# Help! I need to remove the svchost.exe trojan agent



## Worldinacup (Apr 10, 2012)

Hello all,

I thank you in advance for helping me fix this problem. My desktop computer has been infected with the svchost.exe trojan agent, and Malwarebytes and AVG haven't helped in removal of it.

Here is my HJT Log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:32:52 PM, on 4/10/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\POWERISO\PWRISOVM.EXE
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Allen\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: 87.229.126.54 www.google.com
O1 - Hosts: 87.229.126.55 www.bing.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Anvi Smart Defender] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe
O4 - HKLM\..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKUS\S-1-5-18\..\Run: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Users\Allen\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Allen\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted IP range: http://192.168.1.1
O15 - ESC Trusted IP range: http://192.168.1.1
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - 
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Anvi Smart Defender Realtime Guard Service (asdsrv) - Anvisoft - C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: SW Distributed TS Coordinator Service (CoordinatorServiceHost) - Dassault Systèmes SolidWorks Corp. - C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Flexera Software, Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Dell DataSafe Online (NOBU) - Dell, Inc. - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RoxMediaDB12OEM - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater10.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 15433 bytes

DDS:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Allen at 16:40:36 on 2012-04-10
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6057.3452 [GMT -7:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: AVG Internet Security 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG10\avgfws.exe
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Windows\SysWOW64\java.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG10\avgam.exe
C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files (x86)\AVG\AVG10\avgemca.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\POWERISO\PWRISOVM.EXE
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
-netsvcs
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\PROGRA~2\AVG\AVG10\avgrsa.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Allen\Downloads\aswMBR.exe
C:\Users\Allen\Downloads\HijackThis.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 : {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Anvi Smart Defender] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
dRun: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - C:\Users\Allen\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - C:\Users\Allen\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - 
TCP: DhcpNameServer = 192.168.1.1 68.105.28.11 68.105.29.11
TCP: Interfaces\{0301FC95-E7E6-40BA-A6A4-A36303F4A1D7} : DhcpNameServer = 192.168.1.1 68.105.28.11 68.105.29.11
TCP: Interfaces\{62060013-4B14-4B30-B3D8-E8F81C8CD4E0} : DhcpNameServer = 192.168.1.1 68.105.28.11 68.105.29.11
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 : {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
mRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun-x64: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Anvi Smart Defender] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe
mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
Hosts: 87.229.126.54 www.google.com
Hosts: 87.229.126.55 www.bing.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Allen\AppData\Roaming\Mozilla\Firefox\Profiles\jhe5f2e4.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B5ca33d0f-a28b-40ef-bba1-e75d3462a936%7D&mid=723401a1c73c47d182722104e4131ab1-e84d043a854254fd25cce16dee0a8f29c2d2e908&ds=AVG&v=10.0.0.7&lang=us&pr=pa&d=2011-12-11%2010%3A49%3A07&sap=ku&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.brc - 
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 avfsmn;avfsmn;C:\Windows\system32\DRIVERS\avfsmn.sys --> C:\Windows\system32\DRIVERS\avfsmn.sys [?]
R1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6a.sys --> C:\Windows\system32\DRIVERS\avgfwd6a.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG10\avgfws.exe [2011-3-9 2708024]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-1-31 7391072]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]
R2 avhips;AntiMalware Host-based Intrusion Prevention System;\??\C:\Windows\system32\DRIVERS\avhips.sys --> C:\Windows\system32\DRIVERS\avhips.sys [?]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2012-3-20 2152152]
R2 LinksysUpdater;Linksys Updater;C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-11-13 204800]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-10 654408]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-9-23 641832]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-6-29 1692480]
R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [2012-3-12 918880]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2012-3-24 17152]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 asdsrv;Anvi Smart Defender Realtime Guard Service;C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe [2012-2-3 296232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-27 136176]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-8-27 167264]
S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2010-10-5 87336]
S3 cphs;Intel(R) Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-2-14 276248]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-8-27 1431888]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-27 136176]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.
2012-04-10 21:50:37 24360 ----a-w- C:\Windows\System32\drivers\avhips.sys
2012-04-10 21:50:37 20264 ----a-w- C:\Windows\System32\drivers\avfsmn.sys
2012-04-10 21:50:30 -------- d-----w- C:\Program Files (x86)\Anvisoft
2012-04-10 21:27:25 -------- d-----w- C:\sh4ldr
2012-04-10 21:27:25 -------- d-----w- C:\Program Files\Enigma Software Group
2012-04-10 21:26:29 -------- d-----w- C:\Windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP
2012-04-10 21:26:28 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-04-10 16:58:37 -------- d-----w- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
2012-04-10 07:11:27 -------- d-----w- C:\Program Files\iTunes
2012-04-10 07:11:27 -------- d-----w- C:\Program Files\iPod
2012-04-10 07:11:27 -------- d-----w- C:\Program Files (x86)\iTunes
2012-04-04 22:34:55 20480 ----a-w- C:\Windows\svchost.exe
2012-03-27 01:59:18 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-26 03:31:41 -------- d-----w- C:\Users\Allen\AppData\Roaming\Xygof
2012-03-26 03:31:41 -------- d-----w- C:\Users\Allen\AppData\Roaming\Tai
2012-03-25 03:32:49 -------- d-----w- C:\Users\Allen\AppData\Roaming\redsn0w
2012-03-24 18:45:49 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
2012-03-24 18:43:03 1270 ----a-w- C:\aaw7boot.cmd
2012-03-24 16:56:27 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys
2012-03-24 16:56:18 -------- d-----w- C:\Program Files (x86)\Lavasoft
2012-03-24 16:10:08 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-24 16:10:08 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-03-20 01:28:52 5120 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\D3D4.tmp
2012-03-20 01:28:52 5120 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\D3C3.tmp
2012-03-14 05:43:45 -------- d-----w- C:\Users\Allen\.shsh
2012-03-13 22:51:02 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-13 22:51:01 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-13 22:51:01 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-13 19:51:45 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-13 19:51:44 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-13 19:51:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-13 19:51:23 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-13 19:51:23 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-13 19:51:23 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-13 19:51:14 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-13 19:51:14 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-13 19:51:14 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-13 19:51:14 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
.
==================== Find3M ====================
.
2012-04-04 22:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-02-15 18:01:50 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2012-02-15 18:01:50 4547944 ----a-w- C:\Windows\System32\usbaaplrc.dll
2012-02-15 01:55:04 276248 ----a-w- C:\Windows\SysWow64\IntelCpHeciSvc.exe
2012-02-15 01:55:02 5886232 ----a-w- C:\Windows\System32\GfxUI.exe
2012-02-15 01:55:02 511768 ----a-w- C:\Windows\System32\igfxsrvc.exe
2012-02-15 01:55:02 440600 ----a-w- C:\Windows\System32\igfxpers.exe
2012-02-15 01:55:02 398616 ----a-w- C:\Windows\System32\hkcmd.exe
2012-02-15 01:55:02 250136 ----a-w- C:\Windows\System32\igfxext.exe
2012-02-15 01:55:02 184600 ----a-w- C:\Windows\System32\difx64.exe
2012-02-15 01:55:02 170264 ----a-w- C:\Windows\System32\igfxtray.exe
2012-02-15 01:53:26 90112 ----a-w- C:\Windows\System32\igfxCoIn_v2653.dll
2012-02-15 01:47:40 8086528 ----a-w- C:\Windows\System32\igdumd64.dll
2012-02-15 01:47:38 14692224 ----a-w- C:\Windows\System32\drivers\igdkmd64.sys
2012-02-15 01:47:06 963912 ----a-w- C:\Windows\SysWow64\igkrng600.bin
2012-02-15 01:47:06 963912 ----a-w- C:\Windows\System32\igkrng600.bin
2012-02-15 01:47:06 79360 ----a-w- C:\Windows\System32\igdde64.dll
2012-02-15 01:47:06 261208 ----a-w- C:\Windows\SysWow64\igfcg600m.bin
2012-02-15 01:47:06 261208 ----a-w- C:\Windows\System32\igfcg600m.bin
2012-02-15 01:44:54 6120960 ----a-w- C:\Windows\SysWow64\igdumd32.dll
2012-02-15 01:44:24 58880 ----a-w- C:\Windows\SysWow64\igdde32.dll
2012-02-15 01:42:58 9605632 ----a-w- C:\Windows\System32\igd10umd64.dll
2012-02-15 01:35:26 7794688 ----a-w- C:\Windows\SysWow64\igd10umd32.dll
2012-02-15 01:07:18 18125312 ----a-w- C:\Windows\System32\ig4icd64.dll
2012-02-15 00:59:56 13209600 ----a-w- C:\Windows\SysWow64\ig4icd32.dll
2012-02-15 00:56:42 110592 ----a-w- C:\Windows\System32\hccutils.dll
2012-02-15 00:56:34 9216 ----a-w- C:\Windows\System32\IGFXDEVLib.dll
2012-02-15 00:56:34 430080 ----a-w- C:\Windows\System32\igfxdev.dll
2012-02-15 00:56:34 172032 ----a-w- C:\Windows\System32\gfxSrvc.dll
2012-02-15 00:56:06 286208 ----a-w- C:\Windows\System32\igfxrenu.lrc
2012-02-15 00:56:04 142336 ----a-w- C:\Windows\System32\igfxdo.dll
2012-02-15 00:56:02 9007616 ----a-w- C:\Windows\System32\igfxress.dll
2012-02-15 00:55:06 25088 ----a-w- C:\Windows\SysWow64\igfxexps32.dll
2012-02-15 00:54:36 321024 ----a-w- C:\Windows\SysWow64\igfxdv32.dll
2012-02-15 00:53:08 524800 ----a-w- C:\Windows\System32\iglhsip64.dll
2012-02-15 00:53:08 519680 ----a-w- C:\Windows\SysWow64\iglhsip32.dll
2012-02-15 00:53:08 2967040 ----a-w- C:\Windows\System32\igfxcmjit64.dll
2012-02-15 00:53:08 237056 ----a-w- C:\Windows\SysWow64\igfxcmrt32.dll
2012-02-15 00:53:08 2321408 ----a-w- C:\Windows\SysWow64\igfxcmjit32.dll
2012-02-15 00:53:08 213504 ----a-w- C:\Windows\System32\iglhcp64.dll
2012-02-15 00:53:08 193024 ----a-w- C:\Windows\System32\igfxcmrt64.dll
2012-02-15 00:53:08 177152 ----a-w- C:\Windows\SysWow64\iglhcp32.dll
.
============= FINISH: 16:41:44.65 ===============

