Jump to content

Trojan.Agent wont delete


Recommended Posts

So I'm skying with my friend and my computer freezes up and and does weird things and I had to press the power button and go on safe mode to scan and it says this as results:

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.24.06

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)

Internet Explorer 9.0.8112.16421

6/25/2012 5:36:09 PM

mbam-log-2012-06-25 (17-36-09).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 234689

Time elapsed: 7 minute(s), 9 second(s)

Memory Processes Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> 1748 -> Delete on reboot.

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end

So I delete it then restart then I still have problems with my computer so I scan again in safe mode because when I scan in regular mode it shuts off my computer ou of no where. I also scan with Avast but that doesnt work either. Please help me out with this.

Link to post
Share on other sites

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system (don't run any other options, they're not all bad!!!!!!!)

Post back the report.

MrC

Link to post
Share on other sites

RogueKiller V7.5.4 [06/07/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Safe mode with network support

User: Jared [Admin rights]

Mode: Scan -- Date: 06/25/2012 19:43:19

¤¤¤ Bad processes: 1 ¤¤¤

[sVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST932032 5AS SATA Disk Device +++++

--- User ---

[MBR] 223cc3db52ec9fbd90911ad0ebfc92a5

[bSP] 673630f34e708f87e1e2655739b8a4ca : Windows 7 MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 15000 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30926848 | Size: 290143 Mo

User = LL1 ... OK!

User != LL2 ... KO!

--- LL2 ---

[MBR] e7abd11401c3a34212ea14f716310497

[bSP] 673630f34e708f87e1e2655739b8a4ca : Windows 7 MBR Code

Partition table:

1 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 15000 Mo

3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30926848 | Size: 290143 Mo

Finished : << RKreport[7].txt >>

RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ;

RKreport[6].txt ; RKreport[7].txt

Link to post
Share on other sites

Please make sure system restore is running and create a new restore point before continuing.

XP <===> Vista & W7

XP users > please back up the registry using ERUNT.

-----------------------------------------

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

tdss_1.jpg

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg

------------------------

Click the Start Scan button.

tdss_3.jpg

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

tdss_4.jpg

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

tdss_5.jpg

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

Link to post
Share on other sites

20:41:34.0023 4092 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32

20:41:36.0033 4092 ============================================================

20:41:36.0033 4092 Current date / time: 2012/06/25 20:41:36.0033

20:41:36.0033 4092 SystemInfo:

20:41:36.0033 4092

20:41:36.0033 4092 OS Version: 6.1.7601 ServicePack: 1.0

20:41:36.0033 4092 Product type: Workstation

20:41:36.0033 4092 ComputerName: DAVID-PC

20:41:36.0033 4092 UserName: Jared

20:41:36.0033 4092 Windows directory: C:\windows

20:41:36.0033 4092 System windows directory: C:\windows

20:41:36.0033 4092 Running under WOW64

20:41:36.0033 4092 Processor architecture: Intel x64

20:41:36.0033 4092 Number of processors: 2

20:41:36.0033 4092 Page size: 0x1000

20:41:36.0033 4092 Boot type: Safe boot with network

20:41:36.0033 4092 ============================================================

20:41:37.0102 4092 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

20:41:37.0102 4092 ============================================================

20:41:37.0102 4092 \Device\Harddisk0\DR0:

20:41:37.0102 4092 MBR partitions:

20:41:37.0102 4092 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D4C000

20:41:37.0102 4092 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D7E800, BlocksNum 0x236AFAB0

20:41:37.0102 4092 ============================================================

20:41:37.0149 4092 C: <-> \Device\Harddisk0\DR0\Partition1

20:41:37.0149 4092 ============================================================

20:41:37.0149 4092 Initialize success

20:41:37.0149 4092 ============================================================

20:42:37.0760 1356 ============================================================

20:42:37.0760 1356 Scan started

20:42:37.0760 1356 Mode: Manual; SigCheck; TDLFS;

20:42:37.0760 1356 ============================================================

20:42:42.0384 1356 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys

20:42:42.0604 1356 1394ohci - ok

20:42:42.0744 1356 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys

20:42:42.0774 1356 ACPI - ok

20:42:42.0834 1356 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys

20:42:42.0954 1356 AcpiPmi - ok

20:42:43.0114 1356 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

20:42:43.0144 1356 AdobeARMservice - ok

20:42:43.0324 1356 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

20:42:43.0344 1356 AdobeFlashPlayerUpdateSvc - ok

20:42:43.0444 1356 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys

20:42:43.0484 1356 adp94xx - ok

20:42:43.0564 1356 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys

20:42:43.0584 1356 adpahci - ok

20:42:43.0604 1356 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys

20:42:43.0644 1356 adpu320 - ok

20:42:43.0694 1356 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll

20:42:43.0844 1356 AeLookupSvc - ok

20:42:43.0914 1356 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

20:42:43.0944 1356 AERTFilters - ok

20:42:44.0034 1356 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys

20:42:44.0144 1356 AFD - ok

20:42:44.0194 1356 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys

20:42:44.0214 1356 agp440 - ok

20:42:44.0264 1356 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe

20:42:44.0344 1356 ALG - ok

20:42:44.0394 1356 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys

20:42:44.0404 1356 aliide - ok

20:42:44.0504 1356 AMD External Events Utility (2115fb360c02a4b4c3696bf8e9524bdb) C:\windows\system32\atiesrxx.exe

20:42:44.0604 1356 AMD External Events Utility - ok

20:42:44.0654 1356 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys

20:42:44.0684 1356 amdide - ok

20:42:44.0714 1356 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys

20:42:44.0754 1356 AmdK8 - ok

20:42:45.0124 1356 amdkmdag (d212e021f43891fbd0669dd8457d455c) C:\windows\system32\DRIVERS\atikmdag.sys

20:42:45.0364 1356 amdkmdag - ok

20:42:45.0704 1356 amdkmdap (1c2421393cdc5a97269109fb352ddf1a) C:\windows\system32\DRIVERS\atikmpag.sys

20:42:45.0754 1356 amdkmdap - ok

20:42:45.0824 1356 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys

20:42:45.0894 1356 AmdPPM - ok

20:42:45.0954 1356 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys

20:42:45.0974 1356 amdsata - ok

20:42:46.0024 1356 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys

20:42:46.0064 1356 amdsbs - ok

20:42:46.0094 1356 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys

20:42:46.0124 1356 amdxata - ok

20:42:46.0494 1356 amd_sata (08e8a4172c57abd7693a6915cf1e7a99) C:\windows\system32\DRIVERS\amd_sata.sys

20:42:46.0514 1356 amd_sata - ok

20:42:46.0534 1356 amd_xata (9866af4e4ad7f16e810b6c0b8473f9cd) C:\windows\system32\DRIVERS\amd_xata.sys

20:42:46.0564 1356 amd_xata - ok

20:42:46.0654 1356 ApfiltrService (98449a2957778a6f025c418438a380f4) C:\windows\system32\DRIVERS\Apfiltr.sys

20:42:46.0694 1356 ApfiltrService - ok

20:42:46.0764 1356 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys

20:42:46.0954 1356 AppID - ok

20:42:46.0974 1356 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll

20:42:47.0074 1356 AppIDSvc - ok

20:42:47.0154 1356 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll

20:42:47.0224 1356 Appinfo - ok

20:42:47.0374 1356 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

20:42:47.0404 1356 Apple Mobile Device - ok

20:42:47.0494 1356 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys

20:42:47.0504 1356 arc - ok

20:42:47.0564 1356 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys

20:42:47.0584 1356 arcsas - ok

20:42:47.0974 1356 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

20:42:47.0994 1356 aspnet_state - ok

20:42:48.0054 1356 aswFsBlk (b9da213b5271db5fce962d827e6d620d) C:\windows\system32\drivers\aswFsBlk.sys

