Solved Can't download any Anti-Virus programs

July 31, 2012 at 16:52:18
Specs: Windows 7
Okay so I'm not 100% sure if I have a virus or not, but I have a feeling I do.
I'm using windows 7 and in the Action Center it tells me I need to get a new anti-virus progam. When I click on it, it takes me to a Microsoft webpage, but it says the page cannot be displayed. I can't get onto the Microsoft website at all. Same goes for any other online virus scanner websites.
Windows Defender tells me I have no virus's or anything so I'm slightly confused and I'm not sure if there is a virus or not.

I have no idea what to do, I've tried downloading AVG onto a usb stick, plugging it into the computer with the possible virus, and running it, but AVG won't start up.

Please can someone tell me how to fix this D:


See More: Cant download any Anti-Virus programs

Report •


✔ Best Answer
August 6, 2012 at 07:10:35
Now I'm going to bed, got a lot on tomorrow, shall get back as soon as I can, in the meantime, have prepared this for you.

When I clicked uninstall for Yontoo, A error box came up with the title 'Tarma Installer' and it said 'Setup Initialization Error'.
Use Revo Uninstaller, note my info re partially unistalled.
http://www.softpedia.com/get/Tweak/...
http://www.softpedia.com/progScreen...
http://www.revouninstaller.com/
If you have partially uninstalled your program, you get a message from Revo, that it can't find the uninstaller, hit Cancel & let Revo continue on, to search for the remnants.
If you get a reboot message, ignore it & do it after Revo has finished.
I use Advanced Mode. Screenshots of how to use.
http://img837.imageshack.us/slidesh...
Or,
http://i.imgur.com/Rkkna.gif
http://i.imgur.com/VonCA.gif
http://i.imgur.com/fGmmb.gif
http://i.imgur.com/pdhbV.gif
http://i.imgur.com/fIgy0.gif
http://i.imgur.com/tDH9Z.gif
http://i.imgur.com/DbfgN.gif
http://i.imgur.com/tDafK.gif
http://i.imgur.com/Bz5j9.gif
http://i.imgur.com/X5S5I.gif

Use Wise Disk Cleaner ( I use the default settings for the first 3 boxes, left to right )
http://www.softpedia.com/get/System...
http://www.softpedia.com/progScreen...
http://www.wisecleaner.com/download...

Then run Wise Registry Cleaner ( I use default settings )
http://www.softpedia.com/get/Tweak/...
http://www.softpedia.com/progScreen...
http://www.wisecleaner.com/wiseregi...

Update & do a MSE Quick scan.

Upload a Screenshot of Disk manager to a site of your choice, please.
How To Access Disk Management in Windows 7
http://pcsupport.about.com/od/windo...

"How would I be able to make them?"
That question is too big to handle when trying to sort this out.
While I'm looking at the screenshot, go to Start > Help & support, put in > Partition & hit > Enter.
Or, put > windows 7 partitioning < into google. That will explain about partitioning & perhaps jog your memory, assuming you have had the comp from new.

Anti-virus can't keep up with threat onslaught
http://www.southcoastregister.com.a...
Malware Prevention
http://www.malwarevault.com/index.html
"There is no magic involved. The majority of malware is installed by the user themselves"
Malware Prevention and Avoidance
http://www.malwarevault.com/prevent...
ScareWare Prevention and Avoidance
http://www.malwarevault.com/scarewa...
Secure your computer
http://www.staysmartonline.gov.au/h...



#1
August 1, 2012 at 07:19:27
"Please can someone tell me how to fix this D:"

Without doubt, you are infected, all you idea's are good, but you have to outsmart the virus.

This gives you an idea of what you have to do, using MBAM as an example.

Malwarebytes' Anti-Malware ( MBAM ) Use Quick scan.
http://www.softpedia.com/get/Antivi...
http://www.softpedia.com/progScreen...
http://www.malwarebytes.org/mbam.php
http://www.spywareinfoforum.com/ind...
http://www.bleepingcomputer.com/vir...
If your MBAM log indicates "No action taken." That's usually a result of NOT clicking the Remove Selected button after the scan.
Quick Scan versus Full Scan
http://forums.malwarebytes.org/inde...

Try it in Safe mode with Networking.
If it won't run, rename the downloaded mbam-setup.exe file to mb.exe to help work around certain malware that will block it from being run.
http://www.spywareinfoforum.com/ind...
If it still will not run.
1: Go to Control Panel > Programs and Features and uninstall Malwarebytes.
Next redownload Malwarebytes but rename it before you download it to your desktop. As you are in the process of downloading when you get to the point that the "enter name of file to save to" box appears, in the "filename" slot, rename mbam-setup.exe to something.exe, then click Save.
If it installed but will not run, navigate to this folder:
2: C:\Programs Files\Malwarebytes' AntiMalware
At the top of the page, Tools > Folder Options > View, click > Show hidden files and folders and untick > Hide extensions for known file types.
How to see hidden files in Windows
http://www.bleepingcomputer.com/tut...
Rename all the .exe files in the Malwarebytes' Anti-Malware folder and try to run it again.
When it opens, update 1st.
If it won't update after installing, update manually.
http://www.malwarebytes.org/mbam/da...
Download & install.


Report •

#2
August 1, 2012 at 07:21:12
Once you have done a scan with MBAM, there is more very good info in these guides.

http://www.selectrealsecurity.com/m...

http://www.selectrealsecurity.com/o...


Report •

#3
August 1, 2012 at 07:40:40
Have you removed the previous AV properly from your PC? If not....no other AV will work for you.

Some HELP in posting on Computing.net plus free progs and instructions 7 Golds


Report •

Related Solutions

#4
August 1, 2012 at 10:38:01
Hi I tried download MBAM on Normal Startup and on Safe Mode but neither downloads would fully complete. I put MBAM on a USB stick and tried opening it, but when I clicked on the Device it said 'G:\ Application not found'
I'll try getting onto the USB device on normal mode and see if that works.

Report •

#5
August 1, 2012 at 10:59:23
Okay so I tried loading up MBAM on normal startup and it wouldn't load up. Any idea's on what I should do next? I am literally unable to visit AV sites *including microsoft website*, I am unable to RUN AV programs whether they have been downloaded on my infected computer, or downloaded on a 'healthy' computer and opened using a USB stick :/

Report •

#6
August 1, 2012 at 12:12:40

Report •

#7
August 1, 2012 at 18:06:56
Try changing the exe extension of your MalwareBytes download to cmd, com or bat. If it then installs but doesn't run, do the same for the program's exe file (mbam.exe). This is a deliberately built in MalwareBytes feature.

Always pop back and let us know the outcome - thanks


Report •

#8
August 2, 2012 at 03:10:46
XpUser4Real - I have no other AV programs installed. Only one I have at the moment is Windows Defender..

Derek - I will try that, thankyou


Report •

#9
August 2, 2012 at 03:36:04
"Derek - I will try that, thankyou"

You should have tried that already, that was in my info on how to outsmart the virus.


Report •

#10
August 2, 2012 at 03:56:33
Okay so I was able to get MBAM up and running, But after I choose what to scan on a full scan, it says...
Malwarebytes Anti-Malware has stopped working
A problem caused the program to stop working correctly. Windowa will close the prgram and notify you if a solution is available.

Also, I checked the Quaranteen and there were two trojans in there which I just deleted, Im not sure if they were from a previous scan I did quite a few months ago when I got a virus, but I managed to get rid of that virus.

Any ideas on how I might be able to get MBAM to actually SCAN the computer without getting that 'close program' message?


Report •

#11
August 2, 2012 at 04:26:13
Did you > Try it in Safe mode with Networking.

Report •

#12
August 2, 2012 at 04:27:15

Report •

#13
August 2, 2012 at 07:35:12
Did you try changing the extension of the actual program file too?

mbam.exe is in "C:\Program Files\Malwarebytes' Anti-Malware"

Always pop back and let us know the outcome - thanks


Report •

#14
August 3, 2012 at 04:50:26
okay so i managed to get MBAM working, I installed RKILL and got that working, managed to re install MBAM and now its scanning! Thanks for the link, hopefully it'll find out whats up with my comp!

Report •

#15
August 3, 2012 at 05:02:48
"Thanks for the link, hopefully it'll find out whats up with my comp!"

More often than not, it takes multi scanners to find & fix the problem.


Report •

#16
August 3, 2012 at 05:39:19
" I've tried downloading AVG onto a usb stick, plugging it into the computer with the possible virus, and running it, but AVG won't start up"

Keep in mind, the renaming methods in my first post, can be used on any tools used to remove infections.


Report •

#17
August 3, 2012 at 08:56:44
Okay so I managed to do a Full Scan and it found 4 threats..

Exploit.Drop.UR.2
Hijack.Userinit
Trojan.Agent
Trojan.Agent

I then did a quick scan and found another 'Hijack.Userinit'.
After the full scan I had to restart the computer, but again, when it loaded up, I tried to go onto malwarebytes site, and it wouldn't allow me on there..

Any ideas ? :/


Report •

#18
August 3, 2012 at 19:12:56
"Any ideas ? :/"

Reread my first post.


Report •

#19
August 4, 2012 at 08:26:39
Im currently in the process of sorting out the userinit.exe virus.

The Trojan.Agent is categorised as 'Registry Key' and its located in 'HKLM\SYSTEM\CurrentControlSet\Services\Microsoft Window Service'

I searched it on google but couldn't find a post related to a virus in that specific area?


Report •

#20
August 4, 2012 at 08:59:38
Okay so I found out that the 'HKLM' location is actually the 'HKEY_LOCAL_MACHINE'Location, I then went to the 'Microsoft Window Service' and saw 6 different 'entries' or whatever they are in there. Should I type them up and maybe you could tell me what one looks suspicious or could possibly be a fake/ virus?

Report •

#21
August 4, 2012 at 16:44:17
" Should I type them up and maybe you could tell me what one looks suspicious or could possibly be a fake/ virus?"

Won't hurt, the more people who look at them the better.

Run these 2 programs as well.

RogueKiller
http://www.softpedia.com/get/Securi...
http://www.softpedia.com/progScreen...
http://majorgeeks.com/RogueKiller_d...
http://www.geekstogo.com/forum/file...
http://www.sur-la-toile.com/RogueKi...
http://www.sur-la-toile.com/RogueKi...
[RogueKiller] Official Tutorial
http://www.geekstogo.com/forum/topi...

ComboFix
http://www.bleepingcomputer.com/dow...
http://download.bleepingcomputer.co...
http://www.techsupportforum.com/sec...
http://www.forospyware.com/sUBs/Com...
A guide and tutorial on using ComboFix
http://www.bleepingcomputer.com/com...
Note:
Do not mouseclick combofix's window while it is running. That may cause it to stall.
If after running Combofix you discover none of your programs will open up, and you recieve the following error: "Illegal operation attempted on a registry key that has been marked for deletion". Then the answer is to REBOOT the machine, and all will be corrected.
Can't Install an Antivirus - Windows Security Center still detects previous AV
http://www.experts-exchange.com/Vir...
How to uninstall combofix
http://www.bleepingcomputer.com/com...
We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:
* Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found in this topic.
http://www.bleepingcomputer.com/for...
Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.
When finished, clear away any of the files and folders that were created by ComboFix.
Start > Run, Copy and Paste > ComboFix /uninstall and click OK.
Qoobox is a folder created by Combofix to quarantine any infected files.
Windows XP/Vista/7. Can be used on both 32-bit and 64-bit operating systems.


Report •

#22
August 5, 2012 at 03:19:18
Thanks I'll try that.

Um yesterday I read an article on how to fix the userinit.exe problem. It told me to download spyware cease.. I did this and the scan nearly finished, i then found out that it was a virus. Next thing I know I've been infected with 'Live Security Platinum'.

I did a whole bunch of things to try and get rid of it. I can't 100% remember EACH and EVERY step but some of the programs and things I did were:

I tried to use FixExec > MBAM > RKill and possibly some other programs but Live Security Platinum wouldn't allow me to use these.

I then went into safe mode with networking and downloaded SUPERAntiSpyware onto a USB and plugged it into the infected computer. I was then able to use it and I used a 'Critical Point Scan' and a 'Quick Scan' and I found a couple of problems. i also used MBAM after and It found a 'trojanspy:win32/ursnif' I got rid of this after it was put in quarantine. I restarted the computer and started again in safe mode. Scanned again, and nothing was found. I then went onto the Built-In Administrator account - Not sure if I was in Safe mode or Normal Mode - And I managed to Uninstall Spyware Cease. I was unable to find Live Security Platinum on the list so I assumed it was gone as I couldn't find it anywhere.


Report •

#23
August 5, 2012 at 03:31:07
I then deleted my other acount which I used to use as my main acount. So now I only have the Built-In Administrator acount.

I used MBAM, and SUPERAntiSpywareProfessional and the MRT scan and all said the computer was fine. SASP found quite a few tracking cookies so i deleted them just incase, but that was all. I am now able to use the Internet as well *IE9*

I downloaded a 'Free Windows Registry Repair' and did a full scan. 3006 errors found so i repaired them.

Problems now -

Windows Firewall - Use recommended settings > 'Windows Firewall can't change some of your settings. Error Code 0x80070424'

Windows Defender - Start now > The specified service does now exist as an installed service. (Error code 0x80070424)

Widows Update - Check for updates > Windows update cannot currently check for updates, because the service is not running. You may need to restart your computer.

Also when I went to 'HKLM\SYSTEM\CurrentControlSet\Services\Microsoft Window Service'... Only problem was, 'Microsoft Windows Service' did not exist.. It was no longer there?

I have a feel a virus, *Live security platinum* has possibly got rid of some registry keys or whatever they're called.

I will try your advice on your last post, but any idea how to sort out the firewall, defender, updates and registry problems? thanks for the help so far


Report •

#24
August 5, 2012 at 03:31:44
"so I assumed it was gone as I couldn't find it anywhere"

Just to make sure.

Live Security Platinum

http://is.gd/2PeWuk

http://www.bleepingcomputer.com/vir...


Report •

#25
August 5, 2012 at 03:34:51
"some registry keys or whatever they're called"

Demystifying the Windows Registry
http://www.bleepingcomputer.com/tut...


Report •

#26
August 5, 2012 at 03:38:54
"I will try your advice on your last post"
Yes please.

"but any idea how to sort out the firewall, defender, updates and registry problems? thanks for the help so far"

Can't sort any of these problems, until the comp is clean, the infection is causing these problems.


Report •

#27
August 5, 2012 at 03:57:34
Just followed the tutorial on bleeping computer - There doesn't seem to be any infections on my computer. Was doing scans from about 12am - 2am this morning non stop and after a few, no infections were found.

Report •

#28
August 5, 2012 at 04:00:28
I went to the action center to turn on Windows Security Center Service, and when I click 'Turn On Now' it says 'The Windows Security Center Service can't be started'

Im guessing the same thing causing firewall, updates and defender is also causing this..


Report •

#29
August 5, 2012 at 04:06:02
"There doesn't seem to be any infections on my computer"
Maybe, like I said, it takes multi tests to be sure.

Now run the 2 programs as per my post #21.

Post the logs please.


Report •

#30
August 5, 2012 at 04:49:50
Okay so I managed to run RogueKiller. Here is the log:

RogueKiller V7.6.5 [08/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/file...
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User: Administrator [Admin rights]
Mode: Scan -- Date: 08/05/2012 12:17:47

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 4 ¤¤¤
[SUSP PATH] HKLM\[...]\Winlogon : Userinit (userinit.exe,,C:\Users\Brian\AppData\Local\yoxdutuc\huppftes.exe) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK1655GSX +++++
--- User ---
[MBR] 872f570b1c87565370badaf831cf2a70
[BSP] 4ecabe60f4bbb001de10a61ab0a1bed7 : Windows Vista/7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 140561 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 288278528 | Size: 11763 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 312369152 | Size: 102 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Kingston DataTraveler 2.0 USB Device +++++
--- User ---
[MBR] 8e27b7a8482f5f1670f372db30cfc0b3
[BSP] ec038f3ca5091360f60d743d6f1c7fdb : Standard MBR Code
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 1104 | Size: 3833 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt


But when I ran ComboFix

It installed and then an error message popped up but it was too quick to read.
I waited a while, nothing happened.
So I double clicked ComboFix again and it started to install but another message popped up saying:

Error Opening file for writing:
C:\32788R22FWJFWZLicenceziexplore.exe
Click abort to stop the installation,
Retry to try again, or
Ignore to skip this file.

I cliked retry a few times and the same message came up to I click abort for now, until I recieve a message from you.


Report •

#31
August 5, 2012 at 05:47:43
First question, did you make each & every one of those partitions?

"This is what we are up against, malware has installed an infected hidden partition within your Master Boot Record and set that partition as active so everytime you boot up your system it boots from the infected partition and the malware is activated."
World's stealthiest rootkit gets a makeover
http://www.theregister.co.uk/2011/1...
Rootkit Bounces Back …with a vengeance
http://www.techsupportforum.com/381...


Report •

#32
August 5, 2012 at 05:52:59
what do you mean did i make each and every one of the partitions?
sorry dont understand,
I'll read the links quick

Report •

#33
August 5, 2012 at 05:58:19
"what do you mean did i make each and every one of the partitions?"

Your post #30

Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 140561 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 288278528 | Size: 11763 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 312369152 | Size: 102


Report •

#34
August 5, 2012 at 06:01:38
The Combofix error is not a good sign.

Lets try ESET ( use all the renaming tricks if you have to )

Using ESET's Online Scanner
General clean up and Prep (Do prior to any AV scans)
http://www.computing.net/howtos/sho...
http://forums.majorgeeks.com/showth...
http://www.eset.eu/online-scanner
http://www.eset.com/us/online-scanner
How can I view the log file from ESET Online Scanner?
http://www.eset.eu/eset-online-scan...


Report •

#35
August 5, 2012 at 06:01:51
Um I don't know..?
How would I be able to make them?
Im asking cuz I might be able to remember if I did something that could of made them, then I can say yes or no..

Report •

#36
August 5, 2012 at 06:04:41
"How would I be able to make them?"
That question is too big to handle when trying to sort this out.

Report •

#37
August 5, 2012 at 06:14:55
Should I scan archives as well or just remove found threats?

Report •

#38
August 5, 2012 at 06:24:01
"Should I scan archives as well or just remove found threats?"
Do your posts like this please.

Are you talking about ESET?


Report •

#39
August 5, 2012 at 06:25:57
"Are you talking abotu ESET?"

Yeah I was. I started the scan already though, I'll post the results when it's done.


Report •

#40
August 5, 2012 at 07:08:09
The scan is taking quite a while, it's only on 18% at the moment and its found 'a varient of Win32/Adware.Yontoo.A application'

Report •

#41
August 5, 2012 at 07:32:09
"its found 'a varient of Win32/Adware.Yontoo.A application'"
What I'm hoping is that whatever it finds, it can remove.

Reboot after running each program.

Next, run TDSSKiller
http://www.softpedia.com/get/Antivi...
http://www.softpedia.com/progScreen...
http://support.kaspersky.com/faq/?q...
http://support.kaspersky.com/viruse...
Tutorial-How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit
http://www.bleepingcomputer.com/vir...
Anti-rootkit utility TDSSKiller
http://support.kaspersky.com/faq/?q...
How to detect and remove unknown rootkits
http://support.kaspersky.com/viruse...
How to remove malware belonging to the family Rootkit.Win32.TDSS (aka Tidserv, TDSServ, Alureon)?
http://support.kaspersky.com/viruse...
Tutorial-How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit
http://www.bleepingcomputer.com/vir...

