Jump to content

rundll32.exe rootkit help


Recommended Posts

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

Link to post
Share on other sites

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1

Run by Tyler at 21:55:45 on 2012-07-18

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4009.1690 [GMT -4:00]

.

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\ASRock\XFast LAN\spd.exe

C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\igfxpers.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Windows\System32\rundll32.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files\ASRock\XFast LAN\cfosspeed.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files (x86)\Xfire\Xfire.exe

C:\Program Files (x86)\Xfire\xfire64.exe

C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\iTunes\iTunes.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Xfire\xfire64.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\taskmgr.exe

C:\Windows\explorer.exe

C:\Windows\system32\msiexec.exe

C:\Users\Tyler\Downloads\avg_free_stb_all_2012_2197_cnet.exe

C:\Users\Tyler\AppData\Local\Temp\7zS5F63.tmp\avgmfapx.exe

C:\Windows\system32\MsiExec.exe

C:\Users\Tyler\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Tyler\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Tyler\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Tyler\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Tyler\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Tyler\AppData\Local\Temp\key.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Users\Tyler\AppData\Local\Temp\key.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Users\Tyler\AppData\Local\Temp\key.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.iminent.com/?appId=1B05174C-3825-460D-B730-408179166C10

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll

uURLSearchHooks: H - No File

mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: TBSB01620 Class: {58124a0b-dc32-4180-9bff-e0e21ae34026} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File

BHO: IMinent WebBooster (BHO): {a09ab6eb-31b5-454c-97ec-9b294d92ee2a} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Panda Security Toolbar: {b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4} - C:\Program Files (x86)\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll

BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll

TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll

TB: IMinent Toolbar: {977ae9cc-af83-45e8-9e03-e2798216e2d5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll

TB: Panda Security Toolbar: {b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4} - C:\Program Files (x86)\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

uRun: [ASRockXTU]

uRun: [zASRockInstantBoot]

uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

uRun: [Google Update] "C:\Users\Tyler\AppData\Local\Google\Update\GoogleUpdate.exe" /c

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r

mRun: [updReg] C:\Windows\UpdReg.EXE

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [<NO NAME>]

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Panda Security URL Filtering] "C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe"

StartupFolder: C:\Users\Tyler\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Xfire.lnk - C:\Program Files (x86)\Xfire\Xfire.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: DhcpNameServer = 71.250.0.12 71.242.0.12

TCP: Interfaces\{E8FF5AB0-830C-48E1-AF18-6DC1068ECCA4} : DhcpNameServer = 71.250.0.12 71.242.0.12

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

AppInit_DLLs: C:\PROGRA~1\LUCIDL~1\VIRTU\x86\APPINI~1.DLL

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: TBSB01620 Class: {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll

BHO-X64: TBSB01620 - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO-X64: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File

BHO-X64: IMinent WebBooster (BHO): {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll

BHO-X64: IMinent WebBooster - No File

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Panda Security Toolbar: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll

BHO-X64: Panda Security Toolbar - No File

BHO-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll

BHO-X64: uTorrentBar - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

BHO-X64: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll

BHO-X64: Yontoo Layers - No File

TB-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll

TB-X64: IMinent Toolbar: {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll

TB-X64: Panda Security Toolbar: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll

TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r

mRun-x64: [updReg] C:\Windows\UpdReg.EXE

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [(Default)]

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [Panda Security URL Filtering] "C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe"

AppInit_DLLs-X64: C:\PROGRA~1\LUCIDL~1\VIRTU\x86\APPINI~1.DLL

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\qy8ld1lc.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://search.iminent.com/?appId=1b05174c-3825-460d-b730-408179166c10&ref=homepage

FF - prefs.js: browser.search.selectedEngine - Panda Safe Search

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\ProgramData\id Software\QuakeLive\npquakezero.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll

.

---- FIREFOX POLICIES ----

FF - user.js: extentions.y2layers.installId - 02f95787-ece5-4c89-8da0-6894031839c8

FF - user.js: extentions.y2layers.defaultEnableAppsList - bestvideodownloader,ezLooker,pagerage,buzzdock,toprelatedtopics,twittube

.

FF - user.js: extensions.autoDisableScopes - 14

.

============= SERVICES / DRIVERS ===============

.

P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-2-24 8704]

R1 AsrAppCharger;AsrAppCharger;C:\Windows\system32\DRIVERS\AsrAppCharger.sys --> C:\Windows\system32\DRIVERS\AsrAppCharger.sys [?]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]

R1 FNETURPX;FNETURPX;C:\Windows\system32\drivers\FNETURPX.SYS --> C:\Windows\system32\drivers\FNETURPX.SYS [?]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]

R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-8-19 450848]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-12-9 2656280]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\system32\DRIVERS\asmthub3.sys --> C:\Windows\system32\DRIVERS\asmthub3.sys [?]

R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\system32\DRIVERS\asmtxhci.sys --> C:\Windows\system32\DRIVERS\asmtxhci.sys [?]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]

R3 MBfilt;MBfilt;C:\Windows\system32\drivers\MBfilt64.sys --> C:\Windows\system32\drivers\MBfilt64.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2010-5-26 14648]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

R3 VirtuWDDM;VirtuWDDM;C:\Windows\system32\DRIVERS\VirtuWDDM.sys --> C:\Windows\system32\DRIVERS\VirtuWDDM.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-6-19 3048136]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-5-3 158856]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-4 250056]

S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\system32\Drivers\ssadadb.sys --> C:\Windows\system32\Drivers\ssadadb.sys [?]

S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]

S3 LVUVC64;Logitech Webcam C210(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBPNPA;USB PnP Sound Device Interface;C:\Windows\system32\drivers\CM10864.sys --> C:\Windows\system32\drivers\CM10864.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

SUnknown NNSPIHSW;NNSPIHSW; [x]

SUnknown PSKMAD;PSKMAD; [x]

.

=============== Created Last 30 ================

.

2012-07-19 01:32:39 -------- d-----w- C:\ProgramData\Kaspersky Lab

2012-07-19 01:32:39 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab

2012-07-19 01:32:03 -------- d--h--w- C:\kleaner.tmp

2012-07-18 22:45:57 70 ----a-w- C:\Windows\RAVTC.TMP

2012-07-18 22:23:07 -------- d-----w- C:\TDSSKiller_Quarantine

2012-07-18 22:18:59 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{29E31A65-39A8-44FC-9680-AF900A9775C1}\offreg.dll

2012-07-18 17:13:41 -------- d-----w- C:\Users\Tyler\AppData\Roaming\Panda Security

2012-07-18 17:12:29 -------- d-----w- C:\Users\Tyler\AppData\Local\panda2_0dn

2012-07-18 17:12:29 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner

2012-07-18 17:12:26 -------- d-----w- C:\ProgramData\Panda Security URL Filtering

2012-07-18 17:10:27 -------- d-----w- C:\ProgramData\Panda Security

2012-07-18 17:10:27 -------- d-----w- C:\Program Files (x86)\Panda Security

2012-07-18 17:10:03 -------- d-----w- C:\temp

2012-07-14 01:14:54 -------- d-----w- C:\Program Files (x86)\Oracle

2012-07-14 01:14:18 772544 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2012-07-13 20:16:33 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab

2012-07-12 05:29:02 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-07-11 16:05:40 2004480 ----a-w- C:\Windows\System32\msxml6.dll

2012-07-06 15:24:15 -------- d-----w- C:\Program Files (x86)\StarCraft 2

2012-06-24 17:39:02 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-24 17:38:52 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-24 17:38:35 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-24 17:38:35 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-19 21:35:14 4967624 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll

.

==================== Find3M ====================

.

2012-07-11 21:00:19 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-11 21:00:19 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-07-09 18:24:46 282472 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2012-07-09 18:24:46 282472 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2012-07-09 18:20:35 271200 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2012-07-06 02:06:20 687544 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll

2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll

2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll

2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys

2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll

2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-05-03 02:54:46 42392 ----a-w- C:\Windows\SysWow64\xfcodec.dll

2012-05-03 02:54:46 28056 ----a-w- C:\Windows\System32\xfcodec64.dll

2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll

2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll

2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

.

============= FINISH: 21:57:05.58 ===============

Link to post
Share on other sites

Your logs showed some peer-to-peer filesharing apps: uTorrent I do not recommend the use of P-2-P programs since such filesharing/downloading from unknown sources is one of the leading causes of transmission of malware.

Risks of File-Sharing Technology.

P2P file sharing: Know the risks

Utorrent toolbar and any peer-to-peer fileshare must be de-installed before we continue, AND you must confirm having done so.

More worrisone: This pc shows no installed & active antivirus :excl:

How long has the pc been without antivirus ?

Link to post
Share on other sites

Your logs showed some peer-to-peer filesharing apps: uTorrent I do not recommend the use of P-2-P programs since such filesharing/downloading from unknown sources is one of the leading causes of transmission of malware.