My computer is x64 bit, so I am unable to provide an ark.txt file.

Once again, thanks in advance!


----------



## Worldinacup (Apr 10, 2012)

bump


----------



## Worldinacup (Apr 10, 2012)

bump... again... help please...


----------



## Worldinacup (Apr 10, 2012)

Bump


----------



## kevinf80 (Mar 21, 2006)

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

*Link 1*
*Link 2*


 Ensure that Combofix is saved directly to the Desktop * <--- Very important*

 Disable all security programs as they will have a negative effect on Combofix, instructions available *Here* if required. Be aware the list may not have all programs listed, if you need more help please ask.

 Close any open browsers and any other programs you might have running

 Double click the







icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)

 Instructions for running Combofix available *Here* if required.

 If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.

 When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

*******Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze* ******

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read *Here* why disabling autoruns is recommended.

*EXTRA NOTES*

 If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
 If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
 If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...

Kevin


----------



## Worldinacup (Apr 10, 2012)

ComboFix 12-04-18.02 - Allen 04/18/2012 19:26:43.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6057.4253 [GMT -7:00]
Running from: c:\users\Allen\Desktop\ComboFix.exe
AV: AVG Internet Security 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-03-19 to 2012-04-19 )))))))))))))))))))))))))))))))
.
.
2012-04-19 02:37 . 2009-07-14 01:14 20480 ----a-w- c:\windows\svchost.exe
2012-04-19 02:35 . 2012-04-19 02:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-11 07:23 . 2012-02-28 07:37 174392 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-04-11 07:20 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 07:20 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 07:20 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-11 07:20 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 07:20 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 07:20 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-11 07:20 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-10 21:50 . 2012-01-09 08:26 24360 ----a-w- c:\windows\system32\drivers\avhips.sys
2012-04-10 21:50 . 2012-01-09 08:26 20264 ----a-w- c:\windows\system32\drivers\avfsmn.sys
2012-04-10 21:50 . 2012-04-10 21:50 -------- d-----w- c:\program files (x86)\Anvisoft
2012-04-10 21:27 . 2012-04-10 21:34 -------- d-----w- C:\sh4ldr
2012-04-10 21:27 . 2012-04-10 21:27 -------- d-----w- c:\program files\Enigma Software Group
2012-04-10 21:26 . 2012-04-10 21:34 -------- d-----w- c:\windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP
2012-04-10 21:26 . 2012-04-10 21:26 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-04-10 16:58 . 2012-04-14 03:30 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE
2012-04-10 07:11 . 2012-04-10 07:12 -------- d-----w- c:\program files\iTunes
2012-04-10 07:11 . 2012-04-10 07:12 -------- d-----w- c:\program files (x86)\iTunes
2012-04-10 07:11 . 2012-04-10 07:11 -------- d-----w- c:\program files\iPod
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-03-27 01:59 . 2012-04-10 16:57 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-26 03:31 . 2012-03-26 22:14 -------- d-----w- c:\users\Allen\AppData\Roaming\Tai
2012-03-26 03:31 . 2012-03-26 04:37 -------- d-----w- c:\users\Allen\AppData\Roaming\Xygof
2012-03-25 03:32 . 2012-03-25 03:51 -------- d-----w- c:\users\Allen\AppData\Roaming\redsn0w
2012-03-24 18:45 . 2012-03-24 17:04 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-03-24 18:43 . 2012-03-24 18:43 1270 ----a-w- C:\aaw7boot.cmd
2012-03-24 16:56 . 2012-03-20 20:41 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys
2012-03-24 16:56 . 2012-03-29 20:21 -------- d-----w- c:\program files (x86)\Lavasoft
2012-03-24 16:56 . 2012-03-29 20:27 -------- d-----w- c:\programdata\Lavasoft
2012-03-24 16:10 . 2012-03-24 16:10 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-24 16:10 . 2012-03-24 16:10 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-20 03:03 . 2012-03-20 03:03 -------- d-----w- c:\windows\Sun
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 22:56 . 2011-09-10 06:07 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-20 01:28 . 2012-03-20 01:28 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\D3D4.tmp
2012-03-20 01:28 . 2012-03-20 01:28 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\D3C3.tmp
2012-02-17 06:38 . 2012-03-13 19:51 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-13 19:51 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-13 19:51 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-13 19:51 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-15 18:01 . 2012-02-15 18:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-02-15 18:01 . 2012-02-15 18:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 01:55 . 2012-02-15 01:55 276248 ----a-w- c:\windows\SysWow64\IntelCpHeciSvc.exe
2012-02-15 01:55 . 2012-02-15 01:55 5886232 ----a-w- c:\windows\system32\GfxUI.exe
2012-02-15 01:55 . 2012-02-15 01:55 511768 ----a-w- c:\windows\system32\igfxsrvc.exe
2012-02-15 01:55 . 2012-02-15 01:55 440600 ----a-w- c:\windows\system32\igfxpers.exe
2012-02-15 01:55 . 2012-02-15 01:55 398616 ----a-w- c:\windows\system32\hkcmd.exe
2012-02-15 01:55 . 2012-02-15 01:55 250136 ----a-w- c:\windows\system32\igfxext.exe
2012-02-15 01:55 . 2012-02-15 01:55 184600 ----a-w- c:\windows\system32\difx64.exe
2012-02-15 01:55 . 2012-02-15 01:55 170264 ----a-w- c:\windows\system32\igfxtray.exe
2012-02-15 01:53 . 2012-02-15 01:53 90112 ----a-w- c:\windows\system32\igfxCoIn_v2653.dll
2012-02-15 01:47 . 2012-02-15 01:47 8086528 ----a-w- c:\windows\system32\igdumd64.dll
2012-02-15 01:47 . 2012-02-15 01:47 14692224 ----a-w- c:\windows\system32\drivers\igdkmd64.sys
2012-02-15 01:47 . 2012-02-15 01:47 963912 ----a-w- c:\windows\system32\igkrng600.bin
2012-02-15 01:47 . 2012-02-15 01:47 79360 ----a-w- c:\windows\system32\igdde64.dll
2012-02-15 01:47 . 2012-02-15 01:47 261208 ----a-w- c:\windows\system32\igfcg600m.bin
2012-02-15 01:44 . 2011-06-30 03:40 6120960 ----a-w- c:\windows\SysWow64\igdumd32.dll
2012-02-15 01:44 . 2012-02-15 01:44 58880 ----a-w- c:\windows\SysWow64\igdde32.dll
2012-02-15 01:42 . 2011-06-30 03:40 9605632 ----a-w- c:\windows\system32\igd10umd64.dll
2012-02-15 01:35 . 2012-02-15 01:35 7794688 ----a-w- c:\windows\SysWow64\igd10umd32.dll
2012-02-15 01:07 . 2012-02-15 01:07 18125312 ----a-w- c:\windows\system32\ig4icd64.dll
2012-02-15 00:59 . 2012-02-15 00:59 13209600 ----a-w- c:\windows\SysWow64\ig4icd32.dll
2012-02-15 00:57 . 2012-02-15 00:57 439808 ----a-w- c:\windows\system32\igfxresn.lrc
2012-02-15 00:57 . 2012-02-15 00:57 439296 ----a-w- c:\windows\system32\igfxrrom.lrc
2012-02-15 00:57 . 2012-02-15 00:57 438784 ----a-w- c:\windows\system32\igfxrhrv.lrc
2012-02-15 00:57 . 2012-02-15 00:57 438272 ----a-w- c:\windows\system32\igfxrsky.lrc
2012-02-15 00:57 . 2012-02-15 00:57 437760 ----a-w- c:\windows\system32\igfxrtrk.lrc
2012-02-15 00:57 . 2012-02-15 00:57 437760 ----a-w- c:\windows\system32\igfxrsve.lrc
2012-02-15 00:57 . 2012-02-15 00:57 437760 ----a-w- c:\windows\system32\igfxrslv.lrc
2012-02-15 00:57 . 2012-02-15 00:57 437248 ----a-w- c:\windows\system32\igfxrtha.lrc
2012-02-15 00:57 . 2012-02-15 00:57 439296 ----a-w- c:\windows\system32\igfxrrus.lrc
2012-02-15 00:57 . 2012-02-15 00:57 438784 ----a-w- c:\windows\system32\igfxrptg.lrc
2012-02-15 00:57 . 2012-02-15 00:57 438784 ----a-w- c:\windows\system32\igfxrplk.lrc
2012-02-15 00:57 . 2012-02-15 00:57 438784 ----a-w- c:\windows\system32\igfxrita.lrc
2012-02-15 00:57 . 2012-02-15 00:57 437760 ----a-w- c:\windows\system32\igfxrptb.lrc
2012-02-15 00:57 . 2012-02-15 00:57 437760 ----a-w- c:\windows\system32\igfxrnor.lrc
2012-02-15 00:57 . 2012-02-15 00:57 432128 ----a-w- c:\windows\system32\igfxrjpn.lrc
2012-02-15 00:57 . 2012-02-15 00:57 430592 ----a-w- c:\windows\system32\igfxrkor.lrc
2012-02-15 00:57 . 2012-02-15 00:57 440320 ----a-w- c:\windows\system32\igfxrell.lrc
2012-02-15 00:57 . 2012-02-15 00:57 439808 ----a-w- c:\windows\system32\igfxrfra.lrc
2012-02-15 00:57 . 2012-02-15 00:57 438784 ----a-w- c:\windows\system32\igfxrdeu.lrc
2012-02-15 00:57 . 2012-02-15 00:57 438272 ----a-w- c:\windows\system32\igfxrhun.lrc
2012-02-15 00:57 . 2012-02-15 00:57 438272 ----a-w- c:\windows\system32\igfxrfin.lrc