20:42:48.0074 1356 aswFsBlk - ok

20:42:48.0134 1356 aswMonFlt (21c9835d0e5ad2ff0f16134bcb32cc71) C:\windows\system32\drivers\aswMonFlt.sys

20:42:48.0144 1356 aswMonFlt - ok

20:42:48.0194 1356 aswRdr (1b96a5867abd4fa6135d8298fcccf9c6) C:\windows\System32\Drivers\aswrdr2.sys

20:42:48.0204 1356 aswRdr - ok

20:42:48.0274 1356 aswSnx (6e98bb288696777a3a8a07a52b0eaee9) C:\windows\system32\drivers\aswSnx.sys

20:42:48.0324 1356 aswSnx - ok

20:42:48.0384 1356 aswSP (d9fb49f16e4eb02efecae8cbfe4bcb4c) C:\windows\system32\drivers\aswSP.sys

20:42:48.0414 1356 aswSP - ok

20:42:48.0444 1356 aswTdi (7352bb9a564b94bbd7c9cbf165f55006) C:\windows\system32\drivers\aswTdi.sys

20:42:48.0454 1356 aswTdi - ok

20:42:48.0514 1356 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys

20:42:48.0594 1356 AsyncMac - ok

20:42:48.0644 1356 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys

20:42:48.0654 1356 atapi - ok

20:42:48.0844 1356 athr (96abf88241f90ff647e55c934c55c2f1) C:\windows\system32\DRIVERS\athrx.sys

20:42:48.0974 1356 athr - ok

20:42:49.0154 1356 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\windows\system32\DRIVERS\AtiPcie.sys

20:42:49.0194 1356 AtiPcie - ok

20:42:49.0304 1356 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll

20:42:49.0394 1356 AudioEndpointBuilder - ok

20:42:49.0424 1356 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll

20:42:49.0474 1356 AudioSrv - ok

20:42:49.0694 1356 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

20:42:49.0714 1356 avast! Antivirus - ok

20:42:49.0804 1356 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll

20:42:49.0914 1356 AxInstSV - ok

20:42:50.0004 1356 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys

20:42:50.0134 1356 b06bdrv - ok

20:42:50.0204 1356 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys

20:42:50.0244 1356 b57nd60a - ok

20:42:50.0304 1356 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll

20:42:50.0474 1356 BDESVC - ok

20:42:50.0524 1356 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys

20:42:50.0604 1356 Beep - ok

20:42:50.0704 1356 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll

20:42:50.0824 1356 BFE - ok

20:42:50.0934 1356 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\System32\qmgr.dll

20:42:51.0054 1356 BITS - ok

20:42:51.0144 1356 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys

20:42:51.0184 1356 blbdrive - ok

20:42:51.0464 1356 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe

20:42:51.0504 1356 Bonjour Service - ok

20:42:51.0554 1356 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys

20:42:51.0634 1356 bowser - ok

20:42:51.0694 1356 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys

20:42:51.0744 1356 BrFiltLo - ok

20:42:51.0754 1356 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys

20:42:51.0774 1356 BrFiltUp - ok

20:42:51.0834 1356 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys

20:42:51.0914 1356 BridgeMP - ok

20:42:52.0024 1356 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll

20:42:52.0104 1356 Browser - ok

20:42:52.0134 1356 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys

20:42:52.0204 1356 Brserid - ok

20:42:52.0244 1356 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys

20:42:52.0274 1356 BrSerWdm - ok

20:42:52.0304 1356 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys

20:42:52.0374 1356 BrUsbMdm - ok

20:42:52.0394 1356 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys

20:42:52.0424 1356 BrUsbSer - ok

20:42:52.0504 1356 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\drivers\BthEnum.sys

20:42:52.0584 1356 BthEnum - ok

20:42:52.0674 1356 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys

20:42:52.0714 1356 BTHMODEM - ok

20:42:52.0804 1356 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys

20:42:52.0834 1356 BthPan - ok

20:42:53.0234 1356 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\windows\System32\Drivers\BTHport.sys

20:42:53.0464 1356 BTHPORT - ok

20:42:53.0514 1356 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll

20:42:53.0584 1356 bthserv - ok

20:42:53.0704 1356 BTHUSB (f188b7394d81010767b6df3178519a37) C:\windows\System32\Drivers\BTHUSB.sys

20:42:53.0734 1356 BTHUSB - ok

20:42:53.0814 1356 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys

20:42:53.0884 1356 cdfs - ok

20:42:53.0954 1356 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys

20:42:54.0004 1356 cdrom - ok

20:42:54.0064 1356 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll

20:42:54.0144 1356 CertPropSvc - ok

20:42:54.0234 1356 cfwids (ed0263b2eb24f0f4e3898036fa1d28a1) C:\windows\system32\drivers\cfwids.sys

20:42:54.0254 1356 cfwids - ok

20:42:54.0304 1356 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys

20:42:54.0334 1356 circlass - ok

20:42:54.0394 1356 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys

20:42:54.0434 1356 CLFS - ok

20:42:54.0494 1356 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

20:42:54.0504 1356 clr_optimization_v2.0.50727_32 - ok

20:42:54.0584 1356 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

20:42:54.0604 1356 clr_optimization_v2.0.50727_64 - ok

20:42:54.0734 1356 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

20:42:54.0754 1356 clr_optimization_v4.0.30319_32 - ok

20:42:54.0824 1356 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

20:42:54.0884 1356 clr_optimization_v4.0.30319_64 - ok

20:42:54.0924 1356 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys

20:42:54.0954 1356 CmBatt - ok

20:42:55.0004 1356 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys

20:42:55.0014 1356 cmdide - ok

20:42:55.0084 1356 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys

20:42:55.0124 1356 CNG - ok

20:42:55.0174 1356 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys

20:42:55.0184 1356 Compbatt - ok

20:42:55.0224 1356 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys

20:42:55.0264 1356 CompositeBus - ok

20:42:55.0284 1356 COMSysApp - ok

20:42:55.0314 1356 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys

20:42:55.0324 1356 crcdisk - ok

20:42:55.0434 1356 CryptSvc (4f5414602e2544a4554d95517948b705) C:\windows\system32\cryptsvc.dll

