Infected - Malwarebytes quarantined 85 files.

TomSmith · May 21, 2012

I went away and my protection somehow got disabled. I have lost all my mbam logs. It removed something by the term of "VaccineScan". Computer is randomly going to some survey sites and I fear it's infected.

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514

Run by l at 22:27:11 on 2012-05-21

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3874.2210 [GMT 1:00]

.

AV: Kaspersky Internet Security *Disabled/Outdated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}

SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Windows\System32\rundll32.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Users\l\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtblfs.exe

C:\Users\l\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Users\l\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uLocal Page = \blank.htm

uStart Page = hxxp://www.google.co.uk/

mStart Page = about:blank

BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll

{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

dRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll

IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16}

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{E770E0E5-94C4-4017-9506-3E59BBEB4F26} : DhcpNameServer = 192.168.0.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll

BHO-X64: IEVkbdBHO - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll

BHO-X64: link filter bho - No File

mRun-x64: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun-x64: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

.

============= SERVICES / DRIVERS ===============

.

R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-5-25 17536]

R1 kl2;kl2;C:\Windows\system32\DRIVERS\kl2.sys --> C:\Windows\system32\DRIVERS\kl2.sys [?]

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys --> C:\Windows\system32\DRIVERS\klim6.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]

R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [2011-4-24 202296]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-21 654408]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-3-1 2656280]

R3 avchv;avchv Function Driver;C:\Windows\system32\DRIVERS\avchv.sys --> C:\Windows\system32\DRIVERS\avchv.sys [?]

R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\system32\DRIVERS\klmouflt.sys --> C:\Windows\system32\DRIVERS\klmouflt.sys [?]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-6 257696]

S3 bdsandbox;bdsandbox;\??\C:\Windows\system32\drivers\bdsandbox.sys --> C:\Windows\system32\drivers\bdsandbox.sys [?]

S3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?]

S3 cphs;Intel® Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-2-14 276248]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 30969208]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 Revoflt;Revoflt;C:\Windows\system32\DRIVERS\revoflt.sys --> C:\Windows\system32\DRIVERS\revoflt.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-05-21 21:04:31 -------- d-----w- C:\ProgramData\HitmanPro

2012-05-21 09:36:48 -------- d-----w- C:\Users\l\AppData\Local\{709070B3-FA88-47AB-8369-986E6EC9E8A6}

2012-05-21 09:36:35 -------- d-----w- C:\Users\l\AppData\Local\{7BD65069-B8D1-4736-A532-EE2662023EE1}

2012-05-21 09:32:12 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-05-21 09:32:12 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-05-21 09:28:00 -------- d-----w- C:\ProgramData\Kaspersky Lab

2012-05-21 09:28:00 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab

2012-05-20 21:31:25 -------- d-----w- C:\Users\l\AppData\Local\{B89E09E7-7B2E-4EAB-AEF9-CD55E2BC64DB}

2012-05-20 21:31:11 -------- d-----w- C:\Users\l\AppData\Local\{42611BBA-B4B5-4451-BE0E-8D1C75CA7CCC}

2012-05-20 21:26:29 -------- d-----w- C:\Windows\en

2012-05-20 21:16:48 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ddeff91f1cd36cd01\DSETUP.dll

2012-05-20 21:16:48 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ddeff91f1cd36cd01\DXSETUP.exe

2012-05-20 21:16:48 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ddeff91f1cd36cd01\dsetup32.dll

2012-05-20 19:27:00 165168 ----a-w- C:\Windows\System32\drivers\kneps.sys

2012-05-18 21:11:28 -------- d-----w- C:\ProgramData\Downloaded Installations

2012-05-18 21:10:54 -------- d-----w- C:\Program Files (x86)\GFI Software

2012-05-18 20:05:19 -------- d-----w- C:\Users\l\AppData\Local\Babylon

2012-05-18 20:05:16 -------- d-----w- C:\Users\l\AppData\Roaming\Babylon

2012-05-18 19:48:51 -------- d-----w- C:\Users\l\AppData\Local\{10374A68-16B4-433D-994B-EB4590202A6F}

2012-05-16 20:20:07 -------- d-----w- C:\Users\l\AppData\Local\Mozilla

2012-05-15 21:54:34 1544704 ----a-w- C:\Windows\System32\DWrite.dll

2012-05-15 21:54:33 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-05-15 21:54:24 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-05-15 21:54:21 3146240 ----a-w- C:\Windows\System32\win32k.sys

2012-05-15 21:54:19 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-05-15 21:54:18 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-05-15 21:47:13 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys

2012-05-15 21:40:45 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-05-15 21:16:31 -------- d-----w- C:\Users\l\AppData\Roaming\PPLive

2012-05-15 20:46:53 -------- d-----w- C:\Program Files (x86)\Common Files\PPLiveNetwork

2012-05-15 20:39:52 -------- d-----w- C:\Users\l\AppData\Roaming\JPDesk

2012-05-12 20:43:36 -------- d-----w- C:\Windows\SysWow64\Adobe

2012-05-08 20:51:16 -------- d-----w- C:\Users\l\AppData\Roaming\ESET

2012-05-08 20:51:16 -------- d-----w- C:\Users\l\AppData\Local\ESET

2012-05-08 19:21:21 31800 ----a-w- C:\Windows\System32\drivers\revoflt.sys

2012-05-08 19:21:18 -------- d-----w- C:\Program Files\VS Revo Group

2012-05-07 21:17:43 -------- d-----w- C:\Users\l\VirtualBox VMs

2012-05-07 21:16:38 -------- d-----w- C:\Users\l\.VirtualBox

2012-05-07 21:15:27 224048 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys

2012-05-07 21:15:10 130864 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys

2012-05-04 17:36:16 -------- d-----w- C:\Users\l\DoctorWeb

2012-05-02 19:55:14 -------- d-----w- C:\Users\l\AppData\Roaming\EurekaLog

2012-05-02 19:55:09 -------- d-----w- C:\Users\l\AppData\Local\CrashDumps

2012-05-01 21:35:58 -------- d-----w- C:\Users\l\AppData\Local\NPE

2012-05-01 21:35:58 -------- d-----w- C:\ProgramData\Norton

2012-05-01 19:36:13 12872 ----a-w- C:\Windows\System32\bootdelete.exe

2012-04-30 07:54:32 38288 ----a-w- C:\Windows\System32\drivers\EpfwLWF.sys

2012-04-29 15:06:06 131856 ----a-w- C:\Windows\SysWow64\MSADODC.ocx

2012-04-29 15:06:05 512688 ----a-w- C:\Windows\SysWow64\XceedCry.dll

2012-04-29 15:06:05 431872 ----a-w- C:\Windows\SysWow64\SSInput1.ocx

2012-04-29 15:06:05 423784 ----a-w- C:\Windows\SysWow64\XceedBkp.dll

2012-04-29 15:06:05 28672 ----a-w- C:\Windows\SysWow64\systray.ocx

2012-04-29 15:06:05 118784 ----a-w- C:\Windows\SysWow64\msstdfmt.dll

2012-04-29 15:06:05 1140472 ----a-w- C:\Windows\SysWow64\IGUltraGrid20.ocx

2012-04-29 15:06:04 647872 ----a-w- C:\Windows\SysWow64\MSCOMCT2.OCX

2012-04-29 15:06:04 608448 ----a-w- C:\Windows\SysWow64\comctl32.ocx

2012-04-29 15:06:04 188416 ----a-w- C:\Windows\SysWow64\actsplash.ocx

2012-04-29 15:06:04 101888 ----a-w- C:\Windows\SysWow64\VB6STKIT.DLL

2012-04-27 20:46:27 -------- d-----w- C:\Program Files\HitmanPro

2012-04-22 21:22:45 -------- d-----w- C:\Users\l\AppData\Roaming\AVG

.

==================== Find3M ====================

.

2012-05-04 17:35:31 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-04 17:35:31 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-05-04 17:35:10 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

2012-04-15 13:56:53 16200 ----a-w- C:\Windows\stinger.sys

2012-04-12 17:12:56 147248 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys

2012-04-09 12:03:38 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll

2012-04-09 12:03:38 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll

2012-04-09 12:03:38 1060864 ----a-w- C:\Windows\SysWow64\mfc71.dll

2012-03-11 20:13:42 577824 ----a-w- C:\Windows\System32\drivers\cmdGuard.sys

2012-03-11 20:13:42 43248 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys

2012-03-11 20:13:40 22696 ----a-w- C:\Windows\System32\drivers\cmderd.sys

2012-03-11 20:13:22 41200 ----a-w- C:\Windows\System32\cmdcsr.dll

2012-03-11 20:13:20 301224 ----a-w- C:\Windows\SysWow64\guard32.dll

2012-03-11 20:13:18 389840 ----a-w- C:\Windows\System32\guard64.dll

2012-03-08 17:50:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll

2012-03-08 17:37:20 302448 ----a-w- C:\Windows\WLXPGSS.SCR

2012-03-06 23:15:19 41184 ----a-w- C:\Windows\avastSS.scr

2012-03-02 21:55:31 175616 ----a-w- C:\Windows\System32\msclmd.dll

2012-03-02 21:55:31 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll

2012-03-01 06:46:16 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys

2012-03-01 06:38:27 220672 ----a-w- C:\Windows\System32\wintrust.dll

2012-03-01 06:33:50 81408 ----a-w- C:\Windows\System32\imagehlp.dll

2012-03-01 06:28:47 5120 ----a-w- C:\Windows\System32\wmi.dll

2012-03-01 05:37:41 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll

2012-03-01 05:33:23 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll

2012-03-01 05:29:16 5120 ----a-w- C:\Windows\SysWow64\wmi.dll

2012-02-28 06:39:37 1188864 ----a-w- C:\Windows\System32\wininet.dll

2012-02-28 05:38:52 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-02-28 04:31:38 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2012-02-28 03:52:27 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

.

