Jump to content

Recommended Posts

HiJack this log right here

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 6:25:41 PM, on 5/1/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Users\MikeP\AppData\Local\Akamai\netsession_win.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Users\MikeP\AppData\Local\Akamai\netsession_win.exe

C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files (x86)\AVG\AVG2012\avgtray.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe

C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe

C:\Users\MikeP\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\MikeP\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\MikeP\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\MikeP\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\MikeP\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Users\MikeP\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\MikeP\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\MikeP\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\MikeP\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)

O2 - BHO: TSBHO Class - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (file missing)

O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

O4 - HKLM\..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe

O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Users\MikeP\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\MikeP\AppData\Local\Akamai\netsession_win.exe"

O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe

O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: TrueSuiteService (FPLService) - HP - C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe

O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

O23 - Service: HP Connection Manager 4.0 Service (hpCMSrv) - Hewlett-Packard Development Company L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe

O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)

O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

O23 - Service: RoxioNow Service - Roxio - C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 13113 bytes

And here are the most recent IP Block logs from malwarebytes

2012/04/29 21:10:09 -0700 MIKEP-HP MikeP MESSAGE Starting protection

2012/04/29 21:10:11 -0700 MIKEP-HP MikeP MESSAGE Protection started successfully

2012/04/29 21:10:14 -0700 MIKEP-HP MikeP MESSAGE Starting IP protection

2012/04/29 21:10:15 -0700 MIKEP-HP MikeP MESSAGE IP Protection started successfully

2012/04/29 21:10:38 -0700 MIKEP-HP MikeP IP-BLOCK 80.82.70.206 (Type: outgoing, Port: 49474, Process: chrome.exe)

2012/04/29 21:11:17 -0700 MIKEP-HP MikeP MESSAGE Executing scheduled update: Daily

2012/04/29 21:11:23 -0700 MIKEP-HP MikeP MESSAGE Starting database refresh

2012/04/29 21:11:23 -0700 MIKEP-HP MikeP MESSAGE Scheduled update executed successfully: database updated from version v2012.04.27.02 to version v2012.04.30.02

2012/04/29 21:11:23 -0700 MIKEP-HP MikeP MESSAGE Stopping IP protection

2012/04/29 21:12:12 -0700 MIKEP-HP MikeP MESSAGE IP Protection stopped

2012/04/29 21:12:13 -0700 MIKEP-HP MikeP MESSAGE Database refreshed successfully

2012/04/29 21:12:13 -0700 MIKEP-HP MikeP MESSAGE Starting IP protection

2012/04/29 21:12:14 -0700 MIKEP-HP MikeP MESSAGE IP Protection started successfully

2012/04/30 11:06:08 -0700 MIKEP-HP MikeP IP-BLOCK 67.43.237.147 (Type: incoming, Port: 13238, Process: svchost.exe)

2012/04/30 11:06:08 -0700 MIKEP-HP MikeP IP-BLOCK 67.43.237.147 (Type: incoming, Port: 13238, Process: svchost.exe)

Link to post
Share on other sites

Hello and :welcome:

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Download DDS by sUBs from one of the following links. Save it to your desktop.

    [*]Double click on the DDS icon, allow it to run.

    [*]A small box will open, with an explaination about the tool. No input is needed, the scan is running.

    [*]Notepad will open with the results.

    [*]Follow the instructions that pop up for posting the results.

    [*]Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Link to post
Share on other sites

thank you for your help!

here is the dds log

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by MikeP at 0:07:31 on 2012-05-02

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8140.5193 [GMT -7:00]

.

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\PROGRA~2\AVG\AVG2012\avgrsa.exe

C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files\IDT\WDM\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\Hpservice.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k WbioSvcGroup

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\IDT\WDM\AESTSr64.exe

C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Windows\SysWOW64\ezSharedSvcHost.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe

C:\Program Files (x86)\AVG\AVG2012\avgemca.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

C:\Users\MikeP\AppData\Local\Akamai\netsession_win.exe

C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Users\MikeP\AppData\Local\Akamai\netsession_win.exe

C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files (x86)\AVG\AVG2012\avgtray.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Zune\ZuneNss.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Program Files\Zune\WMZuneComm.exe

C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe

C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe

C:\Users\MikeP\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\MikeP\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\MikeP\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\MikeP\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\MikeP\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\MikeP\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = <local>

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File

BHO: TrueSuite Website Log On: {8590886e-ec8c-43c1-a32c-e4c2b0b6395b} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

uRun: [Google Update] "C:\Users\MikeP\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [Akamai NetSession Interface] "C:\Users\MikeP\AppData\Local\Akamai\netsession_win.exe"

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe

mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

StartupFolder: C:\Users\MikeP\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{0BDD282A-EA72-4B70-B8F5-6078397FB7A0} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{0BDD282A-EA72-4B70-B8F5-6078397FB7A0}\140707C65602E4564777F627B602360393930363 : DhcpNameServer = 10.0.1.1

TCP: Interfaces\{0BDD282A-EA72-4B70-B8F5-6078397FB7A0}\259716E6723702140747 : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{0BDD282A-EA72-4B70-B8F5-6078397FB7A0}\C457 : DhcpNameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{0BDD282A-EA72-4B70-B8F5-6078397FB7A0}\D496B6560284447303832313 : DhcpNameServer = 192.168.33.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - C:\Windows\SysWow64\EZUPBH~1.DLL

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO-X64: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File

BHO-X64: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll

BHO-X64: TSBHO Class - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun-x64: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe

mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

SEH-X64: EasyBits ShellExecute Hook: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]

R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]

R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-9-24 89600]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]

R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe [2011-6-21 514232]

R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-2-17 265544]

R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]

R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]

R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]

R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-9-24 13336]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-16 654408]

R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-9-24 2656280]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]

R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]

R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

R3 intelkmd;intelkmd;C:\Windows\system32\DRIVERS\igdpmd64.sys --> C:\Windows\system32\DRIVERS\igdpmd64.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]

R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]

R3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2011-8-5 306400]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-25 253088]

S3 ffusb2audio;Focusrite USB 2.0 Audio Driver;C:\Windows\system32\DRIVERS\ffusb2audio.sys --> C:\Windows\system32\DRIVERS\ffusb2audio.sys [?]

S3 ffusb2audioks;ffusb2audioks;C:\Windows\system32\DRIVERS\ffusb2audioks_x64.sys --> C:\Windows\system32\DRIVERS\ffusb2audioks_x64.sys [?]

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 hpCMSrv;HP Connection Manager 4.0 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-2-15 1071160]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536]

S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-1-5 340240]

S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-04-25 08:15:11 8766112 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

2012-04-25 08:03:08 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-04-18 07:05:09 -------- d-----w- C:\Users\MikeP\AppData\Local\Akamai

2012-04-16 00:36:57 -------- d-----w- C:\Users\MikeP\AppData\Roaming\MAGIX

2012-04-16 00:35:54 -------- d-----w- C:\ProgramData\MAGIX

2012-04-16 00:35:53 -------- d-----w- C:\Program Files (x86)\Common Files\MAGIX Services

2012-04-14 19:17:59 887296 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll

2012-04-14 19:17:59 678912 ----a-w- C:\Program Files (x86)\Internet Explorer\iedvtool.dll

2012-04-14 19:17:12 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-04-14 19:17:12 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-04-14 19:17:12 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-04-14 19:13:34 81408 ----a-w- C:\Windows\System32\imagehlp.dll

2012-04-14 19:13:34 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys

2012-04-14 19:13:34 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll

2012-04-14 19:13:32 5120 ----a-w- C:\Windows\SysWow64\wmi.dll

2012-04-14 19:13:32 5120 ----a-w- C:\Windows\System32\wmi.dll

2012-04-14 19:13:32 220672 ----a-w- C:\Windows\System32\wintrust.dll

2012-04-14 19:13:32 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll

.