2012-02-15 00:57 . 2012-02-15 00:57 435712 ----a-w- c:\windows\system32\igfxrheb.lrc
2012-02-15 00:57 . 2012-02-15 00:57 438784 ----a-w- c:\windows\system32\igfxrnld.lrc
2012-02-15 00:57 . 2012-02-15 00:57 438272 ----a-w- c:\windows\system32\igfxrcsy.lrc
2012-02-15 00:57 . 2012-02-15 00:57 437248 ----a-w- c:\windows\system32\igfxrdan.lrc
2012-02-15 00:57 . 2012-02-15 00:57 429056 ----a-w- c:\windows\system32\igfxrcht.lrc
2012-02-15 00:57 . 2012-02-15 00:57 428544 ----a-w- c:\windows\system32\igfxrchs.lrc
2012-02-15 00:57 . 2012-02-15 00:57 435712 ----a-w- c:\windows\system32\igfxrara.lrc
2012-02-15 00:57 . 2012-02-15 00:57 126976 ----a-w- c:\windows\system32\igfxcpl.cpl
2012-02-15 00:57 . 2012-02-15 00:57 386048 ----a-w- c:\windows\system32\igfxpph.dll
2012-02-15 00:57 . 2012-02-15 00:57 410624 ----a-w- c:\windows\system32\igfxTMM.dll
2012-02-15 00:57 . 2012-02-15 00:57 28672 ----a-w- c:\windows\system32\igfxexps.dll
2012-02-15 00:57 . 2011-06-30 03:40 63488 ----a-w- c:\windows\system32\igfxsrvc.dll
2012-02-15 00:56 . 2011-06-30 03:40 110592 ----a-w- c:\windows\system32\hccutils.dll
2012-02-15 00:56 . 2012-02-15 00:56 9216 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2012-02-15 00:56 . 2012-02-15 00:56 430080 ----a-w- c:\windows\system32\igfxdev.dll
2012-02-15 00:56 . 2012-02-15 00:56 172032 ----a-w- c:\windows\system32\gfxSrvc.dll
2012-02-15 00:56 . 2012-02-15 00:56 286208 ----a-w- c:\windows\system32\igfxrenu.lrc
2012-02-15 00:56 . 2012-02-15 00:56 142336 ----a-w- c:\windows\system32\igfxdo.dll
2012-02-15 00:56 . 2011-06-30 03:40 9007616 ----a-w- c:\windows\system32\igfxress.dll
2012-02-15 00:55 . 2012-02-15 00:55 25088 ----a-w- c:\windows\SysWow64\igfxexps32.dll
2012-02-15 00:54 . 2012-02-15 00:54 321024 ----a-w- c:\windows\SysWow64\igfxdv32.dll
2012-02-15 00:53 . 2012-02-15 00:53 524800 ----a-w- c:\windows\system32\iglhsip64.dll
2012-02-15 00:53 . 2012-02-15 00:53 519680 ----a-w- c:\windows\SysWow64\iglhsip32.dll
2012-02-15 00:53 . 2012-02-15 00:53 2967040 ----a-w- c:\windows\system32\igfxcmjit64.dll
2012-02-15 00:53 . 2012-02-15 00:53 237056 ----a-w- c:\windows\SysWow64\igfxcmrt32.dll
2012-02-15 00:53 . 2012-02-15 00:53 2321408 ----a-w- c:\windows\SysWow64\igfxcmjit32.dll
2012-02-15 00:53 . 2012-02-15 00:53 213504 ----a-w- c:\windows\system32\iglhcp64.dll
2012-02-15 00:53 . 2012-02-15 00:53 193024 ----a-w- c:\windows\system32\igfxcmrt64.dll
2012-02-15 00:53 . 2012-02-15 00:53 177152 ----a-w- c:\windows\SysWow64\iglhcp32.dll
2012-02-10 06:36 . 2012-03-13 19:51 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-13 19:51 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-07 18:02 . 2012-02-07 18:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-03 04:34 . 2012-03-13 19:51 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-01-25 06:38 . 2012-03-13 19:51 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 06:38 . 2012-03-13 19:51 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 06:33 . 2012-03-13 19:51 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
((((((((((((((((((((((((((((( [email protected]_02.05.11 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-04-18 22:26 . 2012-04-18 22:05 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012041820120419\index.dat
+ 2012-04-18 22:26 . 2012-04-19 02:05 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012041820120419\index.dat
- 2012-03-20 01:41 . 2012-04-18 22:05 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2012-03-20 01:41 . 2012-04-19 02:05 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2010-11-21 03:09 . 2012-04-19 02:38 58394 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-19 02:38 39916 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-08-28 03:35 . 2012-04-19 02:38 13712 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3563503147-2756799943-420070046-1000_UserData.bin
+ 2012-04-19 02:36 . 2012-04-19 02:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-19 02:04 . 2012-04-19 02:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-19 02:36 . 2012-04-19 02:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-19 02:04 . 2012-04-19 02:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-03-20 01:37 . 2012-04-19 01:56 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-03-20 01:37 . 2012-04-19 02:25 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 04:54 . 2012-04-19 02:36 376832 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-04-19 02:04 376832 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-04-19 02:05 3604480 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-19 02:36 3604480 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-19 02:05 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-19 02:36 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-03-13 03:25 1869152 ----a-w- c:\program files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-13 1869152]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-02-28 740216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG10\avgtray.exe" [2012-01-18 2339168]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2011-06-15 307200]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-13 642856]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-03-13 982880]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"ROC_roc_dec12"="c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-18 928096]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Anvi Smart Defender"="c:\program files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe" [2012-02-03 715048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-09-18 560128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart\0lsdelete
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-28 136176]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-11-10 167264]
R3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2010-10-05 87336]
R3 cphs;Intel(R) Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-02-15 276248]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-08-28 1431888]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-28 136176]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 avfsmn;avfsmn;c:\windows\system32\DRIVERS\avfsmn.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 asdsrv;Anvi Smart Defender Realtime Guard Service;c:\program files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe [2012-02-03 296232]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG10\avgfws.exe [2011-03-10 2708024]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-01-31 7391072]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
S2 avhips;AntiMalware Host-based Intrusion Prevention System;c:\windows\system32\DRIVERS\avhips.sys [x]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2012-03-24 2152152]
S2 LinksysUpdater;Linksys Updater;c:\program files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-11-13 204800]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-09-24 641832]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [2012-03-13 918880]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2012-03-24 17152]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - LAVASOFT_KERNEXPLORER
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-28 04:19]
.
2012-04-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-28 04:19]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-01-25 1802472]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-15 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-15 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-15 440600]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Allen\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Allen\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.1.1 68.105.28.11 68.105.29.11
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Allen\AppData\Roaming\Mozilla\Firefox\Profiles\jhe5f2e4.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B5ca33d0f-a28b-40ef-bba1-e75d3462a936%7D&mid=723401a1c73c47d182722104e4131ab1-e84d043a854254fd25cce16dee0a8f29c2d2e908&ds=AVG&v=10.0.0.7&lang=us&pr=pa&d=2011-12-11%2010%3A49%3A07&sap=ku&q=
FF - user.js: general.useragent.extra.brc - 
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\java.exe
c:\program files (x86)\AVG\AVG10\avgam.exe
c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
c:\\.\globalroot\systemroot\svchost.exe
.
**************************************************************************
.
Completion time: 2012-04-18 19:42:54 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-19 02:42
ComboFix2.txt 2012-04-19 02:10
.
Pre-Run: 687,531,835,392 bytes free
Post-Run: 687,466,512,384 bytes free
.
- - End Of File - - 193851CFCF01B23A97E29F2A00A8A141