============= FINISH: 22:30:52.15 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 29/02/2012 21:50:39

System Uptime: 21/05/2012 22:02:27 (0 hours ago)

.

Motherboard: ASUSTeK Computer Inc. | | K53E

Processor: Intel® Core i3-2310M CPU @ 2.10GHz | CPU 1 | 798/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 575 GiB total, 534.111 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description: SM Bus Controller

Device ID: PCI\VEN_8086&DEV_1C22&SUBSYS_11471043&REV_05\3&11583659&0&FB

Manufacturer:

Name: SM Bus Controller

PNP Device ID: PCI\VEN_8086&DEV_1C22&SUBSYS_11471043&REV_05\3&11583659&0&FB

Service:

.

Class GUID: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}

Description: Bluetooth Module

Device ID: USB\VID_13D3&PID_3304\6&9E5B1B7&0&1

Manufacturer: Atheros Communications

Name: Bluetooth Module

PNP Device ID: USB\VID_13D3&PID_3304\6&9E5B1B7&0&1

Service: BTHUSB

.

==== System Restore Points ===================

.

RP135: 16/05/2012 21:23:18 - Revo Uninstaller Pro's restore point - Mozilla Firefox 12.0 (x86 en-US)

RP137: 18/05/2012 21:28:40 - Revo Uninstaller Pro's restore point - Babylon toolbar on IE

RP139: 18/05/2012 21:30:05 - Revo Uninstaller Pro's restore point - Atrise Lutcurve 1.5.3

RP141: 18/05/2012 21:53:27 - Revo Uninstaller Pro's restore point - AVG 2012

RP142: 18/05/2012 21:54:46 - Removed AVG 2012

RP143: 18/05/2012 22:00:09 - Removed AVG 2012

RP144: 19/05/2012 20:52:35 - Installed Oracle VM VirtualBox 4.1.14

RP145: 19/05/2012 22:58:38 - Removed Oracle VM VirtualBox 4.1.14

RP146: 20/05/2012 12:25:15 - Installed ESET Smart Security

RP148: 20/05/2012 15:12:20 - Revo Uninstaller Pro's restore point - ESET Smart Security

RP149: 20/05/2012 15:13:21 - Removed ESET Smart Security

RP150: 20/05/2012 20:20:18 - Device Driver Package Install: Kaspersky Lab Network Service

RP151: 20/05/2012 22:17:01 - Windows Live Essentials

RP152: 20/05/2012 22:18:57 - Installed DirectX

RP153: 20/05/2012 22:19:37 - Installed DirectX

RP154: 20/05/2012 22:20:48 - WLSetup

RP156: 20/05/2012 22:38:50 - Revo Uninstaller Pro's restore point - Kaspersky Internet Security 2013 Beta

RP158: 20/05/2012 22:43:19 - Revo Uninstaller Pro's restore point - Google Chrome

.

==== Installed Programs ======================

.

Adobe Shockwave Player 11.6

Alcor Micro USB Card Reader

ASUS LifeFrame3

Atheros Driver Installation Program

ATK Package

Build Your Own Net Dream (remove only)

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Google Chrome

Intel® Management Engine Components

Intel® Processor Graphics

K-Lite Codec Pack 8.6.0 (Basic)

Kaspersky Internet Security 2012

Malwarebytes Anti-Malware version 1.61.0.1400

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

MSVCRT

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition

Sonic Focus

SopCast 3.5.0

swMSM

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Veetle TV

Visual Studio 2008 x64 Redistributables

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

WinFlash

Wireless Console 3

.

==== Event Viewer Messages From Past Week ========

.

21/05/2012 22:29:06, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Kaspersky Anti-Virus Service service, but this action failed with the following error: An instance of the service is already running.

21/05/2012 22:28:55, Error: Service Control Manager [7031] - The Kaspersky Anti-Virus Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

21/05/2012 22:03:50, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.

21/05/2012 22:03:19, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

21/05/2012 22:03:19, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.

21/05/2012 22:03:03, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: mtqjxm nckkof rqkdql zlnimc

21/05/2012 22:02:55, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.

21/05/2012 22:02:49, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

21/05/2012 08:10:13, Error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).

20/05/2012 22:40:25, Error: Service Control Manager [7034] - The Kaspersky Anti-Virus Service service terminated unexpectedly. It has done this 1 time(s).

20/05/2012 22:35:37, Error: Microsoft-Windows-HttpEvent [15005] - Unable to bind to the underlying transport for [::]:2869. The IP Listen-Only list may contain a reference to an interface which may not exist on this machine. The data field contains the error number.

20/05/2012 21:14:31, Error: Microsoft-Windows-WMPNSS-Service [14353] - A media delivery engine with ID '0' was not initialized due to error '0x80070005' when adding the URL 'http://+:10243/WMPNSSv4/1460252906/'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.

20/05/2012 21:14:31, Error: Microsoft-Windows-WMPNSS-Service [14349] - A new media server was not initialized because the Windows Media Delivery Engine did not initialize due to error '0x80070005'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.

20/05/2012 21:14:31, Error: Microsoft-Windows-HttpEvent [15005] - Unable to bind to the underlying transport for [::]:10243. The IP Listen-Only list may contain a reference to an interface which may not exist on this machine. The data field contains the error number.

20/05/2012 21:14:26, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891

20/05/2012 21:14:26, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891

20/05/2012 21:14:26, Error: Microsoft-Windows-HttpEvent [15005] - Unable to bind to the underlying transport for [::]:5357. The IP Listen-Only list may contain a reference to an interface which may not exist on this machine. The data field contains the error number.

20/05/2012 15:29:31, Error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.

20/05/2012 12:29:18, Error: Service Control Manager [7030] - The ESET Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

20/05/2012 12:19:34, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

20/05/2012 12:19:34, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

20/05/2012 12:19:20, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

19/05/2012 22:41:09, Error: bowser [8003] - The master browser has received a server announcement from the computer DON-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{92573831-2570-4C59-ADF1-1A14ED76B4B8}. The master browser is stopping or an election is being forced.

18/05/2012 20:56:52, Error: bowser [8003] - The master browser has received a server announcement from the computer SHAZIABEGUM-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{E770E0E5-94C4-4017-9506-3E59BBEB4F26}. The master browser is stopping or an election is being forced.

16/05/2012 19:23:43, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: mtqjxm nckkof rqkdql

15/05/2012 23:16:30, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070020: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2604115).

15/05/2012 22:44:09, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AVGIDSHA mtqjxm nckkof rqkdql

15/05/2012 22:32:50, Error: Service Control Manager [7034] - The AVGIDSAgent service terminated unexpectedly. It has done this 1 time(s).

15/05/2012 22:32:10, Error: Service Control Manager [7024] - The AVG WatchDog service terminated with service-specific error %%-536805315.

15/05/2012 22:21:42, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

15/05/2012 22:07:30, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.0.104. The computer with the IP address 192.168.0.103 did not allow the name to be claimed by this computer.

.

==== End Of File ===========================

D-FRED-BROWN · May 21, 2012

Hello TomSmith and welcome to Malwarebytes! :welcome:

I am D-FRED-BROWN and I will be helping you.

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

-------------

Please download to your Desktop:

TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

Click on the Start Scan button and wait for the scan and disinfection process to be over.
If an infected file is detected, the default action will be Cure, click on Continue
If a suspicious file is detected, the default action will be Skip, click on Continue
If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

In your next reply, please include the following (you may need to use two posts to get it all in):

TDSSKiller_log.txt

how the PC is running now?

-------------

Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.

Also, please let me know if any problems still remain.

-------------

Please download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-------------

In your next reply, please include:

TDSSKiller logfile
C:\ComboFix.txt
Security Check checkup.txt

How is your computer running now?

TomSmith · May 22, 2012

Comp is running better. I still think a few more checks are needed though.