20:42:55.0614 1356 CryptSvc - ok

20:42:55.0634 1356 CtClsFlt - ok

20:42:55.0824 1356 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

20:42:55.0894 1356 cvhsvc - ok

20:42:56.0004 1356 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll

20:42:56.0094 1356 DcomLaunch - ok

20:42:56.0174 1356 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll

20:42:56.0244 1356 defragsvc - ok

20:42:56.0324 1356 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys

20:42:56.0394 1356 DfsC - ok

20:42:56.0484 1356 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll

20:42:56.0564 1356 Dhcp - ok

20:42:56.0624 1356 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys

20:42:56.0694 1356 discache - ok

20:42:56.0754 1356 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys

20:42:56.0794 1356 Disk - ok

20:42:56.0894 1356 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll

20:42:56.0944 1356 Dnscache - ok

20:42:56.0994 1356 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll

20:42:57.0064 1356 dot3svc - ok

20:42:57.0104 1356 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll

20:42:57.0164 1356 DPS - ok

20:42:57.0234 1356 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys

20:42:57.0294 1356 drmkaud - ok

20:42:57.0394 1356 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys

20:42:57.0454 1356 DXGKrnl - ok

20:42:57.0544 1356 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll

20:42:57.0614 1356 EapHost - ok

20:42:57.0994 1356 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys

20:42:58.0094 1356 ebdrv - ok

20:42:58.0204 1356 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe

20:42:58.0314 1356 EFS - ok

20:42:58.0684 1356 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe

20:42:58.0794 1356 ehRecvr - ok

20:42:58.0814 1356 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe

20:42:58.0824 1356 ehSched - ok

20:42:58.0944 1356 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys

20:42:58.0984 1356 elxstor - ok

20:42:58.0994 1356 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys

20:42:59.0044 1356 ErrDev - ok

20:42:59.0124 1356 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll

20:42:59.0204 1356 EventSystem - ok

20:42:59.0234 1356 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys

20:42:59.0284 1356 exfat - ok

20:42:59.0324 1356 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys

20:42:59.0614 1356 fastfat - ok

20:42:59.0834 1356 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe

20:42:59.0924 1356 Fax - ok

20:42:59.0964 1356 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys

20:43:00.0004 1356 fdc - ok

20:43:00.0054 1356 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll

20:43:00.0114 1356 fdPHost - ok

20:43:00.0164 1356 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll

20:43:00.0199 1356 FDResPub - ok

20:43:00.0259 1356 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys

20:43:00.0299 1356 FileInfo - ok

20:43:00.0319 1356 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys

20:43:00.0409 1356 Filetrace - ok

20:43:00.0509 1356 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys

20:43:00.0539 1356 flpydisk - ok

20:43:00.0589 1356 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys

20:43:00.0619 1356 FltMgr - ok

20:43:00.0709 1356 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll

20:43:00.0799 1356 FontCache - ok

20:43:00.0859 1356 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

20:43:00.0869 1356 FontCache3.0.0.0 - ok

20:43:00.0949 1356 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys

20:43:00.0969 1356 FsDepends - ok

20:43:00.0999 1356 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys

20:43:01.0029 1356 Fs_Rec - ok

20:43:01.0079 1356 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys

20:43:01.0109 1356 fvevol - ok

20:43:01.0149 1356 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys

20:43:01.0159 1356 gagp30kx - ok

20:43:01.0279 1356 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

20:43:01.0299 1356 GamesAppService - ok

20:43:01.0339 1356 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys

20:43:01.0369 1356 GEARAspiWDM - ok

20:43:01.0449 1356 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe

20:43:01.0479 1356 GoToAssist - ok

20:43:01.0569 1356 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll

20:43:01.0649 1356 gpsvc - ok

20:43:01.0759 1356 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

20:43:01.0779 1356 gupdate - ok

20:43:01.0809 1356 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

20:43:01.0819 1356 gupdatem - ok

20:43:01.0909 1356 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

20:43:01.0929 1356 gusvc - ok

20:43:01.0989 1356 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys

20:43:02.0079 1356 hcw85cir - ok

20:43:02.0159 1356 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys

20:43:02.0219 1356 HdAudAddService - ok

20:43:02.0259 1356 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys

20:43:02.0319 1356 HDAudBus - ok

20:43:02.0349 1356 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys

20:43:02.0399 1356 HidBatt - ok

20:43:02.0439 1356 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys

20:43:02.0469 1356 HidBth - ok

20:43:02.0539 1356 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys

20:43:02.0559 1356 HidIr - ok

20:43:02.0609 1356 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll

20:43:02.0679 1356 hidserv - ok

20:43:02.0749 1356 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys

20:43:02.0789 1356 HidUsb - ok

20:43:02.0839 1356 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll

20:43:02.0909 1356 hkmsvc - ok

20:43:02.0949 1356 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll

20:43:03.0029 1356 HomeGroupListener - ok

20:43:03.0059 1356 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll

20:43:03.0099 1356 HomeGroupProvider - ok

20:43:03.0139 1356 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys

20:43:03.0149 1356 HpSAMD - ok

20:43:03.0239 1356 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys

20:43:03.0359 1356 HTTP - ok

20:43:03.0399 1356 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys

20:43:03.0419 1356 hwpolicy - ok

20:43:03.0469 1356 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys

20:43:03.0479 1356 i8042prt - ok

20:43:03.0559 1356 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys

20:43:03.0609 1356 iaStorV - ok

20:43:04.0009 1356 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

20:43:04.0049 1356 idsvc - ok

20:43:04.0099 1356 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys

20:43:04.0109 1356 iirsp - ok

20:43:04.0189 1356 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll

20:43:04.0269 1356 IKEEXT - ok

20:43:04.0439 1356 IntcAzAudAddService (30ce3b186d3f661050be6fed23d842ba) C:\windows\system32\drivers\RTKVHD64.sys

20:43:04.0519 1356 IntcAzAudAddService - ok

20:43:04.0649 1356 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys

20:43:04.0669 1356 intelide - ok

20:43:04.0709 1356 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\drivers\intelppm.sys

20:43:04.0739 1356 intelppm - ok

20:43:04.0789 1356 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll

20:43:04.0849 1356 IPBusEnum - ok

20:43:04.0859 1356 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys

20:43:04.0919 1356 IpFilterDriver - ok

20:43:04.0999 1356 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll

20:43:05.0109 1356 iphlpsvc - ok

20:43:05.0149 1356 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys

20:43:05.0189 1356 IPMIDRV - ok

20:43:05.0249 1356 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys

20:43:05.0309 1356 IPNAT - ok

20:43:05.0649 1356 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe

20:43:05.0719 1356 iPod Service - ok

20:43:05.0769 1356 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys

20:43:05.0789 1356 IRENUM - ok

20:43:05.0819 1356 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys

20:43:05.0849 1356 isapnp - ok

20:43:05.0919 1356 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys

20:43:05.0949 1356 iScsiPrt - ok

20:43:05.0979 1356 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys

20:43:05.0989 1356 kbdclass - ok

20:43:06.0019 1356 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\DRIVERS\kbdhid.sys

20:43:06.0049 1356 kbdhid - ok

20:43:06.0119 1356 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

20:43:06.0129 1356 KeyIso - ok

20:43:06.0179 1356 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys

20:43:06.0199 1356 KSecDD - ok

20:43:06.0259 1356 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys

20:43:06.0279 1356 KSecPkg - ok

20:43:06.0299 1356 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys

20:43:06.0359 1356 ksthunk - ok

20:43:06.0429 1356 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll

20:43:06.0509 1356 KtmRm - ok

20:43:06.0599 1356 L1C (9ddc68b87a9b837736a2b193ee14a4a5) C:\windows\system32\DRIVERS\L1C62x64.sys

20:43:06.0619 1356 L1C - ok

20:43:06.0689 1356 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\System32\srvsvc.dll

20:43:06.0759 1356 LanmanServer - ok

20:43:06.0839 1356 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll

20:43:06.0899 1356 LanmanWorkstation - ok

20:43:06.0949 1356 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys

20:43:07.0009 1356 lltdio - ok

20:43:07.0059 1356 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll

20:43:07.0129 1356 lltdsvc - ok

20:43:07.0159 1356 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll

20:43:07.0199 1356 lmhosts - ok

20:43:07.0249 1356 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys

20:43:07.0289 1356 LSI_FC - ok

20:43:07.0349 1356 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys

20:43:07.0359 1356 LSI_SAS - ok

20:43:07.0409 1356 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys

20:43:07.0449 1356 LSI_SAS2 - ok

20:43:07.0469 1356 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys

20:43:07.0479 1356 LSI_SCSI - ok

20:43:07.0519 1356 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys

20:43:07.0609 1356 luafv - ok

20:43:07.0759 1356 McAWFwk (b6bd99c3e23507a732c474caa620c0d7) c:\PROGRA~1\mcafee\msc\mcawfwk.exe

20:43:07.0789 1356 McAWFwk - ok

20:43:07.0929 1356 McComponentHostService (485405de203e88b3fe4294a2ea48d7ee) C:\Program Files (x86)\McAfee Security Scan\3.0.271\McCHSvc.exe

20:43:07.0959 1356 McComponentHostService - ok

20:43:08.0069 1356 McMPFSvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

20:43:08.0099 1356 McMPFSvc - ok

20:43:08.0119 1356 mcmscsvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe

20:43:08.0139 1356 mcmscsvc - ok

20:43:08.0159 1356 McNaiAnn (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe

20:43:08.0169 1356 McNaiAnn - ok

20:43:08.0189 1356 McNASvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe

20:43:08.0199 1356 McNASvc - ok

20:43:08.0299 1356 McODS (b3914a7c97a81acb1e9befe07e4c387f) C:\Program Files\mcafee\VirusScan\mcods.exe

20:43:08.0349 1356 McODS - ok

20:43:08.0359 1356 McOobeSv (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe

20:43:08.0399 1356 McOobeSv - ok

20:43:08.0459 1356 McProxy (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe

20:43:08.0479 1356 McProxy - ok

20:43:08.0559 1356 McShield (4a463d645b48bb487ca7df12ba5d1602) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

20:43:08.0599 1356 McShield - ok

20:43:08.0729 1356 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll

20:43:08.0779 1356 Mcx2Svc - ok

20:43:08.0829 1356 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys

20:43:08.0839 1356 megasas - ok

20:43:08.0899 1356 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys

20:43:08.0939 1356 MegaSR - ok

20:43:09.0179 1356 mfeapfk (ef3acfb7e3f82d5f7cde9ef5f0a4e2e2) C:\windows\system32\drivers\mfeapfk.sys

20:43:09.0199 1356 mfeapfk - ok

20:43:09.0239 1356 mfeavfk (e7a60bdb4365b561d896019b82fb7dd0) C:\windows\system32\drivers\mfeavfk.sys

20:43:09.0279 1356 mfeavfk - ok

20:43:09.0339 1356 mfefire (c53b7aba204d9f7e9568ec147a1485c5) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe

20:43:09.0359 1356 mfefire - ok

20:43:09.0419 1356 mfefirek (670dffe55e2f9ab99d9169c428bcece9) C:\windows\system32\drivers\mfefirek.sys

20:43:09.0449 1356 mfefirek - ok

20:43:09.0559 1356 mfehidk (1892616b7f9291fd77c3fa0a5811fe9f) C:\windows\system32\drivers\mfehidk.sys

20:43:09.0609 1356 mfehidk - ok

20:43:09.0649 1356 mfenlfk (1721261c77f6e7a9e0cb51b7d9f31b60) C:\windows\system32\DRIVERS\mfenlfk.sys

20:43:09.0669 1356 mfenlfk - ok

20:43:09.0729 1356 mferkdet (65776bd8029e409935b90de30bf99526) C:\windows\system32\drivers\mferkdet.sys

20:43:09.0749 1356 mferkdet - ok

20:43:09.0779 1356 mfevtp (8f3b3c3625e3aaa11d6d4db8423e1721) C:\Windows\system32\mfevtps.exe

20:43:09.0799 1356 mfevtp - ok

20:43:09.0839 1356 mfewfpk (4f17d8b85b903d96ef7033bb6ef50516) C:\windows\system32\drivers\mfewfpk.sys

20:43:09.0869 1356 mfewfpk - ok

20:43:09.0919 1356 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll

20:43:09.0969 1356 MMCSS - ok

20:43:10.0029 1356 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys

20:43:10.0099 1356 Modem - ok

20:43:10.0159 1356 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys

20:43:10.0199 1356 monitor - ok

20:43:10.0249 1356 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys

20:43:10.0269 1356 mouclass - ok

20:43:10.0309 1356 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys

20:43:10.0349 1356 mouhid - ok

20:43:10.0389 1356 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys

20:43:10.0409 1356 mountmgr - ok

20:43:10.0459 1356 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys

20:43:10.0489 1356 mpio - ok

20:43:10.0499 1356 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys

20:43:10.0559 1356 mpsdrv - ok

20:43:10.0649 1356 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll

20:43:10.0739 1356 MpsSvc - ok

20:43:10.0759 1356 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys

20:43:10.0809 1356 MRxDAV - ok

20:43:10.0859 1356 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys

20:43:10.0949 1356 mrxsmb - ok

20:43:10.0989 1356 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys

20:43:11.0029 1356 mrxsmb10 - ok

20:43:11.0089 1356 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys

20:43:11.0109 1356 mrxsmb20 - ok

20:43:11.0159 1356 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys

20:43:11.0169 1356 msahci - ok

20:43:11.0189 1356 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys

20:43:11.0209 1356 msdsm - ok

20:43:11.0239 1356 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe

20:43:11.0269 1356 MSDTC - ok

20:43:11.0309 1356 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys

20:43:11.0359 1356 Msfs - ok

20:43:11.0399 1356 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys

20:43:11.0449 1356 mshidkmdf - ok

20:43:11.0489 1356 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys

20:43:11.0519 1356 msisadrv - ok

20:43:11.0609 1356 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll

20:43:11.0669 1356 MSiSCSI - ok

20:43:11.0679 1356 msiserver - ok

20:43:11.0799 1356 MSK80Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

20:43:11.0829 1356 MSK80Service - ok

20:43:11.0889 1356 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys

20:43:11.0949 1356 MSKSSRV - ok

20:43:11.0969 1356 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys

20:43:12.0029 1356 MSPCLOCK - ok

20:43:12.0059 1356 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys

20:43:12.0109 1356 MSPQM - ok

20:43:12.0169 1356 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys

20:43:12.0199 1356 MsRPC - ok

20:43:12.0219 1356 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys

20:43:12.0229 1356 mssmbios - ok

20:43:12.0239 1356 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys

20:43:12.0299 1356 MSTEE - ok

20:43:12.0309 1356 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys

20:43:12.0379 1356 MTConfig - ok

20:43:12.0429 1356 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys

20:43:12.0449 1356 Mup - ok

20:43:12.0509 1356 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll

20:43:12.0599 1356 napagent - ok

20:43:12.0669 1356 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys

20:43:12.0739 1356 NativeWifiP - ok

20:43:12.0879 1356 NAUpdate (934bb0d23a25c8c136570800a5a149b6) C:\Program Files (x86)\Nero\Update\NASvc.exe

20:43:12.0949 1356 NAUpdate - ok

20:43:13.0019 1356 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\windows\system32\drivers\ndis.sys

20:43:13.0069 1356 NDIS - ok

20:43:13.0119 1356 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys

20:43:13.0179 1356 NdisCap - ok

20:43:13.0209 1356 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys

20:43:13.0249 1356 NdisTapi - ok

20:43:13.0319 1356 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys

20:43:13.0369 1356 Ndisuio - ok

20:43:13.0409 1356 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys

20:43:13.0489 1356 NdisWan - ok

20:43:13.0529 1356 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys

20:43:13.0589 1356 NDProxy - ok

20:43:13.0679 1356 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys

20:43:13.0739 1356 NetBIOS - ok

20:43:13.0799 1356 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys

20:43:13.0859 1356 NetBT - ok

20:43:13.0909 1356 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

20:43:13.0929 1356 Netlogon - ok

20:43:14.0009 1356 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll

20:43:14.0099 1356 Netman - ok

20:43:14.0259 1356 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

20:43:14.0289 1356 NetMsmqActivator - ok

20:43:14.0299 1356 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

20:43:14.0329 1356 NetPipeActivator - ok

20:43:14.0389 1356 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll

20:43:14.0459 1356 netprofm - ok

20:43:14.0469 1356 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

20:43:14.0479 1356 NetTcpActivator - ok

20:43:14.0489 1356 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

20:43:14.0519 1356 NetTcpPortSharing - ok

20:43:14.0589 1356 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys

20:43:14.0599 1356 nfrd960 - ok

20:43:14.0669 1356 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll

20:43:14.0749 1356 NlaSvc - ok

20:43:15.0009 1356 NOBU (b9b72faaaa41d59b73b88fe3dd737ed1) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe

20:43:15.0109 1356 NOBU - ok

20:43:15.0249 1356 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys

20:43:15.0289 1356 Npfs - ok

20:43:15.0329 1356 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll

20:43:15.0399 1356 nsi - ok

20:43:15.0419 1356 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys

20:43:15.0479 1356 nsiproxy - ok

20:43:15.0659 1356 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys

20:43:15.0719 1356 Ntfs - ok

20:43:15.0919 1356 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys

20:43:15.0969 1356 Null - ok

20:43:16.0019 1356 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys

20:43:16.0049 1356 nvraid - ok

20:43:16.0079 1356 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys

20:43:16.0109 1356 nvstor - ok

20:43:16.0159 1356 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys

20:43:16.0179 1356 nv_agp - ok

20:43:16.0209 1356 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys

20:43:16.0269 1356 ohci1394 - ok

20:43:16.0389 1356 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

20:43:16.0399 1356 ose - ok

20:43:16.0749 1356 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

20:43:16.0899 1356 osppsvc - ok

20:43:17.0009 1356 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll

20:43:17.0089 1356 p2pimsvc - ok

20:43:17.0139 1356 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll

20:43:17.0169 1356 p2psvc - ok

20:43:17.0239 1356 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys

20:43:17.0259 1356 Parport - ok

20:43:17.0329 1356 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys

20:43:17.0349 1356 partmgr - ok

20:43:17.0389 1356 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll

20:43:17.0439 1356 PcaSvc - ok

20:43:17.0509 1356 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys

20:43:17.0529 1356 pci - ok

20:43:17.0549 1356 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys

20:43:17.0579 1356 pciide - ok

20:43:17.0639 1356 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys

20:43:17.0669 1356 pcmcia - ok

20:43:17.0719 1356 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys

20:43:17.0739 1356 pcw - ok

20:43:17.0829 1356 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys

20:43:17.0899 1356 PEAUTH - ok

20:43:17.0989 1356 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe

20:43:18.0019 1356 PerfHost - ok

20:43:18.0189 1356 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll

20:43:18.0269 1356 pla - ok

20:43:18.0359 1356 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll

20:43:18.0439 1356 PlugPlay - ok

20:43:18.0479 1356 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll

20:43:18.0509 1356 PNRPAutoReg - ok

20:43:18.0559 1356 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll

20:43:18.0579 1356 PNRPsvc - ok

20:43:18.0649 1356 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll

20:43:18.0749 1356 PolicyAgent - ok

20:43:18.0809 1356 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll

20:43:18.0879 1356 Power - ok

20:43:18.0989 1356 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys

20:43:19.0039 1356 PptpMiniport - ok

20:43:19.0059 1356 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys

20:43:19.0099 1356 Processor - ok

20:43:19.0199 1356 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\windows\system32\profsvc.dll

20:43:19.0369 1356 ProfSvc - ok

20:43:19.0929 1356 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

20:43:19.0949 1356 ProtectedStorage - ok

20:43:20.0259 1356 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys

20:43:20.0339 1356 Psched - ok

20:43:20.0399 1356 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\windows\system32\Drivers\PxHlpa64.sys

20:43:20.0419 1356 PxHlpa64 - ok

20:43:20.0569 1356 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys

20:43:20.0659 1356 ql2300 - ok

20:43:20.0779 1356 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys

20:43:20.0799 1356 ql40xx - ok

20:43:20.0849 1356 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll

20:43:20.0889 1356 QWAVE - ok

20:43:20.0909 1356 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys

20:43:20.0949 1356 QWAVEdrv - ok

20:43:20.0959 1356 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys

20:43:20.0999 1356 RasAcd - ok

20:43:21.0049 1356 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys

20:43:21.0089 1356 RasAgileVpn - ok

20:43:21.0129 1356 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll

20:43:21.0189 1356 RasAuto - ok

20:43:21.0249 1356 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys

20:43:21.0309 1356 Rasl2tp - ok

20:43:21.0389 1356 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll

20:43:21.0439 1356 RasMan - ok

20:43:21.0479 1356 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys

20:43:21.0559 1356 RasPppoe - ok

20:43:21.0639 1356 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys

20:43:21.0699 1356 RasSstp - ok

20:43:21.0749 1356 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys

20:43:21.0819 1356 rdbss - ok

20:43:21.0849 1356 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys

20:43:21.0879 1356 rdpbus - ok

20:43:21.0899 1356 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys

20:43:21.0959 1356 RDPCDD - ok

20:43:21.0999 1356 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys

20:43:22.0059 1356 RDPENCDD - ok

20:43:22.0109 1356 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys

20:43:22.0149 1356 RDPREFMP - ok

20:43:22.0209 1356 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\windows\system32\drivers\RDPWD.sys

20:43:22.0279 1356 RDPWD - ok

20:43:22.0339 1356 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys

20:43:22.0349 1356 rdyboost - ok

20:43:22.0399 1356 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll

20:43:22.0459 1356 RemoteAccess - ok

20:43:22.0509 1356 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll

20:43:22.0579 1356 RemoteRegistry - ok

20:43:22.0629 1356 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys

20:43:22.0699 1356 RFCOMM - ok

20:43:22.0739 1356 RimUsb (7b04c9843921ab1f695fb395422c5360) C:\windows\system32\Drivers\RimUsb_AMD64.sys

20:43:22.0759 1356 RimUsb - ok

20:43:22.0959 1356 RoxMediaDB12OEM (3c957189b31c34d3ad21967b12b6aed7) c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe

20:43:23.0019 1356 RoxMediaDB12OEM - ok

20:43:23.0079 1356 RoxWatch12 (2b73088cc2ca757a172b425c9398e5bc) c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe

20:43:23.0099 1356 RoxWatch12 - ok

20:43:23.0219 1356 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll

20:43:23.0279 1356 RpcEptMapper - ok

20:43:23.0319 1356 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe

20:43:23.0339 1356 RpcLocator - ok

20:43:23.0389 1356 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll

20:43:23.0439 1356 RpcSs - ok

20:43:23.0519 1356 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys

20:43:23.0559 1356 rspndr - ok

20:43:23.0649 1356 RSUSBSTOR (30f463768d5143bfd7b2df822b53cf4d) C:\windows\system32\Drivers\RtsUStor.sys

20:43:23.0689 1356 RSUSBSTOR - ok

20:43:23.0739 1356 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

20:43:23.0759 1356 SamSs - ok

20:43:23.0789 1356 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys

20:43:23.0819 1356 sbp2port - ok

20:43:23.0859 1356 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll

20:43:23.0909 1356 SCardSvr - ok

20:43:23.0939 1356 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys

20:43:24.0009 1356 scfilter - ok

20:43:24.0109 1356 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll

20:43:24.0219 1356 Schedule - ok

20:43:24.0319 1356 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll

20:43:24.0349 1356 SCPolicySvc - ok

20:43:24.0409 1356 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll

20:43:24.0479 1356 SDRSVC - ok

20:43:24.0549 1356 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys

20:43:24.0609 1356 secdrv - ok

20:43:24.0639 1356 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll

20:43:24.0679 1356 seclogon - ok

20:43:24.0709 1356 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll

20:43:24.0769 1356 SENS - ok

20:43:24.0829 1356 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll

20:43:24.0909 1356 SensrSvc - ok

20:43:25.0009 1356 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys

20:43:25.0059 1356 Serenum - ok

20:43:25.0079 1356 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys

20:43:25.0159 1356 Serial - ok

20:43:25.0189 1356 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys

20:43:25.0209 1356 sermouse - ok

20:43:25.0339 1356 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll

20:43:25.0399 1356 SessionEnv - ok

20:43:25.0459 1356 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys

20:43:25.0489 1356 sffdisk - ok

20:43:25.0519 1356 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys

20:43:25.0569 1356 sffp_mmc - ok

20:43:25.0579 1356 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys

20:43:25.0629 1356 sffp_sd - ok

20:43:25.0639 1356 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys

20:43:25.0689 1356 sfloppy - ok

20:43:25.0809 1356 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\windows\system32\DRIVERS\Sftfslh.sys