----------



## kevinf80 (Mar 21, 2006)

There is a rootkit on your system, run the following please:

*Please read carefully and follow these steps.*

Download *TDSSKiller* and save it to your Desktop.
Doubleclick on *TDSSKiller.exe* to run the application.
Click on* "Change parameters"* and place a checkmark next to Verify *Driver Digital Signature* and *Detect TDLFS file system*, then click OK










Select Scan
If an infected file is detected, the default action will be *Cure*, click on *Continue.*










If a suspicious file is detected, the default action will be *Skip*, click on *Continue.*










It may ask you to reboot the computer to complete the process. Click on *Reboot Now*.










If no reboot is require, click on *Report*. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "*TDSSKiller.[Version]_[Date]_[Time]_log.txt*". Please copy and paste the contents of that file here.

Next,

If you have Malwarebytes installed, update and run quick scan. Kill what it finds. If not here are full instructiions..








Please download *Malwarebytes* Anti-Malware and save it to your desktop.
*Alernative D/L mirror*
*Alternative D/L mirror*

Double Click mbam-setup.exe to install the application.

 Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
 If an update is found, it will download and install the latest version.
 Once the program has loaded, select "Perform Quick Scan", then click Scan.
 The scan may take some time to finish,so please be patient.
 When the scan is complete, click OK, then Show Results to view the results.
 Make sure that everything is checked, and click Remove Selected.
 When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
 Please save the log to a location you will remember.
 The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
 Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Let me see those two logs please...