11:43:40.0447 4700 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16

11:43:40.0712 4700 ============================================================

11:43:40.0712 4700 Current date / time: 2012/05/22 11:43:40.0712

11:43:40.0712 4700 SystemInfo:

11:43:40.0712 4700

11:43:40.0712 4700 OS Version: 6.1.7601 ServicePack: 1.0

11:43:40.0712 4700 Product type: Workstation

11:43:40.0712 4700 ComputerName: L-PC

11:43:40.0712 4700 UserName: l

11:43:40.0712 4700 Windows directory: C:\Windows

11:43:40.0712 4700 System windows directory: C:\Windows

11:43:40.0712 4700 Running under WOW64

11:43:40.0712 4700 Processor architecture: Intel x64

11:43:40.0712 4700 Number of processors: 4

11:43:40.0712 4700 Page size: 0x1000

11:43:40.0712 4700 Boot type: Normal boot

11:43:40.0712 4700 ============================================================

11:43:43.0629 4700 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

11:43:43.0660 4700 ============================================================

11:43:43.0660 4700 \Device\Harddisk0\DR0:

11:43:43.0660 4700 MBR partitions:

11:43:43.0660 4700 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2AF98B8, BlocksNum 0x47D5E1F8

11:43:43.0660 4700 ============================================================

11:43:43.0676 4700 C: <-> \Device\Harddisk0\DR0\Partition0

11:43:43.0676 4700 ============================================================

11:43:43.0676 4700 Initialize success

11:43:43.0676 4700 ============================================================

11:43:45.0252 2080 ============================================================

11:43:45.0252 2080 Scan started

11:43:45.0252 2080 Mode: Manual;

11:43:45.0252 2080 ============================================================

11:43:47.0467 2080 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

11:43:47.0482 2080 1394ohci - ok

11:43:47.0560 2080 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

11:43:47.0576 2080 ACPI - ok

11:43:47.0623 2080 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

11:43:47.0623 2080 AcpiPmi - ok

11:43:47.0763 2080 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

11:43:47.0763 2080 AdobeFlashPlayerUpdateSvc - ok

11:43:47.0841 2080 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

11:43:47.0872 2080 adp94xx - ok

11:43:47.0888 2080 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

11:43:47.0919 2080 adpahci - ok

11:43:47.0935 2080 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

11:43:47.0950 2080 adpu320 - ok

11:43:47.0982 2080 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

11:43:47.0997 2080 AeLookupSvc - ok

11:43:48.0075 2080 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

11:43:48.0091 2080 AFD - ok

11:43:48.0138 2080 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

11:43:48.0153 2080 agp440 - ok

11:43:48.0184 2080 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

11:43:48.0184 2080 ALG - ok

11:43:48.0200 2080 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

11:43:48.0216 2080 aliide - ok

11:43:48.0247 2080 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

11:43:48.0247 2080 amdide - ok

11:43:48.0294 2080 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

11:43:48.0294 2080 AmdK8 - ok

11:43:48.0309 2080 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

11:43:48.0309 2080 AmdPPM - ok

11:43:48.0356 2080 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

11:43:48.0372 2080 amdsata - ok

11:43:48.0403 2080 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

11:43:48.0418 2080 amdsbs - ok

11:43:48.0450 2080 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

11:43:48.0450 2080 amdxata - ok

11:43:48.0496 2080 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

11:43:48.0496 2080 AppID - ok

11:43:48.0528 2080 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

11:43:48.0528 2080 AppIDSvc - ok

11:43:48.0590 2080 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

11:43:48.0590 2080 Appinfo - ok

11:43:48.0668 2080 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

11:43:48.0668 2080 arc - ok

11:43:48.0684 2080 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

11:43:48.0684 2080 arcsas - ok

11:43:48.0808 2080 ASLDRService (18e5c2f937f9deb8c282df66a3761925) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

11:43:48.0808 2080 ASLDRService - ok

11:43:48.0840 2080 ASMMAP64 (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys

11:43:48.0840 2080 ASMMAP64 - ok

11:43:48.0855 2080 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

11:43:48.0855 2080 AsyncMac - ok

11:43:48.0886 2080 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

11:43:48.0886 2080 atapi - ok

11:43:49.0042 2080 athr (a5e770426d18f8ef332a593f3289da91) C:\Windows\system32\DRIVERS\athrx.sys

11:43:49.0261 2080 athr - ok

11:43:49.0386 2080 ATKGFNEXSrv (7910158929571214a959d5a6d16dd9c0) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

11:43:49.0386 2080 ATKGFNEXSrv - ok

11:43:49.0417 2080 ATKWMIACPIIO (ac31727f9946e9009480708e4d1b9986) C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys

11:43:49.0417 2080 ATKWMIACPIIO - ok

11:43:49.0588 2080 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

11:43:49.0635 2080 AudioEndpointBuilder - ok

11:43:49.0651 2080 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

11:43:49.0651 2080 AudioSrv - ok

11:43:49.0729 2080 avchv (4c6bcc638798abe1f70afca70d889c3f) C:\Windows\system32\DRIVERS\avchv.sys

11:43:49.0744 2080 avchv - ok

11:43:49.0963 2080 AVP (2718dc27571bd1e37813f5759d2dc118) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe

11:43:49.0978 2080 AVP - ok

11:43:50.0025 2080 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

11:43:50.0025 2080 AxInstSV - ok

11:43:50.0103 2080 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

11:43:50.0119 2080 b06bdrv - ok

11:43:50.0181 2080 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

11:43:50.0197 2080 b57nd60a - ok

11:43:50.0275 2080 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

11:43:50.0290 2080 BDESVC - ok

11:43:50.0322 2080 bdsandbox (31571d77c6186ad228f52ee4ebdf8ee9) C:\Windows\system32\drivers\bdsandbox.sys

11:43:50.0337 2080 bdsandbox - ok

11:43:50.0337 2080 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

11:43:50.0353 2080 Beep - ok

11:43:50.0446 2080 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

11:43:50.0478 2080 BFE - ok

11:43:50.0571 2080 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll

11:43:50.0618 2080 BITS - ok

11:43:50.0680 2080 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

11:43:50.0696 2080 blbdrive - ok

11:43:50.0743 2080 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

11:43:50.0743 2080 bowser - ok

11:43:50.0774 2080 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

11:43:50.0774 2080 BrFiltLo - ok

11:43:50.0774 2080 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

11:43:50.0790 2080 BrFiltUp - ok

11:43:50.0836 2080 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys

11:43:50.0852 2080 BridgeMP - ok

11:43:50.0883 2080 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

11:43:50.0883 2080 Browser - ok

11:43:50.0930 2080 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

11:43:50.0930 2080 Brserid - ok

11:43:50.0946 2080 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

11:43:50.0961 2080 BrSerWdm - ok

11:43:50.0977 2080 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

11:43:50.0977 2080 BrUsbMdm - ok

11:43:50.0992 2080 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

11:43:50.0992 2080 BrUsbSer - ok

11:43:51.0070 2080 BtFilter (0f4c980b9612abdb25bcabf0c660c058) C:\Windows\system32\DRIVERS\btfilter.sys

11:43:51.0070 2080 BtFilter - ok

11:43:51.0102 2080 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

11:43:51.0117 2080 BTHMODEM - ok

11:43:51.0164 2080 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys

11:43:51.0180 2080 BTHPORT - ok

11:43:51.0242 2080 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

11:43:51.0242 2080 bthserv - ok

11:43:51.0273 2080 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys

11:43:51.0273 2080 BTHUSB - ok

11:43:51.0320 2080 catchme - ok

11:43:51.0367 2080 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

11:43:51.0367 2080 cdfs - ok

11:43:51.0429 2080 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys

11:43:51.0445 2080 cdrom - ok

11:43:51.0507 2080 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

11:43:51.0523 2080 CertPropSvc - ok

11:43:51.0554 2080 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

11:43:51.0570 2080 circlass - ok

11:43:51.0632 2080 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

11:43:51.0632 2080 CLFS - ok

11:43:51.0710 2080 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

11:43:51.0710 2080 clr_optimization_v2.0.50727_32 - ok

11:43:51.0757 2080 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

11:43:51.0757 2080 clr_optimization_v2.0.50727_64 - ok

11:43:51.0850 2080 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

11:43:51.0866 2080 clr_optimization_v4.0.30319_32 - ok

11:43:51.0928 2080 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

11:43:51.0928 2080 clr_optimization_v4.0.30319_64 - ok

11:43:51.0975 2080 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

11:43:51.0991 2080 CmBatt - ok

11:43:52.0006 2080 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

11:43:52.0022 2080 cmdide - ok

11:43:52.0084 2080 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

11:43:52.0100 2080 CNG - ok

11:43:52.0162 2080 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

11:43:52.0178 2080 Compbatt - ok

11:43:52.0240 2080 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

11:43:52.0256 2080 CompositeBus - ok

11:43:52.0287 2080 COMSysApp - ok

11:43:52.0521 2080 cphs (df3e8c2c443d3618260dff5705ce2df5) C:\Windows\SysWow64\IntelCpHeciSvc.exe