Risks of File-Sharing Technology.

P2P file sharing: Know the risks

Utorrent toolbar and any peer-to-peer fileshare must be de-installed before we continue, AND you must confirm having done so.

More worrisone: This pc shows no installed & active antivirus :excl:

How long has the pc been without antivirus ?

Well before i did this scan i disabled utorrent but i dont think i totally got it so ill do the scan again and delete the process. Also it has been without an antivirus for about 5 minutes cause i uninstalled avg free to get something else but i just went back to avg. Please tell me what you mean by "de-install"
Link to post
Share on other sites

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

To show all files:

  • Go to your Desktop
  • Double-Click the Computer icon.
  • From the menu options, Select Tools, then Folder Options.
  • Next click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders and drives.
  • Click Apply > OK.

Step 3

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Download aswMBR.exe ( 511KB ) to your desktop.

On Windows 7 or Vista, RIGHT click on aswMBR.exe and select Run As Administrator to start.

On Windows XP, double click the exe to start.

change the a-v scan to None.

uncheck trace disk IO calls

Click the "Scan" button to start scan

On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and copy/paste into a reply

Step 4

Please read carefully and follow these steps.

  • Delete the prior copies of TDSSKILLER.zip & TDSSKILLER.exe that you may have.
  • Download TDSSKiller and save it to your Desktop.
  • If on Windows 7 or Vista, RIGHT-Click on TDSSKiller.exe and select Run As Administrator to run the application.
    If on Windows XP, double-click to start.
  • Click on "Change parameters" and place a checkmark next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
  • Then press Start Scan

When the scan is done, it will display a summary screen.

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 5

  • Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
    >> from here <<
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
    For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on Scan button at upper right of screen.
  • Wait until the Status box shows "Scan Finished"
  • Click on Report and copy/paste the content of the Notepad into a reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller

Link to post
Share on other sites

20:20:49.0470 4592 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11

20:20:49.0833 4592 ============================================================

20:20:49.0833 4592 Current date / time: 2012/07/19 20:20:49.0833

20:20:49.0833 4592 SystemInfo:

20:20:49.0833 4592

20:20:49.0833 4592 OS Version: 6.1.7601 ServicePack: 1.0

20:20:49.0833 4592 Product type: Workstation

20:20:49.0833 4592 ComputerName: TYLER-PC

20:20:49.0834 4592 UserName: Tyler

20:20:49.0834 4592 Windows directory: C:\Windows

20:20:49.0834 4592 System windows directory: C:\Windows

20:20:49.0834 4592 Running under WOW64

20:20:49.0834 4592 Processor architecture: Intel x64

20:20:49.0834 4592 Number of processors: 4

20:20:49.0834 4592 Page size: 0x1000

20:20:49.0834 4592 Boot type: Normal boot

20:20:49.0834 4592 ============================================================

20:20:51.0449 4592 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

20:20:51.0452 4592 ============================================================

20:20:51.0452 4592 \Device\Harddisk0\DR0:

20:20:51.0452 4592 MBR partitions:

20:20:51.0452 4592 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

20:20:51.0452 4592 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800

20:20:51.0452 4592 ============================================================

20:20:51.0485 4592 C: <-> \Device\Harddisk0\DR0\Partition1

20:20:51.0485 4592 ============================================================

20:20:51.0485 4592 Initialize success

20:20:51.0485 4592 ============================================================

20:21:06.0834 5820 ============================================================

20:21:06.0834 5820 Scan started

20:21:06.0834 5820 Mode: Manual; SigCheck; TDLFS;

20:21:06.0834 5820 ============================================================

20:21:07.0950 5820 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

20:21:08.0164 5820 1394ohci - ok

20:21:08.0233 5820 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

20:21:08.0253 5820 ACPI - ok

20:21:08.0295 5820 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

20:21:08.0362 5820 AcpiPmi - ok

20:21:08.0714 5820 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

20:21:08.0723 5820 AdobeFlashPlayerUpdateSvc - ok

20:21:09.0037 5820 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

20:21:09.0061 5820 adp94xx - ok

20:21:09.0091 5820 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

20:21:09.0104 5820 adpahci - ok

20:21:09.0129 5820 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

20:21:09.0139 5820 adpu320 - ok

20:21:09.0171 5820 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

20:21:09.0229 5820 AeLookupSvc - ok

20:21:09.0323 5820 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

20:21:09.0436 5820 AFD - ok

20:21:09.0527 5820 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

20:21:09.0537 5820 agp440 - ok

20:21:09.0564 5820 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

20:21:09.0594 5820 ALG - ok

20:21:09.0611 5820 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

20:21:09.0617 5820 aliide - ok

20:21:09.0699 5820 AMD External Events Utility (20c8a3e435a47f0408a1ea674afa6194) C:\Windows\system32\atiesrxx.exe

20:21:09.0765 5820 AMD External Events Utility - ok

20:21:09.0794 5820 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

20:21:09.0805 5820 amdide - ok

20:21:09.0835 5820 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

20:21:09.0903 5820 AmdK8 - ok

20:21:10.0559 5820 amdkmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys

20:21:10.0765 5820 amdkmdag - ok

20:21:10.0945 5820 amdkmdap (0e57258e5cc4cc7a9a9a877afdf0cec6) C:\Windows\system32\DRIVERS\atikmpag.sys

20:21:10.0986 5820 amdkmdap - ok

20:21:11.0054 5820 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

20:21:11.0083 5820 AmdPPM - ok

20:21:11.0134 5820 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

20:21:11.0147 5820 amdsata - ok

20:21:11.0196 5820 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

20:21:11.0211 5820 amdsbs - ok

20:21:11.0236 5820 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

20:21:11.0243 5820 amdxata - ok

20:21:11.0305 5820 androidusb (4de0d5d747a73797c95a97dcce5018b5) C:\Windows\system32\Drivers\ssadadb.sys

20:21:11.0374 5820 androidusb - ok

20:21:11.0484 5820 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

20:21:11.0827 5820 AppID - ok

20:21:11.0862 5820 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

20:21:11.0902 5820 AppIDSvc - ok

20:21:11.0934 5820 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

20:21:11.0989 5820 Appinfo - ok

20:21:12.0183 5820 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

20:21:12.0200 5820 Apple Mobile Device - ok

20:21:12.0278 5820 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

20:21:12.0291 5820 arc - ok

20:21:12.0326 5820 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

20:21:12.0339 5820 arcsas - ok

20:21:12.0470 5820 asmthub3 (6fe3237c1177e66437e7ad0e8ac1a6e5) C:\Windows\system32\DRIVERS\asmthub3.sys

20:21:12.0539 5820 asmthub3 - ok

20:21:12.0903 5820 asmtxhci (c4043e39a2abbc56581ca25df161e9f7) C:\Windows\system32\DRIVERS\asmtxhci.sys

20:21:12.0965 5820 asmtxhci - ok

20:21:13.0032 5820 AsrAppCharger (912a215ce180a6e7c923c662d7ec777d) C:\Windows\system32\DRIVERS\AsrAppCharger.sys

20:21:13.0037 5820 AsrAppCharger - ok

20:21:13.0073 5820 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

20:21:13.0118 5820 AsyncMac - ok

20:21:13.0154 5820 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

20:21:13.0160 5820 atapi - ok

20:21:13.0246 5820 AtiHDAudioService (24464b908e143d2561e9e452fee97309) C:\Windows\system32\drivers\AtihdW76.sys

20:21:13.0254 5820 AtiHDAudioService - ok

20:21:13.0362 5820 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

20:21:13.0423 5820 AudioEndpointBuilder - ok

20:21:13.0428 5820 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

20:21:13.0456 5820 AudioSrv - ok

20:21:14.0020 5820 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe

20:21:14.0102 5820 AVGIDSAgent - ok

20:21:14.0286 5820 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys

20:21:14.0298 5820 AVGIDSDriver - ok

20:21:14.0335 5820 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys

20:21:14.0344 5820 AVGIDSFilter - ok

20:21:14.0373 5820 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys

20:21:14.0381 5820 AVGIDSHA - ok

20:21:14.0494 5820 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys

20:21:14.0510 5820 Avgldx64 - ok

20:21:14.0537 5820 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys

20:21:14.0547 5820 Avgmfx64 - ok

20:21:14.0617 5820 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys

20:21:14.0626 5820 Avgrkx64 - ok

20:21:14.0656 5820 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS\avgtdia.sys