Reboot & then download a new copy of Combofix.

1: Make sure you reread the instructions, some of the main points are >
1a: Run from the desktop
1b: Don't touch the mouse
1c: This time try it in Safe mode with Networking. If Combofix wants to reboot, let it reboot to normal mode
1d: If it won't run or gives any problems, try the renaming tricks.

I'm in Western Australia, bed time for me now, catch you in the morning.



Report •

#42
August 5, 2012 at 07:56:04
Okay so the ESET scan is on 25% and its found 2 'variant of win32/adware.yantoo.B'

After the scans finished I shall download TDSS killer :)

The first link for TDSSKiller is the ONLY download link you've sent me right? The rest are just support and telling me how to do things?


Report •

#43
August 5, 2012 at 08:54:37
Okay my internet just cut out for a second so the ESET scan just cancelled. Should I restart it or should I follow your instructions in your #41 post?

Report •

#44
August 5, 2012 at 14:30:23
ESEC Log -

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=859312f47be1d24c9ec7c4d2eff90aeb
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-08-05 08:00:40
# local_time=2012-08-05 09:00:40 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=2304 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776574 100 94 162155 96648352 0 0
# compatibility_mode=8192 67108863 100 0 9631 9631 0 0
# scanned=170168
# found=2
# cleaned=1
# scan_time=14875
C:\Users\Administrator\AppData\Local\Temp\NOD9F6A.tmp a variant of Win32/Adware.Yontoo.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
${Memory} multiple threats 00000000000000000000000000000000 I


Report •

#45
August 5, 2012 at 14:46:48
These are the files in quarantine.

C:\Users\Administrator\AppData\Local\Temp\NOD9F6A.tmp

C:\Users\Administrator\AppData\Local\Temp\is1598539481\BuzzdockSetup-Silent.exe

C:\Users\Administrator\AppData\Local\Temp\ICReinstall\cnet2_RegpairSetup_exe.exe

C:\Users\Administrator\AppData\Local\Temp\YontooSetup-Silent.exe

C:\Users\Administrator\AppData\Local\Temp\YontooIEClient.dll

C:\Users\Administrator\AppData\Local\Temp\NODD0A8.tmp

C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LKC5HON9\cnet2_RegpairSetup_exe.exe

C:\ProgramData\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setupx.dll

C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll

C:\Program Files\Yontoo\YontooIEClient.dll

Im now going to run TDSSKiller :)


Report •

#46
August 5, 2012 at 16:04:45
"Im now going to run TDSSKiller"
Ok, looks like you are in UK, so you may still be up.

Report •

#47
August 6, 2012 at 03:27:35
Hey im awake now, so I can continue :)
Um when I ran TDSSKiller, and it got to the final but where you choose to clean, skip, or quarantine etc.. i pressed the 'X' at the top to close the page, and it said 'cleaning' which i didn't want it to because I wasn't sure if you wanted me to clean it, or if you wanted me to leave it.

Should I run TDSSKiller again? Or should I boot up in safe mode and run ComboFix?


Report •

#48
August 6, 2012 at 03:39:17
"i pressed the 'X' at the top to close the page, and it said 'cleaning' which i didn't want it to because I wasn't sure if you wanted me to clean it"

Post the log please, will try Combo fix once finished with TDSS.


Report •

#49
August 6, 2012 at 03:43:26
"Should I run TDSSKiller again?'

I did, and it said no threats found.

When I scanned my computer last night, the only threat it found was 'Virus.Win32.zaccess.c'

And thats when I accidently cleaned it.. I say 'accidently' because as i said in my previous post i wasn't sure if you wanted me to clean it or not..


Report •

#50
August 6, 2012 at 03:53:13
"Post the log please, will try Combo Fix once finished with TDSS."

22:49:11.0855 0756 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
22:49:12.0323 0756 ============================================================
22:49:12.0323 0756 Current date / time: 2012/08/05 22:49:12.0323
22:49:12.0323 0756 SystemInfo:
22:49:12.0323 0756
22:49:12.0323 0756 OS Version: 6.1.7601 ServicePack: 1.0
22:49:12.0323 0756 Product type: Workstation
22:49:12.0323 0756 ComputerName: BRIAN-PC
22:49:12.0323 0756 UserName: Administrator
22:49:12.0323 0756 Windows directory: C:\Windows
22:49:12.0323 0756 System windows directory: C:\Windows
22:49:12.0323 0756 Processor architecture: Intel x86
22:49:12.0323 0756 Number of processors: 2
22:49:12.0323 0756 Page size: 0x1000
22:49:12.0323 0756 Boot type: Normal boot
22:49:12.0323 0756 ============================================================
22:49:15.0693 0756 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:49:15.0802 0756 ============================================================
22:49:15.0802 0756 \Device\Harddisk0\DR0:
22:49:15.0833 0756 MBR partitions:
22:49:15.0833 0756 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
22:49:15.0833 0756 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x11288800
22:49:15.0833 0756 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x112EC800, BlocksNum 0x16F9800
22:49:15.0833 0756 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x129E6000, BlocksNum 0x336B0
22:49:15.0833 0756 ============================================================
22:49:15.0911 0756 C: <-> \Device\Harddisk0\DR0\Partition1
22:49:15.0958 0756 D: <-> \Device\Harddisk0\DR0\Partition2
22:49:15.0974 0756 E: <-> \Device\Harddisk0\DR0\Partition3
22:49:16.0301 0756 ============================================================
22:49:16.0301 0756 Initialize success
22:49:16.0301 0756 ============================================================
22:49:59.0248 6056 ============================================================
22:49:59.0248 6056 Scan started
22:49:59.0248 6056 Mode: Manual;
22:49:59.0248 6056 ============================================================
22:50:03.0070 6056 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
22:50:03.0070 6056 !SASCORE - ok
22:50:03.0398 6056 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
22:50:03.0414 6056 1394ohci - ok
22:50:03.0538 6056 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
22:50:03.0554 6056 ACDaemon - ok
22:50:03.0663 6056 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
22:50:03.0710 6056 ACPI - ok
22:50:03.0757 6056 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
22:50:03.0757 6056 AcpiPmi - ok
22:50:03.0850 6056 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
22:50:03.0866 6056 AdobeARMservice - ok
22:50:04.0038 6056 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:50:04.0053 6056 AdobeFlashPlayerUpdateSvc - ok
22:50:04.0178 6056 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
22:50:04.0194 6056 adp94xx - ok
22:50:04.0272 6056 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
22:50:04.0287 6056 adpahci - ok
22:50:04.0334 6056 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
22:50:04.0350 6056 adpu320 - ok
22:50:04.0428 6056 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
22:50:04.0459 6056 AeLookupSvc - ok
22:50:04.0630 6056 AESTFilters (827dbc22c96eecf6d36a13162fabafd3) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5576240ee6baaa25\aestsrv.exe
22:50:04.0646 6056 AESTFilters - ok
22:50:04.0771 6056 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
22:50:04.0786 6056 AFD - ok
22:50:04.0864 6056 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
22:50:04.0864 6056 agp440 - ok
22:50:04.0927 6056 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
22:50:04.0927 6056 aic78xx - ok
22:50:05.0020 6056 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
22:50:05.0020 6056 ALG - ok
22:50:05.0067 6056 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
22:50:05.0067 6056 aliide - ok
22:50:05.0114 6056 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
22:50:05.0114 6056 amdagp - ok
22:50:05.0145 6056 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
22:50:05.0161 6056 amdide - ok
22:50:05.0192 6056 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
22:50:05.0192 6056 AmdK8 - ok
22:50:05.0239 6056 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
22:50:05.0239 6056 AmdPPM - ok
22:50:05.0301 6056 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
22:50:05.0317 6056 amdsata - ok
22:50:05.0364 6056 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
22:50:05.0364 6056 amdsbs - ok
22:50:05.0410 6056 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
22:50:05.0426 6056 amdxata - ok
22:50:05.0473 6056 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
22:50:05.0473 6056 AppID - ok
22:50:05.0520 6056 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
22:50:05.0520 6056 AppIDSvc - ok
22:50:05.0566 6056 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
22:50:05.0566 6056 Appinfo - ok
22:50:05.0691 6056 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:50:05.0707 6056 Apple Mobile Device - ok
22:50:05.0754 6056 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
22:50:05.0754 6056 arc - ok
22:50:05.0816 6056 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
22:50:05.0816 6056 arcsas - ok
22:50:05.0847 6056 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
22:50:05.0847 6056 AsyncMac - ok
22:50:05.0925 6056 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
22:50:05.0925 6056 atapi - ok
22:50:06.0003 6056 athr (76bab0c824e2d05b940c4dd40a9b08bf) C:\Windows\system32\DRIVERS\athr.sys
22:50:06.0034 6056 athr - ok
22:50:06.0112 6056 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
22:50:06.0128 6056 AudioEndpointBuilder - ok
22:50:06.0159 6056 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
22:50:06.0159 6056 Audiosrv - ok
22:50:06.0268 6056 avgtp (684de9d6e62bfb177aabed3c62fdeab3) C:\Windows\system32\drivers\avgtpx86.sys
22:50:06.0284 6056 avgtp - ok
22:50:06.0346 6056 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
22:50:06.0346 6056 AxInstSV - ok
22:50:06.0409 6056 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
22:50:06.0424 6056 b06bdrv - ok
22:50:06.0487 6056 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
22:50:06.0487 6056 b57nd60x - ok
22:50:06.0705 6056 BCM43XX (36a47e6ab1f0967c97722183e21adb1a) C:\Windows\system32\DRIVERS\bcmwl6.sys
22:50:06.0783 6056 BCM43XX - ok
22:50:06.0892 6056 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
22:50:06.0892 6056 BDESVC - ok
22:50:06.0986 6056 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
22:50:06.0986 6056 Beep - ok
22:50:07.0064 6056 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
22:50:07.0064 6056 blbdrive - ok
22:50:07.0126 6056 BMLoad (70cd6d71fc48bbbd1385d7b35aeadecc) C:\Windows\system32\drivers\BMLoad.sys
22:50:07.0126 6056 BMLoad - ok
22:50:07.0282 6056 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
22:50:07.0282 6056 Bonjour Service - ok
22:50:07.0360 6056 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
22:50:07.0360 6056 bowser - ok
22:50:07.0392 6056 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:50:07.0392 6056 BrFiltLo - ok
22:50:07.0423 6056 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:50:07.0423 6056 BrFiltUp - ok
22:50:07.0485 6056 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
22:50:07.0485 6056 BridgeMP - ok
22:50:07.0548 6056 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
22:50:07.0563 6056 Browser - ok
22:50:07.0594 6056 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
22:50:07.0594 6056 Brserid - ok
22:50:07.0626 6056 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
22:50:07.0641 6056 BrSerWdm - ok
22:50:07.0672 6056 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:50:07.0672 6056 BrUsbMdm - ok
22:50:07.0688 6056 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
22:50:07.0688 6056 BrUsbSer - ok
22:50:07.0766 6056 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
22:50:07.0766 6056 BthEnum - ok
22:50:07.0797 6056 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
22:50:07.0797 6056 BTHMODEM - ok
22:50:07.0828 6056 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
22:50:07.0844 6056 BthPan - ok
22:50:07.0891 6056 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys
22:50:07.0906 6056 BTHPORT - ok
22:50:07.0969 6056 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
22:50:07.0969 6056 bthserv - ok
22:50:08.0016 6056 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys
22:50:08.0016 6056 BTHUSB - ok
22:50:08.0094 6056 btusbflt (f549c3fb145a4928e40bb1518b2034dc) C:\Windows\system32\drivers\btusbflt.sys
22:50:08.0094 6056 btusbflt - ok
22:50:08.0281 6056 btwaudio (ce5833c144ca6623bcbde93b188aa850) C:\Windows\system32\drivers\btwaudio.sys
22:50:08.0281 6056 btwaudio - ok
22:50:08.0328 6056 btwavdt (af9148c3e844131ac954cb53ff43d971) C:\Windows\system32\DRIVERS\btwavdt.sys
22:50:08.0328 6056 btwavdt - ok
22:50:08.0452 6056 btwdins (f55c99818fd1eacfc7784958a8592536) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
22:50:08.0468 6056 btwdins - ok
22:50:08.0499 6056 btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\Windows\system32\DRIVERS\btwl2cap.sys
22:50:08.0515 6056 btwl2cap - ok
22:50:08.0812 6056 btwrchid (480b3d195854b2e55299cddddc50bcf9) C:\Windows\system32\DRIVERS\btwrchid.sys
22:50:08.0812 6056 btwrchid - ok
22:50:08.0859 6056 buds - ok
22:50:08.0906 6056 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
22:50:08.0906 6056 cdfs - ok
22:50:08.0999 6056 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
22:50:08.0999 6056 cdrom - ok
22:50:09.0062 6056 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
22:50:09.0062 6056 CertPropSvc - ok
22:50:09.0093 6056 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
22:50:09.0093 6056 circlass - ok
22:50:09.0155 6056 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
22:50:09.0155 6056 CLFS - ok
22:50:09.0249 6056 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:50:09.0265 6056 clr_optimization_v2.0.50727_32 - ok
22:50:09.0358 6056 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:50:09.0358 6056 clr_optimization_v4.0.30319_32 - ok
22:50:09.0405 6056 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
22:50:09.0405 6056 CmBatt - ok
22:50:09.0452 6056 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
22:50:09.0467 6056 cmdide - ok
22:50:09.0530 6056 CNG (247b4ce2dab1160cd422d532d5241e1f) C:\Windows\system32\Drivers\cng.sys
22:50:09.0545 6056 CNG - ok
22:50:09.0670 6056 Com4QLBEx (f9a79c5b27037821112c50a9c8fb367a) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
22:50:09.0686 6056 Com4QLBEx - ok
22:50:09.0733 6056 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
22:50:09.0733 6056 Compbatt - ok
22:50:09.0795 6056 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
22:50:09.0795 6056 CompositeBus - ok
22:50:09.0811 6056 COMSysApp - ok
22:50:09.0857 6056 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
22:50:09.0857 6056 crcdisk - ok
22:50:09.0935 6056 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll
22:50:09.0935 6056 CryptSvc - ok
22:50:10.0013 6056 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
22:50:10.0076 6056 DcomLaunch - ok
22:50:10.0123 6056 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
22:50:10.0138 6056 defragsvc - ok
22:50:10.0201 6056 DfsC (6d793d536e1e9aa2dc8a007c75f816ba) C:\Windows\system32\Drivers\dfsc.sys
22:50:10.0201 6056 Suspicious file (Forged): C:\Windows\system32\Drivers\dfsc.sys. Real md5: 6d793d536e1e9aa2dc8a007c75f816ba, Fake md5: f024449c97ec1e464aaffda18593db88
22:50:10.0201 6056 DfsC ( Virus.Win32.ZAccess.c ) - infected
22:50:10.0201 6056 DfsC - detected Virus.Win32.ZAccess.c (0)
22:50:10.0263 6056 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
22:50:10.0263 6056 Dhcp - ok
22:50:10.0310 6056 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
22:50:10.0310 6056 discache - ok
22:50:10.0372 6056 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
22:50:10.0372 6056 Disk - ok
22:50:10.0419 6056 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