==================== Find3M ====================

.

2012-04-25 08:15:29 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-04-04 22:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-03-20 21:18:22 466456 ----a-w- C:\Windows\System32\wrap_oal.dll

2012-03-20 21:18:22 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll

2012-03-20 21:18:22 122904 ----a-w- C:\Windows\System32\OpenAL32.dll

2012-03-20 21:18:22 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll

2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll

2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll

2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-02-21 09:34:17 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-02-21 01:04:50 750488 ----a-w- C:\Windows\System32\npdeployJava1.dll

2012-02-21 01:04:49 660368 ----a-w- C:\Windows\System32\deployJava1.dll

2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll

2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll

2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys

.

============= FINISH: 0:07:56.31 ===============

attach.zip

Link to post
Share on other sites

Hi again, lets also run a rootkit scan.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Link to post
Share on other sites

the scan found one maliscious object and moved it to quarantine (cure was not an option)

here are the contents of the log

12:05:46.0013 4628 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18

12:05:46.0949 4628 ============================================================

12:05:46.0949 4628 Current date / time: 2012/05/02 12:05:46.0949

12:05:46.0949 4628 SystemInfo:

12:05:46.0949 4628

12:05:46.0949 4628 OS Version: 6.1.7601 ServicePack: 1.0

12:05:46.0949 4628 Product type: Workstation

12:05:46.0949 4628 ComputerName: MIKEP-HP

12:05:46.0965 4628 UserName: MikeP

12:05:46.0965 4628 Windows directory: C:\Windows

12:05:46.0965 4628 System windows directory: C:\Windows

12:05:46.0965 4628 Running under WOW64

12:05:46.0965 4628 Processor architecture: Intel x64

12:05:46.0965 4628 Number of processors: 8

12:05:46.0965 4628 Page size: 0x1000

12:05:46.0965 4628 Boot type: Normal boot

12:05:46.0965 4628 ============================================================

12:05:47.0495 4628 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

12:05:47.0511 4628 ============================================================

12:05:47.0511 4628 \Device\Harddisk0\DR0:

12:05:47.0511 4628 MBR partitions:

12:05:47.0511 4628 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800

12:05:47.0511 4628 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x557BE800

12:05:47.0511 4628 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x55822800, BlocksNum 0x1CF0000

12:05:47.0511 4628 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x57512800, BlocksNum 0x336F0

12:05:47.0511 4628 ============================================================

12:05:47.0527 4628 C: <-> \Device\Harddisk0\DR0\Partition1

12:05:47.0558 4628 D: <-> \Device\Harddisk0\DR0\Partition2

12:05:47.0558 4628 ============================================================

12:05:47.0558 4628 Initialize success

12:05:47.0558 4628 ============================================================

12:05:51.0255 4140 ============================================================

12:05:51.0255 4140 Scan started

12:05:51.0255 4140 Mode: Manual;

12:05:51.0255 4140 ============================================================

12:05:51.0848 4140 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

12:05:51.0863 4140 1394ohci - ok

12:05:51.0895 4140 Accelerometer (7a330a42870eb1fa81f88be514d2d566) C:\Windows\system32\DRIVERS\Accelerometer.sys

12:05:51.0910 4140 Accelerometer - ok

12:05:51.0957 4140 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

12:05:51.0973 4140 ACPI - ok

12:05:52.0019 4140 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

12:05:52.0019 4140 AcpiPmi - ok

12:05:52.0160 4140 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

12:05:52.0160 4140 AdobeARMservice - ok

12:05:52.0316 4140 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

12:05:52.0331 4140 AdobeFlashPlayerUpdateSvc - ok

12:05:52.0409 4140 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys

12:05:52.0425 4140 adp94xx - ok

12:05:52.0487 4140 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys

12:05:52.0503 4140 adpahci - ok

12:05:52.0534 4140 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys

12:05:52.0534 4140 adpu320 - ok

12:05:52.0565 4140 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

12:05:52.0565 4140 AeLookupSvc - ok

12:05:52.0659 4140 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe

12:05:52.0659 4140 AESTFilters - ok

12:05:52.0737 4140 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

12:05:52.0753 4140 AFD - ok

12:05:52.0799 4140 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

12:05:52.0799 4140 agp440 - ok

12:05:52.0815 4140 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

12:05:52.0831 4140 ALG - ok

12:05:52.0862 4140 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

12:05:52.0862 4140 aliide - ok

12:05:52.0909 4140 AMD External Events Utility (1b4a3c8e429f1fab998eceea3ce3e0b8) C:\Windows\system32\atiesrxx.exe

12:05:52.0924 4140 AMD External Events Utility - ok

12:05:52.0940 4140 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

12:05:52.0940 4140 amdide - ok

12:05:52.0987 4140 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys

12:05:52.0987 4140 AmdK8 - ok

12:05:53.0439 4140 amdkmdag (e08cf0ed91fcca0017776cff4a506012) C:\Windows\system32\DRIVERS\atikmdag.sys

12:05:53.0611 4140 amdkmdag - ok

12:05:53.0767 4140 amdkmdap (f072f317e430925c7d88c766db7da86e) C:\Windows\system32\DRIVERS\atikmpag.sys