20:43:25.0849 1356 Sftfs - ok

20:43:25.0949 1356 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

20:43:25.0989 1356 sftlist - ok

20:43:26.0019 1356 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\windows\system32\DRIVERS\Sftplaylh.sys

20:43:26.0049 1356 Sftplay - ok

20:43:26.0069 1356 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\windows\system32\DRIVERS\Sftredirlh.sys

20:43:26.0079 1356 Sftredir - ok

20:43:26.0109 1356 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\windows\system32\DRIVERS\Sftvollh.sys

20:43:26.0119 1356 Sftvol - ok

20:43:26.0149 1356 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

20:43:26.0169 1356 sftvsa - ok

20:43:26.0239 1356 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll

20:43:26.0289 1356 SharedAccess - ok

20:43:26.0379 1356 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll

20:43:26.0449 1356 ShellHWDetection - ok

20:43:26.0529 1356 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys

20:43:26.0559 1356 SiSRaid2 - ok

20:43:26.0579 1356 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys

20:43:26.0589 1356 SiSRaid4 - ok

20:43:26.0689 1356 SkypeUpdate (579ba0a911ff5ea70cb604cd3b744b0a) C:\Program Files (x86)\Skype\Updater\Updater.exe

20:43:26.0709 1356 SkypeUpdate - ok

20:43:26.0759 1356 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys

20:43:26.0869 1356 Smb - ok

20:43:26.0949 1356 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe

20:43:26.0999 1356 SNMPTRAP - ok

20:43:27.0059 1356 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys

20:43:27.0079 1356 spldr - ok

20:43:27.0139 1356 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe

20:43:27.0199 1356 Spooler - ok

20:43:27.0589 1356 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe

20:43:27.0769 1356 sppsvc - ok

20:43:27.0939 1356 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll

20:43:27.0989 1356 sppuinotify - ok

20:43:28.0079 1356 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys

20:43:28.0159 1356 srv - ok

20:43:28.0209 1356 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys

20:43:28.0279 1356 srv2 - ok

20:43:28.0369 1356 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys

20:43:28.0389 1356 srvnet - ok

20:43:28.0469 1356 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll

20:43:28.0529 1356 SSDPSRV - ok

20:43:28.0579 1356 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll

20:43:28.0639 1356 SstpSvc - ok

20:43:28.0689 1356 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys

20:43:28.0699 1356 stexstor - ok

20:43:28.0819 1356 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll

20:43:28.0879 1356 stisvc - ok

20:43:28.0999 1356 stllssvr (7731f46ec0d687a931cba063e8f90ef0) c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe

20:43:29.0009 1356 stllssvr - ok

20:43:29.0029 1356 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys

20:43:29.0059 1356 swenum - ok

20:43:29.0119 1356 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll

20:43:29.0219 1356 swprv - ok

20:43:29.0399 1356 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll

20:43:29.0509 1356 SysMain - ok

20:43:29.0669 1356 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll

20:43:29.0689 1356 TabletInputService - ok

20:43:29.0719 1356 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll

20:43:29.0789 1356 TapiSrv - ok

20:43:29.0819 1356 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll

20:43:29.0859 1356 TBS - ok

20:43:30.0039 1356 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys

20:43:30.0129 1356 Tcpip - ok

20:43:30.0349 1356 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys

20:43:30.0389 1356 TCPIP6 - ok

20:43:30.0499 1356 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys

20:43:30.0559 1356 tcpipreg - ok

20:43:30.0589 1356 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys

20:43:30.0629 1356 TDPIPE - ok

20:43:30.0669 1356 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys

20:43:30.0709 1356 TDTCP - ok

20:43:30.0759 1356 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys

20:43:30.0819 1356 tdx - ok

20:43:30.0869 1356 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys

20:43:30.0879 1356 TermDD - ok

20:43:30.0959 1356 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll

20:43:31.0029 1356 TermService - ok

20:43:31.0079 1356 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll

20:43:31.0109 1356 Themes - ok

20:43:31.0169 1356 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll

20:43:31.0209 1356 THREADORDER - ok

20:43:31.0249 1356 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll

20:43:31.0309 1356 TrkWks - ok

20:43:31.0409 1356 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe

20:43:31.0479 1356 TrustedInstaller - ok

20:43:31.0499 1356 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys

20:43:31.0569 1356 tssecsrv - ok

20:43:31.0639 1356 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys

20:43:31.0679 1356 TsUsbFlt - ok

20:43:31.0699 1356 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys

20:43:31.0709 1356 TsUsbGD - ok

20:43:31.0759 1356 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys

20:43:31.0819 1356 tunnel - ok

20:43:31.0859 1356 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys

20:43:31.0879 1356 uagp35 - ok

20:43:31.0929 1356 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys

20:43:31.0999 1356 udfs - ok

20:43:32.0059 1356 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe

20:43:32.0069 1356 UI0Detect - ok

20:43:32.0119 1356 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys

20:43:32.0139 1356 uliagpkx - ok

20:43:32.0189 1356 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys

20:43:32.0239 1356 umbus - ok

20:43:32.0249 1356 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys

20:43:32.0269 1356 UmPass - ok

20:43:32.0319 1356 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll

20:43:32.0379 1356 upnphost - ok

20:43:32.0459 1356 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\windows\system32\Drivers\usbaapl64.sys

20:43:32.0479 1356 USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning

20:43:32.0479 1356 USBAAPL64 - detected UnsignedFile.Multi.Generic (1)

20:43:32.0539 1356 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\windows\system32\DRIVERS\usbccgp.sys

20:43:32.0619 1356 usbccgp - ok

20:43:32.0769 1356 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys

20:43:32.0819 1356 usbcir - ok

20:43:32.0859 1356 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys

20:43:32.0899 1356 usbehci - ok

20:43:32.0949 1356 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys

20:43:33.0019 1356 usbhub - ok

20:43:33.0059 1356 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\DRIVERS\usbohci.sys

20:43:33.0099 1356 usbohci - ok

20:43:33.0149 1356 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\drivers\usbprint.sys