22:50:10.0435 6056 Dnscache - ok
22:50:10.0481 6056 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
22:50:10.0497 6056 dot3svc - ok
22:50:10.0559 6056 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
22:50:10.0559 6056 Dot4 - ok
22:50:10.0653 6056 Dot4Print (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows\system32\drivers\Dot4Prt.sys
22:50:10.0653 6056 Dot4Print - ok
22:50:10.0700 6056 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
22:50:10.0700 6056 dot4usb - ok
22:50:10.0762 6056 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
22:50:10.0778 6056 DPS - ok
22:50:10.0856 6056 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
22:50:10.0856 6056 drmkaud - ok
22:50:10.0949 6056 DVMIO (8cf55015b2a443ee869c90cab31fd435) C:\SPLASH.SYS\config\dvmio.sys
22:50:10.0949 6056 DVMIO - ok
22:50:11.0027 6056 DvmMDES (577582d57d90fb64276acfee958dbfd3) C:\SPLASH.SYS\config\DVMExportService.exe
22:50:11.0043 6056 DvmMDES - ok
22:50:11.0152 6056 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
22:50:11.0183 6056 DXGKrnl - ok
22:50:11.0261 6056 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
22:50:11.0277 6056 EapHost - ok
22:50:11.0527 6056 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
22:50:11.0636 6056 ebdrv - ok
22:50:11.0793 6056 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
22:50:11.0793 6056 EFS - ok
22:50:11.0933 6056 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
22:50:11.0933 6056 ehRecvr - ok
22:50:12.0011 6056 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
22:50:12.0011 6056 ehSched - ok
22:50:12.0152 6056 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
22:50:12.0167 6056 elxstor - ok
22:50:12.0245 6056 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
22:50:12.0245 6056 ErrDev - ok
22:50:12.0370 6056 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
22:50:12.0386 6056 EventSystem - ok
22:50:12.0479 6056 ew_hwusbdev (57c171ea22f0a7f068fcb0caedd1e8e7) C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
22:50:12.0479 6056 ew_hwusbdev - ok
22:50:12.0542 6056 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
22:50:12.0542 6056 exfat - ok
22:50:12.0573 6056 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
22:50:12.0588 6056 fastfat - ok
22:50:12.0682 6056 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
22:50:12.0698 6056 Fax - ok
22:50:12.0744 6056 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
22:50:12.0760 6056 fdc - ok
22:50:12.0807 6056 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
22:50:12.0807 6056 fdPHost - ok
22:50:12.0854 6056 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
22:50:12.0869 6056 FDResPub - ok
22:50:12.0932 6056 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
22:50:12.0932 6056 FileInfo - ok
22:50:12.0963 6056 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
22:50:12.0963 6056 Filetrace - ok
22:50:13.0010 6056 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
22:50:13.0010 6056 flpydisk - ok
22:50:13.0166 6056 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
22:50:13.0166 6056 FltMgr - ok
22:50:13.0400 6056 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
22:50:13.0446 6056 FontCache - ok
22:50:13.0712 6056 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:50:13.0712 6056 FontCache3.0.0.0 - ok
22:50:13.0775 6056 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
22:50:13.0775 6056 FsDepends - ok
22:50:13.0822 6056 fssfltr (b0082808a6856a252f7cdd939892ce50) C:\Windows\system32\DRIVERS\fssfltr.sys
22:50:13.0837 6056 fssfltr - ok
22:50:14.0118 6056 fsssvc (28ddeeec44e988657b732cf404d504cb) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
22:50:14.0305 6056 fsssvc - ok
22:50:14.0711 6056 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
22:50:14.0727 6056 Fs_Rec - ok
22:50:14.0864 6056 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
22:50:14.0864 6056 fvevol - ok
22:50:15.0130 6056 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:50:15.0145 6056 gagp30kx - ok
22:50:15.0364 6056 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files\WildTangent Games\App\GamesAppService.exe
22:50:15.0426 6056 GamesAppService - ok
22:50:15.0504 6056 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:50:15.0504 6056 GEARAspiWDM - ok
22:50:15.0582 6056 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
22:50:15.0598 6056 gpsvc - ok
22:50:15.0676 6056 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
22:50:15.0691 6056 gusvc - ok
22:50:15.0722 6056 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
22:50:15.0722 6056 hcw85cir - ok
22:50:15.0800 6056 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
22:50:15.0816 6056 HdAudAddService - ok
22:50:15.0863 6056 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
22:50:15.0863 6056 HDAudBus - ok
22:50:15.0910 6056 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
22:50:15.0910 6056 HidBatt - ok
22:50:15.0956 6056 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
22:50:15.0956 6056 HidBth - ok
22:50:16.0003 6056 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
22:50:16.0003 6056 HidIr - ok
22:50:16.0066 6056 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
22:50:16.0066 6056 hidserv - ok
22:50:16.0128 6056 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
22:50:16.0128 6056 HidUsb - ok
22:50:16.0175 6056 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
22:50:16.0175 6056 hkmsvc - ok
22:50:16.0206 6056 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
22:50:16.0222 6056 HomeGroupListener - ok
22:50:16.0268 6056 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
22:50:16.0284 6056 HomeGroupProvider - ok
22:50:16.0456 6056 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
22:50:16.0471 6056 HP Support Assistant Service - ok
22:50:16.0549 6056 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
22:50:16.0549 6056 HPDrvMntSvc.exe - ok
22:50:16.0612 6056 HpqKbFiltr (1210960ff8928950d2a786895b0c424a) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
22:50:16.0612 6056 HpqKbFiltr - ok
22:50:16.0721 6056 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
22:50:16.0736 6056 hpqwmiex - ok
22:50:16.0799 6056 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
22:50:16.0799 6056 HpSAMD - ok
22:50:16.0892 6056 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
22:50:16.0892 6056 HTTP - ok
22:50:16.0955 6056 huawei_cdcacm (42a64382a0607b80c99c37170911b346) C:\Windows\system32\DRIVERS\ew_jucdcacm.sys
22:50:16.0955 6056 huawei_cdcacm - ok
22:50:17.0002 6056 huawei_enumerator (f44461e66f1b7dd267957fe9baa63ed0) C:\Windows\system32\DRIVERS\ew_jubusenum.sys
22:50:17.0002 6056 huawei_enumerator - ok
22:50:17.0080 6056 hwdatacard (f547f862b8907f1bcbd9b72a72a6449e) C:\Windows\system32\DRIVERS\ewusbmdm.sys
22:50:17.0080 6056 hwdatacard - ok
22:50:17.0173 6056 HWDeviceService.exe - ok
22:50:17.0220 6056 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
22:50:17.0236 6056 hwpolicy - ok
22:50:17.0298 6056 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
22:50:17.0298 6056 i8042prt - ok
22:50:17.0407 6056 IAANTMON (7548066df68a8a1a56b043359f915f37) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
22:50:17.0407 6056 IAANTMON - ok
22:50:17.0454 6056 iaStor (d483687eace0c065ee772481a96e05f5) C:\Windows\system32\DRIVERS\iaStor.sys
22:50:17.0470 6056 iaStor - ok
22:50:17.0563 6056 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
22:50:17.0563 6056 iaStorV - ok
22:50:17.0719 6056 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:50:17.0735 6056 idsvc - ok
22:50:18.0047 6056 igfx (81f7c715528ab621c6af58869d4b07b9) C:\Windows\system32\DRIVERS\igdkmd32.sys
22:50:18.0187 6056 igfx - ok
22:50:18.0343 6056 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
22:50:18.0359 6056 iirsp - ok
22:50:18.0468 6056 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
22:50:18.0484 6056 IKEEXT - ok
22:50:18.0546 6056 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
22:50:18.0546 6056 intelide - ok
22:50:18.0577 6056 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
22:50:18.0577 6056 intelppm - ok
22:50:18.0624 6056 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
22:50:18.0624 6056 IPBusEnum - ok
22:50:18.0671 6056 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:50:18.0671 6056 IpFilterDriver - ok
22:50:18.0780 6056 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
22:50:18.0780 6056 iphlpsvc - ok
22:50:18.0827 6056 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
22:50:18.0858 6056 IPMIDRV - ok
22:50:18.0905 6056 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
22:50:18.0920 6056 IPNAT - ok
22:50:19.0045 6056 iPod Service (ca1972397b845b2f53f5dc63c22fd98a) C:\Program Files\iPod\bin\iPodService.exe
22:50:19.0061 6056 iPod Service - ok
22:50:19.0108 6056 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
22:50:19.0123 6056 IRENUM - ok
22:50:19.0170 6056 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
22:50:19.0170 6056 isapnp - ok
22:50:19.0232 6056 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
22:50:19.0232 6056 iScsiPrt - ok
22:50:19.0310 6056 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
22:50:19.0310 6056 kbdclass - ok
22:50:19.0342 6056 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
22:50:19.0342 6056 kbdhid - ok
22:50:19.0388 6056 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
22:50:19.0388 6056 KeyIso - ok
22:50:19.0451 6056 KMWDFILTERx86 (4476fe98aaf505acdcd3ee6360aabec1) C:\Windows\system32\DRIVERS\KMWDFILTER.sys
22:50:19.0466 6056 KMWDFILTERx86 - ok
22:50:19.0513 6056 KSecDD (b7895b4182c0d16f6efadeb8081e8d36) C:\Windows\system32\Drivers\ksecdd.sys
22:50:19.0513 6056 KSecDD - ok
22:50:19.0560 6056 KSecPkg (d30159ac9237519fbc62c6ec247d2d46) C:\Windows\system32\Drivers\ksecpkg.sys
22:50:19.0560 6056 KSecPkg - ok
22:50:19.0607 6056 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
22:50:19.0622 6056 KtmRm - ok
22:50:19.0700 6056 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
22:50:19.0716 6056 LanmanServer - ok
22:50:19.0778 6056 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
22:50:19.0794 6056 LanmanWorkstation - ok
22:50:19.0856 6056 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
22:50:19.0856 6056 lltdio - ok
22:50:19.0903 6056 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
22:50:19.0919 6056 lltdsvc - ok
22:50:19.0934 6056 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
22:50:19.0934 6056 lmhosts - ok
22:50:19.0997 6056 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:50:19.0997 6056 LSI_FC - ok
22:50:20.0044 6056 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:50:20.0044 6056 LSI_SAS - ok
22:50:20.0090 6056 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:50:20.0090 6056 LSI_SAS2 - ok
22:50:20.0137 6056 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:50:20.0137 6056 LSI_SCSI - ok
22:50:20.0200 6056 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
22:50:20.0200 6056 luafv - ok
22:50:20.0278 6056 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\Windows\system32\drivers\mbam.sys
22:50:20.0278 6056 MBAMProtector - ok
22:50:20.0434 6056 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
22:50:20.0449 6056 MBAMService - ok
22:50:20.0512 6056 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
22:50:20.0527 6056 Mcx2Svc - ok
22:50:20.0558 6056 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
22:50:20.0558 6056 megasas - ok
22:50:20.0652 6056 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
22:50:20.0668 6056 MegaSR - ok
22:50:20.0714 6056 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
22:50:20.0714 6056 MMCSS - ok
22:50:20.0761 6056 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
22:50:20.0777 6056 Modem - ok
22:50:20.0808 6056 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
22:50:20.0808 6056 monitor - ok
22:50:20.0870 6056 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
22:50:20.0870 6056 mouclass - ok
22:50:20.0933 6056 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
22:50:20.0933 6056 mouhid - ok
22:50:20.0980 6056 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
22:50:20.0995 6056 mountmgr - ok
22:50:21.0042 6056 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys
22:50:21.0058 6056 MpFilter - ok
22:50:21.0151 6056 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
22:50:21.0167 6056 mpio - ok
22:50:21.0323 6056 MpKslce0bb973 (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B6054518-08DE-4390-86DF-A8146CCDC925}\MpKslce0bb973.sys
22:50:21.0323 6056 MpKslce0bb973 - ok
22:50:21.0370 6056 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
22:50:21.0385 6056 mpsdrv - ok
22:50:21.0448 6056 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
22:50:21.0448 6056 MRxDAV - ok
22:50:21.0510 6056 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:50:21.0526 6056 mrxsmb - ok
22:50:21.0572 6056 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:50:21.0588 6056 mrxsmb10 - ok
22:50:21.0650 6056 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:50:21.0650 6056 mrxsmb20 - ok
22:50:21.0697 6056 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
22:50:21.0697 6056 msahci - ok
22:50:21.0744 6056 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
22:50:21.0760 6056 msdsm - ok
22:50:21.0806 6056 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
22:50:21.0806 6056 MSDTC - ok
22:50:21.0869 6056 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
22:50:21.0884 6056 Msfs - ok
22:50:21.0900 6056 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
22:50:21.0916 6056 mshidkmdf - ok
22:50:21.0962 6056 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
22:50:21.0962 6056 msisadrv - ok
22:50:22.0009 6056 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
22:50:22.0009 6056 MSiSCSI - ok
22:50:22.0025 6056 msiserver - ok
22:50:22.0087 6056 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
22:50:22.0087 6056 MSKSSRV - ok
22:50:22.0228 6056 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
22:50:22.0228 6056 MsMpSvc - ok
22:50:22.0290 6056 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
22:50:22.0290 6056 MSPCLOCK - ok
22:50:22.0337 6056 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
22:50:22.0352 6056 MSPQM - ok
22:50:22.0399 6056 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
22:50:22.0399 6056 MsRPC - ok
22:50:22.0462 6056 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
22:50:22.0462 6056 mssmbios - ok
22:50:22.0508 6056 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
22:50:22.0508 6056 MSTEE - ok
22:50:22.0555 6056 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
22:50:22.0555 6056 MTConfig - ok
22:50:22.0586 6056 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
22:50:22.0586 6056 Mup - ok
22:50:22.0649 6056 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
22:50:22.0664 6056 napagent - ok
22:50:22.0742 6056 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
22:50:22.0742 6056 NativeWifiP - ok
22:50:22.0836 6056 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
22:50:22.0852 6056 NDIS - ok
22:50:22.0883 6056 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
22:50:22.0883 6056 NdisCap - ok
22:50:22.0930 6056 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
22:50:22.0930 6056 NdisTapi - ok
22:50:22.0992 6056 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
22:50:23.0008 6056 Ndisuio - ok
22:50:23.0054 6056 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
22:50:23.0054 6056 NdisWan - ok
22:50:23.0086 6056 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
22:50:23.0101 6056 NDProxy - ok
22:50:23.0164 6056 Net Driver HPZ12 (510c138564486ff926a3f773205c63d1) C:\Windows\system32\HPZinw12.dll
22:50:23.0164 6056 Net Driver HPZ12 - ok
22:50:23.0226 6056 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
22:50:23.0242 6056 NetBIOS - ok