20:21:14.0673 5820 Avgtdia - ok

20:21:14.0794 5820 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

20:21:14.0808 5820 avgwd - ok

20:21:14.0862 5820 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

20:21:14.0930 5820 AxInstSV - ok

20:21:14.0996 5820 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

20:21:15.0071 5820 b06bdrv - ok

20:21:15.0111 5820 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

20:21:15.0140 5820 b57nd60a - ok

20:21:15.0262 5820 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

20:21:15.0319 5820 BDESVC - ok

20:21:15.0348 5820 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

20:21:15.0401 5820 Beep - ok

20:21:15.0641 5820 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

20:21:15.0696 5820 BFE - ok

20:21:15.0784 5820 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll

20:21:15.0843 5820 BITS - ok

20:21:15.0900 5820 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

20:21:15.0928 5820 blbdrive - ok

20:21:16.0068 5820 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe

20:21:16.0086 5820 Bonjour Service - ok

20:21:16.0148 5820 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

20:21:16.0200 5820 bowser - ok

20:21:16.0271 5820 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

20:21:16.0322 5820 BrFiltLo - ok

20:21:16.0341 5820 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

20:21:16.0380 5820 BrFiltUp - ok

20:21:16.0441 5820 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

20:21:16.0527 5820 Browser - ok

20:21:16.0580 5820 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

20:21:16.0625 5820 Brserid - ok

20:21:16.0641 5820 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

20:21:16.0662 5820 BrSerWdm - ok

20:21:16.0688 5820 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

20:21:16.0721 5820 BrUsbMdm - ok

20:21:16.0760 5820 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

20:21:16.0787 5820 BrUsbSer - ok

20:21:16.0815 5820 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

20:21:16.0825 5820 BTHMODEM - ok

20:21:16.0889 5820 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

20:21:16.0954 5820 bthserv - ok

20:21:16.0984 5820 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

20:21:17.0021 5820 cdfs - ok

20:21:17.0088 5820 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

20:21:17.0133 5820 cdrom - ok

20:21:17.0186 5820 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

20:21:17.0259 5820 CertPropSvc - ok

20:21:17.0540 5820 cFosSpeed (33b82cf69e41b38a2ec0c3cabde80d6e) C:\Windows\system32\DRIVERS\cfosspeed6.sys

20:21:17.0570 5820 cFosSpeed - ok

20:21:17.0709 5820 cFosSpeedS (760085908644d2988f1b504c3fca6959) C:\Program Files\ASRock\XFast LAN\spd.exe

20:21:17.0728 5820 cFosSpeedS - ok

20:21:17.0940 5820 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

20:21:17.0974 5820 circlass - ok

20:21:18.0076 5820 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

20:21:18.0095 5820 CLFS - ok

20:21:18.0188 5820 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

20:21:18.0200 5820 clr_optimization_v2.0.50727_32 - ok

20:21:18.0306 5820 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

20:21:18.0318 5820 clr_optimization_v2.0.50727_64 - ok

20:21:18.0412 5820 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

20:21:18.0426 5820 clr_optimization_v4.0.30319_32 - ok

20:21:18.0494 5820 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

20:21:18.0505 5820 clr_optimization_v4.0.30319_64 - ok

20:21:18.0538 5820 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

20:21:18.0637 5820 CmBatt - ok

20:21:18.0775 5820 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

20:21:18.0787 5820 cmdide - ok

20:21:18.0887 5820 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys

20:21:18.0918 5820 CNG - ok

20:21:18.0961 5820 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

20:21:18.0972 5820 Compbatt - ok

20:21:19.0030 5820 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

20:21:19.0079 5820 CompositeBus - ok

20:21:19.0101 5820 COMSysApp - ok

20:21:19.0175 5820 cpuz135 (c08063f052308b6f5882482615387f30) C:\Windows\system32\drivers\cpuz135_x64.sys

20:21:19.0185 5820 cpuz135 - ok

20:21:19.0212 5820 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

20:21:19.0223 5820 crcdisk - ok

20:21:19.0294 5820 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll

20:21:19.0391 5820 CryptSvc - ok

20:21:19.0467 5820 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

20:21:19.0538 5820 DcomLaunch - ok

20:21:19.0591 5820 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

20:21:19.0618 5820 defragsvc - ok

20:21:19.0677 5820 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

20:21:19.0728 5820 DfsC - ok

20:21:19.0780 5820 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

20:21:19.0823 5820 Dhcp - ok

20:21:19.0883 5820 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

20:21:19.0951 5820 discache - ok

20:21:19.0993 5820 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

20:21:20.0006 5820 Disk - ok

20:21:20.0081 5820 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

20:21:20.0139 5820 Dnscache - ok

20:21:20.0190 5820 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

20:21:20.0236 5820 dot3svc - ok

20:21:20.0279 5820 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

20:21:20.0335 5820 DPS - ok

20:21:20.0396 5820 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

20:21:20.0425 5820 drmkaud - ok

20:21:20.0661 5820 dtsoftbus01 (400582b09e0bb557d0ec28a945150eeb) C:\Windows\system32\DRIVERS\dtsoftbus01.sys

20:21:20.0676 5820 dtsoftbus01 - ok

20:21:20.0777 5820 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

20:21:20.0811 5820 DXGKrnl - ok

20:21:20.0863 5820 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

20:21:20.0925 5820 EapHost - ok

20:21:21.0119 5820 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

20:21:21.0168 5820 ebdrv - ok

20:21:21.0302 5820 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

20:21:21.0430 5820 EFS - ok

20:21:21.0542 5820 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

20:21:21.0629 5820 ehRecvr - ok

20:21:21.0719 5820 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

20:21:21.0774 5820 ehSched - ok

20:21:21.0891 5820 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

20:21:21.0926 5820 elxstor - ok

20:21:21.0963 5820 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

20:21:22.0003 5820 ErrDev - ok

20:21:22.0117 5820 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

20:21:22.0171 5820 EventSystem - ok

20:21:22.0199 5820 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

20:21:22.0221 5820 exfat - ok

20:21:22.0250 5820 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

20:21:22.0300 5820 fastfat - ok

20:21:22.0651 5820 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

20:21:22.0794 5820 Fax - ok

20:21:22.0853 5820 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

20:21:22.0877 5820 fdc - ok

20:21:22.0908 5820 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

20:21:22.0968 5820 fdPHost - ok

20:21:23.0004 5820 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

20:21:23.0059 5820 FDResPub - ok

20:21:23.0093 5820 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

20:21:23.0100 5820 FileInfo - ok

20:21:23.0116 5820 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

20:21:23.0174 5820 Filetrace - ok

20:21:23.0214 5820 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

20:21:23.0226 5820 flpydisk - ok

20:21:23.0269 5820 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

20:21:23.0285 5820 FltMgr - ok

20:21:23.0356 5820 FNETURPX (7c3c4b4c951ec1bdfd4f769d05e2cc68) C:\Windows\system32\drivers\FNETURPX.SYS

20:21:23.0366 5820 FNETURPX - ok

20:21:23.0471 5820 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

20:21:23.0560 5820 FontCache - ok

20:21:23.0701 5820 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

20:21:23.0711 5820 FontCache3.0.0.0 - ok

20:21:23.0751 5820 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

20:21:23.0763 5820 FsDepends - ok

20:21:23.0806 5820 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

20:21:23.0818 5820 Fs_Rec - ok

20:21:23.0898 5820 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

20:21:23.0919 5820 fvevol - ok

20:21:24.0002 5820 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

20:21:24.0014 5820 gagp30kx - ok

20:21:24.0118 5820 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

20:21:24.0127 5820 GEARAspiWDM - ok

20:21:24.0245 5820 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

20:21:24.0331 5820 gpsvc - ok

20:21:24.0354 5820 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

20:21:24.0397 5820 hcw85cir - ok

20:21:24.0523 5820 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

20:21:24.0545 5820 HdAudAddService - ok

20:21:24.0785 5820 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys

20:21:24.0818 5820 HDAudBus - ok

20:21:24.0827 5820 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

20:21:24.0848 5820 HidBatt - ok

20:21:24.0871 5820 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

20:21:24.0910 5820 HidBth - ok

20:21:24.0967 5820 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

20:21:24.0983 5820 HidIr - ok

20:21:25.0065 5820 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

20:21:25.0117 5820 hidserv - ok

20:21:25.0166 5820 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

20:21:25.0178 5820 HidUsb - ok

20:21:25.0323 5820 HiPatchService (d61f8e72032bdc43157f2b8aea32b529) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe

20:21:25.0337 5820 HiPatchService ( UnsignedFile.Multi.Generic ) - warning

20:21:25.0337 5820 HiPatchService - detected UnsignedFile.Multi.Generic (1)

20:21:25.0411 5820 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

20:21:25.0486 5820 hkmsvc - ok

20:21:25.0551 5820 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

20:21:25.0617 5820 HomeGroupListener - ok

20:21:25.0643 5820 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

20:21:25.0676 5820 HomeGroupProvider - ok

20:21:25.0711 5820 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

20:21:25.0724 5820 HpSAMD - ok

20:21:25.0798 5820 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

20:21:25.0864 5820 HTTP - ok

20:21:25.0953 5820 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

20:21:25.0965 5820 hwpolicy - ok

20:21:26.0019 5820 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

20:21:26.0034 5820 i8042prt - ok

20:21:26.0086 5820 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

20:21:26.0106 5820 iaStorV - ok

20:21:26.0241 5820 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

20:21:26.0270 5820 idsvc - ok

20:21:27.0025 5820 igfx (6383899c5f964d71b0f96b81fbe59bb8) C:\Windows\system32\DRIVERS\igdkmd64.sys