12:05:53.0782 4140 amdkmdap - ok

12:05:53.0813 4140 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys

12:05:53.0813 4140 AmdPPM - ok

12:05:53.0860 4140 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

12:05:53.0860 4140 amdsata - ok

12:05:53.0907 4140 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys

12:05:53.0923 4140 amdsbs - ok

12:05:53.0938 4140 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

12:05:53.0938 4140 amdxata - ok

12:05:53.0969 4140 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

12:05:53.0969 4140 AppID - ok

12:05:53.0985 4140 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

12:05:54.0001 4140 AppIDSvc - ok

12:05:54.0016 4140 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

12:05:54.0016 4140 Appinfo - ok

12:05:54.0063 4140 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys

12:05:54.0063 4140 arc - ok

12:05:54.0110 4140 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys

12:05:54.0110 4140 arcsas - ok

12:05:54.0125 4140 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

12:05:54.0125 4140 AsyncMac - ok

12:05:54.0141 4140 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

12:05:54.0141 4140 atapi - ok

12:05:54.0250 4140 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

12:05:54.0281 4140 AudioEndpointBuilder - ok

12:05:54.0297 4140 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

12:05:54.0297 4140 AudioSrv - ok

12:05:54.0656 4140 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe

12:05:54.0687 4140 AVGIDSAgent - ok

12:05:54.0827 4140 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys

12:05:54.0827 4140 AVGIDSDriver - ok

12:05:54.0859 4140 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys

12:05:54.0874 4140 AVGIDSEH - ok

12:05:54.0874 4140 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys

12:05:54.0890 4140 AVGIDSFilter - ok

12:05:54.0921 4140 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys

12:05:54.0937 4140 Avgldx64 - ok

12:05:54.0952 4140 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys

12:05:54.0952 4140 Avgmfx64 - ok

12:05:54.0983 4140 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys

12:05:54.0999 4140 Avgrkx64 - ok

12:05:55.0046 4140 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys

12:05:55.0046 4140 Avgtdia - ok

12:05:55.0093 4140 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

12:05:55.0108 4140 avgwd - ok

12:05:55.0155 4140 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

12:05:55.0155 4140 AxInstSV - ok

12:05:55.0233 4140 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys

12:05:55.0249 4140 b06bdrv - ok

12:05:55.0280 4140 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

12:05:55.0295 4140 b57nd60a - ok

12:05:55.0436 4140 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys

12:05:55.0467 4140 BCM43XX - ok

12:05:55.0483 4140 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

12:05:55.0498 4140 BDESVC - ok

12:05:55.0529 4140 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

12:05:55.0529 4140 Beep - ok

12:05:55.0639 4140 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

12:05:55.0654 4140 BFE - ok

12:05:55.0748 4140 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll

12:05:55.0763 4140 BITS - ok

12:05:55.0795 4140 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys

12:05:55.0795 4140 blbdrive - ok

12:05:55.0841 4140 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

12:05:55.0857 4140 bowser - ok

12:05:55.0873 4140 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys

12:05:55.0873 4140 BrFiltLo - ok

12:05:55.0904 4140 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys

12:05:55.0904 4140 BrFiltUp - ok

12:05:55.0935 4140 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys

12:05:55.0951 4140 BridgeMP - ok

12:05:55.0966 4140 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

12:05:55.0982 4140 Browser - ok

12:05:56.0029 4140 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

12:05:56.0044 4140 Brserid - ok

12:05:56.0060 4140 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

12:05:56.0060 4140 BrSerWdm - ok

12:05:56.0075 4140 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

12:05:56.0091 4140 BrUsbMdm - ok

12:05:56.0091 4140 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

12:05:56.0091 4140 BrUsbSer - ok

12:05:56.0122 4140 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys

12:05:56.0122 4140 BTHMODEM - ok

12:05:56.0153 4140 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

12:05:56.0169 4140 bthserv - ok

12:05:56.0185 4140 catchme - ok

12:05:56.0216 4140 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

12:05:56.0231 4140 cdfs - ok

12:05:56.0294 4140 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

12:05:56.0325 4140 cdrom - ok

12:05:56.0356 4140 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

12:05:56.0356 4140 CertPropSvc - ok

12:05:56.0372 4140 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys

12:05:56.0372 4140 circlass - ok

12:05:56.0434 4140 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

12:05:56.0434 4140 CLFS - ok

12:05:56.0497 4140 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

12:05:56.0497 4140 clr_optimization_v2.0.50727_32 - ok

12:05:56.0543 4140 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

12:05:56.0543 4140 clr_optimization_v2.0.50727_64 - ok

12:05:56.0606 4140 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

12:05:56.0621 4140 clr_optimization_v4.0.30319_32 - ok

12:05:56.0653 4140 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

12:05:56.0653 4140 clr_optimization_v4.0.30319_64 - ok

12:05:56.0668 4140 clwvd - ok

12:05:56.0715 4140 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys

12:05:56.0715 4140 CmBatt - ok

12:05:56.0746 4140 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

12:05:56.0746 4140 cmdide - ok

12:05:56.0824 4140 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

12:05:56.0840 4140 CNG - ok

12:05:56.0855 4140 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys

12:05:56.0855 4140 Compbatt - ok

12:05:56.0887 4140 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

12:05:56.0887 4140 CompositeBus - ok

12:05:56.0902 4140 COMSysApp - ok

12:05:56.0918 4140 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys

12:05:56.0918 4140 crcdisk - ok

12:05:56.0965 4140 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll

12:05:56.0980 4140 CryptSvc - ok

12:05:57.0058 4140 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

12:05:57.0074 4140 DcomLaunch - ok

12:05:57.0136 4140 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

12:05:57.0136 4140 defragsvc - ok

12:05:57.0167 4140 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

12:05:57.0167 4140 DfsC - ok

12:05:57.0214 4140 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

12:05:57.0230 4140 Dhcp - ok

12:05:57.0245 4140 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

12:05:57.0245 4140 discache - ok

12:05:57.0261 4140 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys

12:05:57.0277 4140 Disk - ok

12:05:57.0308 4140 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

12:05:57.0323 4140 Dnscache - ok

12:05:57.0355 4140 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

12:05:57.0370 4140 dot3svc - ok

12:05:57.0401 4140 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

12:05:57.0401 4140 DPS - ok

12:05:57.0417 4140 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

12:05:57.0433 4140 drmkaud - ok

12:05:57.0526 4140 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

12:05:57.0542 4140 DXGKrnl - ok

12:05:57.0573 4140 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

12:05:57.0573 4140 EapHost - ok

12:05:57.0823 4140 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys

12:05:57.0854 4140 ebdrv - ok

12:05:57.0979 4140 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

12:05:57.0979 4140 EFS - ok

12:05:58.0088 4140 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

12:05:58.0103 4140 ehRecvr - ok

12:05:58.0135 4140 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

12:05:58.0135 4140 ehSched - ok

12:05:58.0244 4140 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys

12:05:58.0244 4140 elxstor - ok

12:05:58.0275 4140 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

12:05:58.0275 4140 ErrDev - ok

12:05:58.0353 4140 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

12:05:58.0369 4140 EventSystem - ok

12:05:58.0556 4140 EvtEng (7ee9f35bc1dd0ce1a4976032f9ac5162) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

12:05:58.0587 4140 EvtEng - ok

12:05:58.0696 4140 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

12:05:58.0712 4140 exfat - ok

12:05:58.0727 4140 ezSharedSvc - ok

12:05:58.0759 4140 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

12:05:58.0774 4140 fastfat - ok

12:05:58.0852 4140 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

12:05:58.0852 4140 Fax - ok

12:05:58.0883 4140 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys

12:05:58.0883 4140 fdc - ok

12:05:58.0899 4140 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

12:05:58.0899 4140 fdPHost - ok

12:05:58.0915 4140 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

12:05:58.0915 4140 FDResPub - ok

12:05:58.0961 4140 ffusb2audio (bb6563c615217f85c737460ee8a67a3a) C:\Windows\system32\DRIVERS\ffusb2audio.sys

12:05:58.0993 4140 ffusb2audio - ok

12:05:59.0008 4140 ffusb2audioks (9246b27034a6de759640887f058707ed) C:\Windows\system32\DRIVERS\ffusb2audioks_x64.sys

12:05:59.0024 4140 ffusb2audioks - ok

12:05:59.0055 4140 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

12:05:59.0055 4140 FileInfo - ok

12:05:59.0071 4140 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

12:05:59.0071 4140 Filetrace - ok

12:05:59.0102 4140 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys

12:05:59.0102 4140 flpydisk - ok

12:05:59.0149 4140 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

12:05:59.0149 4140 FltMgr - ok

12:05:59.0273 4140 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

12:05:59.0305 4140 FontCache - ok

12:05:59.0367 4140 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

12:05:59.0367 4140 FontCache3.0.0.0 - ok

12:05:59.0461 4140 FPLService (2074a85a6b8f84a5a9c60b915b465faf) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe

12:05:59.0461 4140 FPLService - ok

12:05:59.0570 4140 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

12:05:59.0570 4140 FsDepends - ok

12:05:59.0601 4140 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

12:05:59.0617 4140 Fs_Rec - ok

12:05:59.0648 4140 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

12:05:59.0648 4140 fvevol - ok

12:05:59.0679 4140 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys

12:05:59.0679 4140 gagp30kx - ok

12:05:59.0757 4140 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

12:05:59.0773 4140 GamesAppService - ok

12:05:59.0882 4140 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

12:05:59.0897 4140 gpsvc - ok

12:05:59.0913 4140 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

12:05:59.0929 4140 hcw85cir - ok

12:05:59.0975 4140 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

12:06:00.0007 4140 HdAudAddService - ok

12:06:00.0038 4140 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys

12:06:00.0038 4140 HDAudBus - ok

12:06:00.0069 4140 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys

12:06:00.0069 4140 HidBatt - ok

12:06:00.0085 4140 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys

12:06:00.0100 4140 HidBth - ok

12:06:00.0131 4140 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys

12:06:00.0131 4140 HidIr - ok

12:06:00.0194 4140 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll

12:06:00.0194 4140 hidserv - ok

12:06:00.0225 4140 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

12:06:00.0225 4140 HidUsb - ok

12:06:00.0256 4140 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

12:06:00.0272 4140 hkmsvc - ok

12:06:00.0319 4140 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

12:06:00.0319 4140 HomeGroupListener - ok

12:06:00.0365 4140 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

12:06:00.0365 4140 HomeGroupProvider - ok

12:06:00.0443 4140 HP Support Assistant Service (170233b8d743efe35f462a5d516b93e3) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

12:06:00.0443 4140 HP Support Assistant Service - ok

12:06:00.0521 4140 HPClientSvc (6a181452d4e240b8ecc7614b9a19bde9) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

12:06:00.0537 4140 HPClientSvc - ok

12:06:00.0693 4140 hpCMSrv (e040f0064d39f73bb4995d494f3dcbb8) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe

12:06:00.0709 4140 hpCMSrv - ok

12:06:00.0771 4140 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

12:06:00.0771 4140 HPDrvMntSvc.exe - ok

12:06:00.0896 4140 hpdskflt (a4be23c451adeb252cd17a0532cae220) C:\Windows\system32\DRIVERS\hpdskflt.sys

12:06:00.0896 4140 hpdskflt - ok

12:06:00.0989 4140 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

12:06:01.0005 4140 hpqwmiex - ok

12:06:01.0036 4140 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

12:06:01.0052 4140 HpSAMD - ok

12:06:01.0052 4140 hpsrv (a88a45e82bc54bffb49c63973010226a) C:\Windows\system32\Hpservice.exe

12:06:01.0052 4140 hpsrv - ok

12:06:01.0099 4140 HPWMISVC (f630dd7564ebb7248a13b1cc774d9ea6) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

12:06:01.0099 4140 HPWMISVC - ok

12:06:01.0192 4140 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

12:06:01.0208 4140 HTTP - ok

12:06:01.0223 4140 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

12:06:01.0239 4140 hwpolicy - ok

12:06:01.0270 4140 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

12:06:01.0286 4140 i8042prt - ok

12:06:01.0364 4140 iaStor (d469b77687e12fe43e344806740b624d) C:\Windows\system32\DRIVERS\iaStor.sys

12:06:01.0364 4140 iaStor - ok

12:06:01.0457 4140 IAStorDataMgrSvc (983fc69644ddf0486c8dfea262948d1a) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

12:06:01.0457 4140 IAStorDataMgrSvc - ok

12:06:01.0520 4140 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

12:06:01.0535 4140 iaStorV - ok

12:06:01.0660 4140 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

12:06:01.0676 4140 idsvc - ok

12:06:01.0707 4140 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys

12:06:01.0707 4140 iirsp - ok

12:06:01.0816 4140 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

12:06:01.0832 4140 IKEEXT - ok

12:06:01.0894 4140 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys

12:06:01.0925 4140 IntcDAud - ok

12:06:01.0941 4140 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

12:06:01.0941 4140 intelide - ok

12:06:02.0815 4140 intelkmd (efe5a0af39a8e179624117c521f1e012) C:\Windows\system32\DRIVERS\igdpmd64.sys

12:06:03.0033 4140 intelkmd - ok

12:06:03.0173 4140 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

12:06:03.0173 4140 intelppm - ok

12:06:03.0205 4140 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

12:06:03.0220 4140 IPBusEnum - ok

12:06:03.0251 4140 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

12:06:03.0267 4140 IpFilterDriver - ok

12:06:03.0329 4140 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

12:06:03.0345 4140 iphlpsvc - ok

12:06:03.0376 4140 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

12:06:03.0376 4140 IPMIDRV - ok

12:06:03.0392 4140 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

12:06:03.0407 4140 IPNAT - ok

12:06:03.0423 4140 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

12:06:03.0423 4140 IRENUM - ok

12:06:03.0439 4140 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

12:06:03.0439 4140 isapnp - ok

12:06:03.0485 4140 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

12:06:03.0485 4140 iScsiPrt - ok

12:06:03.0532 4140 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

12:06:03.0532 4140 kbdclass - ok

12:06:03.0563 4140 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

12:06:03.0563 4140 kbdhid - ok

12:06:03.0595 4140 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

12:06:03.0595 4140 KeyIso - ok

12:06:03.0626 4140 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

12:06:03.0626 4140 KSecDD - ok

12:06:03.0657 4140 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

12:06:03.0657 4140 KSecPkg - ok

12:06:03.0673 4140 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

12:06:03.0673 4140 ksthunk - ok

12:06:03.0719 4140 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

12:06:03.0735 4140 KtmRm - ok

12:06:03.0782 4140 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll

12:06:03.0797 4140 LanmanServer - ok

12:06:03.0829 4140 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

12:06:03.0829 4140 LanmanWorkstation - ok

12:06:03.0875 4140 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

12:06:03.0875 4140 lltdio - ok

12:06:03.0922 4140 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

12:06:03.0938 4140 lltdsvc - ok

12:06:03.0953 4140 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

12:06:03.0953 4140 lmhosts - ok

12:06:04.0063 4140 LMS (d7e0bed3ea21d7bddd410ade51708d90) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

