services.exe Trojan horse Patched_c.LXT

gr8nw · August 15, 2012

I ran a scan with AVG and it found that file, I then ran Malwarebytes and it found nothing. Here are my DDS and Attach reports....

DDS:

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1

Run by jk at 22:25:25 on 2012-08-14

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6051.3363 [GMT -7:00]

.

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\PROGRA~2\AVG\AVG2012\avgrsa.exe

C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe

C:\Program Files (x86)\AVG\AVG2012\avgemca.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe

C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe

C:\Program Files (x86)\PDF Complete\pdfsvc.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

C:\Program Files (x86)\Internet Download Manager\IDMan.exe

C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\AVG\AVG2012\avgtray.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll

BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO: TrueSuite Website Log On: {8590886e-ec8c-43c1-a32c-e4c2b0b6395b} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

uRun: [iDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot

mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm

IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

TCP: Interfaces\{30DAA431-0433-4787-8D69-5363B8238F30} : DhcpNameServer = 192.168.1.1

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll

BHO-X64: IDM Helper - No File

BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll

BHO-X64: AVG Do Not Track - No File

BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO-X64: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll

BHO-X64: TSBHO Class - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\jk\AppData\Roaming\Mozilla\Firefox\Profiles\dm4gl0fx.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\jk\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: C:\Users\jk\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\jk\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

---- FIREFOX POLICIES ----

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111787

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.id - 1091fab2000000000000d0df9a7f5762

FF - user.js: extensions.BabylonToolbar_i.hardId - 1091fab2000000000000d0df9a7f5762

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15533

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1715:46:54

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - base

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]

R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]

R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-7-4 5160568]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 193288]

R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-6-9 264008]

R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-9 85560]

R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]

R2 IDMWFP;IDMWFP;C:\Windows\system32\DRIVERS\idmwfp.sys --> C:\Windows\system32\DRIVERS\idmwfp.sys [?]

R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-24 212944]

R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]

R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-8-12 1128952]

R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]

R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-17 450848]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-8-12 2656280]

R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]

R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]

R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]

R3 LVUVC64;Logitech HD Webcam C310(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\drivers\HECIx64.sys --> C:\Windows\system32\drivers\HECIx64.sys [?]

R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-1-31 158856]

S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560]

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows\system32\drivers\Impcd.sys [?]

S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 129976]

S3 pmxdrv;pmxdrv;\??\C:\Windows\system32\drivers\pmxdrv.sys --> C:\Windows\system32\drivers\pmxdrv.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-12 655944]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-08-14 19:20:38 503808 ----a-w- C:\Windows\System32\srcore.dll

2012-08-14 19:20:38 43008 ----a-w- C:\Windows\SysWow64\srclient.dll

2012-08-14 19:20:37 956928 ----a-w- C:\Windows\System32\localspl.dll

2012-08-14 19:20:37 751104 ----a-w- C:\Windows\System32\win32spl.dll

2012-08-14 19:20:37 67072 ----a-w- C:\Windows\splwow64.exe

2012-08-14 19:20:37 59392 ----a-w- C:\Windows\System32\browcli.dll

2012-08-14 19:20:37 559104 ----a-w- C:\Windows\System32\spoolsv.exe

2012-08-14 19:20:37 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll

2012-08-14 19:20:37 41984 ----a-w- C:\Windows\SysWow64\browcli.dll

2012-08-14 19:20:37 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-08-14 19:20:37 136704 ----a-w- C:\Windows\System32\browser.dll

2012-08-11 05:03:06 -------- d-----w- C:\Users\jk\AppData\Local\HP

2012-07-29 20:24:39 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-21 19:52:37 -------- d-sh--w- C:\$RECYCLE.BIN

2012-07-21 03:37:51 -------- d-----w- C:\FRST

2012-07-20 22:20:08 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%

2012-07-20 22:12:10 -------- d-----w- C:\Users\jk\AppData\Roaming\RedDotGames

2012-07-20 22:10:59 5554512 ----a-w- C:\Windows\System32\d3dcsx_42.dll

2012-07-20 21:56:10 -------- d-----w- C:\Program Files (x86)\DVD Decrypter

2012-07-20 19:32:12 -------- d-----w- C:\Users\jk\AppData\Roaming\mIRC

2012-07-20 19:32:11 -------- d-----w- C:\Program Files (x86)\mIRC

.

==================== Find3M ====================

.

2012-07-03 20:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll

2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll

2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll

2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll

2012-06-02 22:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-02 22:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys

2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll

2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

.

============= FINISH: 22:25:43.05 ===============

Attatch:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 11/19/2011 7:25:53 PM

System Uptime: 8/14/2012 1:45:57 PM (9 hours ago)

.

Motherboard: PEGATRON CORPORATION | | 2AC2

Processor: Intel® Core i3-2120 CPU @ 3.30GHz | CPU 1 | 3300/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 920 GiB total, 752.695 GiB free.

D: is FIXED (NTFS) - 12 GiB total, 1.43 GiB free.

E: is CDROM ()

F: is Removable

G: is Removable

H: is Removable

I: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP65: 7/29/2012 4:35:46 PM - Scheduled Checkpoint

RP66: 8/7/2012 3:47:27 PM - Scheduled Checkpoint

RP67: 8/10/2012 10:00:31 PM - HPSF Restore Point

RP68: 8/14/2012 1:36:30 PM - Windows Update

.

==== Installed Programs ======================

.

802.11n Wireless LAN Card

Adobe AIR

Adobe Flash Player 10 Plugin

Agatha Christie - Peril at End House

Apple Application Support

Apple Software Update

Bejeweled 3

Bing Bar

Blackhawk Striker 2

Blasterball 3

Blio

Bounce Symphony

Cake Mania

CameraHelperMsi

Chronicles of Albian

Chuzzle Deluxe

Cradle of Rome 2

D3DX10

DVD Decrypter (Remove Only)

erLT

Farm Frenzy

FATE

Google Talk Plugin

Governor of Poker 2 Premium Edition

Hewlett-Packard ACLM.NET v1.1.1.0

HP Customer Experience Enhancements

HP Games

HP LinkUp

HP MovieStore

HP Odometer

HP Setup

HP Setup Manager

HP SimplePass PE 2011

HP Support Assistant

HP Support Information

HP Update

Intel® Control Center

Intel® Identity Protection Technology 1.1.2.0

Intel® Management Engine Components

Intel® Processor Graphics

Internet Download Manager

Java Auto Updater

Java 6 Update 30

Java 7 Update 5

JavaFX 2.1.1

Jewel Quest: The Sleepless Star - Collector's Edition

Junk Mail filter update

Kobo

LabelPrint

Logitech Vid HD

Logitech Webcam Software

LWS Facebook

LWS Gallery

LWS Help_main

LWS Launcher

LWS Motion Detection

LWS Pictures And Video

LWS Twitter

LWS Video Mask Maker

LWS Webcam Software

LWS WLM Plugin

LWS YouTube Plugin

Mah Jong Medley

Malwarebytes Anti-Malware version 1.62.0.1300

Mesh Runtime

Microsoft Mathematics

Microsoft Office 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Microsoft WSE 3.0 Runtime

Mozilla Firefox 12.0 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Mystery of Mortlake Mansion

Namco All-Stars: PAC-MAN

Norton Online Backup

Out of the Park Baseball 13

PDF Complete Special Edition

Penguins!

Plants vs. Zombies - Game of the Year

PlayReady PC Runtime x86

Poker Superstars III

Polar Bowler

Polar Golfer

Police Force

Power2Go

PressReader

Realtek High Definition Audio Driver

Reason 5.0

Recovery Manager

Remote Graphics Receiver

Remote Mouse version 1.50

RoxioNow Player

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Skype™ 5.8

Slingo Supreme

SoulSeek 157 NS 13e

StreamTorrent 1.0

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update Installer for WildTangent Games App

Vacation Quest - The Hawaiian Islands

VIP Access SDK (1.0.1.4)

Virtual Villagers 5 - New Believers

Visual Studio 2008 x64 Redistributables

VLC media player 2.0.1

WildTangent Games App (HP Games)

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Yahoo! Messenger

Zinio Reader 4

Zuma Deluxe

.

==== End Of File ===========================

MrCharlie · August 15, 2012

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

gr8nw · August 15, 2012

RogueKiller V7.6.6 [08/10/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: jk [Admin rights]

Mode: Scan -- Date: 08/15/2012 12:29:07

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 2 ¤¤¤

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HDS721010CLA632 +++++

--- User ---

[MBR] 860cebdaaf929a4844e260dbfd069371

[bSP] 858edd0464ef9939185e335b0feaac5c : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 941808 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1929029632 | Size: 11959 Mo

User = LL1 ... OK!

User != LL2 ... KO!

--- LL2 ---

[MBR] d9d8eb2f7730918cb4b1ab035ba5b81e

[bSP] eb7d0a945c1dc80a73fbc5b2bdf7eaea : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 226125824 | Size: 300 Mo

Finished : << RKreport[1].txt >>

RKreport[1].txt

MrCharlie · August 15, 2012

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

------------------------

Click the Start Scan button.

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

gr8nw · August 15, 2012

13:13:58.0052 3472 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05

13:13:58.0536 3472 ============================================================

13:13:58.0536 3472 Current date / time: 2012/08/15 13:13:58.0536

13:13:58.0536 3472 SystemInfo:

13:13:58.0536 3472

13:13:58.0536 3472 OS Version: 6.1.7601 ServicePack: 1.0

13:13:58.0536 3472 Product type: Workstation

13:13:58.0536 3472 ComputerName: JK-HP

13:13:58.0536 3472 UserName: jk

13:13:58.0536 3472 Windows directory: C:\Windows

13:13:58.0536 3472 System windows directory: C:\Windows

13:13:58.0536 3472 Running under WOW64

13:13:58.0536 3472 Processor architecture: Intel x64

13:13:58.0536 3472 Number of processors: 4

13:13:58.0536 3472 Page size: 0x1000

13:13:58.0536 3472 Boot type: Normal boot

13:13:58.0536 3472 ============================================================

13:13:58.0957 3472 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

13:13:58.0973 3472 ============================================================

13:13:58.0973 3472 \Device\Harddisk0\DR0:

13:13:58.0988 3472 MBR partitions:

13:13:58.0988 3472 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

13:13:58.0988 3472 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x72F78000

13:13:58.0988 3472 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x72FAA800, BlocksNum 0x175B800

13:13:58.0988 3472 ============================================================

13:13:59.0051 3472 C: <-> \Device\Harddisk0\DR0\Partition2

13:13:59.0098 3472 D: <-> \Device\Harddisk0\DR0\Partition3

13:13:59.0098 3472 ============================================================

13:13:59.0098 3472 Initialize success

13:13:59.0098 3472 ============================================================

13:14:37.0240 2456 ============================================================

13:14:37.0240 2456 Scan started

13:14:37.0240 2456 Mode: Manual; SigCheck; TDLFS;

13:14:37.0240 2456 ============================================================

13:14:37.0739 2456 ================ Scan services =============================

13:14:37.0895 2456 [ a87d604aea360176311474c87a63bb88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

13:14:38.0004 2456 1394ohci - ok

13:14:38.0020 2456 [ d81d9e70b8a6dd14d42d7b4efa65d5f2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

13:14:38.0035 2456 ACPI - ok

13:14:38.0066 2456 [ 99f8e788246d495ce3794d7e7821d2ca ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

13:14:38.0160 2456 AcpiPmi - ok

13:14:38.0191 2456 [ 2f6b34b83843f0c5118b63ac634f5bf4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys

13:14:38.0207 2456 adp94xx - ok

13:14:38.0222 2456 [ 597f78224ee9224ea1a13d6350ced962 ] adpahci C:\Windows\system32\drivers\adpahci.sys

13:14:38.0238 2456 adpahci - ok

13:14:38.0269 2456 [ e109549c90f62fb570b9540c4b148e54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys

13:14:38.0285 2456 adpu320 - ok

13:14:38.0300 2456 [ 4b78b431f225fd8624c5655cb1de7b61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

13:14:38.0410 2456 AeLookupSvc - ok

13:14:38.0441 2456 [ 1c7857b62de5994a75b054a9fd4c3825 ] AFD C:\Windows\system32\drivers\afd.sys

13:14:38.0472 2456 AFD - ok

13:14:38.0488 2456 [ 608c14dba7299d8cb6ed035a68a15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

13:14:38.0503 2456 agp440 - ok

13:14:38.0534 2456 [ 3290d6946b5e30e70414990574883ddb ] ALG C:\Windows\System32\alg.exe

13:14:38.0550 2456 ALG - ok

13:14:38.0581 2456 [ 5812713a477a3ad7363c7438ca2ee038 ] aliide C:\Windows\system32\drivers\aliide.sys

13:14:38.0597 2456 aliide - ok

13:14:38.0597 2456 [ 1ff8b4431c353ce385c875f194924c0c ] amdide C:\Windows\system32\drivers\amdide.sys

13:14:38.0612 2456 amdide - ok

13:14:38.0628 2456 [ 7024f087cff1833a806193ef9d22cda9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys

13:14:38.0644 2456 AmdK8 - ok

13:14:38.0644 2456 [ 1e56388b3fe0d031c44144eb8c4d6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys

13:14:38.0675 2456 AmdPPM - ok

13:14:38.0690 2456 [ d4121ae6d0c0e7e13aa221aa57ef2d49 ] amdsata C:\Windows\system32\drivers\amdsata.sys

13:14:38.0706 2456 amdsata - ok

13:14:38.0737 2456 [ f67f933e79241ed32ff46a4f29b5120b ] amdsbs C:\Windows\system32\drivers\amdsbs.sys

13:14:38.0737 2456 amdsbs - ok

13:14:38.0768 2456 [ 540daf1cea6094886d72126fd7c33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys

13:14:38.0768 2456 amdxata - ok

13:14:38.0800 2456 [ 89a69c3f2f319b43379399547526d952 ] AppID C:\Windows\system32\drivers\appid.sys

13:14:38.0862 2456 AppID - ok

13:14:38.0878 2456 [ 0bc381a15355a3982216f7172f545de1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

13:14:38.0924 2456 AppIDSvc - ok

13:14:38.0924 2456 [ 3977d4a871ca0d4f2ed1e7db46829731 ] Appinfo C:\Windows\System32\appinfo.dll

13:14:38.0971 2456 Appinfo - ok

13:14:39.0112 2456 [ 3debbecf665dcdde3a95d9b902010817 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

13:14:39.0112 2456 Apple Mobile Device - ok

13:14:39.0268 2456 [ c484f8ceb1717c540242531db7845c4e ] arc C:\Windows\system32\drivers\arc.sys

13:14:39.0283 2456 arc - ok

13:14:39.0299 2456 [ 019af6924aefe7839f61c830227fe79c ] arcsas C:\Windows\system32\drivers\arcsas.sys

13:14:39.0314 2456 arcsas - ok

13:14:39.0408 2456 [ 9217d874131ae6ff8f642f124f00a555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

13:14:39.0408 2456 aspnet_state - ok

13:14:39.0424 2456 [ 769765ce2cc62867468cea93969b2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

13:14:39.0470 2456 AsyncMac - ok

13:14:39.0486 2456 [ 02062c0b390b7729edc9e69c680a6f3c ] atapi C:\Windows\system32\drivers\atapi.sys

13:14:39.0486 2456 atapi - ok

13:14:39.0533 2456 [ f23fef6d569fce88671949894a8becf1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

13:14:39.0580 2456 AudioEndpointBuilder - ok

13:14:39.0595 2456 [ f23fef6d569fce88671949894a8becf1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

13:14:39.0642 2456 AudioSrv - ok

13:14:39.0782 2456 [ d67719bcfde5798f5c30d14efed3bcaf ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe

13:14:39.0878 2456 AVGIDSAgent - ok

13:14:39.0909 2456 [ 1b2e9fcdc26dc7c81d4131430e2dc936 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys

13:14:39.0909 2456 AVGIDSDriver - ok

13:14:39.0925 2456 [ 0f293406f64b48d5d2f0d3a1117f3a83 ] AVGIDSFilter C:\Windows\system32\DRIVERS\avgidsfiltera.sys

13:14:39.0940 2456 AVGIDSFilter - ok

13:14:39.0972 2456 [ cffc3a4a638f462e0561cb368b9a7a3a ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys

13:14:39.0972 2456 AVGIDSHA - ok

13:14:39.0987 2456 [ 59955b4c288dd2a8b9fd2cd5158355c5 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys

13:14:40.0003 2456 Avgldx64 - ok

13:14:40.0018 2456 [ a6aec362aae5e2dda7445e7690cb0f33 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys

13:14:40.0034 2456 Avgmfx64 - ok

13:14:40.0065 2456 [ 645c7f0a0e39758a0024a9b1748273c0 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys

13:14:40.0081 2456 Avgrkx64 - ok

13:14:40.0096 2456 [ 1bee674ad792b1c63bb0dac5fa724b23 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys

13:14:40.0112 2456 Avgtdia - ok

13:14:40.0128 2456 [ ea1145debcd508fd25bd1e95c4346929 ] avgwd C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

13:14:40.0143 2456 avgwd - ok

13:14:40.0174 2456 [ a6bf31a71b409dfa8cac83159e1e2aff ] AxInstSV C:\Windows\System32\AxInstSV.dll

13:14:40.0237 2456 AxInstSV - ok

13:14:40.0252 2456 [ 3e5b191307609f7514148c6832bb0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys

13:14:40.0284 2456 b06bdrv - ok

13:14:40.0315 2456 [ b5ace6968304a3900eeb1ebfd9622df2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

13:14:40.0330 2456 b57nd60a - ok

13:14:40.0393 2456 [ 93ee7d9c35ae7e9ffda148d7805f1421 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE

13:14:40.0408 2456 BBSvc - ok

13:14:40.0424 2456 [ fde360167101b4e45a96f939f388aeb0 ] BDESVC C:\Windows\System32\bdesvc.dll

13:14:40.0455 2456 BDESVC - ok

13:14:40.0455 2456 [ 16a47ce2decc9b099349a5f840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

13:14:40.0502 2456 Beep - ok

13:14:40.0533 2456 [ 82974d6a2fd19445cc5171fc378668a4 ] BFE C:\Windows\System32\bfe.dll

13:14:40.0564 2456 BFE - ok

13:14:40.0596 2456 [ 1ea7969e3271cbc59e1730697dc74682 ] BITS C:\Windows\system32\qmgr.dll

13:14:40.0642 2456 BITS - ok

13:14:40.0674 2456 [ 61583ee3c3a17003c4acd0475646b4d3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys

13:14:40.0674 2456 blbdrive - ok

13:14:40.0736 2456 [ ebbcd5dfbb1de70e8f4af8fa59e401fd ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

13:14:40.0752 2456 Bonjour Service - ok

13:14:40.0783 2456 [ 6c02a83164f5cc0a262f4199f0871cf5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

13:14:40.0814 2456 bowser - ok

13:14:40.0845 2456 [ f09eee9edc320b5e1501f749fde686c8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys

13:14:40.0876 2456 BrFiltLo - ok

13:14:40.0892 2456 [ b114d3098e9bdb8bea8b053685831be6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys

13:14:40.0908 2456 BrFiltUp - ok

13:14:40.0970 2456 [ 5c2f352a4e961d72518261257aae204b ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys

13:14:41.0001 2456 BridgeMP - ok

13:14:41.0032 2456 [ 05f5a0d14a2ee1d8255c2aa0e9e8e694 ] Browser C:\Windows\System32\browser.dll

13:14:41.0032 2456 Browser - ok

13:14:41.0048 2456 [ 43bea8d483bf1870f018e2d02e06a5bd ] Brserid C:\Windows\System32\Drivers\Brserid.sys

13:14:41.0064 2456 Brserid - ok

13:14:41.0110 2456 [ 80e52ef092f3dad03e0ee15e64f97245 ] BrSerIf C:\Windows\system32\DRIVERS\BrSerIf.sys

13:14:41.0126 2456 BrSerIf - ok

13:14:41.0142 2456 [ a6eca2151b08a09caceca35c07f05b42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

13:14:41.0173 2456 BrSerWdm - ok

13:14:41.0173 2456 [ b79968002c277e869cf38bd22cd61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

13:14:41.0188 2456 BrUsbMdm - ok

13:14:41.0204 2456 [ 601cb966fffebc6806626dc8e7aa0ef2 ] BrUsbSer C:\Windows\system32\DRIVERS\BrUsbSer.sys

13:14:41.0220 2456 BrUsbSer - ok

13:14:41.0235 2456 [ 9da669f11d1f894ab4eb69bf546a42e8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys

13:14:41.0251 2456 BTHMODEM - ok

13:14:41.0266 2456 [ 95f9c2976059462cbbf227f7aab10de9 ] bthserv C:\Windows\system32\bthserv.dll

13:14:41.0313 2456 bthserv - ok

13:14:41.0329 2456 [ b8bd2bb284668c84865658c77574381a ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

13:14:41.0344 2456 cdfs - ok

13:14:41.0360 2456 [ f036ce71586e93d94dab220d7bdf4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

13:14:41.0391 2456 cdrom - ok

13:14:41.0407 2456 [ f17d1d393bbc69c5322fbfafaca28c7f ] CertPropSvc C:\Windows\System32\certprop.dll

13:14:41.0438 2456 CertPropSvc - ok

13:14:41.0454 2456 [ d7cd5c4e1b71fa62050515314cfb52cf ] circlass C:\Windows\system32\drivers\circlass.sys

13:14:41.0469 2456 circlass - ok

13:14:41.0485 2456 [ fe1ec06f2253f691fe36217c592a0206 ] CLFS C:\Windows\system32\CLFS.sys

13:14:41.0485 2456 CLFS - ok

13:14:41.0532 2456 [ d88040f816fda31c3b466f0fa0918f29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

13:14:41.0532 2456 clr_optimization_v2.0.50727_32 - ok

13:14:41.0578 2456 [ d1ceea2b47cb998321c579651ce3e4f8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

13:14:41.0578 2456 clr_optimization_v2.0.50727_64 - ok

13:14:41.0641 2456 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

13:14:41.0656 2456 clr_optimization_v4.0.30319_32 - ok

13:14:41.0672 2456 [ c6f9af94dcd58122a4d7e89db6bed29d ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

13:14:41.0688 2456 clr_optimization_v4.0.30319_64 - ok

13:14:41.0703 2456 [ 0840155d0bddf1190f84a663c284bd33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys

13:14:41.0719 2456 CmBatt - ok

13:14:41.0734 2456 [ e19d3f095812725d88f9001985b94edd ] cmdide C:\Windows\system32\drivers\cmdide.sys

13:14:41.0750 2456 cmdide - ok

13:14:41.0781 2456 [ 9ac4f97c2d3e93367e2148ea940cd2cd ] CNG C:\Windows\system32\Drivers\cng.sys

13:14:41.0812 2456 CNG - ok

13:14:41.0812 2456 [ 102de219c3f61415f964c88e9085ad14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys

13:14:41.0828 2456 Compbatt - ok

13:14:41.0844 2456 [ 03edb043586cceba243d689bdda370a8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys

13:14:41.0844 2456 CompositeBus - ok

13:14:41.0844 2456 COMSysApp - ok

13:14:41.0859 2456 [ 1c827878a998c18847245fe1f34ee597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys

13:14:41.0859 2456 crcdisk - ok

13:14:41.0906 2456 [ 4f5414602e2544a4554d95517948b705 ] CryptSvc C:\Windows\system32\cryptsvc.dll

13:14:41.0937 2456 CryptSvc - ok

13:14:41.0968 2456 [ 5c627d1b1138676c0a7ab2c2c190d123 ] DcomLaunch C:\Windows\system32\rpcss.dll

13:14:42.0031 2456 DcomLaunch - ok

13:14:42.0062 2456 [ 3cec7631a84943677aa8fa8ee5b6b43d ] defragsvc C:\Windows\System32\defragsvc.dll

13:14:42.0109 2456 defragsvc - ok

13:14:42.0140 2456 [ 9bb2ef44eaa163b29c4a4587887a0fe4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

13:14:42.0171 2456 DfsC - ok

13:14:42.0202 2456 [ 43d808f5d9e1a18e5eeb5ebc83969e4e ] Dhcp C:\Windows\system32\dhcpcore.dll

13:14:42.0234 2456 Dhcp - ok

13:14:42.0249 2456 [ 13096b05847ec78f0977f2c0f79e9ab3 ] discache C:\Windows\system32\drivers\discache.sys

13:14:42.0280 2456 discache - ok

13:14:42.0312 2456 [ 9819eee8b5ea3784ec4af3b137a5244c ] Disk C:\Windows\system32\drivers\disk.sys

13:14:42.0312 2456 Disk - ok

13:14:42.0343 2456 [ 16835866aaa693c7d7fceba8fff706e4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

13:14:42.0374 2456 Dnscache - ok

13:14:42.0390 2456 [ b1fb3ddca0fdf408750d5843591afbc6 ] dot3svc C:\Windows\System32\dot3svc.dll

13:14:42.0436 2456 dot3svc - ok

13:14:42.0436 2456 [ b26f4f737e8f9df4f31af6cf31d05820 ] DPS C:\Windows\system32\dps.dll

13:14:42.0483 2456 DPS - ok

13:14:42.0514 2456 [ 9b19f34400d24df84c858a421c205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

13:14:42.0530 2456 drmkaud - ok

13:14:42.0561 2456 [ f5bee30450e18e6b83a5012c100616fd ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

13:14:42.0592 2456 DXGKrnl - ok

13:14:42.0592 2456 [ e2dda8726da9cb5b2c4000c9018a9633 ] EapHost C:\Windows\System32\eapsvc.dll

13:14:42.0639 2456 EapHost - ok

13:14:42.0686 2456 [ dc5d737f51be844d8c82c695eb17372f ] ebdrv C:\Windows\system32\drivers\evbda.sys

13:14:42.0717 2456 ebdrv - ok

13:14:42.0748 2456 [ c118a82cd78818c29ab228366ebf81c3 ] EFS C:\Windows\System32\lsass.exe

13:14:42.0748 2456 EFS - ok

13:14:42.0811 2456 [ c4002b6b41975f057d98c439030cea07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

13:14:42.0842 2456 ehRecvr - ok

13:14:42.0858 2456 [ 4705e8ef9934482c5bb488ce28afc681 ] ehSched C:\Windows\ehome\ehsched.exe

13:14:42.0873 2456 ehSched - ok

13:14:42.0904 2456 [ 0e5da5369a0fcaea12456dd852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys

13:14:42.0936 2456 elxstor - ok

13:14:42.0951 2456 [ 34a3c54752046e79a126e15c51db409b ] ErrDev C:\Windows\system32\drivers\errdev.sys

13:14:42.0967 2456 ErrDev - ok

13:14:43.0029 2456 [ 4166f82be4d24938977dd1746be9b8a0 ] EventSystem C:\Windows\system32\es.dll

13:14:43.0076 2456 EventSystem - ok

13:14:43.0092 2456 [ a510c654ec00c1e9bdd91eeb3a59823b ] exfat C:\Windows\system32\drivers\exfat.sys

13:14:43.0123 2456 exfat - ok

13:14:43.0138 2456 [ 0adc83218b66a6db380c330836f3e36d ] fastfat C:\Windows\system32\drivers\fastfat.sys

13:14:43.0170 2456 fastfat - ok

13:14:43.0185 2456 [ dbefd454f8318a0ef691fdd2eaab44eb ] Fax C:\Windows\system32\fxssvc.exe

13:14:43.0216 2456 Fax - ok

13:14:43.0232 2456 [ d765d19cd8ef61f650c384f62fac00ab ] fdc C:\Windows\system32\drivers\fdc.sys

13:14:43.0248 2456 fdc - ok

13:14:43.0279 2456 [ 0438cab2e03f4fb61455a7956026fe86 ] fdPHost C:\Windows\system32\fdPHost.dll

13:14:43.0310 2456 fdPHost - ok

13:14:43.0310 2456 [ 802496cb59a30349f9a6dd22d6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

13:14:43.0341 2456 FDResPub - ok

13:14:43.0341 2456 [ 655661be46b5f5f3fd454e2c3095b930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

13:14:43.0357 2456 FileInfo - ok

13:14:43.0357 2456 [ 5f671ab5bc87eea04ec38a6cd5962a47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

13:14:43.0388 2456 Filetrace - ok

13:14:43.0419 2456 [ c172a0f53008eaeb8ea33fe10e177af5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys

13:14:43.0419 2456 flpydisk - ok

13:14:43.0435 2456 [ da6b67270fd9db3697b20fce94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

13:14:43.0450 2456 FltMgr - ok

13:14:43.0482 2456 [ 5c4cb4086fb83115b153e47add961a0c ] FontCache C:\Windows\system32\FntCache.dll

13:14:43.0513 2456 FontCache - ok

13:14:43.0560 2456 [ a8b7f3818ab65695e3a0bb3279f6dce6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

13:14:43.0560 2456 FontCache3.0.0.0 - ok

13:14:43.0591 2456 [ 71cdc1d7f58d5ec49ebc2e2332ad3fae ] FPLService C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe

13:14:43.0606 2456 FPLService - ok

13:14:43.0622 2456 [ d43703496149971890703b4b1b723eac ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

13:14:43.0622 2456 FsDepends - ok

13:14:43.0638 2456 [ 6bd9295cc032dd3077c671fccf579a7b ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

13:14:43.0653 2456 Fs_Rec - ok

13:14:43.0684 2456 [ 1f7b25b858fa27015169fe95e54108ed ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

13:14:43.0684 2456 fvevol - ok

13:14:43.0716 2456 [ 8c778d335c9d272cfd3298ab02abe3b6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys

13:14:43.0716 2456 gagp30kx - ok

13:14:43.0747 2456 [ c403c5db49a0f9aaf4f2128edc0106d8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

13:14:43.0762 2456 GamesAppService - ok

13:14:43.0778 2456 [ e403aacf8c7bb11375122d2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

13:14:43.0778 2456 GEARAspiWDM - ok

13:14:43.0840 2456 [ 277bbc7e1aa1ee957f573a10eca7ef3a ] gpsvc C:\Windows\System32\gpsvc.dll

13:14:43.0872 2456 gpsvc - ok

13:14:43.0903 2456 [ f2523ef6460fc42405b12248338ab2f0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

13:14:43.0934 2456 hcw85cir - ok

13:14:43.0965 2456 [ 975761c778e33cd22498059b91e7373a ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

13:14:43.0981 2456 HdAudAddService - ok

13:14:44.0012 2456 [ 97bfed39b6b79eb12cddbfeed51f56bb ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys

13:14:44.0043 2456 HDAudBus - ok

13:14:44.0059 2456 [ 78e86380454a7b10a5eb255dc44a355f ] HidBatt C:\Windows\system32\drivers\HidBatt.sys

13:14:44.0074 2456 HidBatt - ok

13:14:44.0090 2456 [ 7fd2a313f7afe5c4dab14798c48dd104 ] HidBth C:\Windows\system32\drivers\hidbth.sys

13:14:44.0121 2456 HidBth - ok

13:14:44.0168 2456 [ 0a77d29f311b88cfae3b13f9c1a73825 ] HidIr C:\Windows\system32\drivers\hidir.sys

13:14:44.0199 2456 HidIr - ok

13:14:44.0215 2456 [ bd9eb3958f213f96b97b1d897dee006d ] hidserv C:\Windows\System32\hidserv.dll

13:14:44.0246 2456 hidserv - ok

13:14:44.0308 2456 [ 9592090a7e2b61cd582b612b6df70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

13:14:44.0324 2456 HidUsb - ok

13:14:44.0371 2456 [ 387e72e739e15e3d37907a86d9ff98e2 ] hkmsvc C:\Windows\system32\kmsvc.dll

13:14:44.0402 2456 hkmsvc - ok

13:14:44.0433 2456 [ efdfb3dd38a4376f93e7985173813abd ] HomeGroupListener C:\Windows\system32\ListSvc.dll

13:14:44.0464 2456 HomeGroupListener - ok

13:14:44.0480 2456 [ 908acb1f594274965a53926b10c81e89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

13:14:44.0496 2456 HomeGroupProvider - ok

13:14:44.0542 2456 [ 531d1843c7a411f4e41ec6786f291e5f ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

13:14:44.0558 2456 HP Support Assistant Service - ok

13:14:44.0589 2456 [ 6a181452d4e240b8ecc7614b9a19bde9 ] HPClientSvc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

13:14:44.0605 2456 HPClientSvc - ok

13:14:44.0636 2456 [ bcc4a8b2e2e902f52e7f2e7d8e125765 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

13:14:44.0636 2456 HPDrvMntSvc.exe - ok

13:14:44.0683 2456 [ ec9739a46f1f83c6e52a7a4697f44a65 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

13:14:44.0714 2456 hpqwmiex - ok

13:14:44.0730 2456 [ 39d2abcd392f3d8a6dce7b60ae7b8efc ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

13:14:44.0745 2456 HpSAMD - ok

13:14:44.0776 2456 [ 0ea7de1acb728dd5a369fd742d6eee28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

13:14:44.0823 2456 HTTP - ok

13:14:44.0839 2456 [ a5462bd6884960c9dc85ed49d34ff392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

13:14:44.0839 2456 hwpolicy - ok

13:14:44.0854 2456 [ fa55c73d4affa7ee23ac4be53b4592d3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys

13:14:44.0870 2456 i8042prt - ok

13:14:44.0886 2456 [ 26cf4275034214ecedd8ec17b0a18a99 ] iaStor C:\Windows\system32\drivers\iaStor.sys

13:14:44.0901 2456 iaStor - ok

13:14:44.0917 2456 [ aaaf44db3bd0b9d1fb6969b23ecc8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

13:14:44.0932 2456 iaStorV - ok

13:14:44.0979 2456 [ 5534e14ef27ebe8563cdbce6b88501a3 ] IDMWFP C:\Windows\system32\DRIVERS\idmwfp.sys

13:14:44.0995 2456 IDMWFP - ok

13:14:45.0042 2456 [ 5988fc40f8db5b0739cd1e3a5d0d78bd ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

13:14:45.0057 2456 idsvc - ok

13:14:45.0244 2456 [ efe5a0af39a8e179624117c521f1e012 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys

13:14:45.0369 2456 igfx - ok

13:14:45.0400 2456 [ 5c18831c61933628f5bb0ea2675b9d21 ] iirsp C:\Windows\system32\drivers\iirsp.sys