11:43:52.0521 2080 cphs - ok

11:43:52.0552 2080 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

11:43:52.0568 2080 crcdisk - ok

11:43:52.0646 2080 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll

11:43:52.0662 2080 CryptSvc - ok

11:43:52.0740 2080 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

11:43:52.0755 2080 DcomLaunch - ok

11:43:52.0802 2080 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

11:43:52.0818 2080 defragsvc - ok

11:43:52.0864 2080 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

11:43:52.0864 2080 DfsC - ok

11:43:52.0927 2080 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

11:43:52.0942 2080 Dhcp - ok

11:43:52.0974 2080 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

11:43:52.0974 2080 discache - ok

11:43:53.0005 2080 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

11:43:53.0005 2080 Disk - ok

11:43:53.0036 2080 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

11:43:53.0052 2080 Dnscache - ok

11:43:53.0083 2080 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

11:43:53.0098 2080 dot3svc - ok

11:43:53.0145 2080 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

11:43:53.0161 2080 DPS - ok

11:43:53.0192 2080 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

11:43:53.0208 2080 drmkaud - ok

11:43:53.0286 2080 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

11:43:53.0317 2080 DXGKrnl - ok

11:43:53.0364 2080 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

11:43:53.0379 2080 EapHost - ok

11:43:53.0535 2080 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

11:43:53.0676 2080 ebdrv - ok

11:43:53.0816 2080 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

11:43:53.0816 2080 EFS - ok

11:43:53.0910 2080 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

11:43:53.0925 2080 ehRecvr - ok

11:43:53.0972 2080 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

11:43:53.0972 2080 ehSched - ok

11:43:54.0050 2080 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

11:43:54.0081 2080 elxstor - ok

11:43:54.0112 2080 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

11:43:54.0128 2080 ErrDev - ok

11:43:54.0206 2080 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

11:43:54.0222 2080 EventSystem - ok

11:43:54.0284 2080 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

11:43:54.0284 2080 exfat - ok

11:43:54.0315 2080 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

11:43:54.0315 2080 fastfat - ok

11:43:54.0393 2080 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

11:43:54.0440 2080 Fax - ok

11:43:54.0440 2080 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

11:43:54.0456 2080 fdc - ok

11:43:54.0502 2080 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

11:43:54.0502 2080 fdPHost - ok

11:43:54.0518 2080 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

11:43:54.0518 2080 FDResPub - ok

11:43:54.0534 2080 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

11:43:54.0549 2080 FileInfo - ok

11:43:54.0565 2080 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

11:43:54.0565 2080 Filetrace - ok

11:43:54.0580 2080 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

11:43:54.0580 2080 flpydisk - ok

11:43:54.0627 2080 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

11:43:54.0643 2080 FltMgr - ok

11:43:54.0721 2080 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

11:43:54.0768 2080 FontCache - ok

11:43:54.0846 2080 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

11:43:54.0846 2080 FontCache3.0.0.0 - ok

11:43:54.0892 2080 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

11:43:54.0892 2080 FsDepends - ok

11:43:54.0924 2080 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

11:43:54.0924 2080 Fs_Rec - ok

11:43:54.0986 2080 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

11:43:54.0986 2080 fvevol - ok

11:43:55.0033 2080 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

11:43:55.0033 2080 gagp30kx - ok

11:43:55.0111 2080 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

11:43:55.0158 2080 gpsvc - ok

11:43:55.0189 2080 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

11:43:55.0189 2080 hcw85cir - ok

11:43:55.0267 2080 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

11:43:55.0283 2080 HdAudAddService - ok

11:43:55.0329 2080 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

11:43:55.0329 2080 HDAudBus - ok

11:43:55.0345 2080 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

11:43:55.0345 2080 HidBatt - ok

11:43:55.0376 2080 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

11:43:55.0407 2080 HidBth - ok

11:43:55.0423 2080 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

11:43:55.0423 2080 HidIr - ok

11:43:55.0485 2080 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll

11:43:55.0485 2080 hidserv - ok

11:43:55.0532 2080 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys

11:43:55.0548 2080 HidUsb - ok

11:43:55.0595 2080 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

11:43:55.0595 2080 hkmsvc - ok

11:43:55.0673 2080 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

11:43:55.0673 2080 HomeGroupListener - ok

11:43:55.0719 2080 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

11:43:55.0735 2080 HomeGroupProvider - ok

11:43:55.0782 2080 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

11:43:55.0782 2080 HpSAMD - ok

11:43:55.0875 2080 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

11:43:55.0907 2080 HTTP - ok

11:43:55.0953 2080 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

11:43:55.0953 2080 hwpolicy - ok

11:43:56.0016 2080 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

11:43:56.0016 2080 i8042prt - ok

11:43:56.0094 2080 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

11:43:56.0125 2080 iaStorV - ok

11:43:56.0234 2080 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

11:43:56.0250 2080 idsvc - ok

11:43:57.0045 2080 igfx (276ee9cdab16c50e1df0e4cefa882f5f) C:\Windows\system32\DRIVERS\igdkmd64.sys

11:43:57.0529 2080 igfx - ok

11:43:58.0106 2080 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

11:43:58.0106 2080 iirsp - ok

11:43:58.0184 2080 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

11:43:58.0215 2080 IKEEXT - ok

11:43:58.0278 2080 IntcAzAudAddService - ok

11:43:58.0325 2080 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys

11:43:58.0340 2080 IntcDAud - ok

11:43:58.0371 2080 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

11:43:58.0371 2080 intelide - ok

11:43:58.0387 2080 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

11:43:58.0387 2080 intelppm - ok

11:43:58.0434 2080 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

11:43:58.0449 2080 IPBusEnum - ok

11:43:58.0481 2080 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

11:43:58.0481 2080 IpFilterDriver - ok

11:43:58.0574 2080 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

11:43:58.0590 2080 iphlpsvc - ok

11:43:58.0637 2080 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

11:43:58.0637 2080 IPMIDRV - ok

11:43:58.0683 2080 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

11:43:58.0683 2080 IPNAT - ok

11:43:58.0699 2080 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

11:43:58.0699 2080 IRENUM - ok

11:43:58.0715 2080 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

11:43:58.0730 2080 isapnp - ok

11:43:58.0746 2080 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

11:43:58.0761 2080 iScsiPrt - ok

11:43:58.0808 2080 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

11:43:58.0808 2080 kbdclass - ok

11:43:58.0839 2080 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

11:43:58.0855 2080 kbdhid - ok

11:43:58.0886 2080 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

11:43:58.0886 2080 KeyIso - ok

11:43:58.0980 2080 KL1 (e656fe10d6d27794afa08136685a69e8) C:\Windows\system32\DRIVERS\kl1.sys

11:43:59.0011 2080 KL1 - ok

11:43:59.0011 2080 kl2 (d865dd8b0448e3f963d68c04c532858f) C:\Windows\system32\DRIVERS\kl2.sys

11:43:59.0027 2080 kl2 - ok

11:43:59.0105 2080 KLIF (c7d4f357c482dd37e2b05f34093b7b0c) C:\Windows\system32\DRIVERS\klif.sys

11:43:59.0136 2080 KLIF - ok

11:43:59.0198 2080 KLIM6 (89fb5a33d7171b6d84f5eb721d5055e1) C:\Windows\system32\DRIVERS\klim6.sys

11:43:59.0198 2080 KLIM6 - ok

11:43:59.0245 2080 klmouflt (9468d07e91ba136d82415f5dfc1fe168) C:\Windows\system32\DRIVERS\klmouflt.sys

11:43:59.0245 2080 klmouflt - ok

11:43:59.0292 2080 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

11:43:59.0292 2080 KSecDD - ok

11:43:59.0323 2080 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

11:43:59.0339 2080 KSecPkg - ok

11:43:59.0385 2080 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

11:43:59.0385 2080 ksthunk - ok

11:43:59.0432 2080 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

11:43:59.0448 2080 KtmRm - ok

11:43:59.0510 2080 L1C (655a5d8e80869781cce23760ada7e695) C:\Windows\system32\DRIVERS\L1C62x64.sys

11:43:59.0510 2080 L1C - ok

11:43:59.0604 2080 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll

11:43:59.0619 2080 LanmanServer - ok

11:43:59.0682 2080 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

11:43:59.0682 2080 LanmanWorkstation - ok

11:43:59.0760 2080 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

11:43:59.0760 2080 lltdio - ok

11:43:59.0791 2080 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

11:43:59.0807 2080 lltdsvc - ok

11:43:59.0853 2080 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

11:43:59.0853 2080 lmhosts - ok

11:43:59.0963 2080 LMS (7f32d4c47a50e7223491e8fb9359907d) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