12:06:04.0063 4140 LMS - ok

12:06:04.0125 4140 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys

12:06:04.0141 4140 LSI_FC - ok

12:06:04.0172 4140 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys

12:06:04.0172 4140 LSI_SAS - ok

12:06:04.0234 4140 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys

12:06:04.0234 4140 LSI_SAS2 - ok

12:06:04.0297 4140 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys

12:06:04.0297 4140 LSI_SCSI - ok

12:06:04.0328 4140 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

12:06:04.0343 4140 luafv - ok

12:06:04.0375 4140 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys

12:06:04.0375 4140 MBAMProtector - ok

12:06:04.0484 4140 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

12:06:04.0484 4140 MBAMService - ok

12:06:04.0515 4140 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

12:06:04.0515 4140 Mcx2Svc - ok

12:06:04.0546 4140 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys

12:06:04.0546 4140 megasas - ok

12:06:04.0593 4140 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys

12:06:04.0593 4140 MegaSR - ok

12:06:04.0624 4140 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys

12:06:04.0624 4140 MEIx64 - ok

12:06:04.0687 4140 Microsoft SharePoint Workspace Audit Service - ok

12:06:04.0718 4140 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

12:06:04.0733 4140 MMCSS - ok

12:06:04.0749 4140 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

12:06:04.0749 4140 Modem - ok

12:06:04.0780 4140 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

12:06:04.0780 4140 monitor - ok

12:06:04.0811 4140 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

12:06:04.0811 4140 mouclass - ok

12:06:04.0827 4140 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

12:06:04.0827 4140 mouhid - ok

12:06:04.0858 4140 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

12:06:04.0874 4140 mountmgr - ok

12:06:04.0921 4140 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

12:06:04.0921 4140 mpio - ok

12:06:04.0936 4140 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

12:06:04.0952 4140 mpsdrv - ok

12:06:05.0030 4140 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

12:06:05.0061 4140 MpsSvc - ok

12:06:05.0092 4140 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

12:06:05.0092 4140 MRxDAV - ok

12:06:05.0123 4140 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

12:06:05.0139 4140 mrxsmb - ok

12:06:05.0170 4140 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

12:06:05.0186 4140 mrxsmb10 - ok

12:06:05.0217 4140 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

12:06:05.0233 4140 mrxsmb20 - ok

12:06:05.0248 4140 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

12:06:05.0248 4140 msahci - ok

12:06:05.0295 4140 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

12:06:05.0295 4140 msdsm - ok

12:06:05.0326 4140 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

12:06:05.0326 4140 MSDTC - ok

12:06:05.0357 4140 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

12:06:05.0357 4140 Msfs - ok

12:06:05.0373 4140 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

12:06:05.0373 4140 mshidkmdf - ok

12:06:05.0404 4140 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

12:06:05.0404 4140 msisadrv - ok

12:06:05.0435 4140 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

12:06:05.0451 4140 MSiSCSI - ok

12:06:05.0467 4140 msiserver - ok

12:06:05.0482 4140 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

12:06:05.0498 4140 MSKSSRV - ok

12:06:05.0513 4140 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

12:06:05.0513 4140 MSPCLOCK - ok

12:06:05.0529 4140 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

12:06:05.0529 4140 MSPQM - ok

12:06:05.0576 4140 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

12:06:05.0591 4140 MsRPC - ok

12:06:05.0623 4140 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

12:06:05.0623 4140 mssmbios - ok

12:06:05.0638 4140 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

12:06:05.0638 4140 MSTEE - ok

12:06:05.0654 4140 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys

12:06:05.0654 4140 MTConfig - ok

12:06:05.0669 4140 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

12:06:05.0685 4140 Mup - ok

12:06:05.0763 4140 MyWiFiDHCPDNS (0cf5580f27918ffd2e165ecafa734103) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

12:06:05.0779 4140 MyWiFiDHCPDNS - ok

12:06:05.0841 4140 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

12:06:05.0857 4140 napagent - ok

12:06:05.0919 4140 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

12:06:05.0919 4140 NativeWifiP - ok

12:06:06.0028 4140 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys

12:06:06.0044 4140 NDIS - ok

12:06:06.0075 4140 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

12:06:06.0075 4140 NdisCap - ok

12:06:06.0106 4140 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

12:06:06.0106 4140 NdisTapi - ok

12:06:06.0122 4140 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

12:06:06.0137 4140 Ndisuio - ok

12:06:06.0169 4140 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

12:06:06.0184 4140 NdisWan - ok

12:06:06.0215 4140 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

12:06:06.0215 4140 NDProxy - ok

12:06:06.0231 4140 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

12:06:06.0231 4140 NetBIOS - ok

12:06:06.0262 4140 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

12:06:06.0262 4140 NetBT - ok

12:06:06.0293 4140 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

12:06:06.0293 4140 Netlogon - ok

12:06:06.0340 4140 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

12:06:06.0356 4140 Netman - ok

12:06:06.0403 4140 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

12:06:06.0403 4140 netprofm - ok

12:06:06.0465 4140 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

12:06:06.0465 4140 NetTcpPortSharing - ok

12:06:06.0886 4140 NETwNs64 (b9c587bdaa61a689883439d5ae6fe7f3) C:\Windows\system32\DRIVERS\NETwNs64.sys

12:06:07.0042 4140 NETwNs64 - ok

12:06:07.0198 4140 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys

12:06:07.0198 4140 nfrd960 - ok

12:06:07.0245 4140 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

12:06:07.0261 4140 NlaSvc - ok

12:06:07.0276 4140 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

12:06:07.0292 4140 Npfs - ok

12:06:07.0307 4140 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

12:06:07.0307 4140 nsi - ok

12:06:07.0323 4140 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

12:06:07.0323 4140 nsiproxy - ok

12:06:07.0510 4140 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

12:06:07.0541 4140 Ntfs - ok

12:06:07.0635 4140 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

12:06:07.0635 4140 Null - ok

12:06:07.0666 4140 nusb3hub (158ad24745bd85ba9be3c51c38f48c32) C:\Windows\system32\DRIVERS\nusb3hub.sys

12:06:07.0682 4140 nusb3hub - ok

12:06:07.0729 4140 nusb3xhc (d40a13b2c0891e218f9523b376955db6) C:\Windows\system32\DRIVERS\nusb3xhc.sys

12:06:07.0729 4140 nusb3xhc - ok

12:06:07.0791 4140 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys

12:06:07.0807 4140 NVENETFD - ok

12:06:07.0853 4140 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

12:06:07.0853 4140 nvraid - ok

12:06:07.0885 4140 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

12:06:07.0900 4140 nvstor - ok

12:06:07.0931 4140 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

12:06:07.0931 4140 nv_agp - ok

12:06:07.0963 4140 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

12:06:07.0978 4140 ohci1394 - ok

12:06:08.0072 4140 ose64 (4965b005492cba7719e82b71e3245495) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