13:14:45.0416 2456 iirsp - ok

13:14:45.0447 2456 [ fcd84c381e0140af901e58d48882d26b ] IKEEXT C:\Windows\System32\ikeext.dll

13:14:45.0478 2456 IKEEXT - ok

13:14:45.0494 2456 [ dd587a55390ed2295bce6d36ad567da9 ] Impcd C:\Windows\system32\drivers\Impcd.sys

13:14:45.0510 2456 Impcd - ok

13:14:45.0572 2456 [ c7124da48e557d8f88d0d7f1254557f4 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys

13:14:45.0619 2456 IntcAzAudAddService - ok

13:14:45.0634 2456 [ f00f20e70c6ec3aa366910083a0518aa ] intelide C:\Windows\system32\drivers\intelide.sys

13:14:45.0650 2456 intelide - ok

13:14:45.0666 2456 [ ada036632c664caa754079041cf1f8c1 ] intelppm C:\Windows\system32\drivers\intelppm.sys

13:14:45.0681 2456 intelppm - ok

13:14:45.0712 2456 [ 098a91c54546a3b878dad6a7e90a455b ] IPBusEnum C:\Windows\system32\ipbusenum.dll

13:14:45.0759 2456 IPBusEnum - ok

13:14:45.0759 2456 [ c9f0e1bd74365a8771590e9008d22ab6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

13:14:45.0790 2456 IpFilterDriver - ok

13:14:45.0822 2456 [ a34a587fffd45fa649fba6d03784d257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

13:14:45.0853 2456 iphlpsvc - ok

13:14:45.0884 2456 [ 0fc1aea580957aa8817b8f305d18ca3a ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

13:14:45.0900 2456 IPMIDRV - ok

13:14:45.0915 2456 [ af9b39a7e7b6caa203b3862582e9f2d0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

13:14:45.0931 2456 IPNAT - ok

13:14:45.0978 2456 [ ee4c2a137c7088911a8919effc9812e7 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

13:14:46.0009 2456 iPod Service - ok

13:14:46.0024 2456 [ 3abf5e7213eb28966d55d58b515d5ce9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

13:14:46.0040 2456 IRENUM - ok

13:14:46.0040 2456 [ 2f7b28dc3e1183e5eb418df55c204f38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

13:14:46.0056 2456 isapnp - ok

13:14:46.0071 2456 [ d931d7309deb2317035b07c9f9e6b0bd ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

13:14:46.0071 2456 iScsiPrt - ok

13:14:46.0118 2456 [ 6c85719a21b3f62c2c76280f4bd36c7b ] jhi_service C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe

13:14:46.0149 2456 jhi_service - ok

13:14:46.0165 2456 [ bc02336f1cba7dcc7d1213bb588a68a5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

13:14:46.0180 2456 kbdclass - ok

13:14:46.0180 2456 [ 0705eff5b42a9db58548eec3b26bb484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

13:14:46.0196 2456 kbdhid - ok

13:14:46.0212 2456 [ c118a82cd78818c29ab228366ebf81c3 ] KeyIso C:\Windows\system32\lsass.exe

13:14:46.0212 2456 KeyIso - ok

13:14:46.0243 2456 [ 97a7070aea4c058b6418519e869a63b4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

13:14:46.0258 2456 KSecDD - ok

13:14:46.0258 2456 [ 26c43a7c2862447ec59deda188d1da07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

13:14:46.0274 2456 KSecPkg - ok

13:14:46.0274 2456 [ 6869281e78cb31a43e969f06b57347c4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

13:14:46.0305 2456 ksthunk - ok

13:14:46.0336 2456 [ 6ab66e16aa859232f64deb66887a8c9c ] KtmRm C:\Windows\system32\msdtckrm.dll

13:14:46.0383 2456 KtmRm - ok

13:14:46.0399 2456 [ d9f42719019740baa6d1c6d536cbdaa6 ] LanmanServer C:\Windows\System32\srvsvc.dll

13:14:46.0430 2456 LanmanServer - ok

13:14:46.0446 2456 [ 851a1382eed3e3a7476db004f4ee3e1a ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

13:14:46.0477 2456 LanmanWorkstation - ok

13:14:46.0508 2456 [ 1538831cf8ad2979a04c423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

13:14:46.0555 2456 lltdio - ok

13:14:46.0570 2456 [ c1185803384ab3feed115f79f109427f ] lltdsvc C:\Windows\System32\lltdsvc.dll

13:14:46.0602 2456 lltdsvc - ok

13:14:46.0617 2456 [ f993a32249b66c9d622ea5592a8b76b8 ] lmhosts C:\Windows\System32\lmhsvc.dll

13:14:46.0633 2456 lmhosts - ok

13:14:46.0680 2456 [ d75c4b4a8fe6d7fd74a7eecdbaec729f ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

13:14:46.0680 2456 LMS - ok

13:14:46.0695 2456 [ 1a93e54eb0ece102495a51266dcdb6a6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys

13:14:46.0711 2456 LSI_FC - ok

13:14:46.0726 2456 [ 1047184a9fdc8bdbff857175875ee810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys

13:14:46.0726 2456 LSI_SAS - ok

13:14:46.0742 2456 [ 30f5c0de1ee8b5bc9306c1f0e4a75f93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys

13:14:46.0742 2456 LSI_SAS2 - ok

13:14:46.0758 2456 [ 0504eacaff0d3c8aed161c4b0d369d4a ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys

13:14:46.0758 2456 LSI_SCSI - ok

13:14:46.0773 2456 [ 43d0f98e1d56ccddb0d5254cff7b356e ] luafv C:\Windows\system32\drivers\luafv.sys

13:14:46.0804 2456 luafv - ok

13:14:46.0851 2456 [ 0c85b2b6fb74b36a251792d45e0ef860 ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys

13:14:46.0867 2456 LVRS64 - ok

13:14:46.0976 2456 [ ff3a488924b0032b1a9ca6948c1fa9e8 ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys

13:14:47.0023 2456 LVUVC64 - ok

13:14:47.0070 2456 [ dc8490812a3b72811ae534f423b4c206 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys

13:14:47.0085 2456 MBAMProtector - ok

13:14:47.0132 2456 [ 43683e970f008c93c9429ef428147a54 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

13:14:47.0163 2456 MBAMService - ok

13:14:47.0179 2456 [ 0be09cd858abf9df6ed259d57a1a1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

13:14:47.0194 2456 Mcx2Svc - ok

13:14:47.0194 2456 [ a55805f747c6edb6a9080d7c633bd0f4 ] megasas C:\Windows\system32\drivers\megasas.sys

13:14:47.0210 2456 megasas - ok

13:14:47.0226 2456 [ baf74ce0072480c3b6b7c13b2a94d6b3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys

13:14:47.0241 2456 MegaSR - ok

13:14:47.0257 2456 [ a6518dcc42f7a6e999bb3bea8fd87567 ] MEIx64 C:\Windows\system32\drivers\HECIx64.sys

13:14:47.0257 2456 MEIx64 - ok

13:14:47.0272 2456 [ e40e80d0304a73e8d269f7141d77250b ] MMCSS C:\Windows\system32\mmcss.dll

13:14:47.0304 2456 MMCSS - ok

13:14:47.0319 2456 [ 800ba92f7010378b09f9ed9270f07137 ] Modem C:\Windows\system32\drivers\modem.sys

13:14:47.0335 2456 Modem - ok

13:14:47.0366 2456 [ b03d591dc7da45ece20b3b467e6aadaa ] monitor C:\Windows\system32\DRIVERS\monitor.sys

13:14:47.0382 2456 monitor - ok

13:14:47.0397 2456 [ 7d27ea49f3c1f687d357e77a470aea99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

13:14:47.0413 2456 mouclass - ok

13:14:47.0428 2456 [ d3bf052c40b0c4166d9fd86a4288c1e6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

13:14:47.0444 2456 mouhid - ok

13:14:47.0460 2456 [ 32e7a3d591d671a6df2db515a5cbe0fa ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

13:14:47.0475 2456 mountmgr - ok

13:14:47.0522 2456 [ 96aa8ba23142cc8e2b30f3cae0c80254 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

13:14:47.0538 2456 MozillaMaintenance - ok

13:14:47.0553 2456 [ a44b420d30bd56e145d6a2bc8768ec58 ] mpio C:\Windows\system32\drivers\mpio.sys

13:14:47.0553 2456 mpio - ok

13:14:47.0569 2456 [ 6c38c9e45ae0ea2fa5e551f2ed5e978f ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

13:14:47.0584 2456 mpsdrv - ok

13:14:47.0647 2456 [ 54ffc9c8898113ace189d4aa7199d2c1 ] MpsSvc C:\Windows\system32\mpssvc.dll

13:14:47.0709 2456 MpsSvc - ok

13:14:47.0725 2456 [ dc722758b8261e1abafd31a3c0a66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

13:14:47.0740 2456 MRxDAV - ok

13:14:47.0756 2456 [ a5d9106a73dc88564c825d317cac68ac ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

13:14:47.0787 2456 mrxsmb - ok

13:14:47.0787 2456 [ d711b3c1d5f42c0c2415687be09fc163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

13:14:47.0803 2456 mrxsmb10 - ok

13:14:47.0803 2456 [ 9423e9d355c8d303e76b8cfbd8a5c30c ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

13:14:47.0818 2456 mrxsmb20 - ok

13:14:47.0834 2456 [ c25f0bafa182cbca2dd3c851c2e75796 ] msahci C:\Windows\system32\drivers\msahci.sys

13:14:47.0834 2456 msahci - ok

13:14:47.0865 2456 [ db801a638d011b9633829eb6f663c900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

13:14:47.0865 2456 msdsm - ok

13:14:47.0881 2456 [ de0ece52236cfa3ed2dbfc03f28253a8 ] MSDTC C:\Windows\System32\msdtc.exe

13:14:47.0896 2456 MSDTC - ok

13:14:47.0912 2456 [ aa3fb40e17ce1388fa1bedab50ea8f96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

13:14:47.0928 2456 Msfs - ok

13:14:47.0943 2456 [ f9d215a46a8b9753f61767fa72a20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

13:14:47.0974 2456 mshidkmdf - ok

13:14:47.0974 2456 [ d916874bbd4f8b07bfb7fa9b3ccae29d ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

13:14:47.0990 2456 msisadrv - ok

13:14:48.0006 2456 [ 808e98ff49b155c522e6400953177b08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

13:14:48.0037 2456 MSiSCSI - ok

13:14:48.0037 2456 msiserver - ok

13:14:48.0052 2456 [ 49ccf2c4fea34ffad8b1b59d49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

13:14:48.0084 2456 MSKSSRV - ok

13:14:48.0084 2456 [ bdd71ace35a232104ddd349ee70e1ab3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

13:14:48.0115 2456 MSPCLOCK - ok

13:14:48.0130 2456 [ 4ed981241db27c3383d72092b618a1d0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

13:14:48.0162 2456 MSPQM - ok

13:14:48.0177 2456 [ 759a9eeb0fa9ed79da1fb7d4ef78866d ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

13:14:48.0193 2456 MsRPC - ok

13:14:48.0193 2456 [ 0eed230e37515a0eaee3c2e1bc97b288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys

13:14:48.0208 2456 mssmbios - ok

13:14:48.0208 2456 [ 2e66f9ecb30b4221a318c92ac2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

13:14:48.0240 2456 MSTEE - ok

13:14:48.0240 2456 [ 7ea404308934e675bffde8edf0757bcd ] MTConfig C:\Windows\system32\drivers\MTConfig.sys

13:14:48.0255 2456 MTConfig - ok

13:14:48.0255 2456 [ f9a18612fd3526fe473c1bda678d61c8 ] Mup C:\Windows\system32\Drivers\mup.sys