Report •

#51
August 6, 2012 at 03:53:54
22:50:23.0288 6056 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
22:50:23.0288 6056 NetBT - ok
22:50:23.0335 6056 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
22:50:23.0351 6056 Netlogon - ok
22:50:23.0413 6056 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
22:50:23.0429 6056 Netman - ok
22:50:23.0460 6056 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
22:50:23.0476 6056 netprofm - ok
22:50:23.0585 6056 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:50:23.0585 6056 NetTcpPortSharing - ok
22:50:23.0834 6056 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
22:50:23.0975 6056 netw5v32 - ok
22:50:24.0132 6056 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
22:50:24.0147 6056 nfrd960 - ok
22:50:24.0194 6056 NisDrv (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
22:50:24.0194 6056 NisDrv - ok
22:50:24.0335 6056 NisSrv (290c0d4c4889398797f8df3be00b9698) c:\Program Files\Microsoft Security Client\NisSrv.exe
22:50:24.0335 6056 NisSrv - ok
22:50:24.0397 6056 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
22:50:24.0413 6056 NlaSvc - ok
22:50:24.0444 6056 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
22:50:24.0459 6056 Npfs - ok
22:50:24.0491 6056 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
22:50:24.0491 6056 nsi - ok
22:50:24.0522 6056 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
22:50:24.0522 6056 nsiproxy - ok
22:50:24.0647 6056 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
22:50:24.0662 6056 Ntfs - ok
22:50:24.0709 6056 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
22:50:24.0709 6056 Null - ok
22:50:24.0771 6056 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
22:50:24.0771 6056 nvraid - ok
22:50:24.0818 6056 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
22:50:24.0818 6056 nvstor - ok
22:50:24.0896 6056 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
22:50:24.0896 6056 nv_agp - ok
22:50:25.0038 6056 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:50:25.0038 6056 odserv - ok
22:50:25.0100 6056 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
22:50:25.0100 6056 ohci1394 - ok
22:50:25.0178 6056 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:50:25.0194 6056 ose - ok
22:50:25.0240 6056 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
22:50:25.0256 6056 p2pimsvc - ok
22:50:25.0303 6056 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
22:50:25.0318 6056 p2psvc - ok
22:50:25.0350 6056 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
22:50:25.0365 6056 Parport - ok
22:50:25.0412 6056 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
22:50:25.0412 6056 partmgr - ok
22:50:25.0428 6056 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
22:50:25.0428 6056 Parvdm - ok
22:50:25.0474 6056 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
22:50:25.0490 6056 PcaSvc - ok
22:50:25.0537 6056 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
22:50:25.0537 6056 pci - ok
22:50:25.0599 6056 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
22:50:25.0599 6056 pciide - ok
22:50:25.0646 6056 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
22:50:25.0646 6056 pcmcia - ok
22:50:25.0693 6056 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
22:50:25.0708 6056 pcw - ok
22:50:25.0771 6056 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
22:50:25.0786 6056 PEAUTH - ok
22:50:25.0958 6056 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
22:50:25.0989 6056 pla - ok
22:50:26.0131 6056 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
22:50:26.0146 6056 PlugPlay - ok
22:50:26.0224 6056 Pml Driver HPZ12 (37e5e8ffbad35605daeec3224ea0e465) C:\Windows\system32\HPZipm12.dll
22:50:26.0224 6056 Pml Driver HPZ12 - ok
22:50:26.0271 6056 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
22:50:26.0271 6056 PNRPAutoReg - ok
22:50:26.0318 6056 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
22:50:26.0333 6056 PNRPsvc - ok
22:50:26.0411 6056 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
22:50:26.0427 6056 PolicyAgent - ok
22:50:26.0474 6056 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
22:50:26.0505 6056 Power - ok
22:50:26.0599 6056 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
22:50:26.0599 6056 PptpMiniport - ok
22:50:26.0630 6056 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
22:50:26.0645 6056 Processor - ok
22:50:26.0708 6056 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll
22:50:26.0723 6056 ProfSvc - ok
22:50:26.0755 6056 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
22:50:26.0770 6056 ProtectedStorage - ok
22:50:26.0833 6056 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
22:50:26.0833 6056 Psched - ok
22:50:26.0942 6056 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
22:50:26.0973 6056 ql2300 - ok
22:50:27.0099 6056 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
22:50:27.0114 6056 ql40xx - ok
22:50:27.0161 6056 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
22:50:27.0177 6056 QWAVE - ok
22:50:27.0224 6056 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
22:50:27.0224 6056 QWAVEdrv - ok
22:50:27.0239 6056 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
22:50:27.0239 6056 RasAcd - ok
22:50:27.0286 6056 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:50:27.0286 6056 RasAgileVpn - ok
22:50:27.0333 6056 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
22:50:27.0348 6056 RasAuto - ok
22:50:27.0380 6056 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:50:27.0395 6056 Rasl2tp - ok
22:50:27.0473 6056 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
22:50:27.0473 6056 RasMan - ok
22:50:27.0504 6056 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
22:50:27.0504 6056 RasPppoe - ok
22:50:27.0567 6056 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
22:50:27.0567 6056 RasSstp - ok
22:50:27.0645 6056 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
22:50:27.0645 6056 rdbss - ok
22:50:27.0692 6056 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
22:50:27.0692 6056 rdpbus - ok
22:50:27.0738 6056 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:50:27.0738 6056 RDPCDD - ok
22:50:27.0816 6056 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
22:50:27.0832 6056 RDPENCDD - ok
22:50:27.0894 6056 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
22:50:27.0894 6056 RDPREFMP - ok
22:50:27.0972 6056 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys
22:50:27.0972 6056 RDPWD - ok
22:50:28.0051 6056 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
22:50:28.0051 6056 rdyboost - ok
22:50:28.0083 6056 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
22:50:28.0098 6056 RemoteAccess - ok
22:50:28.0145 6056 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
22:50:28.0145 6056 RemoteRegistry - ok
22:50:28.0192 6056 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
22:50:28.0192 6056 RFCOMM - ok
22:50:28.0254 6056 RimUsb (0f6756ef8bda6dfa7be50465c83132bb) C:\Windows\system32\Drivers\RimUsb.sys
22:50:28.0254 6056 RimUsb - ok
22:50:28.0301 6056 RkHit - ok
22:50:28.0348 6056 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
22:50:28.0348 6056 RpcEptMapper - ok
22:50:28.0395 6056 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
22:50:28.0395 6056 RpcLocator - ok
22:50:28.0457 6056 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
22:50:28.0473 6056 RpcSs - ok
22:50:28.0519 6056 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
22:50:28.0519 6056 rspndr - ok
22:50:28.0582 6056 RSUSBSTOR (f9541f3b59da30423f2f76ef443c07fc) C:\Windows\system32\Drivers\RtsUStor.sys
22:50:28.0582 6056 RSUSBSTOR - ok
22:50:28.0644 6056 RTL8167 (c5a68c5ec01fd6f03396dd154b48db56) C:\Windows\system32\DRIVERS\Rt86win7.sys
22:50:28.0660 6056 RTL8167 - ok
22:50:28.0691 6056 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
22:50:28.0707 6056 SamSs - ok
22:50:28.0785 6056 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
22:50:28.0800 6056 SASDIFSV - ok
22:50:28.0847 6056 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
22:50:28.0847 6056 SASKUTIL - ok
22:50:28.0925 6056 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
22:50:28.0925 6056 sbp2port - ok
22:50:28.0972 6056 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
22:50:28.0987 6056 SCardSvr - ok
22:50:29.0019 6056 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
22:50:29.0034 6056 scfilter - ok
22:50:29.0113 6056 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
22:50:29.0144 6056 Schedule - ok
22:50:29.0191 6056 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
22:50:29.0191 6056 SCPolicySvc - ok
22:50:29.0254 6056 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
22:50:29.0269 6056 sdbus - ok
22:50:29.0332 6056 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
22:50:29.0332 6056 SDRSVC - ok
22:50:29.0441 6056 SeaPort (16a252022535b680046f6e34e136d378) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
22:50:29.0456 6056 SeaPort - ok
22:50:29.0488 6056 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
22:50:29.0503 6056 secdrv - ok
22:50:29.0534 6056 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
22:50:29.0534 6056 seclogon - ok
22:50:29.0581 6056 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
22:50:29.0581 6056 SENS - ok
22:50:29.0644 6056 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
22:50:29.0644 6056 SensrSvc - ok
22:50:29.0675 6056 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
22:50:29.0690 6056 Serenum - ok
22:50:29.0737 6056 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
22:50:29.0737 6056 Serial - ok
22:50:29.0784 6056 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
22:50:29.0784 6056 sermouse - ok
22:50:29.0878 6056 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
22:50:29.0893 6056 SessionEnv - ok
22:50:29.0940 6056 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
22:50:29.0940 6056 sffdisk - ok
22:50:29.0956 6056 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
22:50:29.0956 6056 sffp_mmc - ok
22:50:29.0987 6056 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
22:50:30.0002 6056 sffp_sd - ok
22:50:30.0049 6056 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
22:50:30.0049 6056 sfloppy - ok
22:50:30.0144 6056 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
22:50:30.0159 6056 ShellHWDetection - ok
22:50:30.0222 6056 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
22:50:30.0222 6056 sisagp - ok
22:50:30.0269 6056 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:50:30.0269 6056 SiSRaid2 - ok
22:50:30.0315 6056 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
22:50:30.0331 6056 SiSRaid4 - ok
22:50:30.0362 6056 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
22:50:30.0378 6056 Smb - ok
22:50:30.0425 6056 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
22:50:30.0425 6056 SNMPTRAP - ok
22:50:30.0456 6056 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
22:50:30.0471 6056 spldr - ok
22:50:30.0549 6056 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
22:50:30.0565 6056 Spooler - ok
22:50:30.0783 6056 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
22:50:30.0893 6056 sppsvc - ok
22:50:31.0064 6056 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
22:50:31.0080 6056 sppuinotify - ok
22:50:31.0174 6056 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
22:50:31.0190 6056 srv - ok
22:50:31.0237 6056 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
22:50:31.0237 6056 srv2 - ok
22:50:31.0315 6056 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
22:50:31.0315 6056 SrvHsfHDA - ok
22:50:31.0393 6056 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
22:50:31.0408 6056 SrvHsfV92 - ok
22:50:31.0471 6056 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
22:50:31.0486 6056 SrvHsfWinac - ok
22:50:31.0533 6056 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
22:50:31.0549 6056 srvnet - ok
22:50:31.0596 6056 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
22:50:31.0611 6056 SSDPSRV - ok
22:50:31.0658 6056 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
22:50:31.0658 6056 SstpSvc - ok
22:50:31.0783 6056 STacSV (1816c34d3dc9a0f1745fb455506c7b58) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5576240ee6baaa25\STacSV.exe
22:50:31.0783 6056 STacSV - ok
22:50:31.0814 6056 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
22:50:31.0814 6056 stexstor - ok
22:50:31.0908 6056 STHDA (96cb9fd21207af4456d37957441f6001) C:\Windows\system32\DRIVERS\stwrt.sys
22:50:31.0908 6056 STHDA - ok
22:50:31.0986 6056 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
22:50:32.0001 6056 StiSvc - ok
22:50:32.0048 6056 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
22:50:32.0048 6056 swenum - ok
22:50:32.0110 6056 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
22:50:32.0127 6056 swprv - ok
22:50:32.0283 6056 SynTP (067cb9d745407a8c1b26e89a6a2ce152) C:\Windows\system32\DRIVERS\SynTP.sys
22:50:32.0283 6056 SynTP - ok
22:50:32.0392 6056 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
22:50:32.0423 6056 SysMain - ok
22:50:32.0470 6056 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
22:50:32.0470 6056 TabletInputService - ok
22:50:32.0533 6056 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
22:50:32.0548 6056 TapiSrv - ok
22:50:32.0595 6056 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
22:50:32.0611 6056 TBS - ok
22:50:32.0767 6056 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
22:50:32.0798 6056 Tcpip - ok
22:50:32.0845 6056 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
22:50:32.0860 6056 TCPIP6 - ok
22:50:32.0938 6056 tcpipBM (74905ebcbb8cbdb1f3c0b1778bbcb4bc) C:\Windows\system32\drivers\tcpipBM.sys
22:50:32.0938 6056 tcpipBM - ok
22:50:32.0985 6056 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
22:50:32.0985 6056 tcpipreg - ok
22:50:33.0047 6056 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
22:50:33.0063 6056 TDPIPE - ok
22:50:33.0094 6056 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
22:50:33.0094 6056 TDTCP - ok
22:50:33.0157 6056 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
22:50:33.0157 6056 tdx - ok
22:50:33.0203 6056 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
22:50:33.0203 6056 TermDD - ok
22:50:33.0281 6056 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
22:50:33.0297 6056 TermService - ok
22:50:33.0344 6056 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
22:50:33.0344 6056 Themes - ok
22:50:33.0391 6056 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
22:50:33.0391 6056 THREADORDER - ok
22:50:33.0422 6056 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
22:50:33.0437 6056 TrkWks - ok
22:50:33.0515 6056 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
22:50:33.0515 6056 TrustedInstaller - ok
22:50:33.0547 6056 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:50:33.0562 6056 tssecsrv - ok
22:50:33.0625 6056 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
22:50:33.0625 6056 TsUsbFlt - ok
22:50:33.0687 6056 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
22:50:33.0687 6056 tunnel - ok
22:50:33.0734 6056 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
22:50:33.0734 6056 uagp35 - ok
22:50:33.0796 6056 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
22:50:33.0812 6056 udfs - ok
22:50:33.0874 6056 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
22:50:33.0890 6056 UI0Detect - ok
22:50:33.0952 6056 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
22:50:33.0968 6056 uliagpkx - ok
22:50:34.0015 6056 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
22:50:34.0015 6056 umbus - ok
22:50:34.0061 6056 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
22:50:34.0077 6056 UmPass - ok
22:50:34.0124 6056 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
22:50:34.0139 6056 upnphost - ok
22:50:34.0202 6056 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\Windows\system32\Drivers\usbaapl.sys
22:50:34.0202 6056 USBAAPL - ok
22:50:34.0264 6056 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
22:50:34.0264 6056 usbccgp - ok
22:50:34.0311 6056 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
22:50:34.0311 6056 usbcir - ok
22:50:34.0342 6056 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys
22:50:34.0342 6056 usbehci - ok
22:50:34.0405 6056 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
22:50:34.0420 6056 usbhub - ok
22:50:34.0467 6056 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
22:50:34.0467 6056 usbohci - ok
22:50:34.0498 6056 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
22:50:34.0498 6056 usbprint - ok
22:50:34.0545 6056 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
22:50:34.0545 6056 usbscan - ok
22:50:34.0607 6056 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:50:34.0623 6056 USBSTOR - ok
22:50:34.0654 6056 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
22:50:34.0670 6056 usbuhci - ok
22:50:34.0732 6056 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
22:50:34.0732 6056 usbvideo - ok
22:50:34.0779 6056 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
22:50:34.0795 6056 UxSms - ok
22:50:34.0841 6056 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
22:50:34.0841 6056 VaultSvc - ok
22:50:34.0888 6056 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
22:50:34.0888 6056 vdrvroot - ok
22:50:34.0966 6056 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
22:50:34.0982 6056 vds - ok
22:50:35.0013 6056 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
22:50:35.0029 6056 vga - ok
22:50:35.0060 6056 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
22:50:35.0060 6056 VgaSave - ok
22:50:35.0122 6056 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
22:50:35.0122 6056 vhdmp - ok
22:50:35.0169 6056 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
22:50:35.0185 6056 viaagp - ok
22:50:35.0231 6056 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
22:50:35.0231 6056 ViaC7 - ok
22:50:35.0247 6056 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
22:50:35.0247 6056 viaide - ok
22:50:35.0387 6056 VmbService (7e4769483d416aa04b916aab7ef0dbaf) C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
22:50:35.0403 6056 VmbService - ok
22:50:35.0465 6056 vodafone_K3805-z_dc_enum (99d9ea024462c5ab369299f794c0bab7) C:\Windows\system32\DRIVERS\vodafone_K3805-z_dc_enum.sys
22:50:35.0465 6056 vodafone_K3805-z_dc_enum - ok
22:50:35.0528 6056 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
22:50:35.0528 6056 volmgr - ok
22:50:35.0590 6056 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
22:50:35.0606 6056 volmgrx - ok
22:50:35.0668 6056 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
22:50:35.0668 6056 volsnap - ok
22:50:35.0731 6056 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
22:50:35.0731 6056 vsmraid - ok
22:50:35.0840 6056 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
22:50:35.0887 6056 VSS - ok
22:50:36.0074 6056 vToolbarUpdater12.1.5 (3da649c6ec481d8f36b54f33fc01dd1e) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe
22:50:36.0089 6056 vToolbarUpdater12.1.5 - ok
22:50:36.0214 6056 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
22:50:36.0214 6056 vwifibus - ok
22:50:36.0245 6056 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
22:50:36.0261 6056 vwififlt - ok
22:50:36.0323 6056 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
22:50:36.0323 6056 vwifimp - ok
22:50:36.0386 6056 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
22:50:36.0401 6056 W32Time - ok
22:50:36.0448 6056 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
22:50:36.0464 6056 WacomPen - ok
22:50:36.0526 6056 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
22:50:36.0526 6056 WANARP - ok
22:50:36.0542 6056 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
22:50:36.0542 6056 Wanarpv6 - ok
22:50:36.0667 6056 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
22:50:36.0698 6056 WatAdminSvc - ok
22:50:36.0807 6056 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
22:50:36.0823 6056 wbengine - ok
22:50:36.0885 6056 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
22:50:36.0901 6056 WbioSrvc - ok
22:50:36.0979 6056 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
22:50:36.0994 6056 wcncsvc - ok
22:50:37.0041 6056 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
22:50:37.0041 6056 WcsPlugInService - ok
22:50:37.0103 6056 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
22:50:37.0103 6056 Wd - ok
22:50:37.0181 6056 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
22:50:37.0181 6056 Wdf01000 - ok
22:50:37.0244 6056 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
22:50:37.0259 6056 WdiServiceHost - ok
22:50:37.0259 6056 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
22:50:37.0275 6056 WdiSystemHost - ok
22:50:37.0337 6056 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
22:50:37.0353 6056 WebClient - ok
22:50:37.0400 6056 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
22:50:37.0400 6056 Wecsvc - ok
22:50:37.0447 6056 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
22:50:37.0447 6056 wercplsupport - ok
22:50:37.0493 6056 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
22:50:37.0493 6056 WerSvc - ok
22:50:37.0525 6056 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
22:50:37.0525 6056 WfpLwf - ok
22:50:37.0571 6056 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
22:50:37.0571 6056 WIMMount - ok
22:50:37.0712 6056 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
22:50:37.0727 6056 WinDefend - ok
22:50:37.0743 6056 WinHttpAutoProxySvc - ok
22:50:37.0837 6056 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
22:50:37.0852 6056 Winmgmt - ok
22:50:37.0961 6056 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
22:50:37.0993 6056 WinRM - ok
22:50:38.0102 6056 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
22:50:38.0102 6056 WinUsb - ok
22:50:38.0196 6056 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
22:50:38.0228 6056 Wlansvc - ok
22:50:38.0337 6056 wlcrasvc (6067acef367e79914af628fa1e9b5330) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
22:50:38.0352 6056 wlcrasvc - ok
22:50:38.0586 6056 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:50:38.0602 6056 wlidsvc - ok
22:50:38.0820 6056 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
22:50:38.0820 6056 WmiAcpi - ok
22:50:38.0930 6056 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
22:50:38.0930 6056 wmiApSrv - ok
22:50:39.0117 6056 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
22:50:39.0148 6056 WMPNetworkSvc - ok
22:50:39.0179 6056 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
22:50:39.0195 6056 WPCSvc - ok
22:50:39.0242 6056 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
22:50:39.0257 6056 WPDBusEnum - ok
22:50:39.0320 6056 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
22:50:39.0320 6056 ws2ifsl - ok
22:50:39.0366 6056 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
22:50:39.0382 6056 wscsvc - ok
22:50:39.0398 6056 WSearch - ok
22:50:39.0554 6056 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
22:50:39.0600 6056 wuauserv - ok
22:50:39.0741 6056 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
22:50:39.0741 6056 WudfPf - ok
22:50:39.0772 6056 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:50:39.0788 6056 WUDFRd - ok
22:50:39.0834 6056 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
22:50:39.0850 6056 wudfsvc - ok
22:50:39.0897 6056 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
22:50:39.0912 6056 WwanSvc - ok
22:50:39.0975 6056 yukonw7 (b07c5b7efdf936ff93d4f540938725be) C:\Windows\system32\DRIVERS\yk62x86.sys
22:50:39.0990 6056 yukonw7 - ok
22:50:40.0053 6056 MBR (0x1B8) (33ca60fb9988b497e14037362203f300) \Device\Harddisk0\DR0
22:50:40.0224 6056 \Device\Harddisk0\DR0 - ok
22:50:40.0240 6056 Boot (0x1200) (7b54d86e14866e01816f6cd121645871) \Device\Harddisk0\DR0\Partition0
22:50:40.0240 6056 \Device\Harddisk0\DR0\Partition0 - ok
22:50:40.0271 6056 Boot (0x1200) (c819933fda3fbeb543e1a468be514823) \Device\Harddisk0\DR0\Partition1
22:50:40.0271 6056 \Device\Harddisk0\DR0\Partition1 - ok
22:50:40.0302 6056 Boot (0x1200) (a064bce1f6defc69d6ef527d27e293a8) \Device\Harddisk0\DR0\Partition2
22:50:40.0318 6056 \Device\Harddisk0\DR0\Partition2 - ok
22:50:40.0334 6056 Boot (0x1200) (fbbc66e60b5a8657d06723e0a1fe555e) \Device\Harddisk0\DR0\Partition3
22:50:40.0349 6056 \Device\Harddisk0\DR0\Partition3 - ok
22:50:40.0349 6056 ============================================================
22:50:40.0349 6056 Scan finished
22:50:40.0349 6056 ============================================================
22:50:40.0396 3912 Detected object count: 1
22:50:40.0396 3912 Actual detected object count: 1
23:07:41.0181 3912 C:\Windows\system32\Drivers\dfsc.sys - copied to quarantine
23:07:41.0231 3912 C:\Windows\$NtUninstallKB50794$\967901146\@ - copied to quarantine
23:07:41.0251 3912 C:\Windows\$NtUninstallKB50794$\967901146\Desktop.ini - copied to quarantine
23:07:41.0271 3912 C:\Windows\$NtUninstallKB50794$\967901146\L\00000004.@ - copied to quarantine
23:07:41.0301 3912 C:\Windows\$NtUninstallKB50794$\967901146\L\201d3dde - copied to quarantine
23:07:41.0341 3912 C:\Windows\$NtUninstallKB50794$\967901146\L\xadqgnnk - copied to quarantine
23:07:41.0381 3912 C:\Windows\$NtUninstallKB50794$\967901146\U\00000004.@ - copied to quarantine
23:07:41.0421 3912 C:\Windows\$NtUninstallKB50794$\967901146\U\00000008.@ - copied to quarantine
23:07:41.0441 3912 C:\Windows\$NtUninstallKB50794$\967901146\U\000000cb.@ - copied to quarantine
23:07:41.0461 3912 C:\Windows\$NtUninstallKB50794$\967901146\U\80000000.@ - copied to quarantine
23:07:41.0491 3912 C:\Windows\$NtUninstallKB50794$\967901146\U\80000032.@ - copied to quarantine
23:07:42.0311 3912 Backup copy found, using it..
23:07:42.0341 3912 C:\Windows\system32\Drivers\dfsc.sys - will be cured on reboot
23:07:45.0391 3912 C:\Windows\$NtUninstallKB50794$\3730485862 - will be deleted on reboot
23:07:45.0401 3912 C:\Windows\$NtUninstallKB50794$\967901146\@ - will be deleted on reboot
23:07:45.0401 3912 C:\Windows\$NtUninstallKB50794$\967901146\Desktop.ini - will be deleted on reboot
23:07:45.0451 3912 C:\Windows\$NtUninstallKB50794$\967901146\U\00000004.@ - will be deleted on reboot
23:07:45.0451 3912 C:\Windows\$NtUninstallKB50794$\967901146\U\00000008.@ - will be deleted on reboot
23:07:45.0451 3912 C:\Windows\$NtUninstallKB50794$\967901146\U\000000cb.@ - will be deleted on reboot
23:07:45.0451 3912 C:\Windows\$NtUninstallKB50794$\967901146\U\80000000.@ - will be deleted on reboot
23:07:45.0461 3912 C:\Windows\$NtUninstallKB50794$\967901146\U\80000032.@ - will be deleted on reboot
23:07:45.0461 3912 DfsC ( Virus.Win32.ZAccess.c ) - User select action: Cure
23:07:54.0958 3384 Deinitialize success

Report •

#52
August 6, 2012 at 04:12:59
Reboot & run TDSS killer again please, just to make sure the deletions stuck.

Post new log.


Report •

#53
August 6, 2012 at 04:24:48
"Reboot & run TDSS killer again please, just to make sure the deletion stuck."