20:21:27.0224 5820 igfx - ok

20:21:27.0493 5820 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

20:21:27.0505 5820 iirsp - ok

20:21:27.0579 5820 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

20:21:27.0643 5820 IKEEXT - ok

20:21:27.0815 5820 IntcAzAudAddService (718a4008ee5da174400396b27509ef82) C:\Windows\system32\drivers\RTKVHD64.sys

20:21:27.0875 5820 IntcAzAudAddService - ok

20:21:27.0949 5820 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

20:21:27.0961 5820 intelide - ok

20:21:27.0994 5820 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

20:21:28.0018 5820 intelppm - ok

20:21:28.0065 5820 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

20:21:28.0099 5820 IPBusEnum - ok

20:21:28.0172 5820 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

20:21:28.0235 5820 IpFilterDriver - ok

20:21:28.0320 5820 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

20:21:28.0388 5820 iphlpsvc - ok

20:21:28.0615 5820 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

20:21:28.0625 5820 IPMIDRV - ok

20:21:28.0651 5820 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

20:21:28.0708 5820 IPNAT - ok

20:21:28.0872 5820 iPod Service (ee4c2a137c7088911a8919effc9812e7) C:\Program Files\iPod\bin\iPodService.exe

20:21:28.0899 5820 iPod Service - ok

20:21:28.0919 5820 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

20:21:28.0988 5820 IRENUM - ok

20:21:29.0008 5820 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

20:21:29.0017 5820 isapnp - ok

20:21:29.0051 5820 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

20:21:29.0062 5820 iScsiPrt - ok

20:21:29.0099 5820 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

20:21:29.0109 5820 kbdclass - ok

20:21:29.0165 5820 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

20:21:29.0199 5820 kbdhid - ok

20:21:29.0276 5820 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

20:21:29.0288 5820 KeyIso - ok

20:21:29.0333 5820 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys

20:21:29.0344 5820 KSecDD - ok

20:21:29.0386 5820 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys

20:21:29.0393 5820 KSecPkg - ok

20:21:29.0424 5820 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

20:21:29.0466 5820 ksthunk - ok

20:21:29.0508 5820 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

20:21:29.0551 5820 KtmRm - ok

20:21:29.0647 5820 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll

20:21:29.0707 5820 LanmanServer - ok

20:21:29.0755 5820 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

20:21:29.0797 5820 LanmanWorkstation - ok

20:21:29.0838 5820 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

20:21:29.0887 5820 lltdio - ok

20:21:29.0955 5820 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

20:21:29.0980 5820 lltdsvc - ok

20:21:30.0005 5820 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

20:21:30.0027 5820 lmhosts - ok

20:21:30.0200 5820 LMS (9ad4bee2fe76d4ca39ac969b617e94fb) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

20:21:30.0217 5820 LMS - ok

20:21:30.0250 5820 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

20:21:30.0263 5820 LSI_FC - ok

20:21:30.0271 5820 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

20:21:30.0279 5820 LSI_SAS - ok

20:21:30.0285 5820 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

20:21:30.0292 5820 LSI_SAS2 - ok

20:21:30.0309 5820 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

20:21:30.0318 5820 LSI_SCSI - ok

20:21:30.0344 5820 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

20:21:30.0392 5820 luafv - ok

20:21:30.0630 5820 LVRS64 (ef2be2f45d4f06410a3bd2a3467325b0) C:\Windows\system32\DRIVERS\lvrs64.sys

20:21:30.0648 5820 LVRS64 - ok

20:21:31.0298 5820 LVUVC64 (ac22f92c6078640fe8a70d662a2f3ad5) C:\Windows\system32\DRIVERS\lvuvc64.sys

20:21:31.0378 5820 LVUVC64 - ok

20:21:31.0583 5820 MBfilt (8ff2d95cba49b405c5de27039ff0bf35) C:\Windows\system32\drivers\MBfilt64.sys

20:21:31.0592 5820 MBfilt - ok

20:21:31.0617 5820 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

20:21:31.0746 5820 Mcx2Svc - ok

20:21:31.0851 5820 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

20:21:31.0864 5820 megasas - ok

20:21:31.0926 5820 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

20:21:31.0944 5820 MegaSR - ok

20:21:31.0996 5820 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys

20:21:32.0006 5820 MEIx64 - ok

20:21:32.0128 5820 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe

20:21:32.0139 5820 Microsoft Office Groove Audit Service - ok

20:21:32.0172 5820 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

20:21:32.0204 5820 MMCSS - ok

20:21:32.0209 5820 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

20:21:32.0250 5820 Modem - ok

20:21:32.0271 5820 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

20:21:32.0302 5820 monitor - ok

20:21:32.0386 5820 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

20:21:32.0397 5820 mouclass - ok

20:21:32.0408 5820 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

20:21:32.0431 5820 mouhid - ok

20:21:32.0496 5820 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

20:21:32.0507 5820 mountmgr - ok

20:21:32.0543 5820 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

20:21:32.0557 5820 mpio - ok

20:21:32.0593 5820 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

20:21:32.0623 5820 mpsdrv - ok

20:21:32.0708 5820 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

20:21:32.0764 5820 MpsSvc - ok

20:21:32.0837 5820 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

20:21:32.0896 5820 MRxDAV - ok

20:21:32.0948 5820 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

20:21:32.0997 5820 mrxsmb - ok

20:21:33.0042 5820 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

20:21:33.0072 5820 mrxsmb10 - ok

20:21:33.0108 5820 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

20:21:33.0122 5820 mrxsmb20 - ok

20:21:33.0148 5820 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

20:21:33.0160 5820 msahci - ok

20:21:33.0204 5820 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

20:21:33.0219 5820 msdsm - ok

20:21:33.0304 5820 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

20:21:33.0335 5820 MSDTC - ok

20:21:33.0396 5820 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

20:21:33.0424 5820 Msfs - ok

20:21:33.0488 5820 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

20:21:33.0546 5820 mshidkmdf - ok

20:21:33.0603 5820 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

20:21:33.0609 5820 msisadrv - ok

20:21:33.0651 5820 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

20:21:33.0707 5820 MSiSCSI - ok

20:21:33.0710 5820 msiserver - ok

20:21:33.0753 5820 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

20:21:33.0789 5820 MSKSSRV - ok

20:21:33.0804 5820 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

20:21:33.0842 5820 MSPCLOCK - ok

20:21:33.0845 5820 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

20:21:33.0887 5820 MSPQM - ok

20:21:33.0953 5820 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

20:21:33.0970 5820 MsRPC - ok

20:21:33.0988 5820 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

20:21:33.0996 5820 mssmbios - ok

20:21:33.0999 5820 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

20:21:34.0027 5820 MSTEE - ok

20:21:34.0051 5820 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

20:21:34.0058 5820 MTConfig - ok

20:21:34.0080 5820 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

20:21:34.0087 5820 Mup - ok

20:21:34.0137 5820 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

20:21:34.0184 5820 napagent - ok

20:21:34.0240 5820 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

20:21:34.0270 5820 NativeWifiP - ok

20:21:34.0355 5820 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

20:21:34.0384 5820 NDIS - ok

20:21:34.0418 5820 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

20:21:34.0452 5820 NdisCap - ok

20:21:34.0506 5820 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

20:21:34.0557 5820 NdisTapi - ok

20:21:34.0604 5820 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

20:21:34.0646 5820 Ndisuio - ok

20:21:34.0695 5820 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

20:21:34.0762 5820 NdisWan - ok

20:21:34.0841 5820 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

20:21:34.0875 5820 NDProxy - ok

20:21:34.0892 5820 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

20:21:34.0927 5820 NetBIOS - ok

20:21:34.0976 5820 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

20:21:35.0019 5820 NetBT - ok

20:21:35.0070 5820 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

20:21:35.0081 5820 Netlogon - ok

20:21:35.0142 5820 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

20:21:35.0226 5820 Netman - ok

20:21:35.0256 5820 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

20:21:35.0294 5820 netprofm - ok

20:21:35.0640 5820 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

20:21:35.0652 5820 NetTcpPortSharing - ok

20:21:35.0669 5820 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

20:21:35.0681 5820 nfrd960 - ok

20:21:35.0712 5820 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

20:21:35.0795 5820 NlaSvc - ok

20:21:35.0876 5820 NPF (c31fa031335eff434b2d94278e74bcce) C:\Windows\system32\drivers\npf.sys