12:06:08.0072 4140 ose64 - ok

12:06:08.0415 4140 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

12:06:08.0462 4140 osppsvc - ok

12:06:08.0602 4140 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

12:06:08.0618 4140 p2pimsvc - ok

12:06:08.0680 4140 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

12:06:08.0696 4140 p2psvc - ok

12:06:08.0727 4140 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys

12:06:08.0743 4140 Parport - ok

12:06:08.0758 4140 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

12:06:08.0758 4140 partmgr - ok

12:06:08.0789 4140 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

12:06:08.0805 4140 PcaSvc - ok

12:06:08.0852 4140 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

12:06:08.0852 4140 pci - ok

12:06:08.0867 4140 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

12:06:08.0867 4140 pciide - ok

12:06:08.0914 4140 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys

12:06:08.0914 4140 pcmcia - ok

12:06:08.0930 4140 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

12:06:08.0930 4140 pcw - ok

12:06:09.0008 4140 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

12:06:09.0023 4140 PEAUTH - ok

12:06:09.0117 4140 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

12:06:09.0117 4140 PerfHost - ok

12:06:09.0351 4140 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

12:06:09.0382 4140 pla - ok

12:06:09.0460 4140 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

12:06:09.0476 4140 PlugPlay - ok

12:06:09.0491 4140 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

12:06:09.0507 4140 PNRPAutoReg - ok

12:06:09.0554 4140 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

12:06:09.0554 4140 PNRPsvc - ok

12:06:09.0632 4140 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

12:06:09.0647 4140 PolicyAgent - ok

12:06:09.0694 4140 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

12:06:09.0694 4140 Power - ok

12:06:09.0757 4140 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

12:06:09.0772 4140 PptpMiniport - ok

12:06:09.0803 4140 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys

12:06:09.0803 4140 Processor - ok

12:06:09.0835 4140 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll

12:06:09.0850 4140 ProfSvc - ok

12:06:09.0881 4140 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

12:06:09.0881 4140 ProtectedStorage - ok

12:06:09.0913 4140 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

12:06:09.0913 4140 Psched - ok

12:06:10.0100 4140 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys

12:06:10.0115 4140 ql2300 - ok

12:06:10.0209 4140 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys

12:06:10.0225 4140 ql40xx - ok

12:06:10.0256 4140 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

12:06:10.0271 4140 QWAVE - ok

12:06:10.0287 4140 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

12:06:10.0287 4140 QWAVEdrv - ok

12:06:10.0303 4140 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

12:06:10.0303 4140 RasAcd - ok

12:06:10.0334 4140 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

12:06:10.0334 4140 RasAgileVpn - ok

12:06:10.0365 4140 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

12:06:10.0381 4140 RasAuto - ok

12:06:10.0412 4140 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

12:06:10.0427 4140 Rasl2tp - ok

12:06:10.0490 4140 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

12:06:10.0490 4140 RasMan - ok

12:06:10.0537 4140 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

12:06:10.0552 4140 RasPppoe - ok

12:06:10.0568 4140 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

12:06:10.0599 4140 RasSstp - ok

12:06:10.0630 4140 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

12:06:10.0646 4140 rdbss - ok

12:06:10.0661 4140 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys

12:06:10.0661 4140 rdpbus - ok

12:06:10.0677 4140 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

12:06:10.0677 4140 RDPCDD - ok

12:06:10.0693 4140 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

12:06:10.0693 4140 RDPENCDD - ok

12:06:10.0708 4140 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

12:06:10.0724 4140 RDPREFMP - ok

12:06:10.0771 4140 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys

12:06:10.0786 4140 RDPWD - ok

12:06:10.0833 4140 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

12:06:10.0833 4140 rdyboost - ok

12:06:10.0989 4140 RegSrvc (aa9fd849c028ccb441a78061b57db734) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

12:06:11.0005 4140 RegSrvc - ok

12:06:11.0051 4140 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

12:06:11.0067 4140 RemoteAccess - ok

12:06:11.0098 4140 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

12:06:11.0114 4140 RemoteRegistry - ok

12:06:11.0192 4140 RoxioNow Service (085d18c71ab2611a3d61528132b6501e) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe

12:06:11.0207 4140 RoxioNow Service - ok

12:06:11.0223 4140 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

12:06:11.0223 4140 RpcEptMapper - ok

12:06:11.0254 4140 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

12:06:11.0254 4140 RpcLocator - ok

12:06:11.0317 4140 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

12:06:11.0332 4140 RpcSs - ok

12:06:11.0410 4140 RSPCIESTOR (d5c3e1629a3f7f0857d27949252b94ce) C:\Windows\system32\DRIVERS\RtsPStor.sys

12:06:11.0426 4140 RSPCIESTOR - ok

12:06:11.0473 4140 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

12:06:11.0473 4140 rspndr - ok

12:06:11.0519 4140 RTL8167 (ed5873f7dfb2f96d37f13322211b6bdc) C:\Windows\system32\DRIVERS\Rt64win7.sys

12:06:11.0535 4140 RTL8167 - ok

12:06:11.0566 4140 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

12:06:11.0566 4140 SamSs - ok

12:06:11.0629 4140 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

12:06:11.0629 4140 sbp2port - ok

12:06:11.0660 4140 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

12:06:11.0675 4140 SCardSvr - ok

12:06:11.0691 4140 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

12:06:11.0691 4140 scfilter - ok

12:06:11.0816 4140 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

12:06:11.0847 4140 Schedule - ok

12:06:11.0878 4140 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

12:06:11.0878 4140 SCPolicySvc - ok

12:06:11.0909 4140 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys

12:06:11.0925 4140 sdbus - ok

12:06:11.0956 4140 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

12:06:11.0972 4140 SDRSVC - ok

12:06:12.0003 4140 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

12:06:12.0003 4140 secdrv - ok

12:06:12.0019 4140 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

12:06:12.0019 4140 seclogon - ok

12:06:12.0050 4140 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll

12:06:12.0065 4140 SENS - ok

12:06:12.0081 4140 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

12:06:12.0081 4140 SensrSvc - ok

12:06:12.0112 4140 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys

12:06:12.0112 4140 Serenum - ok

12:06:12.0159 4140 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys

12:06:12.0175 4140 Serial - ok

12:06:12.0190 4140 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys

12:06:12.0206 4140 sermouse - ok

12:06:12.0237 4140 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

12:06:12.0268 4140 SessionEnv - ok

12:06:12.0284 4140 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

12:06:12.0284 4140 sffdisk - ok

12:06:12.0299 4140 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

12:06:12.0315 4140 sffp_mmc - ok

12:06:12.0331 4140 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

12:06:12.0331 4140 sffp_sd - ok

12:06:12.0346 4140 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys

12:06:12.0362 4140 sfloppy - ok

12:06:12.0409 4140 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

12:06:12.0424 4140 SharedAccess - ok

12:06:12.0487 4140 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

12:06:12.0487 4140 ShellHWDetection - ok

12:06:12.0518 4140 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys

12:06:12.0518 4140 SiSRaid2 - ok

12:06:12.0549 4140 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys

12:06:12.0549 4140 SiSRaid4 - ok

12:06:12.0643 4140 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe

12:06:12.0643 4140 SkypeUpdate - ok

12:06:12.0689 4140 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

12:06:12.0721 4140 Smb - ok

12:06:12.0752 4140 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

12:06:12.0767 4140 SNMPTRAP - ok

12:06:12.0783 4140 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

12:06:12.0783 4140 spldr - ok

12:06:12.0845 4140 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

12:06:12.0861 4140 Spooler - ok

12:06:13.0126 4140 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

12:06:13.0204 4140 sppsvc - ok

12:06:13.0313 4140 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

12:06:13.0313 4140 sppuinotify - ok

12:06:13.0423 4140 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys

12:06:13.0423 4140 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb

12:06:13.0423 4140 sptd ( LockedFile.Multi.Generic ) - warning

12:06:13.0423 4140 sptd - detected LockedFile.Multi.Generic (1)

12:06:13.0501 4140 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

12:06:13.0516 4140 srv - ok

12:06:13.0563 4140 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

12:06:13.0563 4140 srv2 - ok

12:06:13.0625 4140 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS

12:06:13.0625 4140 SrvHsfHDA - ok

12:06:13.0781 4140 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS

12:06:13.0828 4140 SrvHsfV92 - ok

12:06:13.0969 4140 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS

12:06:13.0984 4140 SrvHsfWinac - ok

12:06:14.0015 4140 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

12:06:14.0031 4140 srvnet - ok

12:06:14.0093 4140 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

12:06:14.0093 4140 SSDPSRV - ok

12:06:14.0125 4140 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

12:06:14.0125 4140 SstpSvc - ok

12:06:14.0234 4140 STacSV (86678c2f5081fea3517d78e92230b5ff) C:\Program Files\IDT\WDM\STacSV64.exe