13:14:48.0271 2456 Mup - ok

13:14:48.0302 2456 [ 582ac6d9873e31dfa28a4547270862dd ] napagent C:\Windows\system32\qagentRT.dll

13:14:48.0333 2456 napagent - ok

13:14:48.0349 2456 [ 1ea3749c4114db3e3161156ffffa6b33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

13:14:48.0364 2456 NativeWifiP - ok

13:14:48.0396 2456 [ 79b47fd40d9a817e932f9d26fac0a81c ] NDIS C:\Windows\system32\drivers\ndis.sys

13:14:48.0411 2456 NDIS - ok

13:14:48.0427 2456 [ 9f9a1f53aad7da4d6fef5bb73ab811ac ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

13:14:48.0458 2456 NdisCap - ok

13:14:48.0474 2456 [ 30639c932d9fef22b31268fe25a1b6e5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

13:14:48.0505 2456 NdisTapi - ok

13:14:48.0520 2456 [ 136185f9fb2cc61e573e676aa5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

13:14:48.0552 2456 Ndisuio - ok

13:14:48.0567 2456 [ 53f7305169863f0a2bddc49e116c2e11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

13:14:48.0598 2456 NdisWan - ok

13:14:48.0598 2456 [ 015c0d8e0e0421b4cfd48cffe2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

13:14:48.0630 2456 NDProxy - ok

13:14:48.0630 2456 [ 86743d9f5d2b1048062b14b1d84501c4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

13:14:48.0661 2456 NetBIOS - ok

13:14:48.0676 2456 [ 09594d1089c523423b32a4229263f068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

13:14:48.0708 2456 NetBT - ok

13:14:48.0708 2456 [ c118a82cd78818c29ab228366ebf81c3 ] Netlogon C:\Windows\system32\lsass.exe

13:14:48.0708 2456 Netlogon - ok

13:14:48.0723 2456 [ 847d3ae376c0817161a14a82c8922a9e ] Netman C:\Windows\System32\netman.dll

13:14:48.0770 2456 Netman - ok

13:14:48.0801 2456 [ d22cd77d4f0d63d1169bb35911bff12d ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

13:14:48.0817 2456 NetMsmqActivator - ok

13:14:48.0817 2456 [ d22cd77d4f0d63d1169bb35911bff12d ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

13:14:48.0817 2456 NetPipeActivator - ok

13:14:48.0832 2456 [ 5f28111c648f1e24f7dbc87cdeb091b8 ] netprofm C:\Windows\System32\netprofm.dll

13:14:48.0864 2456 netprofm - ok

13:14:48.0910 2456 [ 8b5d2d7cb0ef5b1967860b8ab742a46c ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys

13:14:48.0926 2456 netr28x - ok

13:14:48.0926 2456 [ d22cd77d4f0d63d1169bb35911bff12d ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

13:14:48.0942 2456 NetTcpActivator - ok

13:14:48.0942 2456 [ d22cd77d4f0d63d1169bb35911bff12d ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

13:14:48.0957 2456 NetTcpPortSharing - ok

13:14:48.0973 2456 [ 77889813be4d166cdab78ddba990da92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys

13:14:48.0973 2456 nfrd960 - ok

13:14:49.0004 2456 [ 1ee99a89cc788ada662441d1e9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll

13:14:49.0035 2456 NlaSvc - ok

13:14:49.0113 2456 [ 5839a8027d6d324a7cd494051a96628c ] NOBU C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe

13:14:49.0160 2456 NOBU - ok

13:14:49.0176 2456 [ 1e4c4ab5c9b8dd13179bbdc75a2a01f7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

13:14:49.0207 2456 Npfs - ok

13:14:49.0269 2456 [ d54bfdf3e0c953f823b3d0bfe4732528 ] nsi C:\Windows\system32\nsisvc.dll

13:14:49.0316 2456 nsi - ok

13:14:49.0332 2456 [ e7f5ae18af4168178a642a9247c63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

13:14:49.0363 2456 nsiproxy - ok

13:14:49.0425 2456 [ a2f74975097f52a00745f9637451fdd8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

13:14:49.0456 2456 Ntfs - ok

13:14:49.0472 2456 [ 9899284589f75fa8724ff3d16aed75c1 ] Null C:\Windows\system32\drivers\Null.sys

13:14:49.0488 2456 Null - ok

13:14:49.0519 2456 [ 0a92cb65770442ed0dc44834632f66ad ] nvraid C:\Windows\system32\drivers\nvraid.sys

13:14:49.0534 2456 nvraid - ok

13:14:49.0534 2456 [ dab0e87525c10052bf65f06152f37e4a ] nvstor C:\Windows\system32\drivers\nvstor.sys

13:14:49.0550 2456 nvstor - ok

13:14:49.0566 2456 [ 270d7cd42d6e3979f6dd0146650f0e05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

13:14:49.0581 2456 nv_agp - ok

13:14:49.0597 2456 [ 3589478e4b22ce21b41fa1bfc0b8b8a0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

13:14:49.0597 2456 ohci1394 - ok

13:14:49.0628 2456 [ 3eac4455472cc2c97107b5291e0dcafe ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

13:14:49.0659 2456 p2pimsvc - ok

13:14:49.0675 2456 [ 927463ecb02179f88e4b9a17568c63c3 ] p2psvc C:\Windows\system32\p2psvc.dll

13:14:49.0690 2456 p2psvc - ok

13:14:49.0706 2456 [ 0086431c29c35be1dbc43f52cc273887 ] Parport C:\Windows\system32\drivers\parport.sys

13:14:49.0722 2456 Parport - ok

13:14:49.0753 2456 [ e9766131eeade40a27dc27d2d68fba9c ] partmgr C:\Windows\system32\drivers\partmgr.sys

13:14:49.0753 2456 partmgr - ok

13:14:49.0768 2456 [ 3aeaa8b561e63452c655dc0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

13:14:49.0800 2456 PcaSvc - ok

13:14:49.0800 2456 [ 94575c0571d1462a0f70bde6bd6ee6b3 ] pci C:\Windows\system32\drivers\pci.sys

13:14:49.0815 2456 pci - ok

13:14:49.0831 2456 [ b5b8b5ef2e5cb34df8dcf8831e3534fa ] pciide C:\Windows\system32\drivers\pciide.sys

13:14:49.0846 2456 pciide - ok

13:14:49.0862 2456 [ b2e81d4e87ce48589f98cb8c05b01f2f ] pcmcia C:\Windows\system32\drivers\pcmcia.sys

13:14:49.0878 2456 pcmcia - ok

13:14:49.0893 2456 [ d6b9c2e1a11a3a4b26a182ffef18f603 ] pcw C:\Windows\system32\drivers\pcw.sys

13:14:49.0893 2456 pcw - ok

13:14:49.0924 2456 pdfcDispatcher - ok

13:14:49.0940 2456 [ 68769c3356b3be5d1c732c97b9a80d6e ] PEAUTH C:\Windows\system32\drivers\peauth.sys

13:14:49.0971 2456 PEAUTH - ok

13:14:50.0034 2456 [ e495e408c93141e8fc72dc0c6046ddfa ] PerfHost C:\Windows\SysWow64\perfhost.exe

13:14:50.0065 2456 PerfHost - ok

13:14:50.0112 2456 [ c7cf6a6e137463219e1259e3f0f0dd6c ] pla C:\Windows\system32\pla.dll

13:14:50.0158 2456 pla - ok

13:14:50.0190 2456 [ 25fbdef06c4d92815b353f6e792c8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

13:14:50.0205 2456 PlugPlay - ok

13:14:50.0236 2456 [ 0bee791c7c7ace453c134e73633c497d ] pmxdrv C:\Windows\system32\drivers\pmxdrv.sys

13:14:50.0236 2456 pmxdrv - ok

13:14:50.0252 2456 [ 7195581cec9bb7d12abe54036acc2e38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

13:14:50.0268 2456 PNRPAutoReg - ok

13:14:50.0283 2456 [ 3eac4455472cc2c97107b5291e0dcafe ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

13:14:50.0283 2456 PNRPsvc - ok

13:14:50.0314 2456 [ 4f15d75adf6156bf56eced6d4a55c389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

13:14:50.0346 2456 PolicyAgent - ok

13:14:50.0377 2456 [ 6ba9d927dded70bd1a9caded45f8b184 ] Power C:\Windows\system32\umpo.dll

13:14:50.0408 2456 Power - ok

13:14:50.0439 2456 [ f92a2c41117a11a00be01ca01a7fcde9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

13:14:50.0470 2456 PptpMiniport - ok

13:14:50.0470 2456 [ 0d922e23c041efb1c3fac2a6f943c9bf ] Processor C:\Windows\system32\drivers\processr.sys

13:14:50.0486 2456 Processor - ok

13:14:50.0517 2456 [ 53e83f1f6cf9d62f32801cf66d8352a8 ] ProfSvc C:\Windows\system32\profsvc.dll

13:14:50.0548 2456 ProfSvc - ok

13:14:50.0548 2456 [ c118a82cd78818c29ab228366ebf81c3 ] ProtectedStorage C:\Windows\system32\lsass.exe

13:14:50.0564 2456 ProtectedStorage - ok

13:14:50.0564 2456 [ 0557cf5a2556bd58e26384169d72438d ] Psched C:\Windows\system32\DRIVERS\pacer.sys

13:14:50.0611 2456 Psched - ok

13:14:50.0642 2456 [ a53a15a11ebfd21077463ee2c7afeef0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys

13:14:50.0673 2456 ql2300 - ok

13:14:50.0689 2456 [ 4f6d12b51de1aaeff7dc58c4d75423c8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys

13:14:50.0704 2456 ql40xx - ok

13:14:50.0720 2456 [ 906191634e99aea92c4816150bda3732 ] QWAVE C:\Windows\system32\qwave.dll

13:14:50.0736 2456 QWAVE - ok

13:14:50.0736 2456 [ 76707bb36430888d9ce9d705398adb6c ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

13:14:50.0767 2456 QWAVEdrv - ok

13:14:50.0782 2456 [ 5a0da8ad5762fa2d91678a8a01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

13:14:50.0814 2456 RasAcd - ok

13:14:50.0829 2456 [ 7ecff9b22276b73f43a99a15a6094e90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

13:14:50.0860 2456 RasAgileVpn - ok

13:14:50.0860 2456 [ 8f26510c5383b8dbe976de1cd00fc8c7 ] RasAuto C:\Windows\System32\rasauto.dll

13:14:50.0892 2456 RasAuto - ok

13:14:50.0907 2456 [ 471815800ae33e6f1c32fb1b97c490ca ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

13:14:50.0938 2456 Rasl2tp - ok

13:14:50.0954 2456 [ ee867a0870fc9e4972ba9eaad35651e2 ] RasMan C:\Windows\System32\rasmans.dll

13:14:50.0970 2456 RasMan - ok

13:14:50.0985 2456 [ 855c9b1cd4756c5e9a2aa58a15f58c25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

13:14:51.0016 2456 RasPppoe - ok

13:14:51.0032 2456 [ e8b1e447b008d07ff47d016c2b0eeecb ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

13:14:51.0063 2456 RasSstp - ok

13:14:51.0079 2456 [ 77f665941019a1594d887a74f301fa2f ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

13:14:51.0094 2456 rdbss - ok

13:14:51.0110 2456 [ 302da2a0539f2cf54d7c6cc30c1f2d8d ] rdpbus C:\Windows\system32\drivers\rdpbus.sys

13:14:51.0141 2456 rdpbus - ok

13:14:51.0141 2456 [ cea6cc257fc9b7715f1c2b4849286d24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