Kevin


----------



## Worldinacup (Apr 10, 2012)

TDSSKiller Log:

15:58:02.0037 5916 TDSS rootkit removing tool 2.7.29.0 Apr 18 2012 16:44:20
15:58:04.0037 5916 ============================================================
15:58:04.0037 5916 Current date / time: 2012/04/19 15:58:04.0037
15:58:04.0037 5916 SystemInfo:
15:58:04.0037 5916 
15:58:04.0037 5916 OS Version: 6.1.7601 ServicePack: 1.0
15:58:04.0037 5916 Product type: Workstation
15:58:04.0037 5916 ComputerName: ALLEN-PC
15:58:04.0037 5916 UserName: Allen
15:58:04.0037 5916 Windows directory: C:\Windows
15:58:04.0037 5916 System windows directory: C:\Windows
15:58:04.0037 5916 Running under WOW64
15:58:04.0037 5916 Processor architecture: Intel x64
15:58:04.0037 5916 Number of processors: 4
15:58:04.0037 5916 Page size: 0x1000
15:58:04.0037 5916 Boot type: Normal boot
15:58:04.0037 5916 ============================================================
15:58:05.0297 5916 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:58:05.0317 5916 Drive \Device\Harddisk1\DR1 - Size: 0x1E3E0000 (0.47 Gb), SectorSize: 0x200, Cylinders: 0x3D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:58:05.0317 5916 Drive \Device\Harddisk2\DR2 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:58:05.0337 5916 \Device\Harddisk0\DR0:
15:58:05.0337 5916 MBR partitions:
15:58:05.0337 5916 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1B9F000
15:58:05.0337 5916 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1BB3000, BlocksNum 0x72B53000
15:58:05.0337 5916 \Device\Harddisk1\DR1:
15:58:05.0337 5916 MBR partitions:
15:58:05.0337 5916 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x6, StartLBA 0xED, BlocksNum 0xF1DA3
15:58:05.0337 5916 \Device\Harddisk2\DR2:
15:58:05.0337 5916 MBR partitions:
15:58:05.0337 5916 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
15:58:05.0377 5916 C: <-> \Device\Harddisk0\DR0\Partition1
15:58:05.0397 5916 F: <-> \Device\Harddisk2\DR2\Partition0
15:58:05.0397 5916 Initialize success
15:58:05.0397 5916 ============================================================
15:58:30.0977 6476 ============================================================
15:58:30.0977 6476 Scan started
15:58:30.0977 6476 Mode: Manual; SigCheck; TDLFS; 
15:58:30.0977 6476 ============================================================
15:58:33.0764 6476 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
15:58:33.0913 6476 1394ohci - ok
15:58:33.0966 6476 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:58:33.0996 6476 ACPI - ok
15:58:34.0146 6476 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:58:34.0228 6476 AcpiPmi - ok
15:58:34.0314 6476 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:58:34.0322 6476 AdobeARMservice - ok
15:58:34.0465 6476 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
15:58:34.0488 6476 adp94xx - ok
15:58:34.0534 6476 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
15:58:34.0558 6476 adpahci - ok
15:58:34.0573 6476 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
15:58:34.0584 6476 adpu320 - ok
15:58:34.0643 6476 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
15:58:34.0753 6476 AeLookupSvc - ok
15:58:34.0811 6476 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
15:58:34.0839 6476 AFD - ok
15:58:34.0922 6476 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:58:34.0932 6476 agp440 - ok
15:58:34.0948 6476 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
15:58:34.0980 6476 ALG - ok
15:58:35.0002 6476 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:58:35.0010 6476 aliide - ok
15:58:35.0021 6476 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:58:35.0030 6476 amdide - ok
15:58:35.0043 6476 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
15:58:35.0069 6476 AmdK8 - ok
15:58:35.0088 6476 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
15:58:35.0099 6476 AmdPPM - ok
15:58:35.0404 6476 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
15:58:35.0414 6476 amdsata - ok
15:58:35.0431 6476 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
15:58:35.0442 6476 amdsbs - ok
15:58:35.0464 6476 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
15:58:35.0472 6476 amdxata - ok
15:58:35.0502 6476 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:58:35.0675 6476 AppID - ok
15:58:35.0714 6476 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
15:58:35.0769 6476 AppIDSvc - ok
15:58:35.0792 6476 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
15:58:35.0844 6476 Appinfo - ok
15:58:35.0985 6476 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:58:35.0997 6476 Apple Mobile Device - ok
15:58:36.0065 6476 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
15:58:36.0083 6476 arc - ok
15:58:36.0096 6476 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
15:58:36.0112 6476 arcsas - ok
15:58:36.0224 6476 asdsrv (2be4aa54c7728b7a432713961b09fa89) C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe
15:58:36.0253 6476 asdsrv - ok
15:58:36.0332 6476 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:58:36.0342 6476 aspnet_state - ok
15:58:36.0366 6476 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:58:36.0432 6476 AsyncMac - ok
15:58:36.0455 6476 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:58:36.0463 6476 atapi - ok
15:58:36.0504 6476 athr (195786ed7a26e1913a4f9799fdbc2c71) C:\Windows\system32\DRIVERS\athrx.sys
15:58:36.0569 6476 athr - ok
15:58:36.0610 6476 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:58:36.0664 6476 AudioEndpointBuilder - ok
15:58:36.0705 6476 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:58:36.0743 6476 AudioSrv - ok
15:58:36.0802 6476 avfsmn (7f5ea096d5edbaa9caeedf07dfae65da) C:\Windows\system32\DRIVERS\avfsmn.sys
15:58:36.0814 6476 avfsmn - ok
15:58:36.0966 6476 AVG Security Toolbar Service (d45b7995761253a92ab071d576114f28) C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe
15:58:37.0006 6476 AVG Security Toolbar Service - ok
15:58:37.0027 6476 Avgfwfd (705417fd6c165ccf926aca943b478d68) C:\Windows\system32\DRIVERS\avgfwd6a.sys
15:58:37.0034 6476 Avgfwfd - ok
15:58:37.0089 6476 avgfws (2f0c5ae2352f22b587edc2829c971262) C:\Program Files (x86)\AVG\AVG10\avgfws.exe
15:58:37.0132 6476 avgfws - ok
15:58:37.0537 6476 AVGIDSAgent (7a0f6a3e0e41425b9ba54616b482668a) C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
15:58:37.0625 6476 AVGIDSAgent - ok
15:58:37.0655 6476 AVGIDSDriver (e6671e90d38c88764412e07c9d9b3d63) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
15:58:37.0674 6476 AVGIDSDriver - ok
15:58:37.0728 6476 AVGIDSEH (1553b388e0f0462c25ad8f30c3c29e83) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
15:58:37.0740 6476 AVGIDSEH - ok
15:58:37.0754 6476 AVGIDSFilter (dca426a66739e75f51a72160dfb945ad) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
15:58:37.0767 6476 AVGIDSFilter - ok
15:58:37.0790 6476 Avgldx64 (ff7383388a7d2283dae5831abc2b0720) C:\Windows\system32\DRIVERS\avgldx64.sys
15:58:37.0807 6476 Avgldx64 - ok
15:58:37.0825 6476 Avgmfx64 (997d002827d3e3dcbbb25bf46db161ab) C:\Windows\system32\DRIVERS\avgmfx64.sys
15:58:37.0836 6476 Avgmfx64 - ok
15:58:37.0858 6476 Avgrkx64 (bccfe3374c887075cde2ac8fdb1cb2f8) C:\Windows\system32\DRIVERS\avgrkx64.sys
15:58:37.0869 6476 Avgrkx64 - ok
15:58:37.0896 6476 Avgtdia (0d49adcebe243b79366ea523b647519a) C:\Windows\system32\DRIVERS\avgtdia.sys
15:58:37.0914 6476 Avgtdia - ok
15:58:37.0988 6476 avgwd (fc2bc51120a945f7c70376495e4e7737) C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
15:58:38.0006 6476 avgwd - ok
15:58:38.0034 6476 avhips (e0edb0f31b9755fb8f8017f3326de033) C:\Windows\system32\DRIVERS\avhips.sys
15:58:38.0042 6476 avhips - ok
15:58:38.0078 6476 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
15:58:38.0147 6476 AxInstSV - ok
15:58:38.0245 6476 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
15:58:38.0306 6476 b06bdrv - ok
15:58:38.0360 6476 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:58:38.0403 6476 b57nd60a - ok
15:58:38.0440 6476 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