11:43:59.0978 2080 LMS - ok

11:44:00.0025 2080 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

11:44:00.0041 2080 LSI_FC - ok

11:44:00.0056 2080 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

11:44:00.0072 2080 LSI_SAS - ok

11:44:00.0087 2080 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

11:44:00.0087 2080 LSI_SAS2 - ok

11:44:00.0103 2080 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

11:44:00.0103 2080 LSI_SCSI - ok

11:44:00.0165 2080 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

11:44:00.0181 2080 luafv - ok

11:44:00.0212 2080 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys

11:44:00.0228 2080 MBAMProtector - ok

11:44:00.0306 2080 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

11:44:00.0321 2080 MBAMService - ok

11:44:00.0384 2080 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

11:44:00.0384 2080 Mcx2Svc - ok

11:44:00.0415 2080 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

11:44:00.0415 2080 megasas - ok

11:44:00.0462 2080 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

11:44:00.0462 2080 MegaSR - ok

11:44:00.0524 2080 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys

11:44:00.0524 2080 MEIx64 - ok

11:44:00.0727 2080 Microsoft SharePoint Workspace Audit Service - ok

11:44:00.0774 2080 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

11:44:00.0774 2080 MMCSS - ok

11:44:00.0805 2080 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

11:44:00.0821 2080 Modem - ok

11:44:00.0836 2080 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

11:44:00.0836 2080 monitor - ok

11:44:00.0883 2080 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

11:44:00.0883 2080 mouclass - ok

11:44:00.0914 2080 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

11:44:00.0914 2080 mouhid - ok

11:44:00.0977 2080 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

11:44:00.0977 2080 mountmgr - ok

11:44:01.0023 2080 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

11:44:01.0039 2080 mpio - ok

11:44:01.0055 2080 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

11:44:01.0055 2080 mpsdrv - ok

11:44:01.0117 2080 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

11:44:01.0164 2080 MpsSvc - ok

11:44:01.0211 2080 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

11:44:01.0211 2080 MRxDAV - ok

11:44:01.0273 2080 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

11:44:01.0273 2080 mrxsmb - ok

11:44:01.0320 2080 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

11:44:01.0335 2080 mrxsmb10 - ok

11:44:01.0367 2080 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

11:44:01.0367 2080 mrxsmb20 - ok

11:44:01.0413 2080 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

11:44:01.0429 2080 msahci - ok

11:44:01.0460 2080 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

11:44:01.0460 2080 msdsm - ok

11:44:01.0507 2080 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

11:44:01.0523 2080 MSDTC - ok

11:44:01.0569 2080 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

11:44:01.0569 2080 Msfs - ok

11:44:01.0601 2080 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

11:44:01.0601 2080 mshidkmdf - ok

11:44:01.0632 2080 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

11:44:01.0632 2080 msisadrv - ok

11:44:01.0679 2080 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

11:44:01.0694 2080 MSiSCSI - ok

11:44:01.0694 2080 msiserver - ok

11:44:01.0741 2080 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

11:44:01.0741 2080 MSKSSRV - ok

11:44:01.0757 2080 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

11:44:01.0757 2080 MSPCLOCK - ok

11:44:01.0757 2080 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

11:44:01.0757 2080 MSPQM - ok

11:44:01.0819 2080 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

11:44:01.0819 2080 MsRPC - ok

11:44:01.0850 2080 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

11:44:01.0866 2080 mssmbios - ok

11:44:01.0881 2080 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

11:44:01.0881 2080 MSTEE - ok

11:44:01.0897 2080 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

11:44:01.0897 2080 MTConfig - ok

11:44:01.0944 2080 mtqjxm - ok

11:44:01.0959 2080 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

11:44:01.0959 2080 Mup - ok

11:44:02.0053 2080 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

11:44:02.0069 2080 napagent - ok

11:44:02.0147 2080 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

11:44:02.0147 2080 NativeWifiP - ok

11:44:02.0162 2080 nckkof - ok

11:44:02.0256 2080 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

11:44:02.0303 2080 NDIS - ok

11:44:02.0349 2080 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

11:44:02.0349 2080 NdisCap - ok

11:44:02.0365 2080 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

11:44:02.0365 2080 NdisTapi - ok

11:44:02.0427 2080 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

11:44:02.0427 2080 Ndisuio - ok

11:44:02.0474 2080 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

11:44:02.0490 2080 NdisWan - ok

11:44:02.0505 2080 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

11:44:02.0505 2080 NDProxy - ok

11:44:02.0537 2080 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

11:44:02.0552 2080 NetBIOS - ok

11:44:02.0599 2080 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

11:44:02.0615 2080 NetBT - ok

11:44:02.0646 2080 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

11:44:02.0646 2080 Netlogon - ok

11:44:02.0708 2080 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

11:44:02.0724 2080 Netman - ok

11:44:02.0755 2080 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

11:44:02.0786 2080 netprofm - ok

11:44:02.0864 2080 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

11:44:02.0864 2080 NetTcpPortSharing - ok

11:44:02.0911 2080 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

11:44:02.0911 2080 nfrd960 - ok

11:44:03.0207 2080 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

11:44:03.0223 2080 NlaSvc - ok

11:44:03.0239 2080 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

11:44:03.0239 2080 Npfs - ok

11:44:03.0270 2080 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

11:44:03.0301 2080 nsi - ok

11:44:03.0317 2080 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

11:44:03.0332 2080 nsiproxy - ok

11:44:03.0441 2080 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

11:44:03.0504 2080 Ntfs - ok

11:44:03.0644 2080 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

11:44:03.0660 2080 Null - ok

11:44:03.0707 2080 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

11:44:03.0722 2080 nvraid - ok

11:44:03.0769 2080 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

11:44:03.0785 2080 nvstor - ok

11:44:03.0831 2080 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

11:44:03.0831 2080 nv_agp - ok

11:44:03.0878 2080 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

11:44:03.0894 2080 ohci1394 - ok

11:44:04.0003 2080 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

11:44:04.0003 2080 ose - ok

11:44:04.0299 2080 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

11:44:04.0377 2080 osppsvc - ok

11:44:04.0518 2080 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

11:44:04.0533 2080 p2pimsvc - ok

11:44:04.0580 2080 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

11:44:04.0596 2080 p2psvc - ok

11:44:04.0643 2080 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

11:44:04.0658 2080 Parport - ok

11:44:04.0689 2080 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys

11:44:04.0689 2080 partmgr - ok

11:44:04.0705 2080 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

11:44:04.0721 2080 PcaSvc - ok

11:44:04.0783 2080 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

11:44:04.0799 2080 pci - ok

11:44:04.0830 2080 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

11:44:04.0830 2080 pciide - ok

11:44:04.0861 2080 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

11:44:04.0877 2080 pcmcia - ok

11:44:04.0877 2080 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

11:44:04.0892 2080 pcw - ok

11:44:04.0955 2080 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

11:44:04.0970 2080 PEAUTH - ok

11:44:05.0095 2080 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

11:44:05.0095 2080 PerfHost - ok

11:44:05.0204 2080 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

11:44:05.0267 2080 pla - ok

11:44:05.0329 2080 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

11:44:05.0345 2080 PlugPlay - ok

11:44:05.0391 2080 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

11:44:05.0391 2080 PNRPAutoReg - ok

11:44:05.0438 2080 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

11:44:05.0454 2080 PNRPsvc - ok

11:44:05.0516 2080 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

11:44:05.0532 2080 PolicyAgent - ok

11:44:05.0594 2080 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

11:44:05.0610 2080 Power - ok

11:44:05.0688 2080 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

11:44:05.0688 2080 PptpMiniport - ok

11:44:05.0719 2080 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

11:44:05.0719 2080 Processor - ok

11:44:05.0766 2080 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll

11:44:05.0781 2080 ProfSvc - ok

11:44:05.0797 2080 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

11:44:05.0813 2080 ProtectedStorage - ok

11:44:05.0828 2080 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

11:44:05.0844 2080 Psched - ok

11:44:05.0937 2080 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

11:44:06.0047 2080 ql2300 - ok

11:44:06.0187 2080 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

11:44:06.0203 2080 ql40xx - ok

11:44:06.0234 2080 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

11:44:06.0249 2080 QWAVE - ok

11:44:06.0265 2080 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

11:44:06.0265 2080 QWAVEdrv - ok

11:44:06.0281 2080 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

11:44:06.0281 2080 RasAcd - ok

11:44:06.0312 2080 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

11:44:06.0327 2080 RasAgileVpn - ok

11:44:06.0359 2080 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

11:44:06.0359 2080 RasAuto - ok

11:44:06.0405 2080 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

11:44:06.0421 2080 Rasl2tp - ok

11:44:06.0452 2080 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

11:44:06.0468 2080 RasMan - ok

11:44:06.0483 2080 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

11:44:06.0483 2080 RasPppoe - ok

11:44:06.0499 2080 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

11:44:06.0515 2080 RasSstp - ok

11:44:06.0561 2080 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

11:44:06.0577 2080 rdbss - ok

11:44:06.0577 2080 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

11:44:06.0577 2080 rdpbus - ok

11:44:06.0608 2080 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

11:44:06.0608 2080 RDPCDD - ok

11:44:06.0624 2080 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

11:44:06.0624 2080 RDPENCDD - ok

11:44:06.0639 2080 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

11:44:06.0639 2080 RDPREFMP - ok

11:44:06.0717 2080 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys

11:44:06.0733 2080 RDPWD - ok

11:44:06.0749 2080 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

11:44:06.0764 2080 rdyboost - ok

11:44:06.0811 2080 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

11:44:06.0811 2080 RemoteAccess - ok

11:44:06.0858 2080 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

11:44:06.0873 2080 RemoteRegistry - ok

11:44:06.0905 2080 Revoflt (9c3ac71a9934b884fac567a8807e9c4d) C:\Windows\system32\DRIVERS\revoflt.sys