13:14:51.0172 2456 RDPCDD - ok

13:14:51.0172 2456 [ bb5971a4f00659529a5c44831af22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

13:14:51.0204 2456 RDPENCDD - ok

13:14:51.0219 2456 [ 216f3fa57533d98e1f74ded70113177a ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

13:14:51.0250 2456 RDPREFMP - ok

13:14:51.0266 2456 [ e61608aa35e98999af9aaeeea6114b0a ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

13:14:51.0282 2456 RDPWD - ok

13:14:51.0297 2456 [ 34ed295fa0121c241bfef24764fc4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

13:14:51.0313 2456 rdyboost - ok

13:14:51.0328 2456 [ 254fb7a22d74e5511c73a3f6d802f192 ] RemoteAccess C:\Windows\System32\mprdim.dll

13:14:51.0360 2456 RemoteAccess - ok

13:14:51.0375 2456 [ e4d94f24081440b5fc5aa556c7c62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

13:14:51.0406 2456 RemoteRegistry - ok

13:14:51.0422 2456 [ 085d18c71ab2611a3d61528132b6501e ] RoxioNow Service C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe

13:14:51.0438 2456 RoxioNow Service - ok

13:14:51.0453 2456 [ e4dc58cf7b3ea515ae917ff0d402a7bb ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

13:14:51.0484 2456 RpcEptMapper - ok

13:14:51.0500 2456 [ d5ba242d4cf8e384db90e6a8ed850b8c ] RpcLocator C:\Windows\system32\locator.exe

13:14:51.0500 2456 RpcLocator - ok

13:14:51.0531 2456 [ 5c627d1b1138676c0a7ab2c2c190d123 ] RpcSs C:\Windows\system32\rpcss.dll

13:14:51.0547 2456 RpcSs - ok

13:14:51.0562 2456 [ ddc86e4f8e7456261e637e3552e804ff ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

13:14:51.0594 2456 rspndr - ok

13:14:51.0625 2456 [ f4c374b1c46de294b573bb43723ac3f6 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys

13:14:51.0625 2456 RTL8167 - ok

13:14:51.0640 2456 [ c118a82cd78818c29ab228366ebf81c3 ] SamSs C:\Windows\system32\lsass.exe

13:14:51.0656 2456 SamSs - ok

13:14:51.0656 2456 [ ac03af3329579fffb455aa2daabbe22b ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

13:14:51.0672 2456 sbp2port - ok

13:14:51.0687 2456 [ 9b7395789e3791a3b6d000fe6f8b131e ] SCardSvr C:\Windows\System32\SCardSvr.dll

13:14:51.0703 2456 SCardSvr - ok

13:14:51.0703 2456 [ 253f38d0d7074c02ff8deb9836c97d2b ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

13:14:51.0750 2456 scfilter - ok

13:14:51.0765 2456 [ 262f6592c3299c005fd6bec90fc4463a ] Schedule C:\Windows\system32\schedsvc.dll

13:14:51.0812 2456 Schedule - ok

13:14:51.0843 2456 [ f17d1d393bbc69c5322fbfafaca28c7f ] SCPolicySvc C:\Windows\System32\certprop.dll

13:14:51.0859 2456 SCPolicySvc - ok

13:14:51.0874 2456 [ 6ea4234dc55346e0709560fe7c2c1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

13:14:51.0874 2456 SDRSVC - ok

13:14:51.0921 2456 [ cc781378e7eda615d2cdca3b17829fa4 ] SeaPort C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

13:14:51.0937 2456 SeaPort - ok

13:14:51.0952 2456 [ 3ea8a16169c26afbeb544e0e48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

13:14:51.0984 2456 secdrv - ok

13:14:51.0999 2456 [ bc617a4e1b4fa8df523a061739a0bd87 ] seclogon C:\Windows\system32\seclogon.dll

13:14:52.0030 2456 seclogon - ok

13:14:52.0046 2456 [ c32ab8fa018ef34c0f113bd501436d21 ] SENS C:\Windows\system32\sens.dll

13:14:52.0077 2456 SENS - ok

13:14:52.0093 2456 [ 0336cffafaab87a11541f1cf1594b2b2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

13:14:52.0108 2456 SensrSvc - ok

13:14:52.0108 2456 [ cb624c0035412af0debec78c41f5ca1b ] Serenum C:\Windows\system32\drivers\serenum.sys

13:14:52.0124 2456 Serenum - ok

13:14:52.0140 2456 [ c1d8e28b2c2adfaec4ba89e9fda69bd6 ] Serial C:\Windows\system32\drivers\serial.sys

13:14:52.0155 2456 Serial - ok

13:14:52.0171 2456 [ 1c545a7d0691cc4a027396535691c3e3 ] sermouse C:\Windows\system32\drivers\sermouse.sys

13:14:52.0202 2456 sermouse - ok

13:14:52.0233 2456 [ 0b6231bf38174a1628c4ac812cc75804 ] SessionEnv C:\Windows\system32\sessenv.dll

13:14:52.0264 2456 SessionEnv - ok

13:14:52.0264 2456 [ a554811bcd09279536440c964ae35bbf ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

13:14:52.0280 2456 sffdisk - ok

13:14:52.0280 2456 [ ff414f0baefeba59bc6c04b3db0b87bf ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

13:14:52.0311 2456 sffp_mmc - ok

13:14:52.0327 2456 [ dd85b78243a19b59f0637dcf284da63c ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

13:14:52.0327 2456 sffp_sd - ok

13:14:52.0342 2456 [ a9d601643a1647211a1ee2ec4e433ff4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys

13:14:52.0358 2456 sfloppy - ok

13:14:52.0389 2456 [ b95f6501a2f8b2e78c697fec401970ce ] SharedAccess C:\Windows\System32\ipnathlp.dll

13:14:52.0420 2456 SharedAccess - ok

13:14:52.0436 2456 [ aaf932b4011d14052955d4b212a4da8d ] ShellHWDetection C:\Windows\System32\shsvcs.dll

13:14:52.0467 2456 ShellHWDetection - ok

13:14:52.0483 2456 [ 843caf1e5fde1ffd5ff768f23a51e2e1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys

13:14:52.0483 2456 SiSRaid2 - ok

13:14:52.0498 2456 [ 6a6c106d42e9ffff8b9fcb4f754f6da4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys

13:14:52.0498 2456 SiSRaid4 - ok

13:14:52.0545 2456 [ 17eab7852ff9f15fbaab4e95efc0b812 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe

13:14:52.0561 2456 SkypeUpdate - ok

13:14:52.0576 2456 [ 548260a7b8654e024dc30bf8a7c5baa4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

13:14:52.0623 2456 Smb - ok

13:14:52.0639 2456 [ 6313f223e817cc09aa41811daa7f541d ] SNMPTRAP C:\Windows\System32\snmptrap.exe

13:14:52.0654 2456 SNMPTRAP - ok

13:14:52.0670 2456 [ b9e31e5cacdfe584f34f730a677803f9 ] spldr C:\Windows\system32\drivers\spldr.sys

13:14:52.0670 2456 spldr - ok

13:14:52.0701 2456 [ 85daa09a98c9286d4ea2ba8d0e644377 ] Spooler C:\Windows\System32\spoolsv.exe

13:14:52.0717 2456 Spooler - ok

13:14:52.0779 2456 [ e17e0188bb90fae42d83e98707efa59c ] sppsvc C:\Windows\system32\sppsvc.exe

13:14:52.0857 2456 sppsvc - ok

13:14:52.0857 2456 [ 93d7d61317f3d4bc4f4e9f8a96a7de45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

13:14:52.0888 2456 sppuinotify - ok

13:14:52.0904 2456 [ 441fba48bff01fdb9d5969ebc1838f0b ] srv C:\Windows\system32\DRIVERS\srv.sys

13:14:52.0935 2456 srv - ok

13:14:52.0951 2456 [ b4adebbf5e3677cce9651e0f01f7cc28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

13:14:52.0982 2456 srv2 - ok

13:14:52.0998 2456 [ 27e461f0be5bff5fc737328f749538c3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

13:14:52.0998 2456 srvnet - ok

13:14:53.0029 2456 [ 51b52fbd583cde8aa9ba62b8b4298f33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

13:14:53.0060 2456 SSDPSRV - ok

13:14:53.0076 2456 [ ab7aebf58dad8daab7a6c45e6a8885cb ] SstpSvc C:\Windows\system32\sstpsvc.dll

13:14:53.0107 2456 SstpSvc - ok

13:14:53.0107 2456 [ f3817967ed533d08327dc73bc4d5542a ] stexstor C:\Windows\system32\drivers\stexstor.sys

13:14:53.0107 2456 stexstor - ok

13:14:53.0138 2456 [ 8dd52e8e6128f4b2da92ce27402871c1 ] stisvc C:\Windows\System32\wiaservc.dll

13:14:53.0154 2456 stisvc - ok

13:14:53.0185 2456 [ d01ec09b6711a5f8e7e6564a4d0fbc90 ] swenum C:\Windows\system32\drivers\swenum.sys

13:14:53.0185 2456 swenum - ok

13:14:53.0200 2456 [ e08e46fdd841b7184194011ca1955a0b ] swprv C:\Windows\System32\swprv.dll

13:14:53.0232 2456 swprv - ok

13:14:53.0263 2456 [ bf9ccc0bf39b418c8d0ae8b05cf95b7d ] SysMain C:\Windows\system32\sysmain.dll

13:14:53.0310 2456 SysMain - ok

13:14:53.0310 2456 [ e3c61fd7b7c2557e1f1b0b4cec713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

13:14:53.0325 2456 TabletInputService - ok

13:14:53.0341 2456 [ 40f0849f65d13ee87b9a9ae3c1dd6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

13:14:53.0388 2456 TapiSrv - ok

13:14:53.0403 2456 [ 1be03ac720f4d302ea01d40f588162f6 ] TBS C:\Windows\System32\tbssvc.dll

13:14:53.0419 2456 TBS - ok

13:14:53.0466 2456 [ acb82bda8f46c84f465c1afa517dc4b9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

13:14:53.0481 2456 Tcpip - ok

13:14:53.0512 2456 [ acb82bda8f46c84f465c1afa517dc4b9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

13:14:53.0544 2456 TCPIP6 - ok

13:14:53.0559 2456 [ df687e3d8836bfb04fcc0615bf15a519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

13:14:53.0590 2456 tcpipreg - ok

13:14:53.0606 2456 [ 3371d21011695b16333a3934340c4e7c ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

13:14:53.0622 2456 TDPIPE - ok

13:14:53.0653 2456 [ 51c5eceb1cdee2468a1748be550cfbc8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

13:14:53.0668 2456 TDTCP - ok

13:14:53.0684 2456 [ ddad5a7ab24d8b65f8d724f5c20fd806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

13:14:53.0715 2456 tdx - ok

13:14:53.0746 2456 [ 561e7e1f06895d78de991e01dd0fb6e5 ] TermDD C:\Windows\system32\drivers\termdd.sys

13:14:53.0746 2456 TermDD - ok

13:14:53.0778 2456 [ 2e648163254233755035b46dd7b89123 ] TermService C:\Windows\System32\termsrv.dll

13:14:53.0809 2456 TermService - ok

13:14:53.0824 2456 [ f0344071948d1a1fa732231785a0664c ] Themes C:\Windows\system32\themeservice.dll

13:14:53.0840 2456 Themes - ok

13:14:53.0856 2456 [ e40e80d0304a73e8d269f7141d77250b ] THREADORDER C:\Windows\system32\mmcss.dll

13:14:53.0887 2456 THREADORDER - ok

13:14:53.0887 2456 [ 7e7afd841694f6ac397e99d75cead49d ] TrkWks C:\Windows\System32\trkwks.dll