20:43:33.0179 1356 usbprint - ok

20:43:33.0209 1356 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS

20:43:33.0269 1356 USBSTOR - ok

20:43:33.0299 1356 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys

20:43:33.0339 1356 usbuhci - ok

20:43:33.0569 1356 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys

20:43:33.0609 1356 usbvideo - ok

20:43:33.0639 1356 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll

20:43:33.0719 1356 UxSms - ok

20:43:33.0779 1356 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

20:43:33.0789 1356 VaultSvc - ok

20:43:33.0829 1356 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys

20:43:33.0839 1356 vdrvroot - ok

20:43:33.0929 1356 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe

20:43:34.0029 1356 vds - ok

20:43:34.0069 1356 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys

20:43:34.0089 1356 vga - ok

20:43:34.0129 1356 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys

20:43:34.0199 1356 VgaSave - ok

20:43:34.0239 1356 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys

20:43:34.0259 1356 vhdmp - ok

20:43:34.0299 1356 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys

20:43:34.0309 1356 viaide - ok

20:43:34.0329 1356 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys

20:43:34.0339 1356 volmgr - ok

20:43:34.0416 1356 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys

20:43:34.0447 1356 volmgrx - ok

20:43:34.0478 1356 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys

20:43:34.0509 1356 volsnap - ok

20:43:34.0556 1356 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys

20:43:34.0572 1356 vsmraid - ok

20:43:34.0712 1356 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe

20:43:34.0821 1356 VSS - ok

20:43:34.0977 1356 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys

20:43:35.0009 1356 vwifibus - ok

20:43:35.0055 1356 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys

20:43:35.0087 1356 vwififlt - ok

20:43:35.0149 1356 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll

20:43:35.0206 1356 W32Time - ok

20:43:35.0246 1356 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys

20:43:35.0296 1356 WacomPen - ok

20:43:35.0336 1356 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys

20:43:35.0416 1356 WANARP - ok

20:43:35.0446 1356 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys

20:43:35.0476 1356 Wanarpv6 - ok

20:43:35.0676 1356 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe

20:43:35.0726 1356 WatAdminSvc - ok

20:43:35.0826 1356 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe

20:43:35.0936 1356 wbengine - ok

20:43:36.0036 1356 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll

20:43:36.0056 1356 WbioSrvc - ok

20:43:36.0096 1356 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll

20:43:36.0146 1356 wcncsvc - ok

20:43:36.0186 1356 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll

20:43:36.0216 1356 WcsPlugInService - ok

20:43:36.0306 1356 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys

20:43:36.0316 1356 Wd - ok

20:43:36.0376 1356 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys

20:43:36.0416 1356 Wdf01000 - ok

20:43:36.0436 1356 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll

20:43:36.0536 1356 WdiServiceHost - ok

20:43:36.0546 1356 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll

20:43:36.0566 1356 WdiSystemHost - ok

20:43:36.0626 1356 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll

20:43:36.0686 1356 WebClient - ok

20:43:36.0736 1356 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll

20:43:36.0806 1356 Wecsvc - ok

20:43:36.0846 1356 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll

20:43:36.0916 1356 wercplsupport - ok

20:43:36.0956 1356 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll

20:43:37.0006 1356 WerSvc - ok

20:43:37.0096 1356 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys

20:43:37.0136 1356 WfpLwf - ok

20:43:37.0186 1356 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\windows\system32\DRIVERS\wimfltr.sys

20:43:37.0196 1356 WimFltr - ok

20:43:37.0226 1356 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys

20:43:37.0241 1356 WIMMount - ok

20:43:37.0288 1356 WinDefend - ok

20:43:37.0288 1356 WinHttpAutoProxySvc - ok

20:43:37.0404 1356 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll

20:43:37.0464 1356 Winmgmt - ok

20:43:37.0694 1356 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll

20:43:37.0794 1356 WinRM - ok

20:43:38.0044 1356 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys

20:43:38.0064 1356 WinUsb - ok

20:43:38.0134 1356 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll

20:43:38.0204 1356 Wlansvc - ok

20:43:38.0294 1356 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

20:43:38.0304 1356 wlcrasvc - ok

20:43:38.0484 1356 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

20:43:38.0574 1356 wlidsvc - ok

20:43:38.0744 1356 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys

20:43:38.0774 1356 WmiAcpi - ok

20:43:38.0854 1356 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe

20:43:38.0894 1356 wmiApSrv - ok

20:43:38.0954 1356 WMPNetworkSvc - ok

20:43:39.0004 1356 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll

20:43:39.0024 1356 WPCSvc - ok

20:43:39.0054 1356 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll

20:43:39.0104 1356 WPDBusEnum - ok

20:43:39.0134 1356 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys

20:43:39.0174 1356 ws2ifsl - ok

20:43:39.0194 1356 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\system32\wscsvc.dll

20:43:39.0234 1356 wscsvc - ok

20:43:39.0284 1356 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\windows\system32\DRIVERS\WSDPrint.sys

20:43:39.0294 1356 WSDPrintDevice - ok

20:43:39.0344 1356 WSDScan (4a2a5c50dd1a63577d3aca94269fbc7f) C:\windows\system32\DRIVERS\WSDScan.sys

20:43:39.0364 1356 WSDScan - ok

20:43:39.0379 1356 WSearch - ok

20:43:39.0551 1356 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\windows\system32\wuaueng.dll

20:43:39.0660 1356 wuauserv - ok

20:43:39.0785 1356 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys

20:43:39.0847 1356 WudfPf - ok

20:43:39.0920 1356 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys

20:43:39.0967 1356 WUDFRd - ok

20:43:40.0045 1356 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll

20:43:40.0076 1356 wudfsvc - ok

20:43:40.0107 1356 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll

20:43:40.0169 1356 WwanSvc - ok

20:43:40.0247 1356 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

20:43:40.0294 1356 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected

20:43:40.0294 1356 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)

20:43:40.0403 1356 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

20:43:40.0403 1356 \Device\Harddisk0\DR0 - detected TDSS File System (1)

20:43:40.0419 1356 Boot (0x1200) (17e6064b18aa88ed8319b3238fe06a25) \Device\Harddisk0\DR0\Partition0

20:43:40.0419 1356 \Device\Harddisk0\DR0\Partition0 - ok

20:43:40.0435 1356 Boot (0x1200) (42830d70bbef9b5ec0b23baae40fa686) \Device\Harddisk0\DR0\Partition1

20:43:40.0435 1356 \Device\Harddisk0\DR0\Partition1 - ok

20:43:40.0435 1356 ============================================================

20:43:40.0435 1356 Scan finished

20:43:40.0435 1356 ============================================================

20:43:40.0450 3360 Detected object count: 3

20:43:40.0450 3360 Actual detected object count: 3

20:47:38.0972 3360 USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user

20:47:38.0972 3360 USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:47:39.0928 3360 \Device\Harddisk0\DR0\# - copied to quarantine

20:47:39.0928 3360 \Device\Harddisk0\DR0 - copied to quarantine

20:47:40.0006 3360 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine

20:47:40.0022 3360 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine

20:47:40.0022 3360 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine

20:47:40.0038 3360 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine

20:47:40.0069 3360 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine

20:47:40.0100 3360 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine

20:47:40.0100 3360 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine

20:47:40.0100 3360 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine

20:47:40.0100 3360 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine

20:47:40.0100 3360 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine

20:47:40.0100 3360 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine

20:47:40.0116 3360 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine

20:47:40.0116 3360 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine

20:47:40.0116 3360 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine

20:47:40.0162 3360 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot

20:47:40.0162 3360 \Device\Harddisk0\DR0 - ok

20:47:40.0178 3360 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure

20:47:40.0194 3360 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine

20:47:40.0194 3360 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine

20:47:40.0209 3360 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine

20:47:40.0209 3360 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine

20:47:40.0240 3360 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine

20:47:40.0256 3360 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine

20:47:40.0256 3360 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine

20:47:40.0256 3360 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine

20:47:40.0256 3360 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine

20:47:40.0272 3360 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine

20:47:40.0272 3360 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine

20:47:40.0272 3360 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine

20:47:40.0272 3360 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine

20:47:40.0272 3360 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine

20:47:40.0272 3360 \Device\Harddisk0\DR0\TDLFS - deleted

20:47:40.0287 3360 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete

20:50:13.0280 2936 Deinitialize success

Link to post
Share on other sites

Next........

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

It wont let me download it for some reason but I scanned my computer with Malwarebytes and Avast and said it didnt have anything.

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.24.06

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)

Internet Explorer 9.0.8112.16421

Jared :: DAVID-PC [administrator]

6/25/2012 8:56:48 PM

mbam-log-2012-06-25 (20-56-48).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 237098

Time elapsed: 7 minute(s), 39 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Thanks. It worked here is the log:

ComboFix 12-06-25.05 - Jared 06/25/2012 22:14:48.1.2 - x64 NETWORK

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3836.3055 [GMT -4:00]

Running from: c:\users\Jared\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LEHH0QET\ComboFix.exe

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Jared\Documents\~WRL0004.tmp

c:\windows\RPSETUP.EXE.LOG

c:\windows\SysWow64\DEBUG.log

.

.

((((((((((((((((((((((((( Files Created from 2012-05-26 to 2012-06-26 )))))))))))))))))))))))))))))))

.

.