20:21:35.0886 5820 NPF - ok

20:21:35.0894 5820 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

20:21:35.0925 5820 Npfs - ok

20:21:35.0972 5820 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

20:21:36.0006 5820 nsi - ok

20:21:36.0027 5820 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

20:21:36.0066 5820 nsiproxy - ok

20:21:36.0191 5820 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

20:21:36.0226 5820 Ntfs - ok

20:21:36.0383 5820 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

20:21:36.0423 5820 Null - ok

20:21:36.0441 5820 NVHDA - ok

20:21:36.0443 5820 nvlddmkm - ok

20:21:36.0499 5820 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

20:21:36.0513 5820 nvraid - ok

20:21:36.0528 5820 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

20:21:36.0536 5820 nvstor - ok

20:21:36.0611 5820 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

20:21:36.0626 5820 nv_agp - ok

20:21:36.0820 5820 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

20:21:36.0841 5820 odserv - ok

20:21:36.0865 5820 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

20:21:36.0889 5820 ohci1394 - ok

20:21:36.0959 5820 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

20:21:36.0969 5820 ose - ok

20:21:37.0020 5820 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

20:21:37.0072 5820 p2pimsvc - ok

20:21:37.0131 5820 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

20:21:37.0152 5820 p2psvc - ok

20:21:37.0204 5820 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

20:21:37.0219 5820 Parport - ok

20:21:37.0273 5820 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys

20:21:37.0286 5820 partmgr - ok

20:21:37.0308 5820 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

20:21:37.0350 5820 PcaSvc - ok

20:21:37.0397 5820 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

20:21:37.0406 5820 pci - ok

20:21:37.0421 5820 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

20:21:37.0427 5820 pciide - ok

20:21:37.0439 5820 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

20:21:37.0449 5820 pcmcia - ok

20:21:37.0480 5820 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

20:21:37.0488 5820 pcw - ok

20:21:37.0522 5820 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

20:21:37.0569 5820 PEAUTH - ok

20:21:37.0890 5820 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

20:21:37.0915 5820 PerfHost - ok

20:21:38.0029 5820 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

20:21:38.0107 5820 pla - ok

20:21:38.0179 5820 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

20:21:38.0236 5820 PlugPlay - ok

20:21:38.0310 5820 PnkBstrA - ok

20:21:38.0354 5820 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

20:21:38.0379 5820 PNRPAutoReg - ok

20:21:38.0416 5820 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

20:21:38.0434 5820 PNRPsvc - ok

20:21:38.0496 5820 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

20:21:38.0557 5820 PolicyAgent - ok

20:21:38.0618 5820 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

20:21:38.0683 5820 Power - ok

20:21:38.0795 5820 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

20:21:38.0831 5820 PptpMiniport - ok

20:21:38.0861 5820 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

20:21:38.0892 5820 Processor - ok

20:21:38.0980 5820 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll

20:21:39.0033 5820 ProfSvc - ok

20:21:39.0075 5820 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

20:21:39.0088 5820 ProtectedStorage - ok

20:21:39.0159 5820 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

20:21:39.0222 5820 Psched - ok

20:21:39.0302 5820 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

20:21:39.0337 5820 ql2300 - ok

20:21:39.0657 5820 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

20:21:39.0672 5820 ql40xx - ok

20:21:39.0747 5820 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

20:21:39.0765 5820 QWAVE - ok

20:21:39.0776 5820 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

20:21:39.0801 5820 QWAVEdrv - ok

20:21:39.0824 5820 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

20:21:39.0853 5820 RasAcd - ok

20:21:39.0924 5820 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

20:21:39.0970 5820 RasAgileVpn - ok

20:21:40.0003 5820 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

20:21:40.0057 5820 RasAuto - ok

20:21:40.0115 5820 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

20:21:40.0169 5820 Rasl2tp - ok

20:21:40.0205 5820 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

20:21:40.0240 5820 RasMan - ok

20:21:40.0266 5820 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

20:21:40.0300 5820 RasPppoe - ok

20:21:40.0322 5820 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

20:21:40.0362 5820 RasSstp - ok

20:21:40.0467 5820 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

20:21:40.0521 5820 rdbss - ok

20:21:40.0537 5820 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

20:21:40.0565 5820 rdpbus - ok

20:21:40.0618 5820 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

20:21:40.0657 5820 RDPCDD - ok

20:21:40.0669 5820 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

20:21:40.0714 5820 RDPENCDD - ok

20:21:40.0737 5820 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

20:21:40.0758 5820 RDPREFMP - ok

20:21:40.0821 5820 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys

20:21:40.0885 5820 RDPWD - ok

20:21:40.0955 5820 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

20:21:40.0971 5820 rdyboost - ok

20:21:41.0011 5820 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

20:21:41.0072 5820 RemoteAccess - ok

20:21:41.0110 5820 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

20:21:41.0153 5820 RemoteRegistry - ok

20:21:41.0237 5820 rpcapd (a780d3eaa74582ea1deb6bd9c7a3d9c9) C:\Program Files (x86)\WinPcap\rpcapd.exe

20:21:41.0247 5820 rpcapd - ok

20:21:41.0280 5820 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

20:21:41.0334 5820 RpcEptMapper - ok

20:21:41.0337 5820 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

20:21:41.0346 5820 RpcLocator - ok

20:21:41.0643 5820 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

20:21:41.0678 5820 RpcSs - ok

20:21:41.0701 5820 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

20:21:41.0722 5820 rspndr - ok

20:21:41.0820 5820 RTCore64 (2e887e52e45bba3c47ccd0e75fc5266f) C:\Program Files (x86)\MSI Afterburner\RTCore64.sys

20:21:41.0831 5820 RTCore64 - ok

20:21:41.0927 5820 RTL8167 (f4c374b1c46de294b573bb43723ac3f6) C:\Windows\system32\DRIVERS\Rt64win7.sys

20:21:41.0945 5820 RTL8167 - ok

20:21:41.0994 5820 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

20:21:42.0003 5820 SamSs - ok

20:21:42.0055 5820 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

20:21:42.0068 5820 sbp2port - ok

20:21:42.0099 5820 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

20:21:42.0167 5820 SCardSvr - ok

20:21:42.0250 5820 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

20:21:42.0303 5820 scfilter - ok

20:21:42.0394 5820 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

20:21:42.0448 5820 Schedule - ok

20:21:42.0513 5820 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

20:21:42.0553 5820 SCPolicySvc - ok

20:21:42.0601 5820 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

20:21:42.0663 5820 SDRSVC - ok

20:21:42.0763 5820 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

20:21:42.0795 5820 secdrv - ok

20:21:42.0799 5820 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

20:21:42.0821 5820 seclogon - ok

20:21:42.0847 5820 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

20:21:42.0869 5820 SENS - ok

20:21:42.0893 5820 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

20:21:42.0920 5820 SensrSvc - ok

20:21:42.0950 5820 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

20:21:42.0999 5820 Serenum - ok

20:21:43.0049 5820 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

20:21:43.0062 5820 Serial - ok

20:21:43.0104 5820 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

20:21:43.0146 5820 sermouse - ok

20:21:43.0208 5820 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

20:21:43.0265 5820 SessionEnv - ok

20:21:43.0356 5820 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

20:21:43.0424 5820 sffdisk - ok

20:21:43.0551 5820 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

20:21:43.0567 5820 sffp_mmc - ok

20:21:43.0590 5820 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

20:21:43.0672 5820 sffp_sd - ok

20:21:43.0734 5820 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

20:21:43.0816 5820 sfloppy - ok

20:21:43.0913 5820 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

20:21:43.0978 5820 SharedAccess - ok

20:21:44.0015 5820 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

20:21:44.0040 5820 ShellHWDetection - ok

20:21:44.0085 5820 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

20:21:44.0097 5820 SiSRaid2 - ok

20:21:44.0119 5820 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

20:21:44.0132 5820 SiSRaid4 - ok

20:21:44.0373 5820 Skype C2C Service (2a99850c2a6edd6c6602e822c716edaf) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

20:21:44.0422 5820 Skype C2C Service - ok

20:21:44.0947 5820 SkypeUpdate (579ba0a911ff5ea70cb604cd3b744b0a) C:\Program Files (x86)\Skype\Updater\Updater.exe

20:21:44.0959 5820 SkypeUpdate - ok

20:21:45.0182 5820 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

20:21:45.0251 5820 Smb - ok

20:21:45.0329 5820 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

20:21:45.0364 5820 SNMPTRAP - ok

20:21:45.0497 5820 speedfan (12583af6cbe0050651eaf2723b3ad7b3) C:\Windows\syswow64\speedfan.sys

20:21:45.0509 5820 speedfan - ok

20:21:45.0514 5820 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

20:21:45.0526 5820 spldr - ok

20:21:45.0590 5820 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

20:21:45.0638 5820 Spooler - ok

20:21:45.0837 5820 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

20:21:45.0935 5820 sppsvc - ok

20:21:46.0083 5820 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

20:21:46.0137 5820 sppuinotify - ok

20:21:46.0237 5820 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

20:21:46.0326 5820 srv - ok

20:21:46.0383 5820 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

20:21:46.0399 5820 srv2 - ok

20:21:46.0431 5820 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

20:21:46.0462 5820 srvnet - ok

20:21:46.0685 5820 ssadbus (8f8324ed1de63ffc7b1a02cd2d963c72) C:\Windows\system32\DRIVERS\ssadbus.sys