15:58:38.0484 6476 BDESVC - ok
15:58:38.0548 6476 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:58:38.0598 6476 Beep - ok
15:58:38.0634 6476 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
15:58:38.0677 6476 BFE - ok
15:58:38.0719 6476 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
15:58:38.0777 6476 BITS - ok
15:58:38.0801 6476 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:58:38.0812 6476 blbdrive - ok
15:58:38.0884 6476 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
15:58:38.0903 6476 Bonjour Service - ok
15:58:38.0931 6476 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:58:38.0984 6476 bowser - ok
15:58:39.0026 6476 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
15:58:39.0081 6476 BrFiltLo - ok
15:58:39.0135 6476 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
15:58:39.0155 6476 BrFiltUp - ok
15:58:39.0220 6476 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
15:58:39.0276 6476 BridgeMP - ok
15:58:39.0426 6476 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
15:58:39.0488 6476 Browser - ok
15:58:39.0512 6476 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:58:39.0542 6476 Brserid - ok
15:58:39.0591 6476 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:58:39.0622 6476 BrSerWdm - ok
15:58:39.0735 6476 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:58:39.0786 6476 BrUsbMdm - ok
15:58:39.0831 6476 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:58:39.0856 6476 BrUsbSer - ok
15:58:39.0923 6476 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
15:58:39.0955 6476 BTHMODEM - ok
15:58:40.0004 6476 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
15:58:40.0062 6476 bthserv - ok
15:58:40.0093 6476 catchme - ok
15:58:40.0170 6476 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:58:40.0235 6476 cdfs - ok
15:58:40.0268 6476 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
15:58:40.0301 6476 cdrom - ok
15:58:40.0346 6476 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:58:40.0390 6476 CertPropSvc - ok
15:58:40.0453 6476 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
15:58:40.0486 6476 circlass - ok
15:58:40.0516 6476 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:58:40.0536 6476 CLFS - ok
15:58:40.0592 6476 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:58:40.0606 6476 clr_optimization_v2.0.50727_32 - ok
15:58:40.0690 6476 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:58:40.0716 6476 clr_optimization_v2.0.50727_64 - ok
15:58:40.0764 6476 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:58:40.0775 6476 clr_optimization_v4.0.30319_32 - ok
15:58:40.0800 6476 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:58:40.0808 6476 clr_optimization_v4.0.30319_64 - ok
15:58:40.0838 6476 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
15:58:40.0869 6476 CmBatt - ok
15:58:40.0893 6476 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:58:40.0905 6476 cmdide - ok
15:58:40.0992 6476 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
15:58:41.0020 6476 CNG - ok
15:58:41.0069 6476 CnxtHdAudService (5c855932e4df00b1b6f5f6f57e82b6c5) C:\Windows\system32\drivers\CHDRT64.sys
15:58:41.0172 6476 CnxtHdAudService - ok
15:58:41.0385 6476 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
15:58:41.0401 6476 Compbatt - ok
15:58:41.0432 6476 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
15:58:41.0461 6476 CompositeBus - ok
15:58:41.0468 6476 COMSysApp - ok
15:58:41.0572 6476 CoordinatorServiceHost (f46ff007508c32788d8d5f32f27c25c7) C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
15:58:41.0604 6476 CoordinatorServiceHost - ok
15:58:41.0665 6476 cphs (df3e8c2c443d3618260dff5705ce2df5) C:\Windows\SysWow64\IntelCpHeciSvc.exe
15:58:41.0685 6476 cphs - ok
15:58:41.0698 6476 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
15:58:41.0713 6476 crcdisk - ok
15:58:41.0746 6476 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
15:58:41.0803 6476 CryptSvc - ok
15:58:41.0867 6476 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:58:41.0924 6476 DcomLaunch - ok
15:58:41.0961 6476 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
15:58:42.0018 6476 defragsvc - ok
15:58:42.0045 6476 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:58:42.0116 6476 DfsC - ok
15:58:42.0154 6476 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
15:58:42.0207 6476 Dhcp - ok
15:58:42.0233 6476 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:58:42.0281 6476 discache - ok
15:58:42.0370 6476 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
15:58:42.0385 6476 Disk - ok
15:58:42.0409 6476 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
15:58:42.0437 6476 Dnscache - ok
15:58:42.0484 6476 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
15:58:42.0525 6476 dot3svc - ok
15:58:42.0541 6476 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
15:58:42.0577 6476 DPS - ok
15:58:42.0655 6476 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:58:42.0679 6476 drmkaud - ok
15:58:42.0708 6476 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:58:42.0731 6476 DXGKrnl - ok
15:58:42.0774 6476 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
15:58:42.0801 6476 EapHost - ok
15:58:43.0458 6476 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
15:58:43.0550 6476 ebdrv - ok
15:58:43.0578 6476 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
15:58:43.0587 6476 EFS - ok
15:58:43.0639 6476 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
15:58:43.0699 6476 ehRecvr - ok
15:58:43.0724 6476 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
15:58:43.0739 6476 ehSched - ok
15:58:43.0795 6476 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
15:58:43.0814 6476 elxstor - ok
15:58:43.0831 6476 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:58:43.0857 6476 ErrDev - ok
15:58:43.0902 6476 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
15:58:43.0958 6476 EventSystem - ok
15:58:43.0994 6476 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:58:44.0031 6476 exfat - ok
15:58:44.0052 6476 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:58:44.0079 6476 fastfat - ok
15:58:44.0163 6476 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
15:58:44.0217 6476 Fax - ok
15:58:44.0238 6476 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
15:58:44.0274 6476 fdc - ok
15:58:44.0299 6476 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
15:58:44.0325 6476 fdPHost - ok
15:58:44.0338 6476 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
15:58:44.0365 6476 FDResPub - ok
15:58:44.0383 6476 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:58:44.0392 6476 FileInfo - ok
15:58:44.0410 6476 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:58:44.0507 6476 Filetrace - ok
15:58:44.0586 6476 FLEXnet Licensing Service (73081cf28f0ae20a52ca4f67cee6e6b0) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
15:58:44.0619 6476 FLEXnet Licensing Service - ok
15:58:44.0753 6476 FLEXnet Licensing Service 64 (5cee6cd43ae5844c49300ea0b1e557ee) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
15:58:44.0800 6476 FLEXnet Licensing Service 64 - ok
15:58:44.0824 6476 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
15:58:44.0846 6476 flpydisk - ok
15:58:44.0868 6476 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:58:44.0887 6476 FltMgr - ok
15:58:44.0917 6476 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
15:58:44.0974 6476 FontCache - ok
15:58:45.0064 6476 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:58:45.0077 6476 FontCache3.0.0.0 - ok
15:58:45.0094 6476 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:58:45.0117 6476 FsDepends - ok
15:58:45.0147 6476 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
15:58:45.0162 6476 Fs_Rec - ok
15:58:45.0187 6476 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:58:45.0210 6476 fvevol - ok
15:58:45.0359 6476 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
15:58:45.0373 6476 gagp30kx - ok