11:44:06.0920 2080 Revoflt - ok

11:44:06.0967 2080 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

11:44:06.0967 2080 RpcEptMapper - ok

11:44:07.0014 2080 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

11:44:07.0014 2080 RpcLocator - ok

11:44:07.0061 2080 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

11:44:07.0076 2080 RpcSs - ok

11:44:07.0123 2080 rqkdql - ok

11:44:07.0170 2080 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

11:44:07.0170 2080 rspndr - ok

11:44:07.0201 2080 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

11:44:07.0201 2080 SamSs - ok

11:44:07.0248 2080 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

11:44:07.0248 2080 sbp2port - ok

11:44:07.0295 2080 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

11:44:07.0310 2080 SCardSvr - ok

11:44:07.0341 2080 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

11:44:07.0357 2080 scfilter - ok

11:44:07.0435 2080 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

11:44:07.0482 2080 Schedule - ok

11:44:07.0529 2080 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

11:44:07.0529 2080 SCPolicySvc - ok

11:44:07.0575 2080 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

11:44:07.0591 2080 SDRSVC - ok

11:44:07.0653 2080 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

11:44:07.0653 2080 secdrv - ok

11:44:07.0669 2080 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

11:44:07.0669 2080 seclogon - ok

11:44:07.0716 2080 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll

11:44:07.0731 2080 SENS - ok

11:44:07.0731 2080 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

11:44:07.0747 2080 SensrSvc - ok

11:44:07.0747 2080 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

11:44:07.0763 2080 Serenum - ok

11:44:07.0778 2080 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

11:44:07.0794 2080 Serial - ok

11:44:07.0887 2080 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

11:44:07.0903 2080 sermouse - ok

11:44:07.0950 2080 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

11:44:07.0965 2080 SessionEnv - ok

11:44:07.0997 2080 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

11:44:07.0997 2080 sffdisk - ok

11:44:08.0012 2080 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

11:44:08.0028 2080 sffp_mmc - ok

11:44:08.0028 2080 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

11:44:08.0028 2080 sffp_sd - ok

11:44:08.0059 2080 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

11:44:08.0059 2080 sfloppy - ok

11:44:08.0121 2080 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

11:44:08.0137 2080 SharedAccess - ok

11:44:08.0184 2080 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

11:44:08.0199 2080 ShellHWDetection - ok

11:44:08.0231 2080 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

11:44:08.0246 2080 SiSRaid2 - ok

11:44:08.0262 2080 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

11:44:08.0262 2080 SiSRaid4 - ok

11:44:08.0293 2080 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

11:44:08.0293 2080 Smb - ok

11:44:08.0371 2080 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

11:44:08.0371 2080 SNMPTRAP - ok

11:44:08.0387 2080 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

11:44:08.0387 2080 spldr - ok

11:44:08.0449 2080 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

11:44:08.0480 2080 Spooler - ok

11:44:08.0683 2080 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

11:44:08.0792 2080 sppsvc - ok

11:44:08.0964 2080 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

11:44:08.0964 2080 sppuinotify - ok

11:44:09.0042 2080 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

11:44:09.0057 2080 srv - ok

11:44:09.0089 2080 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

11:44:09.0104 2080 srv2 - ok

11:44:09.0135 2080 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

11:44:09.0135 2080 srvnet - ok

11:44:09.0182 2080 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

11:44:09.0198 2080 SSDPSRV - ok

11:44:09.0213 2080 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

11:44:09.0213 2080 SstpSvc - ok

11:44:09.0260 2080 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

11:44:09.0276 2080 stexstor - ok

11:44:09.0853 2080 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

11:44:09.0884 2080 stisvc - ok

11:44:09.0915 2080 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

11:44:09.0931 2080 swenum - ok

11:44:09.0962 2080 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

11:44:09.0993 2080 swprv - ok

11:44:10.0103 2080 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

11:44:10.0149 2080 SysMain - ok

11:44:10.0290 2080 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

11:44:10.0290 2080 TabletInputService - ok

11:44:10.0337 2080 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

11:44:10.0352 2080 TapiSrv - ok

11:44:10.0415 2080 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

11:44:10.0493 2080 TBS - ok

11:44:15.0438 2080 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys

11:44:15.0516 2080 Tcpip - ok

11:44:16.0920 2080 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys

11:44:16.0951 2080 TCPIP6 - ok

11:44:17.0107 2080 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

11:44:17.0107 2080 tcpipreg - ok

11:44:17.0154 2080 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

11:44:17.0154 2080 TDPIPE - ok

11:44:17.0185 2080 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

11:44:17.0201 2080 TDTCP - ok

11:44:17.0247 2080 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

11:44:17.0247 2080 tdx - ok

11:44:17.0294 2080 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

11:44:17.0294 2080 TermDD - ok

11:44:17.0357 2080 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

11:44:17.0388 2080 TermService - ok

11:44:17.0419 2080 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

11:44:17.0419 2080 Themes - ok

11:44:17.0450 2080 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

11:44:17.0450 2080 THREADORDER - ok

11:44:17.0481 2080 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

11:44:17.0481 2080 TrkWks - ok

11:44:17.0559 2080 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

11:44:17.0559 2080 TrustedInstaller - ok

11:44:17.0606 2080 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

11:44:17.0606 2080 tssecsrv - ok

11:44:17.0653 2080 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

11:44:17.0653 2080 TsUsbFlt - ok

11:44:17.0700 2080 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

11:44:17.0700 2080 tunnel - ok

11:44:17.0731 2080 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

11:44:17.0747 2080 uagp35 - ok

11:44:17.0778 2080 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

11:44:17.0793 2080 udfs - ok

11:44:17.0840 2080 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

11:44:17.0840 2080 UI0Detect - ok

11:44:17.0903 2080 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

11:44:17.0903 2080 uliagpkx - ok

11:44:17.0934 2080 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

11:44:17.0934 2080 umbus - ok

11:44:17.0965 2080 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

11:44:17.0965 2080 UmPass - ok

11:44:18.0230 2080 UNS (2c16648a12999ae69a9ebf41974b0ba2) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

11:44:18.0261 2080 UNS - ok

11:44:18.0402 2080 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

11:44:18.0433 2080 upnphost - ok

11:44:18.0495 2080 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

11:44:18.0495 2080 usbccgp - ok

11:44:18.0558 2080 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

11:44:18.0558 2080 usbcir - ok

11:44:18.0573 2080 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

11:44:18.0573 2080 usbehci - ok

11:44:18.0636 2080 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

11:44:18.0651 2080 usbhub - ok

11:44:18.0667 2080 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

11:44:18.0667 2080 usbohci - ok

11:44:18.0714 2080 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

11:44:18.0714 2080 usbprint - ok

11:44:18.0745 2080 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

11:44:18.0745 2080 USBSTOR - ok

11:44:18.0776 2080 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

11:44:18.0776 2080 usbuhci - ok

11:44:18.0823 2080 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys

11:44:18.0823 2080 usbvideo - ok

11:44:18.0885 2080 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

11:44:18.0885 2080 UxSms - ok

11:44:18.0948 2080 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

11:44:18.0948 2080 VaultSvc - ok

11:44:18.0979 2080 VBoxNetAdp (e705a3a384e7569fa2f1a3a29bdc5240) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys

11:44:18.0995 2080 VBoxNetAdp - ok

11:44:19.0026 2080 VBoxNetFlt - ok

11:44:19.0088 2080 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

11:44:19.0088 2080 vdrvroot - ok

11:44:19.0166 2080 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

11:44:19.0182 2080 vds - ok

11:44:19.0229 2080 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

11:44:19.0229 2080 vga - ok

11:44:19.0244 2080 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

11:44:19.0244 2080 VgaSave - ok

11:44:19.0291 2080 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

11:44:19.0307 2080 vhdmp - ok

11:44:19.0338 2080 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

11:44:19.0338 2080 viaide - ok

11:44:19.0353 2080 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

11:44:19.0369 2080 volmgr - ok

11:44:19.0431 2080 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

11:44:19.0447 2080 volmgrx - ok

11:44:19.0494 2080 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

11:44:19.0509 2080 volsnap - ok

11:44:19.0556 2080 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

11:44:19.0572 2080 vsmraid - ok

11:44:19.0665 2080 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

11:44:19.0759 2080 VSS - ok

11:44:19.0931 2080 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

11:44:19.0931 2080 vwifibus - ok

11:44:19.0962 2080 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

11:44:19.0962 2080 vwififlt - ok

11:44:20.0009 2080 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

11:44:20.0024 2080 W32Time - ok

11:44:20.0040 2080 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

11:44:20.0040 2080 WacomPen - ok

11:44:20.0102 2080 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

11:44:20.0102 2080 WANARP - ok

11:44:20.0102 2080 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

11:44:20.0102 2080 Wanarpv6 - ok

11:44:20.0211 2080 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

11:44:20.0367 2080 WatAdminSvc - ok

11:44:20.0477 2080 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

11:44:20.0586 2080 wbengine - ok

11:44:20.0726 2080 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

11:44:20.0742 2080 WbioSrvc - ok

11:44:20.0789 2080 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

11:44:20.0804 2080 wcncsvc - ok

11:44:20.0835 2080 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

11:44:20.0835 2080 WcsPlugInService - ok

11:44:20.0867 2080 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

11:44:20.0882 2080 Wd - ok

11:44:20.0945 2080 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

11:44:20.0976 2080 Wdf01000 - ok

11:44:21.0007 2080 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

11:44:21.0007 2080 WdiServiceHost - ok

11:44:21.0023 2080 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

11:44:21.0023 2080 WdiSystemHost - ok

11:44:21.0054 2080 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

11:44:21.0069 2080 WebClient - ok

11:44:21.0101 2080 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

11:44:21.0101 2080 Wecsvc - ok

11:44:21.0147 2080 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

11:44:21.0163 2080 wercplsupport - ok

11:44:21.0210 2080 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

11:44:21.0210 2080 WerSvc - ok

11:44:21.0272 2080 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

11:44:21.0272 2080 WfpLwf - ok

11:44:21.0272 2080 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

11:44:21.0288 2080 WIMMount - ok

11:44:21.0335 2080 WinDefend - ok

11:44:21.0335 2080 WinHttpAutoProxySvc - ok

11:44:21.0413 2080 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

11:44:21.0413 2080 Winmgmt - ok

11:44:21.0553 2080 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

11:44:21.0631 2080 WinRM - ok

11:44:21.0834 2080 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

11:44:21.0865 2080 Wlansvc - ok

11:44:22.0083 2080 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

11:44:22.0115 2080 wlidsvc - ok

11:44:22.0239 2080 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

11:44:22.0255 2080 WmiAcpi - ok

11:44:22.0317 2080 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

11:44:22.0333 2080 wmiApSrv - ok

11:44:22.0380 2080 WMPNetworkSvc - ok

11:44:22.0411 2080 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

11:44:22.0411 2080 WPCSvc - ok

11:44:22.0473 2080 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

11:44:22.0473 2080 WPDBusEnum - ok

11:44:22.0505 2080 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

11:44:22.0505 2080 ws2ifsl - ok

11:44:22.0551 2080 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll

11:44:22.0567 2080 wscsvc - ok

11:44:22.0567 2080 WSearch - ok

11:44:22.0723 2080 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll

11:44:22.0832 2080 wuauserv - ok

11:44:22.0988 2080 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

11:44:22.0988 2080 WudfPf - ok

11:44:23.0051 2080 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

11:44:23.0066 2080 WUDFRd - ok

11:44:23.0129 2080 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

11:44:23.0129 2080 wudfsvc - ok

11:44:23.0191 2080 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

11:44:23.0191 2080 WwanSvc - ok

11:44:23.0238 2080 zlnimc - ok

11:44:23.0285 2080 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

11:44:23.0565 2080 \Device\Harddisk0\DR0 - ok

11:44:23.0581 2080 Boot (0x1200) (34b22effe637c363c323d0f3b2978508) \Device\Harddisk0\DR0\Partition0

11:44:23.0581 2080 \Device\Harddisk0\DR0\Partition0 - ok

11:44:23.0581 2080 ============================================================

11:44:23.0581 2080 Scan finished

11:44:23.0581 2080 ============================================================

11:44:23.0597 2944 Detected object count: 0

11:44:23.0597 2944 Actual detected object count: 0

11:44:27.0403 4944 Deinitialize success

ComboFix 12-05-22.01 - l 22/05/2012 11:47:21.5.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3874.2363 [GMT 1:00]

Running from: c:\users\l\Desktop\ComboFix.exe

AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}

FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}

SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\users\Family\Desktop\PatchUp_Plus ½ÇÇà.lnk

c:\windows\Install

.

((((((((((((((((((((((((( Files Created from 2012-04-22 to 2012-05-22 )))))))))))))))))))))))))))))))

.

2012-05-22 10:56 . 2012-05-22 10:56 -------- d-----w- c:\users\Public\AppData\Local\temp

2012-05-22 10:56 . 2012-05-22 10:56 -------- d-----w- c:\users\Family\AppData\Local\temp

2012-05-22 10:56 . 2012-05-22 10:56 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-05-21 21:04 . 2012-05-21 21:04 -------- d-----w- c:\programdata\HitmanPro

2012-05-21 09:32 . 2012-05-21 09:32 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-05-21 09:32 . 2012-04-04 14:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-05-21 09:28 . 2012-05-22 10:57 -------- d-----w- c:\programdata\Kaspersky Lab

2012-05-21 09:28 . 2012-05-21 09:28 -------- d-----w- c:\program files (x86)\Kaspersky Lab

2012-05-20 21:26 . 2012-05-20 21:26 -------- d-----w- c:\windows\en

2012-05-20 21:16 . 2012-05-20 21:16 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ddeff91f1cd36cd01\DSETUP.dll

2012-05-20 21:16 . 2012-05-20 21:16 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ddeff91f1cd36cd01\DXSETUP.exe

2012-05-20 21:16 . 2012-05-20 21:16 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ddeff91f1cd36cd01\dsetup32.dll

2012-05-20 19:27 . 2012-05-20 19:27 165168 ----a-w- c:\windows\system32\drivers\kneps.sys

2012-05-18 21:11 . 2012-05-18 21:11 -------- d-----w- c:\programdata\Downloaded Installations

2012-05-18 21:10 . 2012-05-18 21:10 -------- d-----w- c:\program files (x86)\GFI Software

2012-05-18 20:05 . 2012-05-18 20:05 -------- d-----w- c:\users\l\AppData\Local\Babylon

2012-05-18 20:05 . 2012-05-18 20:05 -------- d-----w- c:\users\l\AppData\Roaming\Babylon

2012-05-16 20:20 . 2012-05-16 20:20 -------- d-----w- c:\users\l\AppData\Local\Mozilla

2012-05-15 21:54 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll

2012-05-15 21:54 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-05-15 21:54 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-15 21:54 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys

2012-05-15 21:54 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-05-15 21:54 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-05-15 21:47 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys

2012-05-15 21:40 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-05-15 21:16 . 2012-05-15 21:37 -------- d-----w- c:\users\l\AppData\Roaming\PPLive

2012-05-15 20:46 . 2012-05-15 21:29 -------- d-----w- c:\program files (x86)\Common Files\PPLiveNetwork

2012-05-15 20:39 . 2012-05-15 21:29 -------- d-----w- c:\users\l\AppData\Roaming\JPDesk

2012-05-12 20:43 . 2012-05-12 21:05 -------- d-----w- c:\windows\SysWow64\Adobe

2012-05-09 20:37 . 2012-05-09 20:37 -------- d-----w- c:\users\Family\AppData\Local\ESET

2012-05-08 20:51 . 2012-05-08 20:51 -------- d-----w- c:\users\l\AppData\Local\ESET

2012-05-08 19:21 . 2009-12-30 10:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys

2012-05-08 19:21 . 2012-05-08 19:21 -------- d-----w- c:\program files\VS Revo Group

2012-05-07 21:17 . 2012-05-19 21:58 -------- d-----w- c:\users\l\VirtualBox VMs

2012-05-07 21:16 . 2012-05-19 21:58 -------- d-----w- c:\users\l\.VirtualBox

2012-05-07 21:15 . 2012-04-12 17:12 224048 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys

2012-05-07 21:15 . 2012-04-12 17:12 130864 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys

2012-05-07 21:15 . 2012-05-19 22:00 -------- dc----w- c:\windows\system32\DRVSTORE

2012-05-04 17:36 . 2012-05-04 17:36 -------- d-----w- c:\users\l\DoctorWeb

2012-05-02 19:55 . 2012-05-02 19:55 -------- d-----w- c:\users\l\AppData\Roaming\EurekaLog

2012-05-02 19:55 . 2012-05-21 14:37 -------- d-----w- c:\users\l\AppData\Local\CrashDumps

2012-05-02 09:58 . 2012-05-15 21:30 -------- d-----w- c:\users\Family\AppData\Roaming\AVG2012

2012-05-01 21:35 . 2012-05-15 21:30 -------- d-----w- c:\programdata\Norton

2012-05-01 21:35 . 2012-05-01 21:40 -------- d-----w- c:\users\l\AppData\Local\NPE

2012-05-01 19:36 . 2012-05-01 19:36 12872 ----a-w- c:\windows\system32\bootdelete.exe

2012-04-30 07:54 . 2012-04-30 07:54 38288 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys

2012-04-29 15:06 . 2004-03-08 22:00 131856 ----a-w- c:\windows\SysWow64\MSADODC.ocx

2012-04-29 15:06 . 2004-05-11 08:56 423784 ----a-w- c:\windows\SysWow64\XceedBkp.dll

2012-04-29 15:06 . 2003-11-19 12:59 512688 ----a-w- c:\windows\SysWow64\XceedCry.dll