20:21:46.0711 5820 ssadbus - ok

20:21:46.0771 5820 ssadmdfl (58221efcb74167b73667f0024c661ce0) C:\Windows\system32\DRIVERS\ssadmdfl.sys

20:21:46.0817 5820 ssadmdfl - ok

20:21:46.0841 5820 ssadmdm (4da7c71bfac5ad71255b7e4cab980163) C:\Windows\system32\DRIVERS\ssadmdm.sys

20:21:46.0869 5820 ssadmdm - ok

20:21:46.0909 5820 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

20:21:46.0969 5820 SSDPSRV - ok

20:21:47.0011 5820 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

20:21:47.0051 5820 SstpSvc - ok

20:21:47.0132 5820 Steam Client Service - ok

20:21:47.0157 5820 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

20:21:47.0168 5820 stexstor - ok

20:21:47.0234 5820 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

20:21:47.0257 5820 stisvc - ok

20:21:47.0304 5820 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

20:21:47.0310 5820 swenum - ok

20:21:47.0339 5820 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

20:21:47.0389 5820 swprv - ok

20:21:47.0520 5820 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

20:21:47.0606 5820 SysMain - ok

20:21:47.0741 5820 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

20:21:47.0779 5820 TabletInputService - ok

20:21:47.0807 5820 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

20:21:47.0856 5820 TapiSrv - ok

20:21:47.0874 5820 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

20:21:47.0915 5820 TBS - ok

20:21:48.0082 5820 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys

20:21:48.0130 5820 Tcpip - ok

20:21:48.0229 5820 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys

20:21:48.0253 5820 TCPIP6 - ok

20:21:48.0301 5820 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

20:21:48.0364 5820 tcpipreg - ok

20:21:48.0531 5820 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

20:21:48.0641 5820 TDPIPE - ok

20:21:48.0694 5820 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

20:21:48.0724 5820 TDTCP - ok

20:21:48.0778 5820 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

20:21:48.0818 5820 tdx - ok

20:21:48.0856 5820 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

20:21:48.0863 5820 TermDD - ok

20:21:48.0926 5820 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

20:21:48.0972 5820 TermService - ok

20:21:49.0019 5820 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

20:21:49.0040 5820 Themes - ok

20:21:49.0082 5820 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

20:21:49.0122 5820 THREADORDER - ok

20:21:49.0136 5820 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

20:21:49.0192 5820 TrkWks - ok

20:21:49.0291 5820 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

20:21:49.0334 5820 TrustedInstaller - ok

20:21:49.0375 5820 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

20:21:49.0421 5820 tssecsrv - ok

20:21:49.0503 5820 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

20:21:49.0564 5820 TsUsbFlt - ok

20:21:49.0641 5820 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

20:21:49.0700 5820 tunnel - ok

20:21:49.0751 5820 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

20:21:49.0763 5820 uagp35 - ok

20:21:49.0842 5820 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

20:21:49.0877 5820 udfs - ok

20:21:49.0896 5820 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

20:21:49.0904 5820 UI0Detect - ok

20:21:49.0976 5820 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

20:21:49.0986 5820 uliagpkx - ok

20:21:50.0007 5820 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

20:21:50.0058 5820 umbus - ok

20:21:50.0092 5820 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

20:21:50.0105 5820 UmPass - ok

20:21:50.0230 5820 UMVPFSrv (927754abf077aeb5504be4e0f2c60c1b) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

20:21:50.0251 5820 UMVPFSrv - ok

20:21:50.0491 5820 UNS (cd114ce02a10fa79c229770788106842) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

20:21:50.0537 5820 UNS - ok

20:21:50.0902 5820 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

20:21:50.0965 5820 upnphost - ok

20:21:51.0088 5820 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys

20:21:51.0125 5820 USBAAPL64 - ok

20:21:51.0186 5820 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys

20:21:51.0216 5820 usbaudio - ok

20:21:51.0271 5820 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

20:21:51.0307 5820 usbccgp - ok

20:21:51.0355 5820 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

20:21:51.0371 5820 usbcir - ok

20:21:51.0397 5820 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys

20:21:51.0409 5820 usbehci - ok

20:21:51.0461 5820 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

20:21:51.0493 5820 usbhub - ok

20:21:51.0522 5820 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

20:21:51.0534 5820 usbohci - ok

20:21:51.0660 5820 USBPNPA (813bfe2de062a28cfe42c4eb8572a7f9) C:\Windows\system32\drivers\CM10864.sys

20:21:51.0747 5820 USBPNPA - ok

20:21:51.0819 5820 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

20:21:51.0849 5820 usbprint - ok

20:21:51.0941 5820 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

20:21:51.0972 5820 usbscan - ok

20:21:51.0997 5820 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

20:21:52.0038 5820 USBSTOR - ok

20:21:52.0059 5820 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

20:21:52.0084 5820 usbuhci - ok

20:21:52.0144 5820 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

20:21:52.0205 5820 UxSms - ok

20:21:52.0258 5820 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

20:21:52.0266 5820 VaultSvc - ok

20:21:52.0304 5820 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

20:21:52.0316 5820 vdrvroot - ok

20:21:52.0389 5820 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

20:21:52.0427 5820 vds - ok

20:21:52.0458 5820 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

20:21:52.0466 5820 vga - ok

20:21:52.0572 5820 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

20:21:52.0688 5820 VgaSave - ok

20:21:52.0728 5820 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

20:21:52.0738 5820 vhdmp - ok

20:21:52.0773 5820 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

20:21:52.0784 5820 viaide - ok

20:21:52.0837 5820 VirtuWDDM (d7d9e7c0c64350259c355efe37ad9ce6) C:\Windows\system32\DRIVERS\VirtuWDDM.sys

20:21:52.0848 5820 VirtuWDDM - ok

20:21:52.0930 5820 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

20:21:52.0942 5820 volmgr - ok

20:21:52.0992 5820 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

20:21:53.0012 5820 volmgrx - ok

20:21:53.0039 5820 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

20:21:53.0051 5820 volsnap - ok

20:21:53.0102 5820 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

20:21:53.0117 5820 vsmraid - ok

20:21:53.0232 5820 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

20:21:53.0297 5820 VSS - ok

20:21:53.0422 5820 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

20:21:53.0459 5820 vwifibus - ok

20:21:53.0529 5820 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

20:21:53.0568 5820 W32Time - ok

20:21:53.0591 5820 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

20:21:53.0599 5820 WacomPen - ok

20:21:53.0667 5820 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

20:21:53.0722 5820 WANARP - ok

20:21:53.0726 5820 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

20:21:53.0752 5820 Wanarpv6 - ok

20:21:53.0877 5820 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

20:21:53.0917 5820 WatAdminSvc - ok

20:21:54.0039 5820 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

20:21:54.0112 5820 wbengine - ok

20:21:54.0271 5820 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

20:21:54.0288 5820 WbioSrvc - ok

20:21:54.0348 5820 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

20:21:54.0366 5820 wcncsvc - ok

20:21:54.0379 5820 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

20:21:54.0399 5820 WcsPlugInService - ok

20:21:54.0635 5820 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

20:21:54.0647 5820 Wd - ok

20:21:54.0700 5820 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

20:21:54.0726 5820 Wdf01000 - ok

20:21:54.0737 5820 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

20:21:54.0808 5820 WdiServiceHost - ok

20:21:54.0811 5820 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

20:21:54.0824 5820 WdiSystemHost - ok

20:21:54.0847 5820 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

20:21:54.0883 5820 WebClient - ok

20:21:54.0899 5820 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

20:21:54.0934 5820 Wecsvc - ok

20:21:54.0960 5820 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

20:21:55.0000 5820 wercplsupport - ok

20:21:55.0032 5820 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

20:21:55.0055 5820 WerSvc - ok

20:21:55.0105 5820 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

20:21:55.0177 5820 WfpLwf - ok

20:21:55.0204 5820 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

20:21:55.0210 5820 WIMMount - ok

20:21:55.0294 5820 WinDefend - ok

20:21:55.0301 5820 WinHttpAutoProxySvc - ok

20:21:55.0385 5820 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

20:21:55.0433 5820 Winmgmt - ok

20:21:55.0566 5820 WinRing0_1_2_0 - ok

20:21:55.0706 5820 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

20:21:55.0755 5820 WinRM - ok

20:21:55.0954 5820 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

20:21:55.0972 5820 WinUsb - ok

20:21:56.0046 5820 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

20:21:56.0082 5820 Wlansvc - ok

20:21:56.0108 5820 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

20:21:56.0131 5820 WmiAcpi - ok

20:21:56.0237 5820 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

20:21:56.0265 5820 wmiApSrv - ok

20:21:56.0404 5820 WMPNetworkSvc - ok

20:21:56.0464 5820 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

20:21:56.0554 5820 WPCSvc - ok

20:21:56.0592 5820 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

20:21:56.0625 5820 WPDBusEnum - ok

20:21:56.0666 5820 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

20:21:56.0711 5820 ws2ifsl - ok

20:21:56.0737 5820 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll

20:21:56.0747 5820 wscsvc - ok

20:21:56.0749 5820 WSearch - ok

20:21:56.0900 5820 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll

20:21:56.0957 5820 wuauserv - ok

20:21:57.0113 5820 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

20:21:57.0176 5820 WudfPf - ok

20:21:57.0200 5820 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

20:21:57.0252 5820 WUDFRd - ok

20:21:57.0303 5820 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

20:21:57.0339 5820 wudfsvc - ok

20:21:57.0383 5820 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

20:21:57.0408 5820 WwanSvc - ok

20:21:57.0821 5820 X6va007 - ok

20:21:57.0840 5820 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

20:21:58.0086 5820 \Device\Harddisk0\DR0 - ok

20:21:58.0089 5820 Boot (0x1200) (2b718ae75b082c45572c08ad1fb87d8f) \Device\Harddisk0\DR0\Partition0