12:06:14.0234 4140 STacSV - ok

12:06:14.0296 4140 Steam Client Service - ok

12:06:14.0327 4140 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys

12:06:14.0327 4140 stexstor - ok

12:06:14.0405 4140 STHDA (74387b34b43f94e380608888c56a5ccd) C:\Windows\system32\DRIVERS\stwrt64.sys

12:06:14.0437 4140 STHDA - ok

12:06:14.0530 4140 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

12:06:14.0546 4140 stisvc - ok

12:06:14.0577 4140 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

12:06:14.0577 4140 swenum - ok

12:06:14.0655 4140 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

12:06:14.0671 4140 swprv - ok

12:06:14.0827 4140 SynTP (33e6a285daa5134d8ea2247914c86c09) C:\Windows\system32\DRIVERS\SynTP.sys

12:06:14.0858 4140 SynTP - ok

12:06:15.0029 4140 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

12:06:15.0076 4140 SysMain - ok

12:06:15.0139 4140 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

12:06:15.0139 4140 TabletInputService - ok

12:06:15.0185 4140 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

12:06:15.0201 4140 TapiSrv - ok

12:06:15.0217 4140 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

12:06:15.0232 4140 TBS - ok

12:06:15.0388 4140 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

12:06:15.0419 4140 Tcpip - ok

12:06:15.0591 4140 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

12:06:15.0622 4140 TCPIP6 - ok

12:06:15.0669 4140 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

12:06:15.0669 4140 tcpipreg - ok

12:06:15.0685 4140 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

12:06:15.0685 4140 TDPIPE - ok

12:06:15.0700 4140 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

12:06:15.0716 4140 TDTCP - ok

12:06:15.0747 4140 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

12:06:15.0763 4140 tdx - ok

12:06:15.0778 4140 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

12:06:15.0794 4140 TermDD - ok

12:06:15.0856 4140 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

12:06:15.0887 4140 TermService - ok

12:06:15.0903 4140 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

12:06:15.0903 4140 Themes - ok

12:06:15.0934 4140 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

12:06:15.0934 4140 THREADORDER - ok

12:06:15.0965 4140 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

12:06:15.0965 4140 TrkWks - ok

12:06:16.0012 4140 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

12:06:16.0012 4140 TrustedInstaller - ok

12:06:16.0028 4140 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

12:06:16.0043 4140 tssecsrv - ok

12:06:16.0059 4140 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

12:06:16.0059 4140 TsUsbFlt - ok

12:06:16.0090 4140 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys

12:06:16.0090 4140 TsUsbGD - ok

12:06:16.0137 4140 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

12:06:16.0137 4140 tunnel - ok

12:06:16.0168 4140 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys

12:06:16.0168 4140 uagp35 - ok

12:06:16.0215 4140 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

12:06:16.0246 4140 udfs - ok

12:06:16.0277 4140 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

12:06:16.0293 4140 UI0Detect - ok

12:06:16.0340 4140 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

12:06:16.0340 4140 uliagpkx - ok

12:06:16.0371 4140 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

12:06:16.0371 4140 umbus - ok

12:06:16.0402 4140 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys

12:06:16.0402 4140 UmPass - ok

12:06:16.0683 4140 UNS (a678e5ddd974903dd71f503bdcaca218) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

12:06:16.0730 4140 UNS - ok

12:06:16.0870 4140 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

12:06:16.0886 4140 upnphost - ok

12:06:16.0948 4140 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

12:06:16.0964 4140 usbccgp - ok

12:06:16.0979 4140 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

12:06:16.0979 4140 usbcir - ok

12:06:17.0011 4140 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys

12:06:17.0011 4140 usbehci - ok

12:06:17.0073 4140 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

12:06:17.0089 4140 usbhub - ok

12:06:17.0104 4140 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

12:06:17.0104 4140 usbohci - ok

12:06:17.0135 4140 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

12:06:17.0135 4140 usbprint - ok

12:06:17.0167 4140 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

12:06:17.0167 4140 usbscan - ok

12:06:17.0198 4140 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

12:06:17.0213 4140 USBSTOR - ok

12:06:17.0229 4140 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

12:06:17.0229 4140 usbuhci - ok

12:06:17.0276 4140 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys

12:06:17.0291 4140 usbvideo - ok

12:06:17.0323 4140 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

12:06:17.0323 4140 UxSms - ok

12:06:17.0354 4140 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

12:06:17.0369 4140 VaultSvc - ok

12:06:17.0385 4140 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

12:06:17.0385 4140 vdrvroot - ok

12:06:17.0447 4140 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

12:06:17.0463 4140 vds - ok

12:06:17.0479 4140 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

12:06:17.0479 4140 vga - ok

12:06:17.0494 4140 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

12:06:17.0510 4140 VgaSave - ok

12:06:17.0557 4140 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

12:06:17.0557 4140 vhdmp - ok

12:06:17.0588 4140 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

12:06:17.0588 4140 viaide - ok

12:06:17.0635 4140 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

12:06:17.0635 4140 volmgr - ok

12:06:17.0681 4140 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

12:06:17.0681 4140 volmgrx - ok

12:06:17.0728 4140 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

12:06:17.0728 4140 volsnap - ok

12:06:17.0775 4140 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys

12:06:17.0775 4140 vsmraid - ok

12:06:17.0947 4140 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

12:06:17.0978 4140 VSS - ok

12:06:18.0103 4140 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

12:06:18.0103 4140 vwifibus - ok

12:06:18.0134 4140 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

12:06:18.0134 4140 vwififlt - ok

12:06:18.0165 4140 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

12:06:18.0165 4140 vwifimp - ok

12:06:18.0227 4140 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

12:06:18.0259 4140 W32Time - ok

12:06:18.0274 4140 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys

12:06:18.0290 4140 WacomPen - ok

12:06:18.0321 4140 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

12:06:18.0337 4140 WANARP - ok

12:06:18.0352 4140 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

12:06:18.0352 4140 Wanarpv6 - ok

12:06:18.0524 4140 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

12:06:18.0539 4140 WatAdminSvc - ok

12:06:18.0711 4140 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

12:06:18.0727 4140 wbengine - ok

12:06:18.0820 4140 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

12:06:18.0820 4140 WbioSrvc - ok

12:06:18.0883 4140 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

12:06:18.0883 4140 wcncsvc - ok

12:06:18.0914 4140 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

12:06:18.0914 4140 WcsPlugInService - ok

12:06:18.0961 4140 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys

12:06:18.0961 4140 Wd - ok

12:06:19.0054 4140 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

12:06:19.0054 4140 Wdf01000 - ok

12:06:19.0085 4140 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

12:06:19.0085 4140 WdiServiceHost - ok

12:06:19.0085 4140 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

12:06:19.0101 4140 WdiSystemHost - ok

12:06:19.0132 4140 wdkmd (5e1640435dd54d00451156ca5340b109) C:\Windows\system32\DRIVERS\WDKMD.sys