12:16:58.0736 2300 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
12:17:00.0764 2300 ============================================================
12:17:00.0764 2300 Current date / time: 2012/08/06 12:17:00.0764
12:17:00.0764 2300 SystemInfo:
12:17:00.0764 2300
12:17:00.0764 2300 OS Version: 6.1.7601 ServicePack: 1.0
12:17:00.0764 2300 Product type: Workstation
12:17:00.0764 2300 ComputerName: BRIAN-PC
12:17:00.0764 2300 UserName: Administrator
12:17:00.0764 2300 Windows directory: C:\Windows
12:17:00.0764 2300 System windows directory: C:\Windows
12:17:00.0764 2300 Processor architecture: Intel x86
12:17:00.0764 2300 Number of processors: 2
12:17:00.0764 2300 Page size: 0x1000
12:17:00.0764 2300 Boot type: Normal boot
12:17:00.0764 2300 ============================================================
12:17:11.0369 2300 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:17:11.0494 2300 ============================================================
12:17:11.0494 2300 \Device\Harddisk0\DR0:
12:17:11.0494 2300 MBR partitions:
12:17:11.0494 2300 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
12:17:11.0494 2300 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x11288800
12:17:11.0494 2300 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x112EC800, BlocksNum 0x16F9800
12:17:11.0494 2300 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x129E6000, BlocksNum 0x336B0
12:17:11.0494 2300 ============================================================
12:17:11.0619 2300 C: <-> \Device\Harddisk0\DR0\Partition1
12:17:11.0697 2300 D: <-> \Device\Harddisk0\DR0\Partition2
12:17:11.0759 2300 E: <-> \Device\Harddisk0\DR0\Partition3
12:17:11.0759 2300 ============================================================
12:17:11.0759 2300 Initialize success
12:17:11.0759 2300 ============================================================
12:18:08.0254 5100 ============================================================
12:18:08.0254 5100 Scan started
12:18:08.0254 5100 Mode: Manual;
12:18:08.0254 5100 ============================================================
12:18:09.0907 5100 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
12:18:09.0923 5100 !SASCORE - ok
12:18:10.0500 5100 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
12:18:10.0578 5100 1394ohci - ok
12:18:10.0812 5100 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
12:18:10.0906 5100 ACDaemon - ok
12:18:11.0062 5100 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
12:18:11.0108 5100 ACPI - ok
12:18:11.0171 5100 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
12:18:11.0186 5100 AcpiPmi - ok
12:18:11.0358 5100 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
12:18:11.0374 5100 AdobeARMservice - ok
12:18:11.0650 5100 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:18:11.0740 5100 AdobeFlashPlayerUpdateSvc - ok
12:18:11.0900 5100 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
12:18:12.0139 5100 adp94xx - ok
12:18:12.0356 5100 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
12:18:12.0899 5100 adpahci - ok
12:18:12.0966 5100 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
12:18:13.0144 5100 adpu320 - ok
12:18:13.0274 5100 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
12:18:13.0406 5100 AeLookupSvc - ok
12:18:13.0546 5100 AESTFilters (827dbc22c96eecf6d36a13162fabafd3) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5576240ee6baaa25\aestsrv.exe
12:18:13.0551 5100 AESTFilters - ok
12:18:13.0764 5100 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
12:18:14.0349 5100 AFD - ok
12:18:14.0444 5100 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
12:18:15.0204 5100 agp440 - ok
12:18:15.0274 5100 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
12:18:15.0279 5100 aic78xx - ok
12:18:15.0356 5100 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
12:18:15.0396 5100 ALG - ok
12:18:15.0461 5100 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
12:18:15.0476 5100 aliide - ok
12:18:15.0531 5100 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
12:18:15.0559 5100 amdagp - ok
12:18:15.0644 5100 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
12:18:15.0646 5100 amdide - ok
12:18:15.0764 5100 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
12:18:15.0906 5100 AmdK8 - ok
12:18:15.0979 5100 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
12:18:16.0021 5100 AmdPPM - ok
12:18:16.0111 5100 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
12:18:16.0824 5100 amdsata - ok
12:18:16.0894 5100 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
12:18:16.0979 5100 amdsbs - ok
12:18:17.0031 5100 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
12:18:17.0079 5100 amdxata - ok
12:18:17.0174 5100 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
12:18:17.0269 5100 AppID - ok
12:18:17.0381 5100 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
12:18:17.0384 5100 AppIDSvc - ok
12:18:17.0451 5100 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
12:18:17.0496 5100 Appinfo - ok
12:18:18.0044 5100 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:18:18.0061 5100 Apple Mobile Device - ok
12:18:18.0196 5100 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
12:18:18.0716 5100 arc - ok
12:18:18.0781 5100 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
12:18:18.0796 5100 arcsas - ok
12:18:18.0869 5100 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
12:18:18.0904 5100 AsyncMac - ok
12:18:18.0971 5100 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
12:18:18.0971 5100 atapi - ok
12:18:19.0268 5100 athr (76bab0c824e2d05b940c4dd40a9b08bf) C:\Windows\system32\DRIVERS\athr.sys
12:18:19.0502 5100 athr - ok
12:18:19.0720 5100 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
12:18:19.0767 5100 AudioEndpointBuilder - ok
12:18:19.0782 5100 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
12:18:19.0798 5100 Audiosrv - ok
12:18:19.0938 5100 avgtp (684de9d6e62bfb177aabed3c62fdeab3) C:\Windows\system32\drivers\avgtpx86.sys
12:18:20.0016 5100 avgtp - ok
12:18:20.0157 5100 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
12:18:20.0157 5100 AxInstSV - ok
12:18:20.0297 5100 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
12:18:20.0422 5100 b06bdrv - ok
12:18:20.0625 5100 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
12:18:20.0703 5100 b57nd60x - ok
12:18:21.0358 5100 BCM43XX (36a47e6ab1f0967c97722183e21adb1a) C:\Windows\system32\DRIVERS\bcmwl6.sys
12:18:22.0544 5100 BCM43XX - ok
12:18:22.0746 5100 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
12:18:22.0778 5100 BDESVC - ok
12:18:22.0902 5100 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
12:18:23.0214 5100 Beep - ok
12:18:23.0308 5100 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
12:18:23.0651 5100 blbdrive - ok
12:18:23.0760 5100 BMLoad (70cd6d71fc48bbbd1385d7b35aeadecc) C:\Windows\system32\drivers\BMLoad.sys
12:18:23.0776 5100 BMLoad - ok
12:18:23.0979 5100 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
12:18:23.0979 5100 Bonjour Service - ok
12:18:24.0072 5100 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
12:18:24.0182 5100 bowser - ok
12:18:24.0257 5100 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:18:24.0312 5100 BrFiltLo - ok
12:18:24.0360 5100 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:18:24.0407 5100 BrFiltUp - ok
12:18:24.0485 5100 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
12:18:24.0500 5100 BridgeMP - ok
12:18:24.0578 5100 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
12:18:24.0641 5100 Browser - ok
12:18:24.0688 5100 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
12:18:24.0703 5100 Brserid - ok
12:18:24.0766 5100 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
12:18:24.0781 5100 BrSerWdm - ok
12:18:24.0812 5100 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:18:24.0859 5100 BrUsbMdm - ok
12:18:24.0875 5100 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
12:18:24.0937 5100 BrUsbSer - ok
12:18:25.0031 5100 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
12:18:25.0046 5100 BthEnum - ok
12:18:25.0078 5100 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
12:18:25.0093 5100 BTHMODEM - ok
12:18:25.0156 5100 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
12:18:25.0156 5100 BthPan - ok
12:18:25.0276 5100 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys
12:18:25.0312 5100 BTHPORT - ok
12:18:25.0366 5100 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
12:18:25.0383 5100 bthserv - ok
12:18:25.0432 5100 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys
12:18:25.0465 5100 BTHUSB - ok
12:18:25.0580 5100 btusbflt (f549c3fb145a4928e40bb1518b2034dc) C:\Windows\system32\drivers\btusbflt.sys
12:18:25.0617 5100 btusbflt - ok
12:18:25.0802 5100 btwaudio (ce5833c144ca6623bcbde93b188aa850) C:\Windows\system32\drivers\btwaudio.sys
12:18:25.0806 5100 btwaudio - ok
12:18:25.0849 5100 btwavdt (af9148c3e844131ac954cb53ff43d971) C:\Windows\system32\DRIVERS\btwavdt.sys
12:18:25.0854 5100 btwavdt - ok
12:18:26.0057 5100 btwdins (f55c99818fd1eacfc7784958a8592536) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
12:18:26.0077 5100 btwdins - ok
12:18:26.0133 5100 btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\Windows\system32\DRIVERS\btwl2cap.sys
12:18:26.0151 5100 btwl2cap - ok
12:18:26.0333 5100 btwrchid (480b3d195854b2e55299cddddc50bcf9) C:\Windows\system32\DRIVERS\btwrchid.sys
12:18:26.0336 5100 btwrchid - ok
12:18:26.0374 5100 buds - ok
12:18:26.0530 5100 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
12:18:26.0577 5100 cdfs - ok
12:18:26.0718 5100 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
12:18:26.0718 5100 cdrom - ok
12:18:26.0920 5100 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
12:18:26.0936 5100 CertPropSvc - ok
12:18:26.0983 5100 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
12:18:26.0998 5100 circlass - ok
12:18:27.0061 5100 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
12:18:27.0076 5100 CLFS - ok
12:18:27.0170 5100 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:18:27.0186 5100 clr_optimization_v2.0.50727_32 - ok
12:18:27.0451 5100 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:18:27.0482 5100 clr_optimization_v4.0.30319_32 - ok
12:18:27.0576 5100 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
12:18:27.0669 5100 CmBatt - ok
12:18:27.0700 5100 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
12:18:27.0700 5100 cmdide - ok
12:18:27.0794 5100 CNG (247b4ce2dab1160cd422d532d5241e1f) C:\Windows\system32\Drivers\cng.sys
12:18:27.0810 5100 CNG - ok
12:18:28.0059 5100 Com4QLBEx (f9a79c5b27037821112c50a9c8fb367a) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
12:18:28.0075 5100 Com4QLBEx - ok
12:18:28.0153 5100 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
12:18:28.0153 5100 Compbatt - ok
12:18:28.0231 5100 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
12:18:28.0340 5100 CompositeBus - ok
12:18:28.0371 5100 COMSysApp - ok
12:18:28.0418 5100 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
12:18:28.0465 5100 crcdisk - ok
12:18:28.0574 5100 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll
12:18:28.0590 5100 CryptSvc - ok
12:18:28.0917 5100 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
12:18:28.0964 5100 DcomLaunch - ok
12:18:29.0026 5100 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
12:18:29.0073 5100 defragsvc - ok
12:18:29.0214 5100 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
12:18:29.0526 5100 DfsC - ok
12:18:29.0604 5100 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
12:18:29.0619 5100 Dhcp - ok
12:18:29.0666 5100 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
12:18:29.0682 5100 discache - ok
12:18:29.0744 5100 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
12:18:29.0744 5100 Disk - ok
12:18:29.0806 5100 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
12:18:29.0838 5100 Dnscache - ok
12:18:29.0900 5100 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
12:18:29.0947 5100 dot3svc - ok
12:18:30.0009 5100 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
12:18:30.0087 5100 Dot4 - ok
12:18:30.0150 5100 Dot4Print (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows\system32\drivers\Dot4Prt.sys
12:18:30.0181 5100 Dot4Print - ok
12:18:30.0212 5100 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
12:18:30.0212 5100 dot4usb - ok
12:18:30.0306 5100 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
12:18:30.0306 5100 DPS - ok
12:18:30.0399 5100 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
12:18:30.0477 5100 drmkaud - ok
12:18:30.0633 5100 DVMIO (8cf55015b2a443ee869c90cab31fd435) C:\SPLASH.SYS\config\dvmio.sys
12:18:30.0852 5100 DVMIO - ok
12:18:30.0961 5100 DvmMDES (577582d57d90fb64276acfee958dbfd3) C:\SPLASH.SYS\config\DVMExportService.exe
12:18:31.0476 5100 DvmMDES - ok
12:18:31.0585 5100 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
12:18:31.0647 5100 DXGKrnl - ok
12:18:31.0725 5100 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
12:18:31.0803 5100 EapHost - ok
12:18:32.0162 5100 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
12:18:32.0349 5100 ebdrv - ok
12:18:32.0833 5100 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
12:18:32.0848 5100 EFS - ok
12:18:33.0441 5100 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
12:18:34.0221 5100 ehRecvr - ok
12:18:34.0471 5100 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
12:18:34.0642 5100 ehSched - ok
12:18:34.0892 5100 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
12:18:34.0908 5100 elxstor - ok
12:18:34.0986 5100 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
12:18:35.0017 5100 ErrDev - ok
12:18:35.0126 5100 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
12:18:35.0142 5100 EventSystem - ok
12:18:35.0235 5100 ew_hwusbdev (57c171ea22f0a7f068fcb0caedd1e8e7) C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
12:18:35.0235 5100 ew_hwusbdev - ok
12:18:35.0298 5100 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
12:18:35.0298 5100 exfat - ok
12:18:35.0360 5100 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
12:18:35.0360 5100 fastfat - ok
12:18:35.0469 5100 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
12:18:35.0485 5100 Fax - ok
12:18:35.0563 5100 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
12:18:35.0563 5100 fdc - ok
12:18:35.0610 5100 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
12:18:35.0625 5100 fdPHost - ok
12:18:35.0703 5100 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
12:18:35.0703 5100 FDResPub - ok
12:18:35.0797 5100 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
12:18:35.0797 5100 FileInfo - ok
12:18:35.0844 5100 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
12:18:38.0609 5100 Filetrace - ok
12:18:38.0632 5100 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
12:18:38.0647 5100 flpydisk - ok
12:18:38.0709 5100 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
12:18:38.0714 5100 FltMgr - ok
12:18:38.0859 5100 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
12:18:38.0887 5100 FontCache - ok
12:18:38.0999 5100 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:18:39.0032 5100 FontCache3.0.0.0 - ok
12:18:39.0064 5100 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
12:18:39.0089 5100 FsDepends - ok
12:18:39.0167 5100 fssfltr (b0082808a6856a252f7cdd939892ce50) C:\Windows\system32\DRIVERS\fssfltr.sys
12:18:39.0184 5100 fssfltr - ok
12:18:39.0467 5100 fsssvc (28ddeeec44e988657b732cf404d504cb) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
12:18:39.0654 5100 fsssvc - ok
12:18:39.0789 5100 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
12:18:39.0792 5100 Fs_Rec - ok
12:18:39.0882 5100 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
12:18:39.0889 5100 fvevol - ok
12:18:40.0002 5100 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
12:18:40.0004 5100 gagp30kx - ok
12:18:40.0282 5100 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files\WildTangent Games\App\GamesAppService.exe
12:18:40.0317 5100 GamesAppService - ok
12:18:40.0392 5100 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:18:40.0414 5100 GEARAspiWDM - ok
12:18:40.0574 5100 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
12:18:41.0154 5100 gpsvc - ok
12:18:41.0322 5100 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
12:18:41.0374 5100 gusvc - ok
12:18:41.0412 5100 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
12:18:41.0454 5100 hcw85cir - ok
12:18:41.0587 5100 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
12:18:41.0604 5100 HdAudAddService - ok
12:18:41.0689 5100 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
12:18:41.0694 5100 HDAudBus - ok
12:18:41.0744 5100 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
12:18:41.0789 5100 HidBatt - ok
12:18:41.0829 5100 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
12:18:41.0859 5100 HidBth - ok
12:18:41.0934 5100 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
12:18:41.0972 5100 HidIr - ok
12:18:42.0022 5100 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
12:18:42.0067 5100 hidserv - ok
12:18:42.0134 5100 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
12:18:42.0152 5100 HidUsb - ok
12:18:42.0214 5100 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
12:18:42.0222 5100 hkmsvc - ok
12:18:42.0312 5100 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
12:18:42.0389 5100 HomeGroupListener - ok
12:18:42.0447 5100 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
12:18:42.0459 5100 HomeGroupProvider - ok
12:18:42.0869 5100 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
12:18:42.0892 5100 HP Support Assistant Service - ok
12:18:43.0009 5100 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
12:18:43.0012 5100 HPDrvMntSvc.exe - ok
12:18:43.0069 5100 HpqKbFiltr (1210960ff8928950d2a786895b0c424a) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
12:18:43.0084 5100 HpqKbFiltr - ok
12:18:43.0227 5100 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
12:18:43.0247 5100 hpqwmiex - ok
12:18:43.0307 5100 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
12:18:43.0309 5100 HpSAMD - ok
12:18:43.0419 5100 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
12:18:43.0452 5100 HTTP - ok
12:18:43.0507 5100 huawei_cdcacm (42a64382a0607b80c99c37170911b346) C:\Windows\system32\DRIVERS\ew_jucdcacm.sys
12:18:43.0554 5100 huawei_cdcacm - ok
12:18:43.0644 5100 huawei_enumerator (f44461e66f1b7dd267957fe9baa63ed0) C:\Windows\system32\DRIVERS\ew_jubusenum.sys
12:18:43.0662 5100 huawei_enumerator - ok
12:18:43.0732 5100 hwdatacard (f547f862b8907f1bcbd9b72a72a6449e) C:\Windows\system32\DRIVERS\ewusbmdm.sys
12:18:43.0779 5100 hwdatacard - ok
12:18:43.0864 5100 HWDeviceService.exe - ok
12:18:43.0922 5100 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
12:18:43.0927 5100 hwpolicy - ok
12:18:44.0047 5100 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
12:18:44.0077 5100 i8042prt - ok
12:18:44.0192 5100 IAANTMON (7548066df68a8a1a56b043359f915f37) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
12:18:44.0204 5100 IAANTMON - ok
12:18:44.0344 5100 iaStor (d483687eace0c065ee772481a96e05f5) C:\Windows\system32\DRIVERS\iaStor.sys
12:18:44.0354 5100 iaStor - ok
12:18:44.0449 5100 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
12:18:44.0459 5100 iaStorV - ok
12:18:44.0639 5100 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:18:44.0762 5100 idsvc - ok
12:18:45.0182 5100 igfx (81f7c715528ab621c6af58869d4b07b9) C:\Windows\system32\DRIVERS\igdkmd32.sys
12:18:45.0382 5100 igfx - ok
12:18:45.0539 5100 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
12:18:45.0542 5100 iirsp - ok
12:18:45.0662 5100 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
12:18:45.0749 5100 IKEEXT - ok
12:18:45.0819 5100 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
12:18:45.0824 5100 intelide - ok
12:18:45.0857 5100 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
12:18:45.0869 5100 intelppm - ok
12:18:45.0909 5100 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
12:18:46.0002 5100 IPBusEnum - ok
12:18:46.0142 5100 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:18:46.0242 5100 IpFilterDriver - ok
12:18:46.0364 5100 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
12:18:46.0382 5100 iphlpsvc - ok
12:18:46.0427 5100 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
12:18:46.0459 5100 IPMIDRV - ok
12:18:46.0494 5100 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
12:18:46.0522 5100 IPNAT - ok
12:18:46.0754 5100 iPod Service (ca1972397b845b2f53f5dc63c22fd98a) C:\Program Files\iPod\bin\iPodService.exe
12:18:46.0774 5100 iPod Service - ok
12:18:46.0822 5100 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
12:18:46.0857 5100 IRENUM - ok
12:18:46.0909 5100 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
12:18:46.0912 5100 isapnp - ok
12:18:47.0022 5100 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
12:18:47.0079 5100 iScsiPrt - ok
12:18:47.0214 5100 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
12:18:47.0219 5100 kbdclass - ok
12:18:47.0329 5100 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
12:18:47.0354 5100 kbdhid - ok
12:18:47.0412 5100 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
12:18:47.0417 5100 KeyIso - ok
12:18:47.0497 5100 KMWDFILTERx86 (4476fe98aaf505acdcd3ee6360aabec1) C:\Windows\system32\DRIVERS\KMWDFILTER.sys
12:18:47.0534 5100 KMWDFILTERx86 - ok
12:18:47.0602 5100 KSecDD (b7895b4182c0d16f6efadeb8081e8d36) C:\Windows\system32\Drivers\ksecdd.sys
12:18:47.0607 5100 KSecDD - ok
12:18:47.0769 5100 KSecPkg (d30159ac9237519fbc62c6ec247d2d46) C:\Windows\system32\Drivers\ksecpkg.sys
12:18:47.0774 5100 KSecPkg - ok
12:18:47.0907 5100 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
12:18:47.0919 5100 KtmRm - ok
12:18:48.0017 5100 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
12:18:48.0069 5100 LanmanServer - ok
12:18:48.0154 5100 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
12:18:48.0244 5100 LanmanWorkstation - ok
12:18:48.0489 5100 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
12:18:48.0519 5100 lltdio - ok
12:18:48.0669 5100 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
12:18:48.0694 5100 lltdsvc - ok
12:18:48.0729 5100 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
12:18:48.0734 5100 lmhosts - ok
12:18:49.0042 5100 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
12:18:49.0047 5100 LSI_FC - ok
12:18:49.0342 5100 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
12:18:49.0347 5100 LSI_SAS - ok
12:18:49.0412 5100 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:18:49.0414 5100 LSI_SAS2 - ok
12:18:49.0482 5100 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:18:49.0484 5100 LSI_SCSI - ok
12:18:49.0612 5100 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
12:18:49.0624 5100 luafv - ok
12:18:49.0762 5100 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\Windows\system32\drivers\mbam.sys
12:18:49.0794 5100 MBAMProtector - ok
12:18:50.0172 5100 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
12:18:50.0249 5100 MBAMService - ok
12:18:50.0427 5100 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
12:18:50.0437 5100 Mcx2Svc - ok
12:18:50.0532 5100 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
12:18:50.0534 5100 megasas - ok
12:18:50.0942 5100 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
12:18:50.0964 5100 MegaSR - ok
12:18:51.0037 5100 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
12:18:51.0047 5100 MMCSS - ok
12:18:51.0229 5100 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
12:18:51.0262 5100 Modem - ok
12:18:51.0374 5100 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
12:18:51.0379 5100 monitor - ok
12:18:51.0642 5100 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
12:18:51.0689 5100 mouclass - ok
12:18:51.0827 5100 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
12:18:51.0832 5100 mouhid - ok
12:18:52.0037 5100 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
12:18:52.0039 5100 mountmgr - ok
12:18:52.0124 5100 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys
12:18:52.0129 5100 MpFilter - ok
12:18:52.0324 5100 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
12:18:52.0429 5100 mpio - ok
12:18:53.0697 5100 MpKsl95597ca9 (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{581E3C04-86EC-4E75-8F55-92F90AC5BC2B}\MpKsl95597ca9.sys
12:18:53.0699 5100 MpKsl95597ca9 - ok
12:18:53.0787 5100 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
12:18:53.0792 5100 mpsdrv - ok
12:18:53.0914 5100 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
12:18:53.0919 5100 MRxDAV - ok
12:18:54.0167 5100 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:18:54.0172 5100 mrxsmb - ok
12:18:54.0387 5100 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:18:54.0402 5100 mrxsmb10 - ok
12:18:54.0622 5100 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:18:54.0627 5100 mrxsmb20 - ok
12:18:54.0687 5100 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
12:18:54.0689 5100 msahci - ok
12:18:55.0127 5100 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
12:18:55.0134 5100 msdsm - ok
12:18:55.0229 5100 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
12:18:55.0239 5100 MSDTC - ok
12:18:55.0574 5100 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
12:18:55.0637 5100 Msfs - ok
12:18:55.0754 5100 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
12:18:55.0779 5100 mshidkmdf - ok
12:18:55.0844 5100 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
12:18:55.0849 5100 msisadrv - ok
12:18:56.0082 5100 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
12:18:56.0144 5100 MSiSCSI - ok
12:18:56.0157 5100 msiserver - ok
12:18:56.0392 5100 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
12:18:56.0397 5100 MSKSSRV - ok
12:18:56.0744 5100 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
12:18:56.0747 5100 MsMpSvc - ok
12:18:56.0829 5100 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
12:18:56.0989 5100 MSPCLOCK - ok
12:18:57.0162 5100 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
12:18:57.0177 5100 MSPQM - ok
12:18:57.0304 5100 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
12:18:57.0309 5100 MsRPC - ok
12:18:57.0409 5100 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
12:18:57.0412 5100 mssmbios - ok
12:18:57.0477 5100 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
12:18:57.0479 5100 MSTEE - ok
12:18:57.0559 5100 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
12:18:57.0562 5100 MTConfig - ok
12:18:57.0619 5100 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
12:18:57.0622 5100 Mup - ok
12:18:57.0714 5100 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
12:18:57.0729 5100 napagent - ok
12:18:57.0869 5100 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
12:18:57.0912 5100 NativeWifiP - ok
12:18:58.0102 5100 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
12:18:58.0244 5100 NDIS - ok
12:18:58.0529 5100 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
12:18:58.0609 5100 NdisCap - ok
12:18:58.0707 5100 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
12:18:58.0749 5100 NdisTapi - ok