15:58:45.0402 6476 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:58:45.0413 6476 GEARAspiWDM - ok
15:58:45.0466 6476 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
15:58:45.0479 6476 GoToAssist - ok
15:58:45.0513 6476 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
15:58:45.0558 6476 gpsvc - ok
15:58:45.0622 6476 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:58:45.0635 6476 gupdate - ok
15:58:45.0639 6476 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:58:45.0651 6476 gupdatem - ok
15:58:45.0676 6476 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
15:58:45.0686 6476 hamachi - ok
15:58:45.0726 6476 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:58:45.0756 6476 hcw85cir - ok
15:58:45.0776 6476 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:58:45.0846 6476 HDAudBus - ok
15:58:45.0866 6476 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
15:58:45.0896 6476 HidBatt - ok
15:58:45.0916 6476 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
15:58:45.0946 6476 HidBth - ok
15:58:45.0956 6476 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
15:58:45.0976 6476 HidIr - ok
15:58:45.0996 6476 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
15:58:46.0036 6476 hidserv - ok
15:58:46.0166 6476 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
15:58:46.0186 6476 HidUsb - ok
15:58:46.0216 6476 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
15:58:46.0246 6476 hkmsvc - ok
15:58:46.0276 6476 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
15:58:46.0306 6476 HomeGroupListener - ok
15:58:46.0356 6476 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
15:58:46.0396 6476 HomeGroupProvider - ok
15:58:46.0426 6476 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:58:46.0436 6476 HpSAMD - ok
15:58:46.0466 6476 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:58:46.0516 6476 HTTP - ok
15:58:46.0546 6476 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:58:46.0556 6476 hwpolicy - ok
15:58:46.0576 6476 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
15:58:46.0616 6476 i8042prt - ok
15:58:46.0636 6476 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
15:58:46.0656 6476 iaStorV - ok
15:58:46.0726 6476 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:58:46.0756 6476 idsvc - ok
15:58:47.0006 6476 igfx (276ee9cdab16c50e1df0e4cefa882f5f) C:\Windows\system32\DRIVERS\igdkmd64.sys
15:58:47.0416 6476 igfx - ok
15:58:47.0466 6476 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
15:58:47.0486 6476 iirsp - ok
15:58:47.0526 6476 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
15:58:47.0576 6476 IKEEXT - ok
15:58:47.0616 6476 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
15:58:47.0656 6476 IntcDAud - ok
15:58:47.0696 6476 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:58:47.0706 6476 intelide - ok
15:58:47.0736 6476 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:58:47.0756 6476 intelppm - ok
15:58:47.0786 6476 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
15:58:47.0836 6476 IPBusEnum - ok
15:58:47.0866 6476 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:58:47.0886 6476 IpFilterDriver - ok
15:58:47.0916 6476 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
15:58:47.0956 6476 iphlpsvc - ok
15:58:47.0996 6476 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:58:48.0026 6476 IPMIDRV - ok
15:58:48.0056 6476 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:58:48.0096 6476 IPNAT - ok
15:58:48.0216 6476 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
15:58:48.0246 6476 iPod Service - ok
15:58:48.0266 6476 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:58:48.0296 6476 IRENUM - ok
15:58:48.0316 6476 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:58:48.0326 6476 isapnp - ok
15:58:48.0346 6476 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:58:48.0366 6476 iScsiPrt - ok
15:58:48.0406 6476 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
15:58:48.0416 6476 kbdclass - ok
15:58:48.0446 6476 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
15:58:48.0476 6476 kbdhid - ok
15:58:48.0506 6476 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:58:48.0516 6476 KeyIso - ok
15:58:48.0526 6476 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
15:58:48.0546 6476 KSecDD - ok
15:58:48.0566 6476 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
15:58:48.0576 6476 KSecPkg - ok
15:58:48.0596 6476 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:58:48.0666 6476 ksthunk - ok
15:58:48.0696 6476 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
15:58:48.0736 6476 KtmRm - ok
15:58:48.0766 6476 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
15:58:48.0806 6476 LanmanServer - ok
15:58:48.0836 6476 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
15:58:48.0916 6476 LanmanWorkstation - ok
15:58:48.0996 6476 Lavasoft Ad-Aware Service (ea38136981c61c571d52c380daad46ef) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
15:58:49.0036 6476 Lavasoft Ad-Aware Service - ok
15:58:49.0226 6476 Lavasoft Kernexplorer (9a7fa6371f68335fd3c3d6488bc5a9f8) C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys
15:58:49.0266 6476 Lavasoft Kernexplorer - ok
15:58:49.0356 6476 Lbd (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys
15:58:49.0376 6476 Lbd - ok
15:58:49.0446 6476 LinksysUpdater (06dc2fdc6282f0d68910417b1150c848) C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe
15:58:49.0456 6476 LinksysUpdater ( UnsignedFile.Multi.Generic ) - warning
15:58:49.0456 6476 LinksysUpdater - detected UnsignedFile.Multi.Generic (1)
15:58:49.0536 6476 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:58:49.0596 6476 lltdio - ok
15:58:49.0636 6476 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
15:58:49.0686 6476 lltdsvc - ok
15:58:49.0716 6476 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
15:58:49.0776 6476 lmhosts - ok
15:58:49.0816 6476 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
15:58:49.0826 6476 LSI_FC - ok
15:58:49.0846 6476 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
15:58:49.0866 6476 LSI_SAS - ok
15:58:49.0876 6476 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
15:58:49.0886 6476 LSI_SAS2 - ok
15:58:49.0906 6476 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
15:58:49.0916 6476 LSI_SCSI - ok
15:58:49.0936 6476 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:58:50.0006 6476 luafv - ok
15:58:50.0046 6476 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
15:58:50.0056 6476 MBAMProtector - ok
15:58:50.0146 6476 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
15:58:50.0166 6476 MBAMService - ok
15:58:50.0246 6476 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
15:58:50.0296 6476 Mcx2Svc - ok
15:58:50.0306 6476 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
15:58:50.0326 6476 megasas - ok
15:58:50.0356 6476 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
15:58:50.0376 6476 MegaSR - ok
15:58:50.0386 6476 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
15:58:50.0396 6476 MEIx64 - ok
15:58:50.0476 6476 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
15:58:50.0496 6476 Microsoft Office Groove Audit Service - ok
15:58:50.0536 6476 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:58:50.0596 6476 MMCSS - ok
15:58:50.0616 6476 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:58:50.0656 6476 Modem - ok
15:58:50.0676 6476 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:58:50.0696 6476 monitor - ok
15:58:50.0736 6476 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:58:50.0756 6476 mouclass - ok
15:58:50.0776 6476 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:58:50.0806 6476 mouhid - ok
15:58:50.0846 6476 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:58:50.0856 6476 mountmgr - ok
15:58:50.0886 6476 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:58:50.0896 6476 mpio - ok
15:58:50.0916 6476 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:58:50.0946 6476 mpsdrv - ok
15:58:51.0006 6476 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
