-28 00:02]

.

2012-04-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-6052232-4208316721-2272119812-1000UA.job

- c:\users\Shane\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-28 00:02]

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105

Trusted Zone: caplugs.com\citrix

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\srv1A8]

"servicedll"="\\?\globalroot\Device\HarddiskVolume2\Windows\Temp\srv1A8.tmp"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(800)

c:\users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

------------------------ Other Running Processes ------------------------

.

c:\progra~1\AVG\AVG2012\avgrsx.exe

c:\program files\AVG\AVG2012\avgcsrvx.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\windows\System32\bgsvcgen.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe

c:\program files\AVG\AVG2012\avgnsx.exe

c:\program files\AVG\AVG2012\avgemcx.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\system32\taskhost.exe

c:\windows\system32\conhost.exe

.

**************************************************************************

.

Completion time: 2012-04-09 20:44:54 - machine was rebooted

ComboFix-quarantined-files.txt 2012-04-10 00:44

ComboFix2.txt 2012-04-07 18:48

ComboFix3.txt 2011-08-21 21:10

ComboFix4.txt 2011-08-19 00:16

ComboFix5.txt 2012-04-10 00:26

.

Pre-Run: 98,348,232,704 bytes free

Post-Run: 98,071,592,960 bytes free

.

- - End Of File - - D7848785C67A83D1668FE348E839DA8D

Link to post
Share on other sites

Malwarebytes Anti-Malware (Trial) 1.60.1.1000

www.malwarebytes.org

Database version: v2012.04.10.01

Windows 7 x86 NTFS

Internet Explorer 9.0.8112.16421

Shane :: SHANES-LAPTOP [administrator]

Protection: Disabled

4/9/2012 10:24:23 PM

mbam-log-2012-04-09 (22-24-23).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 202565

Time elapsed: 7 minute(s), 12 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Smart HDD still has a folder with a smart HDD exe and an uninstall app... should I delete that?

Yes delete them.

Ok - and another issue - my mouse driver is gone so my touchpad auto scroll - all that fun stuff is missing...

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :Filefind
    i8042prt.sys
    Calc.exe



  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Nope - Smart HDD popped back up as an icon on my desktop after a restart, and my start menu folders are all "empty".

Download and run RKill as outlined in the tutorial below...post back the log:

http://www.bleepingcomputer.com/forums/topic308364.html

Next....

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

MrC

Link to post
Share on other sites

SystemLook 30.07.11 by jpshortstuff

Log created at 22:22 on 11/04/2012 by Shane

Administrator - Elevation successful

========== Filefind ==========

Searching for "i8042prt.sys"

C:\Windows\System32\drivers\i8042prt.sys --ah--- 80896 bytes [23:11 13/07/2009] [23:11 13/07/2009] F151F0BDC47F4A28B1B20A0818EA36D6

C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_x86_neutral_0c4a1880f2aa5a72\i8042prt.sys --ah--- 80896 bytes [23:11 13/07/2009] [23:11 13/07/2009] F151F0BDC47F4A28B1B20A0818EA36D6

C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_x86_neutral_7a9084e0177406eb\i8042prt.sys --ah--- 80896 bytes [23:11 13/07/2009] [23:11 13/07/2009] F151F0BDC47F4A28B1B20A0818EA36D6

C:\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.1.7600.16385_none_9724c3fc3a4c81ef\i8042prt.sys --ah--- 80896 bytes [23:11 13/07/2009] [23:11 13/07/2009] F151F0BDC47F4A28B1B20A0818EA36D6

C:\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.1.7601.17514_none_9955d7c4373b0589\i8042prt.sys --ah--- 80896 bytes [23:11 13/07/2009] [23:11 13/07/2009] F151F0BDC47F4A28B1B20A0818EA36D6

C:\Windows\winsxs\x86_msmouse.inf_31bf3856ad364e35_6.1.7600.16385_none_4e0a61a033aec8c3\i8042prt.sys --ah--- 80896 bytes [23:11 13/07/2009] [23:11 13/07/2009] F151F0BDC47F4A28B1B20A0818EA36D6

Searching for "Calc.exe"

C:\Windows\System32\calc.exe --a---- 776192 bytes [23:41 13/07/2009] [01:14 14/07/2009] 4884DA7754823B44CCC2B2106F21146E

C:\Windows\winsxs\x86_microsoft-windows-calc_31bf3856ad364e35_6.1.7600.16385_none_a994575e7c0f8d6e\calc.exe --a---- 776192 bytes [23:41 13/07/2009] [01:14 14/07/2009] 4884DA7754823B44CCC2B2106F21146E

C:\Windows\winsxs\x86_microsoft-windows-calc_31bf3856ad364e35_6.1.7601.17514_none_abc56b2678fe1108\calc.exe --a---- 776192 bytes [14:08 26/05/2011] [12:16 20/11/2010] 60B7C0FEAD45F2066E5B805A91F4F0FC

-= EOF =-

Link to post
Share on other sites

Malwarebytes Anti-Malware (Trial) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.04.12.01

Windows 7 x86 NTFS

Internet Explorer 9.0.8112.16421

Shane :: SHANES-LAPTOP [administrator]

Protection: Enabled

4/11/2012 10:42:27 PM

mbam-log-2012-04-11 (22-42-27).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 205607

Time elapsed: 9 minute(s), 32 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

OK - but I don't see %TEMP% to move everything back. I found C:\ProgramData\Microsoft\Windows\Start Menu but every folder is actually empty even after changing my pref's to show all (known types and system are shown too) - Can I use that find utility to look for some other program that should be in one of those folders?

Link to post
Share on other sites

Unhide by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

Copyright 2008-2012 BleepingComputer.com

More Information about Unhide.exe can be found at this link:

http://www.bleepingcomputer.com/forums/topic405109.html

Program started at: 04/14/2012 10:21:24 AM

Windows Version: Windows 7

Please be patient while your files are made visible again.

Processing the C:\ drive

Finished processing the C:\ drive. 200586 files processed.

The C:\Users\Shane\AppData\Local\Temp\smtmp\ folder does not exist!!

Unhide cannot restore your missing shortcuts!!

Please see this topic in order to learn how to restore default

Start Menu shortcuts: http://www.bleepingcomputer.com/forums/topic405109.html

Searching for Windows Registry changes made by FakeHDD rogues.

- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System

- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced

No registry changes detected.

Restarting Explorer.exe in order to apply changes.

Program finished at: 04/14/2012 10:23:41 AM

Execution time: 0 hours(s), 2 minute(s), and 16 seconds(s)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.