Report •

#54
August 6, 2012 at 04:25:23
12:18:58.0857 5100 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
12:18:58.0894 5100 Ndisuio - ok
12:18:58.0997 5100 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
12:18:59.0034 5100 NdisWan - ok
12:18:59.0092 5100 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
12:18:59.0114 5100 NDProxy - ok
12:18:59.0304 5100 Net Driver HPZ12 (510c138564486ff926a3f773205c63d1) C:\Windows\system32\HPZinw12.dll
12:18:59.0317 5100 Net Driver HPZ12 - ok
12:18:59.0419 5100 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
12:18:59.0459 5100 NetBIOS - ok
12:18:59.0539 5100 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
12:18:59.0552 5100 NetBT - ok
12:18:59.0724 5100 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
12:18:59.0724 5100 Netlogon - ok
12:18:59.0884 5100 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
12:18:59.0914 5100 Netman - ok
12:19:00.0074 5100 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
12:19:00.0087 5100 netprofm - ok
12:19:00.0332 5100 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:19:00.0367 5100 NetTcpPortSharing - ok
12:19:01.0092 5100 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
12:19:01.0307 5100 netw5v32 - ok
12:19:02.0159 5100 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
12:19:02.0164 5100 nfrd960 - ok
12:19:02.0224 5100 NisDrv (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
12:19:02.0264 5100 NisDrv - ok
12:19:02.0584 5100 NisSrv (290c0d4c4889398797f8df3be00b9698) c:\Program Files\Microsoft Security Client\NisSrv.exe
12:19:02.0599 5100 NisSrv - ok
12:19:02.0692 5100 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
12:19:02.0704 5100 NlaSvc - ok
12:19:02.0804 5100 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
12:19:02.0809 5100 Npfs - ok
12:19:02.0908 5100 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
12:19:02.0915 5100 nsi - ok
12:19:03.0080 5100 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
12:19:03.0163 5100 nsiproxy - ok
12:19:03.0385 5100 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
12:19:03.0445 5100 Ntfs - ok
12:19:03.0600 5100 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
12:19:03.0638 5100 Null - ok
12:19:03.0733 5100 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
12:19:03.0738 5100 nvraid - ok
12:19:03.0773 5100 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
12:19:03.0788 5100 nvstor - ok
12:19:03.0955 5100 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
12:19:03.0980 5100 nv_agp - ok
12:19:04.0220 5100 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:19:04.0323 5100 odserv - ok
12:19:04.0505 5100 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
12:19:04.0515 5100 ohci1394 - ok
12:19:04.0635 5100 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:19:04.0645 5100 ose - ok
12:19:04.0743 5100 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
12:19:04.0853 5100 p2pimsvc - ok
12:19:04.0948 5100 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
12:19:04.0963 5100 p2psvc - ok
12:19:05.0130 5100 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
12:19:05.0135 5100 Parport - ok
12:19:05.0295 5100 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
12:19:05.0300 5100 partmgr - ok
12:19:05.0600 5100 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
12:19:05.0608 5100 Parvdm - ok
12:19:05.0720 5100 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
12:19:05.0743 5100 PcaSvc - ok
12:19:05.0845 5100 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
12:19:05.0853 5100 pci - ok
12:19:06.0140 5100 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
12:19:06.0145 5100 pciide - ok
12:19:06.0298 5100 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
12:19:06.0365 5100 pcmcia - ok
12:19:06.0528 5100 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
12:19:06.0533 5100 pcw - ok
12:19:06.0905 5100 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
12:19:06.0958 5100 PEAUTH - ok
12:19:07.0455 5100 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
12:19:07.0525 5100 pla - ok
12:19:08.0265 5100 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
12:19:08.0345 5100 PlugPlay - ok
12:19:08.0585 5100 Pml Driver HPZ12 (37e5e8ffbad35605daeec3224ea0e465) C:\Windows\system32\HPZipm12.dll
12:19:08.0595 5100 Pml Driver HPZ12 - ok
12:19:08.0965 5100 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
12:19:08.0995 5100 PNRPAutoReg - ok
12:19:09.0255 5100 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
12:19:09.0265 5100 PNRPsvc - ok
12:19:09.0345 5100 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
12:19:09.0355 5100 PolicyAgent - ok
12:19:09.0505 5100 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
12:19:09.0525 5100 Power - ok
12:19:09.0755 5100 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
12:19:09.0775 5100 PptpMiniport - ok
12:19:09.0875 5100 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
12:19:09.0885 5100 Processor - ok
12:19:09.0965 5100 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll
12:19:09.0985 5100 ProfSvc - ok
12:19:10.0085 5100 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
12:19:10.0095 5100 ProtectedStorage - ok
12:19:11.0323 5100 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
12:19:11.0421 5100 Psched - ok
12:19:15.0539 5100 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
12:19:15.0711 5100 ql2300 - ok
12:19:22.0914 5100 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
12:19:23.0199 5100 ql40xx - ok
12:19:24.0359 5100 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
12:19:24.0656 5100 QWAVE - ok
12:19:25.0704 5100 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
12:19:25.0984 5100 QWAVEdrv - ok
12:19:26.0019 5100 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
12:19:26.0036 5100 RasAcd - ok
12:19:26.0079 5100 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:19:26.0104 5100 RasAgileVpn - ok
12:19:26.0194 5100 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
12:19:26.0269 5100 RasAuto - ok
12:19:26.0389 5100 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:19:26.0411 5100 Rasl2tp - ok
12:19:26.0559 5100 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
12:19:26.0606 5100 RasMan - ok
12:19:27.0114 5100 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
12:19:27.0161 5100 RasPppoe - ok
12:19:27.0229 5100 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
12:19:27.0269 5100 RasSstp - ok
12:19:27.0504 5100 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
12:19:27.0536 5100 rdbss - ok
12:19:28.0246 5100 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
12:19:28.0551 5100 rdpbus - ok
12:19:28.0784 5100 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:19:28.0799 5100 RDPCDD - ok
12:19:29.0029 5100 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
12:19:29.0064 5100 RDPENCDD - ok
12:19:29.0124 5100 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
12:19:29.0164 5100 RDPREFMP - ok
12:19:29.0241 5100 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys
12:19:29.0249 5100 RDPWD - ok
12:19:29.0346 5100 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
12:19:29.0351 5100 rdyboost - ok
12:19:29.0406 5100 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
12:19:29.0429 5100 RemoteAccess - ok
12:19:29.0504 5100 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
12:19:29.0534 5100 RemoteRegistry - ok
12:19:29.0769 5100 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
12:19:29.0879 5100 RFCOMM - ok
12:19:29.0969 5100 RimUsb (0f6756ef8bda6dfa7be50465c83132bb) C:\Windows\system32\Drivers\RimUsb.sys
12:19:30.0006 5100 RimUsb - ok
12:19:30.0131 5100 RkHit - ok
12:19:30.0221 5100 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
12:19:30.0274 5100 RpcEptMapper - ok
12:19:30.0776 5100 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
12:19:30.0876 5100 RpcLocator - ok
12:19:31.0021 5100 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
12:19:31.0051 5100 RpcSs - ok
12:19:31.0301 5100 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
12:19:31.0456 5100 rspndr - ok
12:19:32.0039 5100 RSUSBSTOR (f9541f3b59da30423f2f76ef443c07fc) C:\Windows\system32\Drivers\RtsUStor.sys
12:19:32.0069 5100 RSUSBSTOR - ok
12:19:32.0159 5100 RTL8167 (c5a68c5ec01fd6f03396dd154b48db56) C:\Windows\system32\DRIVERS\Rt86win7.sys
12:19:32.0201 5100 RTL8167 - ok
12:19:32.0271 5100 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
12:19:32.0284 5100 SamSs - ok
12:19:32.0669 5100 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
12:19:32.0699 5100 SASDIFSV - ok
12:19:32.0781 5100 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
12:19:32.0809 5100 SASKUTIL - ok
12:19:32.0939 5100 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
12:19:32.0944 5100 sbp2port - ok
12:19:33.0114 5100 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
12:19:33.0126 5100 SCardSvr - ok
12:19:33.0224 5100 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
12:19:33.0229 5100 scfilter - ok
12:19:33.0621 5100 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
12:19:33.0756 5100 Schedule - ok
12:19:33.0976 5100 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
12:19:33.0976 5100 SCPolicySvc - ok
12:19:34.0236 5100 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
12:19:34.0256 5100 sdbus - ok
12:19:34.0596 5100 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
12:19:34.0626 5100 SDRSVC - ok
12:19:38.0146 5100 SeaPort (16a252022535b680046f6e34e136d378) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
12:19:38.0146 5100 SeaPort - ok
12:19:38.0416 5100 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
12:19:38.0416 5100 secdrv - ok
12:19:38.0606 5100 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
12:19:38.0616 5100 seclogon - ok
12:19:39.0186 5100 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
12:19:39.0416 5100 SENS - ok
12:19:39.0816 5100 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
12:19:39.0906 5100 SensrSvc - ok
12:19:39.0996 5100 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
12:19:40.0006 5100 Serenum - ok
12:19:40.0056 5100 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
12:19:40.0056 5100 Serial - ok
12:19:40.0266 5100 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
12:19:40.0266 5100 sermouse - ok
12:19:40.0576 5100 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
12:19:40.0596 5100 SessionEnv - ok
12:19:40.0786 5100 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
12:19:40.0786 5100 sffdisk - ok
12:19:40.0886 5100 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
12:19:40.0896 5100 sffp_mmc - ok
12:19:40.0916 5100 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
12:19:40.0936 5100 sffp_sd - ok
12:19:41.0036 5100 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
12:19:41.0036 5100 sfloppy - ok
12:19:41.0166 5100 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
12:19:41.0186 5100 ShellHWDetection - ok
12:19:41.0376 5100 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
12:19:41.0431 5100 sisagp - ok
12:19:41.0561 5100 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:19:41.0561 5100 SiSRaid2 - ok
12:19:41.0721 5100 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
12:19:41.0731 5100 SiSRaid4 - ok
12:19:41.0881 5100 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
12:19:41.0881 5100 Smb - ok
12:19:42.0531 5100 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
12:19:42.0541 5100 SNMPTRAP - ok
12:19:42.0571 5100 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
12:19:42.0571 5100 spldr - ok
12:19:42.0661 5100 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
12:19:42.0691 5100 Spooler - ok
12:19:43.0981 5100 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
12:19:44.0391 5100 sppsvc - ok
12:19:44.0812 5100 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
12:19:44.0832 5100 sppuinotify - ok
12:19:45.0112 5100 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
12:19:45.0152 5100 srv - ok
12:19:45.0232 5100 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
12:19:45.0242 5100 srv2 - ok
12:19:45.0562 5100 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
12:19:45.0572 5100 SrvHsfHDA - ok
12:19:45.0912 5100 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
12:19:46.0042 5100 SrvHsfV92 - ok
12:19:46.0162 5100 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
12:19:46.0192 5100 SrvHsfWinac - ok
12:19:46.0352 5100 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
12:19:46.0422 5100 srvnet - ok
12:19:46.0533 5100 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
12:19:46.0543 5100 SSDPSRV - ok
12:19:47.0103 5100 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
12:19:47.0161 5100 SstpSvc - ok
12:19:47.0881 5100 STacSV (1816c34d3dc9a0f1745fb455506c7b58) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5576240ee6baaa25\STacSV.exe
12:19:49.0172 5100 STacSV - ok
12:19:49.0264 5100 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
12:19:49.0269 5100 stexstor - ok
12:19:49.0514 5100 STHDA (96cb9fd21207af4456d37957441f6001) C:\Windows\system32\DRIVERS\stwrt.sys
12:19:49.0534 5100 STHDA - ok
12:19:49.0987 5100 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
12:19:50.0007 5100 StiSvc - ok
12:19:50.0284 5100 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
12:19:50.0287 5100 swenum - ok
12:19:50.0462 5100 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
12:19:50.0477 5100 swprv - ok
12:19:51.0164 5100 SynTP (067cb9d745407a8c1b26e89a6a2ce152) C:\Windows\system32\DRIVERS\SynTP.sys
12:19:51.0234 5100 SynTP - ok
12:19:55.0833 5100 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
12:19:55.0930 5100 SysMain - ok
12:19:56.0315 5100 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
12:19:56.0355 5100 TabletInputService - ok
12:19:56.0745 5100 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
12:19:56.0760 5100 TapiSrv - ok
12:19:57.0010 5100 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
12:19:57.0023 5100 TBS - ok
12:19:58.0285 5100 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
12:19:58.0418 5100 Tcpip - ok
12:19:58.0528 5100 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
12:19:58.0548 5100 TCPIP6 - ok
12:19:58.0888 5100 tcpipBM (74905ebcbb8cbdb1f3c0b1778bbcb4bc) C:\Windows\system32\drivers\tcpipBM.sys
12:19:59.0223 5100 tcpipBM - ok
12:19:59.0403 5100 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
12:19:59.0405 5100 tcpipreg - ok
12:19:59.0535 5100 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
12:19:59.0550 5100 TDPIPE - ok
12:19:59.0598 5100 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
12:19:59.0603 5100 TDTCP - ok
12:19:59.0753 5100 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
12:19:59.0760 5100 tdx - ok
12:19:59.0875 5100 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
12:20:00.0028 5100 TermDD - ok
12:20:00.0238 5100 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
12:20:00.0273 5100 TermService - ok
12:20:00.0685 5100 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
12:20:00.0695 5100 Themes - ok
12:20:00.0995 5100 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
12:20:01.0003 5100 THREADORDER - ok
12:20:01.0273 5100 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
12:20:01.0285 5100 TrkWks - ok
12:20:01.0693 5100 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
12:20:02.0956 5100 TrustedInstaller - ok
12:20:03.0091 5100 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:20:03.0093 5100 tssecsrv - ok
12:20:03.0496 5100 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
12:20:03.0518 5100 TsUsbFlt - ok
12:20:03.0768 5100 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
12:20:03.0773 5100 tunnel - ok
12:20:03.0926 5100 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
12:20:03.0931 5100 uagp35 - ok
12:20:04.0083 5100 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
12:20:04.0123 5100 udfs - ok
12:20:04.0238 5100 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
12:20:04.0286 5100 UI0Detect - ok
12:20:04.0373 5100 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
12:20:04.0386 5100 uliagpkx - ok
12:20:04.0503 5100 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
12:20:04.0526 5100 umbus - ok
12:20:04.0603 5100 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
12:20:04.0611 5100 UmPass - ok
12:20:04.0813 5100 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
12:20:05.0073 5100 upnphost - ok
12:20:05.0173 5100 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\Windows\system32\Drivers\usbaapl.sys
12:20:05.0423 5100 USBAAPL - ok
12:20:05.0623 5100 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
12:20:05.0646 5100 usbccgp - ok
12:20:05.0878 5100 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
12:20:05.0943 5100 usbcir - ok
12:20:06.0046 5100 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys
12:20:06.0051 5100 usbehci - ok
12:20:06.0118 5100 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
12:20:06.0321 5100 usbhub - ok
12:20:06.0716 5100 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
12:20:06.0763 5100 usbohci - ok
12:20:06.0891 5100 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
12:20:06.0898 5100 usbprint - ok
12:20:07.0303 5100 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
12:20:07.0371 5100 usbscan - ok
12:20:07.0463 5100 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:20:07.0468 5100 USBSTOR - ok
12:20:07.0561 5100 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
12:20:07.0608 5100 usbuhci - ok
12:20:07.0813 5100 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
12:20:07.0818 5100 usbvideo - ok
12:20:08.0080 5100 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
12:20:08.0090 5100 UxSms - ok
12:20:08.0198 5100 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
12:20:08.0205 5100 VaultSvc - ok
12:20:08.0495 5100 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
12:20:08.0498 5100 vdrvroot - ok
12:20:08.0623 5100 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
12:20:08.0653 5100 vds - ok
12:20:08.0845 5100 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
12:20:08.0848 5100 vga - ok
12:20:09.0030 5100 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
12:20:09.0030 5100 VgaSave - ok
12:20:09.0186 5100 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
12:20:09.0202 5100 vhdmp - ok
12:20:09.0311 5100 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
12:20:09.0311 5100 viaagp - ok
12:20:09.0498 5100 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
12:20:09.0498 5100 ViaC7 - ok
12:20:09.0576 5100 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
12:20:09.0576 5100 viaide - ok
12:20:09.0872 5100 VmbService (7e4769483d416aa04b916aab7ef0dbaf) C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
12:20:09.0872 5100 VmbService - ok
12:20:10.0028 5100 vodafone_K3805-z_dc_enum (99d9ea024462c5ab369299f794c0bab7) C:\Windows\system32\DRIVERS\vodafone_K3805-z_dc_enum.sys
12:20:10.0028 5100 vodafone_K3805-z_dc_enum - ok
12:20:10.0138 5100 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
12:20:10.0138 5100 volmgr - ok
12:20:10.0450 5100 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
12:20:10.0652 5100 volmgrx - ok
12:20:10.0824 5100 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
12:20:10.0871 5100 volsnap - ok
12:20:11.0027 5100 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
12:20:11.0058 5100 vsmraid - ok
12:20:11.0417 5100 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
12:20:11.0542 5100 VSS - ok
12:20:12.0415 5100 vToolbarUpdater12.1.5 (3da649c6ec481d8f36b54f33fc01dd1e) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe
12:20:12.0462 5100 vToolbarUpdater12.1.5 - ok
12:20:13.0070 5100 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
12:20:13.0086 5100 vwifibus - ok
12:20:13.0226 5100 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
12:20:13.0242 5100 vwififlt - ok
12:20:13.0398 5100 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
12:20:13.0398 5100 vwifimp - ok
12:20:13.0788 5100 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
12:20:13.0960 5100 W32Time - ok
12:20:14.0147 5100 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
12:20:14.0162 5100 WacomPen - ok
12:20:14.0459 5100 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
12:20:14.0474 5100 WANARP - ok
12:20:14.0490 5100 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
12:20:14.0506 5100 Wanarpv6 - ok
12:20:14.0974 5100 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
12:20:15.0098 5100 WatAdminSvc - ok
12:20:15.0644 5100 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
12:20:15.0722 5100 wbengine - ok
12:20:15.0910 5100 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
12:20:15.0910 5100 WbioSrvc - ok
12:20:16.0112 5100 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
12:20:16.0128 5100 wcncsvc - ok
12:20:16.0206 5100 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
12:20:16.0222 5100 WcsPlugInService - ok
12:20:16.0378 5100 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
12:20:16.0409 5100 Wd - ok
12:20:16.0705 5100 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
12:20:16.0814 5100 Wdf01000 - ok
12:20:16.0955 5100 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
12:20:16.0970 5100 WdiServiceHost - ok
12:20:16.0986 5100 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
12:20:17.0002 5100 WdiSystemHost - ok
12:20:17.0064 5100 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
12:20:17.0080 5100 WebClient - ok
12:20:17.0173 5100 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
12:20:17.0189 5100 Wecsvc - ok
12:20:17.0298 5100 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
12:20:17.0329 5100 wercplsupport - ok
12:20:17.0548 5100 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
12:20:17.0563 5100 WerSvc - ok
12:20:17.0704 5100 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
12:20:17.0704 5100 WfpLwf - ok
12:20:17.0828 5100 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
12:20:17.0828 5100 WIMMount - ok
12:20:18.0250 5100 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
12:20:18.0499 5100 WinDefend - ok
12:20:18.0608 5100 WinHttpAutoProxySvc - ok
12:20:18.0780 5100 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
12:20:18.0796 5100 Winmgmt - ok
12:20:19.0139 5100 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
12:20:19.0217 5100 WinRM - ok
12:20:19.0700 5100 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
12:20:19.0700 5100 WinUsb - ok
12:20:19.0856 5100 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
12:20:19.0888 5100 Wlansvc - ok
12:20:20.0262 5100 wlcrasvc (6067acef367e79914af628fa1e9b5330) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
12:20:20.0278 5100 wlcrasvc - ok
12:20:21.0136 5100 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:20:21.0307 5100 wlidsvc - ok
12:20:21.0822 5100 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
12:20:21.0822 5100 WmiAcpi - ok
12:20:22.0150 5100 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
12:20:22.0493 5100 wmiApSrv - ok
12:20:22.0930 5100 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
12:20:23.0008 5100 WMPNetworkSvc - ok
12:20:23.0070 5100 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
12:20:23.0086 5100 WPCSvc - ok
12:20:23.0132 5100 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
12:20:23.0148 5100 WPDBusEnum - ok
12:20:23.0257 5100 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
12:20:23.0273 5100 ws2ifsl - ok
12:20:23.0429 5100 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
12:20:23.0444 5100 wscsvc - ok
12:20:23.0476 5100 WSearch - ok
12:20:23.0850 5100 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
12:20:23.0944 5100 wuauserv - ok
12:20:24.0614 5100 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
12:20:24.0614 5100 WudfPf - ok
12:20:24.0724 5100 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:20:24.0739 5100 WUDFRd - ok
12:20:24.0833 5100 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
12:20:24.0848 5100 wudfsvc - ok
12:20:24.0926 5100 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
12:20:24.0973 5100 WwanSvc - ok
12:20:25.0145 5100 yukonw7 (b07c5b7efdf936ff93d4f540938725be) C:\Windows\system32\DRIVERS\yk62x86.sys
12:20:25.0176 5100 yukonw7 - ok
12:20:25.0332 5100 MBR (0x1B8) (33ca60fb9988b497e14037362203f300) \Device\Harddisk0\DR0
12:20:26.0330 5100 \Device\Harddisk0\DR0 - ok
12:20:26.0377 5100 Boot (0x1200) (7b54d86e14866e01816f6cd121645871) \Device\Harddisk0\DR0\Partition0
12:20:26.0377 5100 \Device\Harddisk0\DR0\Partition0 - ok
12:20:26.0393 5100 Boot (0x1200) (c819933fda3fbeb543e1a468be514823) \Device\Harddisk0\DR0\Partition1
12:20:26.0393 5100 \Device\Harddisk0\DR0\Partition1 - ok
12:20:26.0455 5100 Boot (0x1200) (a064bce1f6defc69d6ef527d27e293a8) \Device\Harddisk0\DR0\Partition2
12:20:26.0471 5100 \Device\Harddisk0\DR0\Partition2 - ok
12:20:26.0502 5100 Boot (0x1200) (fbbc66e60b5a8657d06723e0a1fe555e) \Device\Harddisk0\DR0\Partition3
12:20:26.0502 5100 \Device\Harddisk0\DR0\Partition3 - ok
12:20:26.0502 5100 ============================================================
12:20:26.0502 5100 Scan finished
12:20:26.0502 5100 ============================================================
12:20:26.0533 5092 Detected object count: 0
12:20:26.0549 5092 Actual detected object count: 0