2012-06-26 02:19 . 2012-06-26 02:19 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-06-26 02:19 . 2012-06-26 02:19 -------- d-----w- c:\users\David\AppData\Local\temp

2012-06-26 00:47 . 2012-06-26 00:47 -------- d-----w- C:\TDSSKiller_Quarantine

2012-06-25 04:47 . 2012-03-06 23:04 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-06-25 04:47 . 2012-03-06 23:01 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-06-25 04:47 . 2012-03-06 23:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2012-06-25 04:47 . 2012-03-06 23:01 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-06-25 04:46 . 2012-03-06 23:04 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-06-25 04:46 . 2012-03-06 23:01 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2012-06-25 04:46 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe

2012-06-25 04:46 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr

2012-06-25 04:46 . 2012-03-06 23:15 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe

2012-06-25 04:46 . 2012-06-25 04:46 -------- d-----w- c:\programdata\AVAST Software

2012-06-25 04:46 . 2012-06-25 04:46 -------- d-----w- c:\program files\AVAST Software

2012-06-25 04:38 . 2012-06-25 04:38 -------- d-----w- c:\users\Jared\AppData\Local\ElevatedDiagnostics

2012-06-24 03:41 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-24 03:41 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-24 03:41 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-24 03:41 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-24 03:41 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-24 03:41 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-24 03:41 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-24 03:40 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-24 03:40 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-16 01:08 . 2012-05-18 02:51 754808 ----a-w- c:\program files\Internet Explorer\iexplore.exe

2012-06-14 02:33 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-06-09 04:14 . 2012-06-25 21:12 -------- d-----w- c:\program files (x86)\NoLimits Coasters v1.6

2012-06-09 04:13 . 2012-06-09 04:13 -------- d-----w- c:\users\Jared\AppData\Local\WinZip

2012-06-09 03:51 . 2012-06-09 03:52 -------- d-----w- c:\programdata\WinZip

2012-06-09 03:47 . 2012-06-09 17:50 -------- d-----w- c:\program files (x86)\WinZip Courier

2012-06-09 03:47 . 2012-06-09 03:47 -------- d-----w- c:\windows\CD95F661A5C411AFB2CCABCD21A325B8.TMP

2012-06-09 03:46 . 2012-06-09 03:46 -------- d-----w- c:\users\Jared\AppData\Local\AVG Secure Search

2012-06-09 03:46 . 2012-06-09 03:47 -------- d-----w- c:\programdata\AVG Secure Search

2012-06-09 03:46 . 2012-06-09 17:50 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search

2012-06-09 03:46 . 2012-06-09 17:50 -------- d-----w- c:\program files (x86)\AVG Secure Search

2012-06-07 03:33 . 2002-02-27 21:50 197120 ----a-w- c:\windows\patchw32.dll

2012-06-07 03:33 . 2012-06-09 17:50 -------- d-----w- c:\program files (x86)\Common Files\PocketSoft

2012-06-07 03:26 . 2012-06-09 17:48 -------- d-----w- c:\program files (x86)\Atari

2012-06-07 03:25 . 2002-12-05 18:10 155648 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll

2012-06-07 03:25 . 2002-12-02 17:33 57344 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll

2012-06-07 03:25 . 2002-12-02 17:33 237568 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll

2012-06-07 03:25 . 2012-06-07 03:25 163972 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll

2012-06-07 03:25 . 2002-12-05 18:12 692224 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll

2012-06-07 03:25 . 2002-12-02 19:22 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe

2012-06-07 03:25 . 2012-06-07 03:25 282756 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll

2012-06-04 04:46 . 2012-06-04 04:46 -------- d-----w- c:\users\Jared\SyncUP

2012-06-01 15:44 . 2012-06-01 15:47 -------- d-----w- c:\program files (x86)\MSECache

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-24 14:47 . 2012-04-25 01:34 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-06-24 14:47 . 2012-03-28 00:17 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-04-22 18:27 . 2012-04-22 18:27 485576 ----a-w- c:\users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp\UninstallCouponActivator.exe

2012-04-04 19:56 . 2012-05-01 03:57 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-31 06:05 . 2012-05-09 03:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-03-31 04:39 . 2012-05-09 03:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-03-31 04:39 . 2012-05-09 03:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-03-30 11:35 . 2012-05-09 02:47 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2011-08-24 02:20 1515688 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-08-24 1515688]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Facebook Update"="c:\users\Jared\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-03-07 137536]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-05-13 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-24 102400]

"Dell Registration"="c:\program files (x86)\System Registration\prodreg.exe" [2010-11-10 4144448]

"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]

"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]

"NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2012-02-06 66872]

"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]

"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-04-29 885760]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 35736]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2011-08-24 887976]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"GrpConv"="grpconv -o" [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R1 aswSnx;aswSnx; [x]

R1 aswSP;aswSP; [x]

R2 0186761340676579mcinstcleanup;McAfee Application Installer Cleanup (0186761340676579);c:\users\Jared\AppData\Local\Temp\018676~1.EXE [x]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]

R2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2010-05-21 98208]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

R2 aswFsBlk;aswFsBlk; [x]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-16 136176]

R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]

R2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]

R2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]

R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]

R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-24 250056]

R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-16 136176]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]

R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]

R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]

R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]

R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]

R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]

S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - PXHLPA64

*Deregistered* - mfenlfk

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-25 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-25 14:49]

.

2012-06-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3021517745-3466054079-3347469303-1000Core.job

- c:\users\David\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-05 22:50]

.

2012-06-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3021517745-3466054079-3347469303-1000UA.job

- c:\users\David\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-05 22:50]

.

2012-06-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3021517745-3466054079-3347469303-1001Core.job

- c:\users\Jared\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-13 19:49]

.

2012-06-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3021517745-3466054079-3347469303-1001UA.job

- c:\users\Jared\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-13 19:49]

.

2012-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-16 21:43]

.

2012-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-16 21:43]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-05-21 10810912]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-04-05 384296]

"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2010-04-02 3202928]

"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-04-29 2055016]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-{8660E5B3-6C41-44DE-8503-98D99BBECD41} - c:\program files (x86)\Coupons.com CouponBar\tbcore3.dll

Wow6432Node-HKLM-RunOnce-<NO NAME> - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

WebBrowser-{8660E5B3-6C41-44DE-8503-98D99BBECD41} - (no file)

AddRemove-WT089446 - c:\program files (x86)\WildTangent\Dell Games\Wedding Dash - Ready

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,

d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54

"{8660E5B3-6C41-44DE-8503-98D99BBECD41}"=hex:51,66,7a,6c,4c,1d,38,12,dd,e6,73,

82,73,22,b0,01,fa,15,db,99,9e,e0,89,55

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,

27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{27B4851A-3207-45A2-B947-BE8AFE6163AB}"=hex:51,66,7a,6c,4c,1d,38,12,74,86,a7,

23,35,7c,cc,00,c6,51,fd,ca,fb,3f,27,bf

"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,

72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57

"{7DB2D5A0-7241-4E79-B68D-6309F01C5231}"=hex:51,66,7a,6c,4c,1d,38,12,ce,d6,a1,

79,73,3c,17,0b,c9,9b,20,49,f5,42,16,25

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,

ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3

"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,

aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

"{FCBCCB87-9224-4B8D-B117-F56D924BEB18}"=hex:51,66,7a,6c,4c,1d,38,12,e9,c8,af,

f8,16,dc,e3,0e,ce,01,b6,2d,97,15,af,0c

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:ce,9d,d1,09,47,52,cd,01

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-06-25 22:22:59

ComboFix-quarantined-files.txt 2012-06-26 02:22

.

Pre-Run: 251,241,750,528 bytes free

Post-Run: 253,317,750,784 bytes free

.

- - End Of File - - 0656B6A93988C5ED644DAEB4E266CBAE

Link to post
Share on other sites

When I go on malwarebytes after a while of scanning it will not respond. Is it becausen its damaged or something. I scanned on safe mode if worked fine and said it was clean but on regular it doesn't respond. Internet Explorer is working great for awhile then doesnt respond.Its like the computer fights to work then just stops and works and stops.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.