20:21:58.0091 5820 \Device\Harddisk0\DR0\Partition0 - ok

20:21:58.0116 5820 Boot (0x1200) (05f12a420e88e83b58c35975ccba5042) \Device\Harddisk0\DR0\Partition1

20:21:58.0118 5820 \Device\Harddisk0\DR0\Partition1 - ok

20:21:58.0119 5820 ============================================================

20:21:58.0119 5820 Scan finished

20:21:58.0119 5820 ============================================================

20:21:58.0130 5988 Detected object count: 1

20:21:58.0130 5988 Actual detected object count: 1

20:22:01.0547 5988 HiPatchService ( UnsignedFile.Multi.Generic ) - skipped by user

20:22:01.0547 5988 HiPatchService ( UnsignedFile.Multi.Generic ) - User select action: Skip

There's the tdsskiller

Link to post
Share on other sites

RogueKiller V7.6.4 [07/17/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: Tyler [Admin rights]

Mode: Scan -- Date: 07/19/2012 20:24:58

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 2 ¤¤¤

[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD103SI ATA Device +++++

--- User ---

[MBR] cbe1c9cf6292eddac5960895dc25e5de

[bSP] db1870e86906d96a8400b76ed9ec18ca : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

There's rouge killer

Link to post
Share on other sites

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-07-19 20:17:22

-----------------------------

20:17:22.682 OS Version: Windows x64 6.1.7601 Service Pack 1

20:17:22.682 Number of processors: 4 586 0x2A07

20:17:22.683 ComputerName: TYLER-PC UserName: Tyler

20:17:25.294 Initialize success

20:17:51.219 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3

20:17:51.222 Disk 0 Vendor: SAMSUNG_HD103SI 1AG01118 Size: 953869MB BusType: 3

20:17:51.232 Disk 0 MBR read successfully

20:17:51.234 Disk 0 MBR scan

20:17:51.237 Disk 0 Windows 7 default MBR code

20:17:51.250 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048

20:17:51.264 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848

20:17:51.269 Disk 0 scanning C:\Windows\system32\drivers

20:18:01.239 Service scanning

20:18:20.235 Modules scanning

20:18:20.243 Scan finished successfully

20:18:30.012 Disk 0 MBR has been saved successfully to "C:\Users\Tyler\Desktop\MBR.dat"

20:18:30.012 The log file has been saved successfully to "C:\Users\Tyler\Desktop\aswMBR.txt"

There's aswMBR

Link to post
Share on other sites

You will want to print out or copy these instructions to Notepad for offline reference!

These steps are for member cheelayyy only. If you are a casual viewer, do NOT try this on your system!

If you are not cheelayyy and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

On most all of the following programs and tools, you will need to do a right-click on the program link or shortcut or desktop icon (as appropriate) and then select "Run as Administrator". Please remember that as you go along and use these tools, each in turn.

Step 1

  • Disable your anti-virus program, How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • Right-Click RogueKiller and select Run as Administrator.
  • Wait until Prescan finishes.
  • On the RogueKiller console, click the Registry tab.
  • Then press the Delete button.
  • When done, logoff & Restart the system. :excl:
  • The log will be found as RKreport
    Copy & Paste the contents into next reply.

Step 2

If you have a prior copy of Combofix, delete it now

Download Combofix from any of the links below, and SAVE it to your Desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your Desktop and not run straight away from download **

Turn OFF your antivirus, otherwise it will interfere. How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages

It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.

You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.

Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power) or a UPS system

Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

Right- click on Combo-Fix.exe on your Desktop cf-icon.jpg and select "Run as Administrator".

  • A window may open with a warning or prompts. Accept the EULA and follow the prompts during the start phase of Combofix.
    When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

A file will be created at => C:\Combofix.txt.

Notes:

[1] IF after Combofix reboot you get the message

Illegal operation attempted on registry key that has been marked for deletion
....please reboot the computer, this should resolve the problem. You may have reboot the pc a second time if needed.

[2] Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

Reply with a copy of the C:\Combofix.txt log and tell me, How is your system now ?

Re-enable your antivirus program.

Link to post
Share on other sites

RogueKiller V7.6.4 [07/17/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: Tyler [Admin rights]

Mode: Remove -- Date: 07/20/2012 14:53:20

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 2 ¤¤¤

[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD103SI ATA Device +++++

--- User ---

[MBR] cbe1c9cf6292eddac5960895dc25e5de

[bSP] db1870e86906d96a8400b76ed9ec18ca : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[2].txt >>

RKreport[1].txt ; RKreport[2].txt

Link to post
Share on other sites

ComboFix 12-07-20.02 - Tyler 07/20/2012 15:06:25.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4009.2506 [GMT -4:00]

Running from: c:\users\Tyler\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\CFLog

C:\install.exe

c:\program files (x86)\IMinent Toolbar\tbHElper.dll

c:\program files (x86)\lol

c:\program files (x86)\lol\LeagueOfLegends\0x0409.ini

c:\program files (x86)\lol\LeagueOfLegends\data1.cab

c:\program files (x86)\lol\LeagueOfLegends\data1.hdr

c:\program files (x86)\lol\LeagueOfLegends\data2.cab

c:\program files (x86)\lol\LeagueOfLegends\ISSetup.dll

c:\program files (x86)\lol\LeagueOfLegends\layout.bin

c:\program files (x86)\lol\LeagueOfLegends\setup.exe

c:\program files (x86)\lol\LeagueOfLegends\setup.ini

c:\program files (x86)\lol\LeagueOfLegends\setup.inx

c:\program files (x86)\lol\LeagueOfLegends\setup.isn

c:\programdata\ntuser.dat

c:\windows\WinRAR

c:\windows\WinRAR\uninstall.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-06-20 to 2012-07-20 )))))))))))))))))))))))))))))))

.

.

2012-07-20 00:11 . 2012-07-20 00:11 -------- d-----w- c:\program files (x86)\ERUNT

2012-07-19 02:34 . 2012-07-19 02:34 -------- d-----w- c:\programdata\Malwarebytes

2012-07-19 02:34 . 2012-07-19 02:34 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-07-19 02:34 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-19 02:01 . 2012-07-19 02:01 -------- d-----w- c:\users\Tyler\AppData\Roaming\AVG2012

2012-07-19 02:00 . 2012-07-19 02:00 -------- d-----w- c:\windows\SysWow64\drivers\AVG

2012-07-19 01:59 . 2012-07-20 19:01 -------- d-----w- c:\windows\system32\drivers\AVG

2012-07-19 01:59 . 2012-07-19 02:02 -------- d-----w- c:\programdata\AVG2012

2012-07-19 01:59 . 2012-07-19 01:59 -------- d-----w- C:\$AVG

2012-07-19 01:32 . 2012-07-19 01:32 -------- d-----w- C:\kleaner.tmp

2012-07-18 22:23 . 2012-07-18 22:23 -------- d-----w- C:\TDSSKiller_Quarantine

2012-07-18 17:13 . 2012-07-18 17:13 -------- d-----w- c:\users\Tyler\AppData\Roaming\Panda Security

2012-07-18 17:10 . 2012-07-19 02:27 -------- d-----w- c:\program files (x86)\Panda Security

2012-07-18 17:10 . 2012-07-18 17:10 -------- d-----w- c:\programdata\Panda Security

2012-07-18 17:10 . 2012-07-18 17:10 -------- d-----w- C:\temp

2012-07-14 01:15 . 2012-07-14 01:15 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-07-14 01:14 . 2012-07-14 01:14 -------- d-----w- c:\program files (x86)\Oracle

2012-07-14 01:14 . 2012-07-06 02:06 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-07-14 01:13 . 2012-07-14 01:13 -------- d-----w- c:\programdata\McAfee

2012-07-13 20:16 . 2012-07-13 20:16 -------- d-----w- c:\program files (x86)\SystemRequirementsLab