Report •

#55
August 6, 2012 at 04:28:07
12:20:26.0533 5092 Detected object count: 0
12:20:26.0549 5092 Actual detected object count: 0
Very good, we are getting there. Run Combofix now & lets see if there are any more major layers to peel back.

Report •

#56
August 6, 2012 at 04:31:49
Thank god!
Thanks for all your help so far, I really appreciate it!

Should I run it in safe mode with networking or normal mode?


Report •

#57
August 6, 2012 at 04:36:36
"Thanks for all your help so far, I really appreciate it!"
YW, I enjoy the challenge, not much fun for you.

"Should I run it in safe mode with networking or normal mode?"
Try normal first.


Report •

#58
August 6, 2012 at 05:28:41
Okay so Combo Fix worked this time in normal mode! Here is the log!

ComboFix 12-08-05.02 - Administrator 06/08/2012 12:53:59.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.987.315 [GMT 1:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\windows
c:\programdata\windows\dumd.dat
c:\programdata\Windows\xdor.dat
c:\windows\$NtUninstallKB50794$
c:\windows\$NtUninstallKB50794$\967901146\L\00000004.@
c:\windows\$NtUninstallKB50794$\967901146\L\201d3dde
c:\windows\$NtUninstallKB50794$\967901146\L\xadqgnnk
c:\windows\system32\oem103.inf
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_RKHIT
-------\Service_RkHit
.
.
((((((((((((((((((((((((( Files Created from 2012-07-06 to 2012-08-06 )))))))))))))))))))))))))))))))
.
.
2012-08-06 12:08 . 2012-08-06 12:13 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-08-06 12:08 . 2012-08-06 12:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-06 10:33 . 2012-07-16 01:41 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{581E3C04-86EC-4E75-8F55-92F90AC5BC2B}\mpengine.dll
2012-08-05 22:07 . 2012-08-05 22:07 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-05 13:12 . 2012-08-05 13:12 -------- d-----w- c:\program files\ESET
2012-08-05 10:25 . 2012-08-05 10:25 -------- d-----w- c:\users\Administrator\AppData\Roaming\Hewlett-Packard
2012-08-05 10:24 . 2012-08-05 10:24 -------- d-----w- c:\users\Administrator\AppData\Local\Hewlett-Packard
2012-08-05 10:22 . 2012-08-05 10:22 -------- d-----w- c:\users\Administrator\AppData\Roaming\SUPERAntiSpyware.com
2012-08-05 00:59 . 2012-08-05 00:59 -------- d-----w- c:\users\Administrator\AppData\Local\AVG Secure Search
2012-08-05 00:59 . 2012-08-05 00:59 -------- d-----w- c:\programdata\AVG Secure Search
2012-08-05 00:58 . 2012-08-05 00:58 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-08-05 00:58 . 2012-08-05 00:58 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-08-05 00:58 . 2012-08-05 00:59 -------- d-----w- c:\program files\AVG Secure Search
2012-08-05 00:58 . 2012-08-05 01:11 -------- d-----w- c:\program files\Free Window Registry Repair
2012-08-05 00:57 . 2012-08-05 14:07 -------- d-----w- c:\program files\Yontoo
2012-08-05 00:57 . 2012-08-05 10:53 -------- d-----w- c:\programdata\Tarma Installer
2012-08-05 00:01 . 2012-08-05 00:01 -------- d-----w- c:\users\Administrator\AppData\Roaming\Malwarebytes
2012-08-04 23:45 . 2012-02-09 13:17 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{68542351-84E7-4BBA-87C9-B50126CE0966}\gapaengine.dll
2012-08-04 23:39 . 2012-08-04 23:40 -------- d-----w- c:\program files\Microsoft Security Client
2012-08-04 20:32 . 2012-08-04 20:33 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-08-04 20:32 . 2012-08-04 20:32 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-08-04 20:30 . 2012-08-04 20:19 18967744 ----a-w- C:\sasp.exe
2012-08-04 19:21 . 2012-08-04 17:35 883616 ----a-w- C:\FixExec.scr
2012-08-04 17:12 . 2012-08-04 17:12 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-08-04 16:53 . 2012-08-04 16:55 -------- d-----w- c:\programdata\036DFF8A00482ED415B2FFE4F875F020
2012-08-04 16:36 . 2012-08-04 16:36 -------- d-----w- c:\windows\Sun
2012-08-03 22:41 . 2012-08-03 22:41 -------- d-----w- c:\programdata\sc_startup_backup
2012-08-03 14:29 . 2012-08-03 14:29 9827016 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-08-03 11:45 . 2012-07-03 12:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-03 09:44 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9EA73A65-363B-44E8-9B9D-542DA6CD907A}\mpengine.dll
2012-07-31 22:57 . 2012-07-31 22:57 -------- d--h--w- c:\programdata\Common Files
2012-07-31 22:57 . 2012-07-31 22:57 -------- d-----w- c:\programdata\MFAData
2012-07-28 18:46 . 2012-07-28 18:47 -------- d-----w- c:\program files\WildTangent Games
2012-07-28 11:10 . 2012-07-28 11:10 -------- d-----w- c:\programdata\ESTsoft
2012-07-23 19:02 . 2012-07-23 19:03 -------- d-----w- c:\program files\Common Files\Adobe
2012-07-11 23:22 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-06 10:21 . 2011-04-07 17:54 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys
2012-08-03 14:29 . 2012-06-22 22:34 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-03 14:29 . 2012-01-07 16:28 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-31 19:52 . 2009-12-16 09:35 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2012-07-31 19:52 . 2009-12-16 09:35 91448 ----a-w- c:\windows\system32\bcmwlcoi.dll
2012-07-31 19:52 . 2009-12-16 09:35 3866624 ----a-w- c:\windows\system32\bcmihvsrv.dll
2012-07-31 19:52 . 2009-12-16 09:35 3555328 ----a-w- c:\windows\system32\bcmihvui.dll
2012-07-31 19:52 . 2009-12-16 09:35 2710592 ----a-w- c:\windows\system32\drivers\BCMWL6.SYS
2012-06-20 15:58 . 2012-06-20 15:58 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-06-02 22:19 . 2012-06-21 08:31 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 08:31 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 08:31 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 08:31 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 08:31 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 08:31 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 08:31 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 14:19 . 2012-06-21 08:30 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 14:12 . 2012-06-21 08:30 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-05-31 11:25 . 2010-02-20 20:56 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-22 17:45 . 2012-05-22 17:45 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-08-05 00:58 2086496 ----a-w- c:\program files\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll" [2012-08-05 2086496]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2009-10-29 01:18 661504 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2009-10-29 01:18 661504 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2009-10-29 01:18 661504 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2009-10-29 01:18 661504 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2009-10-29 01:18 661504 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-16 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-16 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-16 150552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-27 1721640]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-10-12 495708]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-08-20 322104]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-09-01 499768]
"ZumoDrive"="c:\program files\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk" [2010-02-20 2042]
"MobileBroadband"="c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe" [2010-12-31 398848]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"DataCardMonitor"="c:\program files\T-Mobile\InternetManager_H\DataCardMonitor.exe" [2012-02-27 253952]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-08-05 1147488]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ACT!.lnk]
backup=c:\windows\pss\ACT!.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Read Me.lnk]
backup=c:\windows\pss\Read Me.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP]
2009-07-14 11:54 589104 ----a-w- c:\program files\Hewlett-Packard\HP QuickSync\QuickSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-11-13 00:24 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 17:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
R0 buds;buds;c:\windows\System32\drivers\tpiqx.sys [x]
R1 MpKsl95597ca9;MpKsl95597ca9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{581E3C04-86EC-4E75-8F55-92F90AC5BC2B}\MpKsl95597ca9.sys [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [x]
R3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\DRIVERS\KMWDFILTER.sys [x]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 BMLoad;Bytemobile Boot Time Load Driver;c:\windows\system32\drivers\BMLoad.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [x]
S1 DVMIO;DVMIO;c:\splash.sys\config\dvmio.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5576240ee6baaa25\aestsrv.exe [x]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\splash.sys\config\DVMExportService.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\DatacardService\HWDeviceService.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 VmbService;Vodafone Mobile Broadband Service;c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [x]
S2 vToolbarUpdater12.1.5;vToolbarUpdater12.1.5;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe [x]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 vodafone_K3805-z_dc_enum;vodafone_K3805-z_dc_enum;c:\windows\system32\DRIVERS\vodafone_K3805-z_dc_enum.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-22 14:39]
.
2012-07-26 c:\windows\Tasks\HPCeeScheduleForBrian.job
- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 21:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = about:blank
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.5\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
SafeBoot-39418544.sys
AddRemove-Picasa 3 - c:\program files\Google\Picasa3\Uninstall.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3989819674-2810207480-3337857245-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,3b,1b,21,83,1e,
ee,64,97,40,0a,a5,37,d0,a9,2b,9d,11,1f
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,3b,1b,6f,c3,f1,
ac,5b,99,be,55,a6,e1,46,e0,cb,41,f1,13
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,3b,1b,0c,15,c4,
09,93,b3,ed,06,bf,9a,bc,17,8e,65,f9,df
"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,3b,1b,95,69,a4,
7f,a1,4e,91,0f,bb,43,ff,a3,a8,8f,02,47
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,3b,1b,74,c9,2b,
81,3c,17,d1,0e,94,c0,17,24,74,43,27,da
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,3b,1b,7b,fc,c6,
8e,51,d8,68,0c,b1,13,52,15,c9,a4,b6,95
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1d,d3,
ca,7b,ff,35,07,a6,78,da,65,c3,8e,cc,b5
"{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,3b,1b,0e,1b,69,
ec,e0,c4,23,0c,bf,86,4d,eb,43,1a,8e,c4
.
[HKEY_USERS\S-1-5-21-3989819674-2810207480-3337857245-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:c3,fd,44,86,f5,72,cd,01
.
[HKEY_USERS\S-1-5-21-3989819674-2810207480-3337857245-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,22,66,e9,ff,12,37,99,4c,ad,69,89,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,22,66,e9,ff,12,37,99,4c,ad,69,89,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4220)
c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
c:\program files\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFTaskbar.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5576240ee6baaa25\STacSV.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Hewlett-Packard\HP CloudDrive\zumodrive.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Hewlett-Packard\Shared\hpqToaster.exe
c:\program files\Hewlett-Packard\Shared\hpCaslNotification.exe
c:\windows\system32\DllHost.exe
c:\program files\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe
c:\windows\system32\sppsvc.exe
c:\program files\Microsoft Security Client\MpCmdRun.exe
c:\program files\Microsoft Security Client\MpCmdRun.exe
c:\program files\Microsoft Security Client\MpCmdRun.exe
c:\windows\system32\conhost.exe
.
**************************************************************************
.
Completion time: 2012-08-06 13:26:17 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-06 12:26
.
Pre-Run: 103,958,859,776 bytes free
Post-Run: 103,957,729,280 bytes free
.
- - End Of File - - 1C6FD5B7F5F1F80D7AA2BEF809BE5CEF


Report •

#59
August 6, 2012 at 05:43:57
"Okay so Combo Fix worked this time in normal mode! Here is the log!'
Beautifull.

Tell me what you have done with AVG you have on the thumb drive.
There are quite a few AVG entries in the logs. Maybe you did an online scan with AVG.
I prefer MSE ( Microsoft ) free AV, which I see you have installed, you can only have one. I will work out the next step once I know what you would like to do, either AVG or MSE.


Report •

#60
August 6, 2012 at 05:52:04
"Tell me what you have done with AVG you have on the thumb drive."

Im not too sure actually!
I think when I installed 'Free Windows Registry Repair' I THINK it installed with that? I think that an AVG toolbar also installed but when I went to uninstall programs I couldn't see AVG,

But yeah I prefer MSE so im gonna try uninstall AVG and keep MSE.

Is my computer infection free now?


Report •

#61
August 6, 2012 at 05:57:46
But yeah I prefer MSE so im gonna try uninstall AVG and keep MSE
Ok, if you can't find an uninstaller, use this.
AVG Remover
http://www.avg.com/us-en/download-t...
AVG Remover eliminates all the parts of your AVG installation from your computer, including registry items, installation files, user files, etc. AVG Remover is the last option to be used in case the AVG uninstall / repair installation process has failed repeatedly.