13:14:53.0918 2456 TrkWks - ok

13:14:53.0949 2456 [ 773212b2aaa24c1e31f10246b15b276c ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

13:14:53.0965 2456 TrustedInstaller - ok

13:14:53.0980 2456 [ ce18b2cdfc837c99e5fae9ca6cba5d30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

13:14:54.0012 2456 tssecsrv - ok

13:14:54.0012 2456 [ d11c783e3ef9a3c52c0ebe83cc5000e9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

13:14:54.0027 2456 TsUsbFlt - ok

13:14:54.0043 2456 [ 9cc2ccae8a84820eaecb886d477cbcb8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys

13:14:54.0043 2456 TsUsbGD - ok

13:14:54.0074 2456 [ 3566a8daafa27af944f5d705eaa64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

13:14:54.0105 2456 tunnel - ok

13:14:54.0121 2456 [ b4dd609bd7e282bfc683cec7eaaaad67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys

13:14:54.0121 2456 uagp35 - ok

13:14:54.0136 2456 [ ff4232a1a64012baa1fd97c7b67df593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

13:14:54.0168 2456 udfs - ok

13:14:54.0199 2456 [ 3cbdec8d06b9968aba702eba076364a1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

13:14:54.0214 2456 UI0Detect - ok

13:14:54.0230 2456 [ 4bfe1bc28391222894cbf1e7d0e42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

13:14:54.0230 2456 uliagpkx - ok

13:14:54.0261 2456 [ dc54a574663a895c8763af0fa1ff7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

13:14:54.0277 2456 umbus - ok

13:14:54.0292 2456 [ b2e8e8cb557b156da5493bbddcc1474d ] UmPass C:\Windows\system32\DRIVERS\umpass.sys

13:14:54.0324 2456 UmPass - ok

13:14:54.0480 2456 [ 67a95b9d129ed5399e7965cd09cf30e7 ] UMVPFSrv C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

13:14:54.0495 2456 UMVPFSrv - ok

13:14:54.0636 2456 [ 758c2ce427c343f780a205e28555c98d ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

13:14:54.0667 2456 UNS - ok

13:14:54.0714 2456 [ d47ec6a8e81633dd18d2436b19baf6de ] upnphost C:\Windows\System32\upnphost.dll

13:14:54.0776 2456 upnphost - ok

13:14:54.0792 2456 [ aa33fc47ed58c34e6e9261e4f850b7eb ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys

13:14:54.0807 2456 USBAAPL64 - ok

13:14:54.0870 2456 [ 82e8f44688e6fac57b5b7c6fc7adbc2a ] usbaudio C:\Windows\system32\drivers\usbaudio.sys

13:14:54.0901 2456 usbaudio - ok

13:14:54.0932 2456 [ 6f1a3157a1c89435352ceb543cdb359c ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

13:14:54.0948 2456 usbccgp - ok

13:14:54.0979 2456 [ af0892a803fdda7492f595368e3b68e7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

13:14:54.0994 2456 usbcir - ok

13:14:54.0994 2456 [ c025055fe7b87701eb042095df1a2d7b ] usbehci C:\Windows\system32\drivers\usbehci.sys

13:14:55.0010 2456 usbehci - ok

13:14:55.0026 2456 [ 287c6c9410b111b68b52ca298f7b8c24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

13:14:55.0041 2456 usbhub - ok

13:14:55.0057 2456 [ 9840fc418b4cbd632d3d0a667a725c31 ] usbohci C:\Windows\system32\drivers\usbohci.sys

13:14:55.0072 2456 usbohci - ok

13:14:55.0088 2456 [ 73188f58fb384e75c4063d29413cee3d ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

13:14:55.0104 2456 usbprint - ok

13:14:55.0135 2456 [ aaa2513c8aed8b54b189fd0c6b1634c0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

13:14:55.0150 2456 usbscan - ok

13:14:55.0166 2456 [ fed648b01349a3c8395a5169db5fb7d6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

13:14:55.0197 2456 USBSTOR - ok

13:14:55.0197 2456 [ 62069a34518bcf9c1fd9e74b3f6db7cd ] usbuhci C:\Windows\system32\drivers\usbuhci.sys

13:14:55.0213 2456 usbuhci - ok

13:14:55.0228 2456 [ edbb23cbcf2cdf727d64ff9b51a6070e ] UxSms C:\Windows\System32\uxsms.dll

13:14:55.0244 2456 UxSms - ok

13:14:55.0260 2456 [ c118a82cd78818c29ab228366ebf81c3 ] VaultSvc C:\Windows\system32\lsass.exe

13:14:55.0260 2456 VaultSvc - ok

13:14:55.0291 2456 [ c5c876ccfc083ff3b128f933823e87bd ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

13:14:55.0291 2456 vdrvroot - ok

13:14:55.0306 2456 [ 8d6b481601d01a456e75c3210f1830be ] vds C:\Windows\System32\vds.exe

13:14:55.0353 2456 vds - ok

13:14:55.0369 2456 [ da4da3f5e02943c2dc8c6ed875de68dd ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

13:14:55.0384 2456 vga - ok

13:14:55.0400 2456 [ 53e92a310193cb3c03bea963de7d9cfc ] VgaSave C:\Windows\System32\drivers\vga.sys

13:14:55.0431 2456 VgaSave - ok

13:14:55.0447 2456 [ 2ce2df28c83aeaf30084e1b1eb253cbb ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

13:14:55.0447 2456 vhdmp - ok

13:14:55.0478 2456 [ e5689d93ffe4e5d66c0178761240dd54 ] viaide C:\Windows\system32\drivers\viaide.sys

13:14:55.0478 2456 viaide - ok

13:14:55.0494 2456 [ d2aafd421940f640b407aefaaebd91b0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

13:14:55.0509 2456 volmgr - ok

13:14:55.0525 2456 [ a255814907c89be58b79ef2f189b843b ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

13:14:55.0525 2456 volmgrx - ok

13:14:55.0540 2456 [ df8126bd41180351a093a3ad2fc8903b ] volsnap C:\Windows\system32\drivers\volsnap.sys

13:14:55.0556 2456 volsnap - ok

13:14:55.0572 2456 [ 5e2016ea6ebaca03c04feac5f330d997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys

13:14:55.0587 2456 vsmraid - ok

13:14:55.0618 2456 [ b60ba0bc31b0cb414593e169f6f21cc2 ] VSS C:\Windows\system32\vssvc.exe

13:14:55.0681 2456 VSS - ok

13:14:55.0696 2456 [ 36d4720b72b5c5d9cb2b9c29e9df67a1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys

13:14:55.0728 2456 vwifibus - ok

13:14:55.0728 2456 [ 6a3d66263414ff0d6fa754c646612f3f ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys

13:14:55.0743 2456 vwififlt - ok

13:14:55.0759 2456 [ 1c9d80cc3849b3788048078c26486e1a ] W32Time C:\Windows\system32\w32time.dll

13:14:55.0790 2456 W32Time - ok

13:14:55.0806 2456 [ 4e9440f4f152a7b944cb1663d3935a3e ] WacomPen C:\Windows\system32\drivers\wacompen.sys

13:14:55.0821 2456 WacomPen - ok

13:14:55.0837 2456 [ 356afd78a6ed4457169241ac3965230c ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

13:14:55.0868 2456 WANARP - ok

13:14:55.0868 2456 [ 356afd78a6ed4457169241ac3965230c ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

13:14:55.0899 2456 Wanarpv6 - ok

13:14:55.0930 2456 [ 3cec96de223e49eaae3651fcf8faea6c ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

13:14:55.0962 2456 WatAdminSvc - ok

13:14:56.0008 2456 [ 78f4e7f5c56cb9716238eb57da4b6a75 ] wbengine C:\Windows\system32\wbengine.exe

13:14:56.0055 2456 wbengine - ok

13:14:56.0071 2456 [ 3aa101e8edab2db4131333f4325c76a3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

13:14:56.0086 2456 WbioSrvc - ok

13:14:56.0102 2456 [ 7368a2afd46e5a4481d1de9d14848edd ] wcncsvc C:\Windows\System32\wcncsvc.dll

13:14:56.0133 2456 wcncsvc - ok

13:14:56.0149 2456 [ 20f7441334b18cee52027661df4a6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

13:14:56.0164 2456 WcsPlugInService - ok

13:14:56.0180 2456 [ 72889e16ff12ba0f235467d6091b17dc ] Wd C:\Windows\system32\drivers\wd.sys

13:14:56.0180 2456 Wd - ok

13:14:56.0211 2456 [ 441bd2d7b4f98134c3a4f9fa570fd250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

13:14:56.0227 2456 Wdf01000 - ok

13:14:56.0242 2456 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiServiceHost C:\Windows\system32\wdi.dll

13:14:56.0258 2456 WdiServiceHost - ok

13:14:56.0258 2456 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiSystemHost C:\Windows\system32\wdi.dll

13:14:56.0274 2456 WdiSystemHost - ok

13:14:56.0305 2456 [ 3db6d04e1c64272f8b14eb8bc4616280 ] WebClient C:\Windows\System32\webclnt.dll

13:14:56.0320 2456 WebClient - ok

13:14:56.0336 2456 [ c749025a679c5103e575e3b48e092c43 ] Wecsvc C:\Windows\system32\wecsvc.dll

13:14:56.0367 2456 Wecsvc - ok

13:14:56.0383 2456 [ 7e591867422dc788b9e5bd337a669a08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

13:14:56.0414 2456 wercplsupport - ok

13:14:56.0430 2456 [ 6d137963730144698cbd10f202e9f251 ] WerSvc C:\Windows\System32\WerSvc.dll

13:14:56.0445 2456 WerSvc - ok

13:14:56.0476 2456 [ 611b23304bf067451a9fdee01fbdd725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

13:14:56.0492 2456 WfpLwf - ok

13:14:56.0508 2456 [ 05ecaec3e4529a7153b3136ceb49f0ec ] WIMMount C:\Windows\system32\drivers\wimmount.sys

13:14:56.0523 2456 WIMMount - ok

13:14:56.0570 2456 WinDefend - ok

13:14:56.0570 2456 WinHttpAutoProxySvc - ok

13:14:56.0617 2456 [ 19b07e7e8915d701225da41cb3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

13:14:56.0664 2456 Winmgmt - ok

13:14:56.0695 2456 [ bcb1310604aa415c4508708975b3931e ] WinRM C:\Windows\system32\WsmSvc.dll

13:14:56.0757 2456 WinRM - ok

13:14:56.0804 2456 [ fe88b288356e7b47b74b13372add906d ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys

13:14:56.0820 2456 WinUsb - ok

13:14:56.0851 2456 [ 4fada86e62f18a1b2f42ba18ae24e6aa ] Wlansvc C:\Windows\System32\wlansvc.dll

13:14:56.0866 2456 Wlansvc - ok

13:14:56.0898 2456 [ 06c8fa1cf39de6a735b54d906ba791c6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

13:14:56.0913 2456 wlcrasvc - ok

13:14:56.0991 2456 [ 2bacd71123f42cea603f4e205e1ae337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

13:14:57.0038 2456 wlidsvc - ok

13:14:57.0054 2456 [ f6ff8944478594d0e414d3f048f0d778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

13:14:57.0069 2456 WmiAcpi - ok

13:14:57.0085 2456 [ 38b84c94c5a8af291adfea478ae54f93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

13:14:57.0116 2456 wmiApSrv - ok

13:14:57.0132 2456 WMPNetworkSvc - ok

13:14:57.0163 2456 [ 96c6e7100d724c69fcf9e7bf590d1dca ] WPCSvc C:\Windows\System32\wpcsvc.dll