2012-07-13 20:16 . 2012-07-13 20:16 -------- d-----w- c:\users\Tyler\AppData\Roaming\SystemRequirementsLab

2012-07-12 05:29 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-07-11 16:05 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll

2012-07-06 15:24 . 2012-07-06 15:24 -------- d-----w- c:\program files (x86)\StarCraft 2

2012-06-24 17:39 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-24 17:39 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-24 17:39 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-24 17:39 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-24 17:38 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-24 17:38 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-24 17:38 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-24 17:38 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-24 17:38 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-11 21:00 . 2012-04-04 11:23 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-07-11 21:00 . 2011-12-09 04:43 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-09 18:24 . 2011-12-26 01:30 282472 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2012-07-09 18:24 . 2011-12-12 23:51 282472 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2012-07-09 18:20 . 2011-12-12 23:47 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2012-07-06 02:06 . 2011-12-11 07:26 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-07-03 07:19 . 2011-12-16 21:52 59701280 ----a-w- c:\windows\system32\MRT.exe

2012-05-04 11:06 . 2012-06-13 11:15 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-04 10:03 . 2012-06-13 11:15 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:03 . 2012-06-13 11:15 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-05-03 02:54 . 2012-05-03 02:54 42392 ----a-w- c:\windows\SysWow64\xfcodec.dll

2012-05-03 02:54 . 2012-05-03 02:54 28056 ----a-w- c:\windows\system32\xfcodec64.dll

2012-05-01 05:40 . 2012-06-13 11:15 209920 ----a-w- c:\windows\system32\profsvc.dll

2012-04-28 03:55 . 2012-06-13 11:15 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-04-26 05:41 . 2012-06-13 11:16 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-04-26 05:41 . 2012-06-13 11:16 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-04-26 05:34 . 2012-06-13 11:16 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-04-24 05:37 . 2012-06-13 11:15 184320 ----a-w- c:\windows\system32\cryptsvc.dll

2012-04-24 05:37 . 2012-06-13 11:15 140288 ----a-w- c:\windows\system32\cryptnet.dll

2012-04-24 05:37 . 2012-06-13 11:15 1462272 ----a-w- c:\windows\system32\crypt32.dll

2012-04-24 04:36 . 2012-06-13 11:15 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2012-04-24 04:36 . 2012-06-13 11:15 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll

2012-04-24 04:36 . 2012-06-13 11:15 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{58124A0B-DC32-4180-9BFF-E0E21AE34026}]

2010-07-02 13:54 2607872 ----a-w- c:\program files (x86)\IMinent Toolbar\tbcore3.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{977AE9CC-AF83-45E8-9E03-E2798216E2D5}"= "c:\program files (x86)\IMinent Toolbar\tbcore3.dll" [2010-07-02 2607872]

.

[HKEY_CLASSES_ROOT\clsid\{977ae9cc-af83-45e8-9e03-e2798216e2d5}]

[HKEY_CLASSES_ROOT\TBSB01620.TBSB01620.3]

[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]

[HKEY_CLASSES_ROOT\TBSB01620.TBSB01620]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-12-09 1242448]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"THX TruStudio NB Settings"="c:\program files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" [2011-05-19 909824]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]

.

c:\users\Tyler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

Xfire.lnk - c:\program files (x86)\Xfire\Xfire.exe [2012-5-2 3553176]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\LUCIDL~1\VIRTU\x86\appinit_dll.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-11 250056]

R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-13 36328]

R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2011-08-19 351136]

R3 LVUVC64;Logitech Webcam C210(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2011-08-19 4869024]

R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]

R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]

R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]

R3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM10864.sys [2009-12-22 1308160]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-10 1255736]

R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Tyler\AppData\Local\Temp\Rar$EX00.129\WinRing0x64.sys [x]

R3 X6va007;X6va007;c:\users\Tyler\AppData\Local\Temp\007DF4D.tmp [x]

R4 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]

S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys [2010-06-11 15368]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]

S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-12-27 279616]

S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2011-12-09 15936]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-07-04 5160568]

S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]

S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2011-09-21 21992]

S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 47632]

S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-06-19 3048136]

S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-08-19 450848]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-22 2656280]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]

S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-03-04 126952]

S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-03-04 390632]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]

S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]

S3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2010-05-27 14648]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-04-21 471144]

S3 VirtuWDDM;VirtuWDDM;c:\windows\system32\DRIVERS\VirtuWDDM.sys [2011-07-07 66336]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-20 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 21:00]

.

2012-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3006248652-2038477121-3059096298-1000Core.job

- c:\users\Tyler\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-05 03:49]

.

2012-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3006248652-2038477121-3059096298-1000UA.job

- c:\users\Tyler\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-05 03:49]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-20 168216]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-20 392472]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-20 416024]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-09 11860072]

"THXCfg64"="c:\windows\system32\THXCfg64.dll" [2011-05-13 26624]

"Cm108Sound"="c:\windows\Syswow64\cm108.dll" [2009-12-22 8146944]

"XFast LAN"="c:\program files\ASRock\XFast LAN\cFosSpeed.exe" [2011-07-04 1441152]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

"AppInit_DLLs"=c:\progra~1\LUCIDL~1\VIRTU\appinit_dll.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://search.iminent.com/?appId=1B05174C-3825-460D-B730-408179166C10

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 71.250.0.12 71.242.0.12

FF - ProfilePath - c:\users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\qy8ld1lc.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://search.iminent.com/?appId=1b05174c-3825-460d-b730-408179166c10&ref=homepage

FF - prefs.js: browser.search.selectedEngine - Panda Safe Search

FF - user.js: extentions.y2layers.installId - 02f95787-ece5-4c89-8da0-6894031839c8

FF - user.js: extentions.y2layers.defaultEnableAppsList - bestvideodownloader,ezLooker,pagerage,buzzdock,toprelatedtopics,twittube

FF - user.js: extensions.autoDisableScopes - 14

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)

URLSearchHooks-{84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)

BHO-{84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)

Wow6432Node-HKCU-Run-ASRockXTU - (no file)

Wow6432Node-HKCU-Run-zASRockInstantBoot - (no file)

WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)

WebBrowser-{977AE9CC-AF83-45E8-9E03-E2798216E2D5} - (no file)

AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe

AddRemove-uTorrent - c:\program files (x86)\uTorrent\uTorrent.exe

AddRemove-WinRAR - c:\windows\WinRAR\uninstall.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va007]

"ImagePath"="\??\c:\users\Tyler\AppData\Local\Temp\007DF4D.tmp"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\MSI Afterburner\MSIAfterburner.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Completion time: 2012-07-20 15:23:38 - machine was rebooted

ComboFix-quarantined-files.txt 2012-07-20 19:23

.

Pre-Run: 458,782,654,464 bytes free

Post-Run: 458,660,114,432 bytes free

.

- - End Of File - - 47DA1BD291423975B1296DB69BCFEC9D

Link to post
Share on other sites

Save and close any work documents, close any apps that you started.

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a Quick Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Copy and paste the MBAM scan log for review.

Link to post
Share on other sites

Given MBAM detected nothing that's also very good. But I had intended for you to copy / paste the last MBAM scan log.

Online scan at ESET

Close any open work documents and programs. This online scan may well take a couple of hours or so, but is well worth doing.

Do not run any programs once you start.

You will want to print out or copy these instructions to Notepad for offline reference!

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Close all open browsers at this point.

Start Internet Explorer (fresh) by pressing Start >> Internet Explorer >> Right-Click and select Run As Administrator.

Using Internet Explorer browser only, go to ESET Online Scanner website:

http://www.eset.com/onlinescan/

  • Accept the Terms of Use and press Start button;
  • Approve the install of the required ActiveX Control, then follow on-screen instructions;
  • Enable (check) the Remove found threats option, and run the scan.
  • After the scan completes, the Details tab in the Results window will display what was found and removed.
    • A logfile is created and located at C:\Program Files (x86)\Eset\EsetOnlineScanner\log.txt.

    Look at contents of this file using Notepad.

    The Frequently Asked Questions for ESET Online Scanner can be viewed here

    http://go.eset.com/us/online-scanner/faq

    • It is emphasized to temporarily disable any pc-resident {active} antivirus program prior to any on-line scan by any on-line scanner.
      (And the prompt re-enabling when finished.)
    • If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.
    • Do not use the system while the scan is running. Once the full scan is underway, go take a long break popcorn.gifpepsi.gif

Re-enable the antivirus program.

Reply with copy of the Eset scan log

Step 2

Download >> Farbar's Service Scanner utility << and Save to your Desktop.

If using Windows 7 or Vista, Right-Click on fss.exe and select Run As Admisnitrator.

If using XP, double-click to start.

Answer Yes to ok when prompted.

If your firewall then puts out a prompt, again, allow it to run.

Once FSS is on-screen, be sure the following items are checkmarked:

  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender

Click on "Scan".

It will create a log (FSS.txt) in the same directory the tool is run.

Copy & Paste contents of FSS.txt into your reply.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.