Is my computer infection free now?
Few more tests to go.


Report •

#62
August 6, 2012 at 06:00:15
I just found AVG toolbar on uninstall programs and i just uninstalled it now.

Also, Yontoo 1.10.02 is also in the uninstall programs list, should I uninstall it?


Report •

#63
August 6, 2012 at 06:02:28
Microsoft Security Essentials ( MSE )
http://www.softpedia.com/get/Antivi...
http://www.softpedia.com/progScreen...
http://www.techsupportalert.com/9be...
http://www.techsupportalert.com/bes...
http://lifehacker.com/5401453/stop-...
http://lifehacker.com/5433229/micro...
http://www.techradar.com/reviews/pc...
http://www.cnet.com.au/microsoft-se...
http://windows.microsoft.com/en-US/...
System requirements
http://www.microsoft.com/en-us/secu...
Can Microsoft Security Essentials ( MSE ) protect me from online banking and shopping.
http://answers.microsoft.com/en-us/...
If you choose to use Security Essentials, please follow the steps in this thread first, especially the part about removing all existing realtime antimalware:
http://social.answers.microsoft.com...

Report •

#64
August 6, 2012 at 06:04:04
" Also, Yontoo 1.10.02 is also in the uninstall programs list, should I uninstall it?"
Yep, don't want any toolbars in Uninstall.

Report •

#65
August 6, 2012 at 06:05:09
When finished above, Update MBAM & run again. Use Quick scan.

Report •

#66
August 6, 2012 at 06:11:48
"Yep, don't want any toolbars in Uninstall."

When I clicked uninstall for Yontoo, A error box came up with the title 'Tarma Installer' and it said 'Setup Initialization Error'..?

"When finished above, Update MBAM & run again. Use Quick scan."

And okay I'll do that now! :)


Report •

#67
August 6, 2012 at 06:16:39
"When I clicked uninstall for Yontoo, A error box came up with the title 'Tarma Installer' and it said 'Setup Initialization Error'..?"
That is just saying the uninstaller is missing, shall deal with that soon, remind me if I forget.

Report •

#68
August 6, 2012 at 06:30:21
MSE, make sure it is up & running, you should have a green logo, down by the clock.

Report •

#69
August 6, 2012 at 06:35:03
Okay the MBAM scan completed. Nothing was found :D

Report •

#70
August 6, 2012 at 06:45:21
"Okay the MBAM scan completed. Nothing was found :D"
Good one.

Now to remove all old System Restore files, that will have infections in them. All you have to do is turn them OFF & then ON again.
How to Turn System Protection On or Off in Windows 7
http://www.sevenforums.com/tutorial...

Reboot after System Restore & run TFC
http://oldtimer.geekstogo.com/TFC.exe
http://www.itxassociates.com/OT-Too...
Please double-click TFC.exe to run it. (Note: If you are running on Vista/Windows 7, right-click on the file and choose Run As Administrator).
It will close all programs when run, so make sure you have saved all your work before you begin.
Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.


Report •

#71
August 6, 2012 at 06:59:38
I did steps 1, 3, 4, 5, 6 then 9, and when I clicked 'C:' > configure > turn off system protection > apply, it said:

"Could not apply the settings for the following reason:
The file name, directory name, or volume label syntax is incorrect (0x8007007B)"

so i then pressed the 'X' button at the top to close the page, clicked configure again, clicked 'restore system settings and previous versions of files' and apply > done.. everything seemed fine, did I do it right?

Also, RECOVERY (D:) is turned off, should I turn protection on for that drive?


Report •

#72
August 6, 2012 at 07:09:21
"did I do it right?"
Don't know. Time will tell.

"Also, RECOVERY (D:) is turned off, should I turn protection on for that drive?"
No, you only need System Restore on the drive your operating system is on, usually "C"


Report •

#73
August 6, 2012 at 07:10:35
✔ Best Answer
Now I'm going to bed, got a lot on tomorrow, shall get back as soon as I can, in the meantime, have prepared this for you.

When I clicked uninstall for Yontoo, A error box came up with the title 'Tarma Installer' and it said 'Setup Initialization Error'.
Use Revo Uninstaller, note my info re partially unistalled.
http://www.softpedia.com/get/Tweak/...
http://www.softpedia.com/progScreen...
http://www.revouninstaller.com/
If you have partially uninstalled your program, you get a message from Revo, that it can't find the uninstaller, hit Cancel & let Revo continue on, to search for the remnants.
If you get a reboot message, ignore it & do it after Revo has finished.
I use Advanced Mode. Screenshots of how to use.
http://img837.imageshack.us/slidesh...
Or,
http://i.imgur.com/Rkkna.gif
http://i.imgur.com/VonCA.gif
http://i.imgur.com/fGmmb.gif
http://i.imgur.com/pdhbV.gif
http://i.imgur.com/fIgy0.gif
http://i.imgur.com/tDH9Z.gif
http://i.imgur.com/DbfgN.gif
http://i.imgur.com/tDafK.gif
http://i.imgur.com/Bz5j9.gif
http://i.imgur.com/X5S5I.gif

Use Wise Disk Cleaner ( I use the default settings for the first 3 boxes, left to right )
http://www.softpedia.com/get/System...
http://www.softpedia.com/progScreen...
http://www.wisecleaner.com/download...

Then run Wise Registry Cleaner ( I use default settings )
http://www.softpedia.com/get/Tweak/...
http://www.softpedia.com/progScreen...
http://www.wisecleaner.com/wiseregi...

Update & do a MSE Quick scan.

Upload a Screenshot of Disk manager to a site of your choice, please.
How To Access Disk Management in Windows 7
http://pcsupport.about.com/od/windo...

"How would I be able to make them?"
That question is too big to handle when trying to sort this out.
While I'm looking at the screenshot, go to Start > Help & support, put in > Partition & hit > Enter.
Or, put > windows 7 partitioning < into google. That will explain about partitioning & perhaps jog your memory, assuming you have had the comp from new.

Anti-virus can't keep up with threat onslaught
http://www.southcoastregister.com.a...
Malware Prevention
http://www.malwarevault.com/index.html
"There is no magic involved. The majority of malware is installed by the user themselves"
Malware Prevention and Avoidance
http://www.malwarevault.com/prevent...
ScareWare Prevention and Avoidance
http://www.malwarevault.com/scarewa...
Secure your computer
http://www.staysmartonline.gov.au/h...


Report •

#74
August 6, 2012 at 07:13:56
Okay thanks, and ahh right!

"Reboot after System Restore & run TFC"
So where/ when do I restore to?
sorry if im seeming really dumb!


Report •

#75
August 6, 2012 at 07:17:03
"So where/ when do I restore to? "
Nowhere, you have just fixed System Restore.

Now run TFC.

I shall wait for that result.


Report •

#76
August 6, 2012 at 07:43:14
I was running Revo Uninstaller and as it was uninstalling it came up with the 'Setup Initialization Error' but it finished, and then I clicked 'Next' and its completed, and its found 55 items that i need to possibly delete. As I don't know what ones are bad etc.. Im going to wait until you're awake so you can talk me through it quickly, so im gonna cancel and then ill run the scan again later :)

Report •

#77
August 6, 2012 at 15:05:32
I'm awake, fire away.

"As I don't know what ones are bad etc.. Im going to wait until you're awake so you can talk me through it quickly, so im gonna cancel and then ill run the scan again later :)"

These screenshots show what to delete.
http://i.imgur.com/tDH9Z.gif
http://i.imgur.com/DbfgN.gif


Report •

#78
August 6, 2012 at 16:01:02
The things the screenshots are telling me to delete.. I don't have..?

Want me to tell you the ones that I have? The bold ones?


Report •

#79
August 6, 2012 at 16:08:40
Yep, the bold ones, they will have different names to my screen shots, because it is a different program you are uninstalling.

Report •

#80
August 6, 2012 at 16:18:44
Ahh right!

Well in HKEY_CLASSES_ROOT >CLSID - there is 4 bold ones.

{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
YontooIEClient.Api
YontooIEClient.Api.1

HKEY_CURRENT_USER > Software > Microsoft > Windows > CurrentVersion > Ext > Stats - theres only one.

{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

HKEY_LOCAL_MACHINE > Software > Microsoft > Windows > CurrentVersion > Ext > PreApproved - {DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

The 'CurrentVersion' box has another 'branch' coming off it called 'Uninstall' containing {889DF117-14D1-44EE-9F31-C5FB5D47F68B}

Should I delete these yeah?


Report •

#81
Report •

#82
August 6, 2012 at 16:30:50
In the second screenshot, I don't get that message.
All it says is 'Setup Initialization Error'.. But it continues onto the next part?

Report •

#83
August 6, 2012 at 16:35:09
I just went into the C: drive and when to the Yontoo program file folder. And it was empty! Does this mean that the program isn't actually on my computer and I have nothing to worry about?

Report •

#84
August 6, 2012 at 16:43:13
"All it says is 'Setup Initialization Error'.. But it continues onto the next part?"
I have already explained that part.

"When I clicked uninstall for Yontoo, A error box came up with the title 'Tarma Installer' and it said 'Setup Initialization Error'.
Use Revo Uninstaller, note my info re partially unistalled."

If you have partially uninstalled your program, you get a message from Revo, that it can't find the uninstaller, hit Cancel & let Revo continue on, to search for the remnants.
If you get a reboot message, ignore it & do it after Revo has finished.


Report •

#85
August 6, 2012 at 16:44:56
"I just went into the C: drive and when to the Yontoo program file folder. And it was empty! Does this mean that the program isn't actually on my computer and I have nothing to worry about?"

Entirely different part of the comp, you can right click on that folder & delete.


Report •

#86
August 6, 2012 at 16:51:01
Okay it's finished now.
Should I delete them from the Recycle Bin?

And should I now follow your instructions from post #73?


Report •

#87
August 6, 2012 at 16:51:38
All this hesitation, makes me think you don't have your important stuff backed up.

You almost lost everything with those rootkits, it was so close.


Report •

#88
August 6, 2012 at 16:57:16
"Should I delete them from the Recycle Bin?"
Yep.

Did you run TFC, I waited 15 mins last night.

"And should I now follow your instructions from post #73?"
Yes & the Wise programs will find a very large amount of problems, be ready for it.


Report •

#89
August 6, 2012 at 16:58:46
Again, im gonna ask a dumb question haha
Important stuff as in the files the computer needs to run and be stable etc..?

Report •

#90
August 6, 2012 at 17:03:51
"Did you run TFC, I waited 15 mins last night."

Yeah I did.

Im off to bed now though, I'll do the other stuff in the morning, and oh i will be prepared for a lot of stuff! Thanks for the help


Report •

#91
August 6, 2012 at 17:38:58
"Important stuff as in the files the computer needs to run and be stable etc..?"
No, personel stuff, including your emails & address book.

Report •

#92
August 7, 2012 at 04:42:10
"No, personel stuff, including your emails & address book."

Well the computer isn't mine, but everything thats on it, which is pretty much word documents containing work, is already backed up on USB sticks and Emails.

Im going to run the other programs now, wish me luck :( haha


Report •

#93
August 7, 2012 at 05:00:21
"Im going to run the other programs now, wish me luck :( haha"
You will be Ok, you've done very well.

Report •

#94
August 7, 2012 at 05:04:03
Cheers!
Do you want me to post what it says or should I just click fix now? And do the same for registry cleaner?

Report •

#95
August 7, 2012 at 05:11:45
"just click fix now? And do the same for registry cleaner?"
Yep, that's all I've ever done. After the 1st scan, it says > Start Cleaning.

Report •

#96
August 7, 2012 at 05:17:32
PC Checkup or System Cleaner haha?
I just did the PC Checkup scan and when I click 'Fix Now' it says I should back up?

Report •

#97
August 7, 2012 at 05:30:46
Okay so I pressed X and it started fixing.. Whoops.
I managed to cancel it and im setting up a restore point?
I'll runn the registry cleaner in a minute!

Report •

#98
August 7, 2012 at 05:35:24
"PC Checkup or System Cleaner haha?"

I don't know where you are, can't see that in mine.

Can you upload screenshots to one of the sites I use.

Read your help file on taking a screenshot.

Or, use the screenshots page I gave you & tell me where you are.

http://www.softpedia.com/progScreen...


Report •

#99
August 7, 2012 at 05:49:40
http://imageshack.us/f/405/diskclea...
Thats the part I was on about, But im gonna run registry cleaner now!

Report •

#100
August 7, 2012 at 05:57:17
"Thats the part I was on about"
Wrong program.

Use this download link.
http://www.softpedia.com/dyn-postdo...

"But im gonna run registry cleaner now!"
Only run > Registry Cleaner, not > System Tuneup.


Report •

#101
August 7, 2012 at 06:00:21
Ohh whoops!
But okay cheers

Report •

#102
August 7, 2012 at 06:05:31
Disk Cleanup = Completed
Gonna do registry now

Report •

#103
August 7, 2012 at 06:08:26
"Gonna do registry now"
Double check it is the right program, look at the screenshots.

Report •

#104
August 7, 2012 at 06:12:49
There were no screenshots for Registry cleaner, but I think it is the right program. 'Wise Registry Cleaner 7'. It's got three tabs - Registry Cleaner, System Tuneup, Registry Defrag - I only used Registry Cleaner, Shall I now click start cleaning?

Report •

#105
August 7, 2012 at 06:16:02
"Shall I now click start cleaning?"

Yep, if it matches.

My post #73

http://www.softpedia.com/progScreen...


Report •

#106
August 7, 2012 at 06:18:14
Okay cleanup complete!
I have to go out for a bit now, I'll be back on later! Thanks for the help!

Report •

#107
August 7, 2012 at 06:23:39
I'm finished for today.

Are you in UK?

We rented a house for a month in Frome, June last year.

Will look at the partition stuff tomorrow.

Another job to do.

Uninstall Combofix as per my post #21


Report •

#108
August 7, 2012 at 06:49:24
Yeah I am in the UK,
I was unable to uninstall Combofix as well, when I typed in 'combofix /uninstall' it said 'we cannot find 'combofix'. Make sure you typed the name correctly, and then try again.'
Should I also uninstall the 'Wise' stuff?

Report •

#109
August 7, 2012 at 08:30:27
Do you try to download in Safe Mode with Networking? Restart your PC and press F8 before Windows loads.

Report •

#110
August 7, 2012 at 15:50:54
"I was unable to uninstall Combofix"
Easiest way now, is to reinstall again & then uninstall.

"Should I also uninstall the 'Wise' stuff?"
As it is not your comp, your choice.
I use both programs up to 20 times a week on every comp I work on.


Report •

#111
August 7, 2012 at 15:53:45
Okay thanks,
And ah right!
Im going to be up for another 2 hours max, so where do we go from here?

Report •

#112
August 7, 2012 at 16:02:48
"Easiest way now, is to reinstall again & then uninstall."

Uninstalled Combofix now :)


Report •

#113
August 7, 2012 at 16:09:20
"so where do we go from here?"

My post #73
Update & do a MSE Quick scan.

Upload a Screenshot of Disk manager to a site of your choice, please.
How To Access Disk Management in Windows 7
http://pcsupport.about.com/od/windo...


Report •

#114
August 7, 2012 at 16:21:22
http://img571.imageshack.us/img571/...

The MSE scan was also infection free :)


Report •

#115
August 7, 2012 at 16:37:54
"The MSE scan was also infection free :)"
Thought it would be.

"http://img571.imageshack.us/img571/..."
Thanks, I think we are done. The owner or dealer appears to have made those partitions > System & C.

Rootkits can make their own hidden partitions, but as your comp is now behaving itself, everything should be Ok.

Rootkit Bounces Back …with a vengeance
http://www.techsupportforum.com/381...
It’s been a quite week or two but I finally decided to blog about something close to home. The TDSS/TDL family of rootkits has developed another new angle to keep us all guessing.
The latest development is that the rootkit creates its own partition on one of your hard drives. Yes, true – it actually creates its own partition. Previous versions had taken to modifying the Master Boot Record (MBR) but creating a new partition is something new.


Report •

#116
August 7, 2012 at 16:41:39
So I can use this comp normally now? Like, browse the internet safely without worry of viruses or anything? :D

Report •

#117
August 7, 2012 at 16:49:29
"So I can use this comp normally now? Like, browse the internet safely without worry of viruses or anything? :D"

Yes to a point, you always have to be on your guard, if you get conned & it gets past your AV, you will get infected.

Malware Prevention
http://www.malwarevault.com/index.html
"There is no magic involved. The majority of malware is installed by the user themselves"

Anti-virus can't keep up with threat onslaught
http://www.southcoastregister.com.a...
Malware Prevention and Avoidance
http://www.malwarevault.com/prevent...
ScareWare Prevention and Avoidance
http://www.malwarevault.com/scarewa...
Secure your computer
http://www.staysmartonline.gov.au/h...


Report •

#118
August 7, 2012 at 16:54:01
Thank you so much for your help! :)
I will make sure to scan the computer everyweek and just make sure im staying as safe as possible!
HOPEFULLY, I will never get this problem again! It's been quite a nightmare trying to sort it out, but with your help we managed to do it! :)
Also, where did you learn to do all this?
Thanks again.

Report •

#119
August 7, 2012 at 17:09:48
"Also, where did you learn to do all this?"
Through google & everything new I learn, I document, as I know there is no way I will remember it.
Almost everything we have discussed is from googling.

"Thanks again"
YW, have fun.


Report •

#120
August 7, 2012 at 17:11:07
Oh right!
Well yeah, Im off to bed now, again, thank you so much! Take care!

Report •

#121
August 7, 2012 at 17:24:24
The best and safest registry cleaner is Ccleaner Slim....I would avoid all others. I've done PC repairs for over 10 yrs now.

Some HELP in posting on Computing.net plus free progs and instructions 7 Golds


Report •

#122
August 7, 2012 at 18:05:13
Johnw
Just to say "well done" for the magnificent effort you have put in on this post and that I'm pleased to see a successful conclusion.

Krist.egray
If you care to select one of the responses as "Best Answer" that will mark this post as solved.

Always pop back and let us know the outcome - thanks


Report •

#123
August 7, 2012 at 19:34:00
Thanks very much Derek, I have been invited to do the training courses/schools in malware removal, but the commitment is to big for me. I occasionally tackle a problem & fully commit.

I am in 3 singing groups, secretary for 2, vice chair & treasurer for the local community festivals, we organize 3 or 4 events every year.
Yesterday I had 2 singing commitments, we had 15 singers turn up for the first & 21 for the second. Tomorrow we have one commitment.

Once again, thanks. John.


Report •

#124
August 7, 2012 at 19:59:25
Geez. What do you do in your spare time LOL?

Always pop back and let us know the outcome - thanks


Report •

#125
August 7, 2012 at 21:31:39
"Geez. What do you do in your spare time LOL?"
Fix computers, family/friends & watch 4 or 5 Australian Rules football matches on Free to air TV each week. I never get bored.
Oh & I just got back from my 6km walk.

Report •

#126
August 8, 2012 at 11:36:41
Nah, I was expecting at least 60km.

Always pop back and let us know the outcome - thanks


Report •

#127
August 8, 2012 at 13:35:53
"Nah, I was expecting at least 60km"
That made me laugh, thought I'd cop something.

Report •

Ask Question