2012-04-29 15:06 . 2002-03-12 13:36 431872 ----a-w- c:\windows\SysWow64\SSInput1.ocx

2012-04-29 15:06 . 2002-03-04 11:27 1140472 ----a-w- c:\windows\SysWow64\IGUltraGrid20.ocx

2012-04-29 15:06 . 2001-04-20 00:28 28672 ----a-w- c:\windows\SysWow64\systray.ocx

2012-04-29 15:06 . 2000-07-14 22:00 118784 ----a-w- c:\windows\SysWow64\msstdfmt.dll

2012-04-29 15:06 . 2004-01-09 09:54 188416 ----a-w- c:\windows\SysWow64\actsplash.ocx

2012-04-29 15:06 . 2000-07-15 04:00 101888 ----a-w- c:\windows\SysWow64\VB6STKIT.DLL

2012-04-29 15:06 . 2000-05-22 14:58 608448 ----a-w- c:\windows\SysWow64\comctl32.ocx

2012-04-29 15:06 . 2000-05-22 04:00 647872 ----a-w- c:\windows\SysWow64\MSCOMCT2.OCX

2012-04-27 20:46 . 2012-04-27 20:46 -------- d-----w- c:\program files\HitmanPro

2012-04-22 21:22 . 2012-04-22 21:24 -------- d-----w- c:\users\l\AppData\Roaming\AVG

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-04 17:35 . 2012-04-06 20:43 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-05-04 17:35 . 2012-02-29 22:51 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-04 17:35 . 2012-04-14 14:35 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-04-15 13:56 . 2012-04-15 13:56 16200 ----a-w- c:\windows\stinger.sys

2012-04-12 17:12 . 2012-04-12 17:12 147248 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys

2012-04-09 12:03 . 2012-04-09 12:03 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll

2012-04-09 12:03 . 2012-04-09 12:03 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll

2012-04-09 12:03 . 2012-04-09 12:03 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll

2012-03-11 20:13 . 2012-03-11 20:13 577824 ----a-w- c:\windows\system32\drivers\cmdGuard.sys

2012-03-11 20:13 . 2012-03-11 20:13 43248 ----a-w- c:\windows\system32\drivers\cmdhlp.sys

2012-03-11 20:13 . 2012-03-11 20:13 22696 ----a-w- c:\windows\system32\drivers\cmderd.sys

2012-03-11 20:13 . 2012-03-11 20:13 41200 ----a-w- c:\windows\system32\cmdcsr.dll

2012-03-11 20:13 . 2012-03-11 20:13 301224 ----a-w- c:\windows\SysWow64\guard32.dll

2012-03-11 20:13 . 2012-03-11 20:13 389840 ----a-w- c:\windows\system32\guard64.dll

2012-03-08 17:50 . 2012-03-08 17:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll

2012-03-08 17:37 . 2012-03-08 17:37 302448 ----a-w- c:\windows\WLXPGSS.SCR

2012-03-06 23:15 . 2012-04-07 16:14 41184 ----a-w- c:\windows\avastSS.scr

2012-03-06 23:15 . 2012-04-07 16:14 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe

2012-03-02 21:55 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2012-03-02 21:55 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

2012-03-01 21:37 . 2011-03-28 18:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-03-01 06:46 . 2012-04-10 21:36 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-03-01 06:38 . 2012-04-10 21:36 220672 ----a-w- c:\windows\system32\wintrust.dll

2012-03-01 06:33 . 2012-04-10 21:36 81408 ----a-w- c:\windows\system32\imagehlp.dll

2012-03-01 06:28 . 2012-04-10 21:36 5120 ----a-w- c:\windows\system32\wmi.dll

2012-03-01 05:37 . 2012-04-10 21:36 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-03-01 05:33 . 2012-04-10 21:36 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-03-01 05:29 . 2012-04-10 21:36 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2012-02-28 06:39 . 2012-04-10 21:33 1188864 ----a-w- c:\windows\system32\wininet.dll

2012-02-28 05:38 . 2012-04-10 21:33 981504 ----a-w- c:\windows\SysWow64\wininet.dll

2012-02-28 04:31 . 2012-04-10 21:33 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2012-02-28 03:52 . 2012-04-10 21:33 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2011-10-18 2319536]

"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2011-07-21 5716608]

"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]

"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-24 202296]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

.

R0 mtqjxm;mtqjxm; [x]

R0 nckkof;nckkof; [x]

R0 rqkdql;rqkdql; [x]

R0 zlnimc;zlnimc; [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 257696]

R3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [x]

R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]

R3 cphs;Intel® Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-02-14 276248]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]

R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-05-25 17536]

S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]

S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]

S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

.

Contents of the 'Scheduled Tasks' folder

.

2012-05-22 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 17:35]

.

2012-05-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-202137972-4065337361-2662209299-1000Core.job

- c:\users\l\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-29 22:35]

.

2012-05-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-202137972-4065337361-2662209299-1000UA.job

- c:\users\l\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-29 22:35]

.

--------- x86-64 -----------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-14 170264]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-14 398616]

"Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-14 440600]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\windows\System32\guard64.dll

.

------- Supplementary Scan -------

.

uLocal Page = \blank.htm

uStart Page = hxxp://www.google.co.uk/

mStart Page = about:blank

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} -

TCP: DhcpNameServer = 192.168.0.1

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)

ShellIconOverlayIdentifiers-{152C96EB-288E-4EDC-B7C6-D21F8250ADF3} - (no file)

ShellIconOverlayIdentifiers-{342DAA0B-D796-460D-8566-901E08A1CCAD} - (no file)

ShellIconOverlayIdentifiers-{57595DAE-1AE1-4D97-A49E-67CBB53B52DF} - (no file)

ShellIconOverlayIdentifiers-{33816773-98AE-4723-ADE0-EBE54C8B5A67} - (no file)

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

"Key"="ActionsPane3"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0]

"Key"="http://schemas.microsoft.com/office/smartdocuments/2003"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0\{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}\Alias]

"0"="Microsoft Actions Pane 3"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Completion time: 2012-05-22 12:05:04 - machine was rebooted

ComboFix-quarantined-files.txt 2012-05-22 11:05

.

Pre-Run: 574,500,401,152 bytes free

Post-Run: 574,071,533,568 bytes free

.

- - End Of File - - 38C8978AF93416603D6846F0DBBAEDB9

TomSmith · May 22, 2012

Results of screen317's Security Check version 0.99.34

Windows 7 x64 (UAC is disabled!)

Internet Explorer 8 Out of date!

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Disabled!

Kaspersky Internet Security 2012

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes Anti-Malware version 1.61.0.1400

````````````````````````````````

Process Check:

objlist.exe by Laurent

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

Kaspersky Lab Kaspersky Internet Security 2012 avp.exe

``````````End of Log````````````

D-FRED-BROWN · May 22, 2012

Looking better!

Let's see if we can take care of some suspicious files :

Please do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KILLALL::
File::
C:\Windows\System32\Drivers\mtqjxm.sys
C:\Windows\System32\Drivers\nckkof.sys
C:\Windows\System32\Drivers\rqkdql.sys
C:\Windows\System32\Drivers\zlnimc.sys
Driver::
mtqjxm
nckkof
rqkdql
zlnimc
Reboot::

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Please include the newly-created C:\ComboFix.txt in your next reply, and let me know how things are running now

TomSmith · May 22, 2012

Things are running better now. PC is running smoother. I get the random survey sight after each hour or so. My router has been reset already.

ComboFix 12-05-22.02 - l 22/05/2012 19:26:29.6.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3874.2565 [GMT 1:00]

Running from: c:\users\l\Desktop\ComboFix.exe

Command switches used :: c:\users\l\Desktop\CFScript.txt

AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}

FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}

SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\windows\System32\Drivers\mtqjxm.sys"

"c:\windows\System32\Drivers\nckkof.sys"

"c:\windows\System32\Drivers\rqkdql.sys"

"c:\windows\System32\Drivers\zlnimc.sys"

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_MTQJXM

-------\Legacy_NCKKOF

-------\Legacy_RQKDQL

-------\Legacy_ZLNIMC

-------\Service_mtqjxm

-------\Service_nckkof

-------\Service_rqkdql

-------\Service_zlnimc

.

((((((((((((((((((((((((( Files Created from 2012-04-22 to 2012-05-22 )))))))))))))))))))))))))))))))

.

2012-05-22 18:35 . 2012-05-22 18:35 -------- d-----w- c:\users\Public\AppData\Local\temp

2012-05-22 18:35 . 2012-05-22 18:35 -------- d-----w- c:\users\Family\AppData\Local\temp

2012-05-22 18:35 . 2012-05-22 18:35 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-05-21 21:04 . 2012-05-21 21:04 -------- d-----w- c:\programdata\HitmanPro

2012-05-21 09:32 . 2012-05-21 09:32 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-05-21 09:32 . 2012-04-04 14:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-05-21 09:28 . 2012-05-22 19:26 -------- d-----w- c:\programdata\Kaspersky Lab