13:14:57.0178 2456 WPCSvc - ok

13:14:57.0194 2456 [ 93221146d4ebbf314c29b23cd6cc391d ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

13:14:57.0194 2456 WPDBusEnum - ok

13:14:57.0225 2456 [ 6bcc1d7d2fd2453957c5479a32364e52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

13:14:57.0241 2456 ws2ifsl - ok

13:14:57.0272 2456 [ e8b1fe6669397d1772d8196df0e57a9e ] wscsvc C:\Windows\system32\wscsvc.dll

13:14:57.0303 2456 wscsvc - ok

13:14:57.0303 2456 WSearch - ok

13:14:57.0366 2456 [ d9ef901dca379cfe914e9fa13b73b4c4 ] wuauserv C:\Windows\system32\wuaueng.dll

13:14:57.0428 2456 wuauserv - ok

13:14:57.0444 2456 [ d3381dc54c34d79b22cee0d65ba91b7c ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

13:14:57.0459 2456 WudfPf - ok

13:14:57.0475 2456 [ cf8d590be3373029d57af80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

13:14:57.0506 2456 WUDFRd - ok

13:14:57.0522 2456 [ 7a95c95b6c4cf292d689106bcae49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

13:14:57.0553 2456 wudfsvc - ok

13:14:57.0553 2456 [ 9a3452b3c2a46c073166c5cf49fad1ae ] WwanSvc C:\Windows\System32\wwansvc.dll

13:14:57.0568 2456 WwanSvc - ok

13:14:57.0584 2456 ================ Scan global ===============================

13:14:57.0600 2456 (ba0cd8c393e8c9f83354106093832c7b) C:\Windows\system32\basesrv.dll

13:14:57.0615 2456 (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll

13:14:57.0631 2456 (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll

13:14:57.0646 2456 (d6160f9d869ba3af0b787f971db56368) C:\Windows\system32\sxssrv.dll

13:14:57.0678 2456 (24acb7e5be595468e3b9aa488b9b4fcb) C:\Windows\system32\services.exe

13:14:57.0678 2456 [Global] - ok

13:14:57.0678 2456 ================ Scan MBR ==================================

13:14:57.0693 2456 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

13:14:57.0958 2456 \Device\Harddisk0\DR0 - ok

13:14:57.0958 2456 ================ Scan VBR ==================================

13:14:57.0974 2456 Boot (0x1200) (fa8d80a531131c449e22fda608531982) \Device\Harddisk0\DR0\Partition1

13:14:57.0974 2456 \Device\Harddisk0\DR0\Partition1 - ok

13:14:58.0005 2456 Boot (0x1200) (52e3616b50d280c6b230c8b86db1cdb2) \Device\Harddisk0\DR0\Partition2

13:14:58.0005 2456 \Device\Harddisk0\DR0\Partition2 - ok

13:14:58.0036 2456 Boot (0x1200) (ba6015a06b397afafd4fe952608a6b55) \Device\Harddisk0\DR0\Partition3

13:14:58.0036 2456 \Device\Harddisk0\DR0\Partition3 - ok

13:14:58.0036 2456 ============================================================

13:14:58.0036 2456 Scan finished

13:14:58.0036 2456 ============================================================

13:14:58.0052 6052 Detected object count: 0

13:14:58.0052 6052 Actual detected object count: 0

13:15:39.0876 5872 Deinitialize success

MrCharlie · August 15, 2012

That scan was clean........

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

gr8nw · August 15, 2012

ComboFix 12-08-15.01 - jk 08/15/2012 13:58:37.2.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6051.4292 [GMT -7:00]

Running from: c:\users\jk\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((( Files Created from 2012-07-15 to 2012-08-15 )))))))))))))))))))))))))))))))

.

2012-08-15 21:01 . 2012-08-15 21:01 -------- d-----w- c:\users\Mcx1-JK-HP\AppData\Local\temp

2012-08-15 21:01 . 2012-08-15 21:01 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-14 19:20 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll

2012-08-14 19:20 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll

2012-08-14 19:20 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-08-14 19:20 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll

2012-08-14 19:20 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll

2012-08-14 19:20 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll

2012-08-14 19:20 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll

2012-08-14 19:20 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll

2012-08-14 19:20 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll

2012-08-14 19:20 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe

2012-08-14 19:20 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe

2012-08-14 19:20 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll

2012-08-11 05:03 . 2012-08-11 05:03 -------- d-----w- c:\users\jk\AppData\Local\HP

2012-07-29 20:24 . 2012-07-29 20:24 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-21 03:37 . 2012-07-21 03:37 -------- d-----w- C:\FRST

2012-07-20 22:20 . 2012-07-20 23:36 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%

2012-07-20 22:12 . 2012-07-20 22:12 -------- d-----w- c:\users\jk\AppData\Roaming\RedDotGames

2012-07-20 22:10 . 2009-09-05 00:44 238936 ----a-w- c:\windows\SysWow64\xactengine3_5.dll

2012-07-20 21:56 . 2012-07-20 21:56 -------- d-----w- c:\program files (x86)\DVD Decrypter

2012-07-20 19:32 . 2012-07-20 21:52 -------- d-----w- c:\users\jk\AppData\Roaming\mIRC

2012-07-20 19:32 . 2012-07-20 19:32 -------- d-----w- c:\program files (x86)\mIRC

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-14 20:36 . 2012-01-03 18:59 62134624 ----a-w- c:\windows\system32\MRT.exe

2012-07-03 20:46 . 2012-05-11 00:27 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-09 05:43 . 2012-07-10 22:37 14172672 ----a-w- c:\windows\system32\shell32.dll

2012-06-06 06:06 . 2012-07-10 22:37 2004480 ----a-w- c:\windows\system32\msxml6.dll

2012-06-06 06:06 . 2012-07-10 22:37 1881600 ----a-w- c:\windows\system32\msxml3.dll

2012-06-06 06:02 . 2012-07-10 22:37 1133568 ----a-w- c:\windows\system32\cdosys.dll

2012-06-06 05:05 . 2012-07-10 22:37 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll

2012-06-06 05:05 . 2012-07-10 22:37 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll

2012-06-06 05:03 . 2012-07-10 22:37 805376 ----a-w- c:\windows\SysWow64\cdosys.dll

2012-06-02 22:19 . 2012-06-21 19:18 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-21 19:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-21 19:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-21 19:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-21 19:18 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 22:19 . 2012-06-21 19:18 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-06-21 19:19 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-21 19:18 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-02 22:15 . 2012-06-21 19:18 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 05:50 . 2012-07-10 22:37 458704 ----a-w- c:\windows\system32\drivers\cng.sys

2012-06-02 05:48 . 2012-07-10 22:37 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-06-02 05:48 . 2012-07-10 22:37 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-06-02 05:45 . 2012-07-10 22:37 340992 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 05:44 . 2012-07-10 22:37 307200 ----a-w- c:\windows\system32\ncrypt.dll

2012-06-02 04:40 . 2012-07-10 22:37 22016 ----a-w- c:\windows\SysWow64\secur32.dll

2012-06-02 04:40 . 2012-07-10 22:37 225280 ----a-w- c:\windows\SysWow64\schannel.dll

2012-06-02 04:39 . 2012-07-10 22:37 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll

2012-06-02 04:34 . 2012-07-10 22:37 96768 ----a-w- c:\windows\SysWow64\sspicli.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2012-02-28 3474840]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-09 85560]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-01-31 158856]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-27 158976]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-25 129976]

R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [2011-08-13 31152]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-03 51712]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-21 1255736]

R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]

S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-07-05 5160568]

S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]

S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-06-09 264008]

S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-29 94264]

S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2012-02-08 149640]

S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]

S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]

S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2011-05-05 1128952]

S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]

S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]

S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]

S3 LVUVC64;Logitech HD Webcam C310(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [2010-10-19 56344]

S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2011-04-22 1360960]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-04-22 471144]

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-221318694-525691764-1706660316-1001Core.job

- c:\users\jk\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-07 06:08]

.

2012-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-221318694-525691764-1706660316-1001UA.job

- c:\users\jk\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-07 06:08]

.

2012-08-13 c:\windows\Tasks\HPCeeScheduleForjk.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]

@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"

[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]

2012-02-08 00:49 23432 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-25 168216]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-25 391960]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-25 418584]

"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm

IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\jk\AppData\Roaming\Mozilla\Firefox\Profiles\dm4gl0fx.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111787

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.id - 1091fab2000000000000d0df9a7f5762

FF - user.js: extensions.BabylonToolbar_i.hardId - 1091fab2000000000000d0df9a7f5762

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15533

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1715:46

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - base

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-{34681D92-5958-406A-A654-1B57E7A7B3DC} - c:\program files (x86)\InstallShield Installation Information\{34681D92-5958-406A-A654-1B57E7A7B3DC}\setup.exe

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]

"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-221318694-525691764-1706660316-1001_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]

@Denied: (Full) (Everyone)

"scansk"=hex(0):d3,3d,89,7c,db,c5,71,e8,73,47,b8,b8,59,ba,c3,67,18,e2,ca,f4,44,

18,1c,99,60,f6,08,4b,52,1d,78,7d,e9,9b,ae,cc,50,2a,65,b0,00,00,00,00,00,00,\

.

[HKEY_USERS\S-1-5-21-221318694-525691764-1706660316-1001_Classes\Wow6432Node\CLSID\{7efc96ed-aa46-4e9d-a2a5-9e04fc4742d4}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"Model"=dword:00000052

"Therad"=dword:0000001d

"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,

1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Completion time: 2012-08-15 14:06:10 - machine was rebooted

ComboFix-quarantined-files.txt 2012-08-15 21:06

.

Pre-Run: 807,303,467,008 bytes free

Post-Run: 807,087,624,192 bytes free

.

- - End Of File - - 35FD9AD438D31A3116CC06C1A86C45B8

MrCharlie · August 15, 2012

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

gr8nw · August 15, 2012

Computer was running fine before, i just decided to run a scan using AVG and it found that trojan thats in the description and Malware found nothing after I did AVG. Here is the newest Malware report log. Ill run AVG again after I post this...

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.15.08

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

jk :: JK-HP [administrator]

8/15/2012 3:17:24 PM

mbam-log-2012-08-15 (15-17-24).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 216726

Time elapsed: 1 minute(s), 57 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

gr8nw · August 15, 2012

Alright AVG found it again.....This is what it says....

C:/FRST/Quarantine/services.exe Trojan horse patched_c.LXT

MrCharlie · August 15, 2012

C:/FRST/Quarantine/services.exe Trojan horse patched_c.LXT

That's a file we already fixed and is in quarantined.

How's the computer running?? MrC

gr8nw · August 16, 2012

My CPU is fine, and it was fine before, I just did a random scan and AVG found that so I decided to make a post on here. I think it said Quarantine the first time I did a scan

I dont know what this folder is but its located on C:/FRST/ then theres 3 folders (Hives, Logs, Quarantine) and file named "softdebug" Should I throw the folder in the trash and delete? I dont know what this same file keeps coming up when I scan with AVG.

I ran a scan again says 1 infection and that its not been removed or healed

Options are: View details, removed selected and remove all unhealed

MrCharlie · August 16, 2012

That folder is from this topic, you can delete the FRST folder.

http://forums.malwar...ndpost&p=573990

``````````````````````````````````````````

and..........

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

http://www.itxassoci...T-Tools/OTL.exe

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, etc....

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

gr8nw · August 16, 2012

All done. Thanks for the help again.

MrCharlie · August 16, 2012

OK...Take Care...MrC

Maurice Naggar · August 16, 2012

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

services.exe Trojan horse Patched_c.LXT

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information