12:06:19.0148 4140 wdkmd - ok

12:06:19.0179 4140 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

12:06:19.0195 4140 WebClient - ok

12:06:19.0226 4140 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

12:06:19.0241 4140 Wecsvc - ok

12:06:19.0273 4140 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

12:06:19.0273 4140 wercplsupport - ok

12:06:19.0304 4140 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

12:06:19.0335 4140 WerSvc - ok

12:06:19.0351 4140 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

12:06:19.0366 4140 WfpLwf - ok

12:06:19.0382 4140 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

12:06:19.0382 4140 WIMMount - ok

12:06:19.0413 4140 WinDefend - ok

12:06:19.0413 4140 WinHttpAutoProxySvc - ok

12:06:19.0491 4140 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

12:06:19.0507 4140 Winmgmt - ok

12:06:19.0709 4140 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

12:06:19.0756 4140 WinRM - ok

12:06:19.0912 4140 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys

12:06:19.0912 4140 WinUsb - ok

12:06:20.0021 4140 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

12:06:20.0053 4140 Wlansvc - ok

12:06:20.0099 4140 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

12:06:20.0099 4140 wlcrasvc - ok

12:06:20.0333 4140 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

12:06:20.0365 4140 wlidsvc - ok

12:06:20.0427 4140 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

12:06:20.0427 4140 WmiAcpi - ok

12:06:20.0505 4140 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

12:06:20.0505 4140 wmiApSrv - ok

12:06:20.0536 4140 WMPNetworkSvc - ok

12:06:20.0630 4140 WMZuneComm (83b6ca03c846fcd47f9883d77d1eb27b) C:\Program Files\Zune\WMZuneComm.exe

12:06:20.0645 4140 WMZuneComm - ok

12:06:20.0677 4140 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

12:06:20.0677 4140 WPCSvc - ok

12:06:20.0708 4140 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

12:06:20.0723 4140 WPDBusEnum - ok

12:06:20.0755 4140 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

12:06:20.0755 4140 ws2ifsl - ok

12:06:20.0786 4140 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll

12:06:20.0786 4140 wscsvc - ok

12:06:20.0817 4140 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys

12:06:20.0848 4140 WSDPrintDevice - ok

12:06:20.0848 4140 WSearch - ok

12:06:21.0067 4140 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll

12:06:21.0129 4140 wuauserv - ok

12:06:21.0238 4140 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

12:06:21.0254 4140 WudfPf - ok

12:06:21.0301 4140 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

12:06:21.0316 4140 WUDFRd - ok

12:06:21.0332 4140 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

12:06:21.0347 4140 wudfsvc - ok

12:06:21.0379 4140 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

12:06:21.0394 4140 WwanSvc - ok

12:06:21.0878 4140 ZuneNetworkSvc (67b787c34fb2888d01b130ae007042d8) C:\Program Files\Zune\ZuneNss.exe

12:06:21.0925 4140 ZuneNetworkSvc - ok

12:06:22.0003 4140 ZuneWlanCfgSvc (4d89fc1c20cf655739efac5da81a67bc) C:\Program Files\Zune\ZuneWlanCfgSvc.exe

12:06:22.0018 4140 ZuneWlanCfgSvc - ok

12:06:22.0049 4140 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

12:06:22.0127 4140 \Device\Harddisk0\DR0 - ok

12:06:22.0127 4140 Boot (0x1200) (c9f1a9cb0e553cf54b9f185fb402c6cd) \Device\Harddisk0\DR0\Partition0

12:06:22.0127 4140 \Device\Harddisk0\DR0\Partition0 - ok

12:06:22.0143 4140 Boot (0x1200) (5872a9229fe6c42902722c741a1c46a2) \Device\Harddisk0\DR0\Partition1

12:06:22.0159 4140 \Device\Harddisk0\DR0\Partition1 - ok

12:06:22.0190 4140 Boot (0x1200) (af7d18284ff0a1437949ec0e24be5f84) \Device\Harddisk0\DR0\Partition2

12:06:22.0190 4140 \Device\Harddisk0\DR0\Partition2 - ok

12:06:22.0205 4140 Boot (0x1200) (599868f08ed0f96b9988545fb8b56ac4) \Device\Harddisk0\DR0\Partition3

12:06:22.0205 4140 \Device\Harddisk0\DR0\Partition3 - ok

12:06:22.0205 4140 ============================================================

12:06:22.0205 4140 Scan finished

12:06:22.0205 4140 ============================================================

12:06:22.0221 3688 Detected object count: 1

12:06:22.0221 3688 Actual detected object count: 1

12:06:39.0444 3688 C:\Windows\system32\Drivers\sptd.sys - copied to quarantine

12:06:39.0459 3688 sptd ( LockedFile.Multi.Generic ) - User select action: Quarantine

12:07:08.0059 2532 Deinitialize success

Link to post
Share on other sites

That was actually a legitimate object, the sptd driver is used by virtual CD emulation software.

COMBOFIX

---------------

Please download ComboFix from one of these locations:


Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Link to post
Share on other sites

things seem to be running ok, they weren't really running poorly to begin with, i was just concerned that svchost.exe was generating ip blocks. isnt that a windows service? i thought if it was generating those blocks my computer is infected. should i let you know if things act up again?

Link to post
Share on other sites

Svchost is a Windows component used to launch services that are started with a DLL file. Svchost.exe itself is legit, but it can be used by malicious services.

Please let me know if you still get blocks. Also launch MBAM, update it and run a full scan. Post me the resulting log.

Link to post
Share on other sites

i really cant thank you enough for all the help :)

here is the log from malwarebytes, also, should i uninstall combofix?

Malwarebytes Anti-Malware (PRO) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.04.30.02

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

MikeP :: MIKEP-HP [administrator]

Protection: Enabled

5/3/2012 9:46:21 AM

mbam-log-2012-05-03 (09-46-21).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 462956

Time elapsed: 1 hour(s), 24 minute(s), 21 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Did you get any more IP blocks so far?

ESET ONLINE SCANNER

----------------------------

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on this link to open ESET OnlineScan in a new window.
  2. Click the esetonlinebtn.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetsmartinstaller_enu.png
      icon on your desktop.

    3. Check "YES, I accept the Terms of Use."
    4. Click the Start button.
    5. Accept any security warnings from your browser.
    6. Under scan settings, check "Scan Archives" and "Remove found threats"
    7. Click Advanced settings and select the following:
      • Scan potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology

[*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

[*]When the scan completes, click List Threats

[*]Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

[*]Click the Back button.

[*]Click the Finish button.

Link to post
Share on other sites

there were no IP blocks today, though they usually happened every 2 or so days.

i ran the scan like you said and it found 1 threat.

C:\Users\MikeP\Downloads\cnet_SecurityTaskManager_Setup_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined

Link to post
Share on other sites

I'm glad to hear that! :)

ALL CLEAN

--------------

Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :)

Please do the following to remove the remaining programs from your PC:

  • Delete the tools used during the disinfection:
    • Click start > run and type combofix /uninstall, press enter. This will remove Combofix from your computer.

Please read these advices, in order to prevent reinfecting your PC:

  1. Install and update the following programs regularly:
    • an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.

[*]Keep Windows (and your other Microsoft software) up to date!

I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

[*]Keep your other software up to date as well

Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.

[*]Stay up to date!

The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.

Some more links you might find of interest:

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

Link to post
Share on other sites

for some reason, when i run the command it prompts me with a warning, avg antivirus is running and if it is, your computer may be damaged. it looks like the combofix scan is about to run again rather than uninstall. i am just want to make sure this is normal and wont ruin my pc by running that command. should i proceed and just disable avg before i run combofix /uninstall?

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.