15:58:51.0066 6476 MpsSvc - ok
15:58:51.0116 6476 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:58:51.0186 6476 MRxDAV - ok
15:58:51.0536 6476 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:58:51.0616 6476 mrxsmb - ok
15:58:51.0646 6476 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:58:51.0666 6476 mrxsmb10 - ok
15:58:51.0686 6476 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:58:51.0696 6476 mrxsmb20 - ok
15:58:51.0706 6476 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:58:51.0716 6476 msahci - ok
15:58:51.0736 6476 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:58:51.0756 6476 msdsm - ok
15:58:51.0796 6476 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
15:58:51.0856 6476 MSDTC - ok
15:58:51.0886 6476 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:58:51.0906 6476 Msfs - ok
15:58:51.0966 6476 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:58:51.0996 6476 mshidkmdf - ok
15:58:52.0036 6476 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:58:52.0046 6476 msisadrv - ok
15:58:52.0106 6476 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
15:58:52.0156 6476 MSiSCSI - ok
15:58:52.0166 6476 msiserver - ok
15:58:52.0186 6476 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:58:52.0236 6476 MSKSSRV - ok
15:58:52.0326 6476 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:58:52.0386 6476 MSPCLOCK - ok
15:58:52.0416 6476 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:58:52.0456 6476 MSPQM - ok
15:58:52.0476 6476 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:58:52.0496 6476 MsRPC - ok
15:58:52.0506 6476 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
15:58:52.0516 6476 mssmbios - ok
15:58:52.0576 6476 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:58:52.0626 6476 MSTEE - ok
15:58:52.0666 6476 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
15:58:52.0696 6476 MTConfig - ok
15:58:52.0716 6476 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:58:52.0726 6476 Mup - ok
15:58:52.0756 6476 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
15:58:52.0826 6476 napagent - ok
15:58:52.0856 6476 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:58:52.0896 6476 NativeWifiP - ok
15:58:53.0036 6476 NAUpdate (1bbbf640bc0e0b750537baece8d66c18) C:\Program Files (x86)\Nero\Update\NASvc.exe
15:58:53.0066 6476 NAUpdate - ok
15:58:53.0166 6476 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
15:58:53.0196 6476 NDIS - ok
15:58:53.0216 6476 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:58:53.0266 6476 NdisCap - ok
15:58:53.0506 6476 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:58:53.0536 6476 NdisTapi - ok
15:58:53.0556 6476 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:58:53.0596 6476 Ndisuio - ok
15:58:53.0616 6476 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:58:53.0666 6476 NdisWan - ok
15:58:53.0726 6476 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:58:53.0766 6476 NDProxy - ok
15:58:53.0786 6476 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:58:53.0826 6476 NetBIOS - ok
15:58:53.0846 6476 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:58:53.0866 6476 NetBT - ok
15:58:53.0896 6476 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:58:53.0906 6476 Netlogon - ok
15:58:53.0946 6476 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
15:58:54.0016 6476 Netman - ok
15:58:54.0086 6476 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:58:54.0106 6476 NetMsmqActivator - ok
15:58:54.0106 6476 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:58:54.0126 6476 NetPipeActivator - ok
15:58:54.0166 6476 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
15:58:54.0236 6476 netprofm - ok
15:58:54.0246 6476 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:58:54.0246 6476 NetTcpActivator - ok
15:58:54.0256 6476 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:58:54.0256 6476 NetTcpPortSharing - ok
15:58:54.0296 6476 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
15:58:54.0316 6476 nfrd960 - ok
15:58:54.0336 6476 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
15:58:54.0396 6476 NlaSvc - ok
15:58:54.0486 6476 nmservice (cd2fe9c33cfd0fe0af124e05907e5c3d) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
15:58:54.0506 6476 nmservice - ok
15:58:54.0656 6476 NOBU (b9b72faaaa41d59b73b88fe3dd737ed1) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
15:58:54.0696 6476 NOBU - ok
15:58:54.0846 6476 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:58:54.0886 6476 Npfs - ok
15:58:54.0896 6476 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
15:58:54.0936 6476 nsi - ok
15:58:54.0956 6476 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:58:55.0006 6476 nsiproxy - ok
15:58:55.0046 6476 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
15:58:55.0086 6476 Ntfs - ok
15:58:55.0186 6476 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:58:55.0226 6476 Null - ok
15:58:55.0276 6476 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
15:58:55.0296 6476 nvraid - ok
15:58:55.0316 6476 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
15:58:55.0326 6476 nvstor - ok
15:58:55.0446 6476 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:58:55.0466 6476 nv_agp - ok
15:58:55.0566 6476 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:58:55.0586 6476 odserv - ok
15:58:55.0606 6476 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:58:55.0636 6476 ohci1394 - ok
15:58:55.0706 6476 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:58:55.0716 6476 ose - ok
15:58:55.0756 6476 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:58:55.0786 6476 p2pimsvc - ok
15:58:55.0816 6476 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
15:58:55.0836 6476 p2psvc - ok
15:58:55.0856 6476 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
15:58:55.0866 6476 Parport - ok
15:58:55.0896 6476 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
15:58:55.0916 6476 partmgr - ok
15:58:55.0926 6476 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
15:58:55.0956 6476 PcaSvc - ok
15:58:55.0986 6476 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:58:56.0006 6476 pci - ok
15:58:56.0026 6476 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:58:56.0036 6476 pciide - ok
15:58:56.0046 6476 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
15:58:56.0056 6476 pcmcia - ok
15:58:56.0076 6476 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:58:56.0086 6476 pcw - ok
15:58:56.0196 6476 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:58:56.0256 6476 PEAUTH - ok
15:58:56.0326 6476 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
15:58:56.0346 6476 PerfHost - ok
15:58:56.0396 6476 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
15:58:56.0466 6476 pla - ok
15:58:56.0506 6476 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
15:58:56.0536 6476 PlugPlay - ok
15:58:56.0566 6476 pnarp (4ff73a83a25d0eead4f5e6c841bb6704) C:\Windows\system32\DRIVERS\pnarp.sys
15:58:56.0576 6476 pnarp - ok
15:58:56.0586 6476 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
15:58:56.0616 6476 PNRPAutoReg - ok
15:58:56.0636 6476 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:58:56.0656 6476 PNRPsvc - ok
15:58:56.0686 6476 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
15:58:56.0756 6476 PolicyAgent - ok
15:58:56.0786 6476 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
15:58:56.0836 6476 Power - ok
15:58:56.0876 6476 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:58:56.0937 6476 PptpMiniport - ok
15:58:56.0957 6476 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
15:58:56.0977 6476 Processor - ok
15:58:57.0007 6476 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
15:58:57.0067 6476 ProfSvc - ok
15:58:57.0097 6476 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:58:57.0107 6476 ProtectedStorage - ok
15:58:57.0467 6476 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:58:57.0507 6476 Psched - ok
15:58:57.0527 6476 purendis (9a68a89f10f283a23afee2a1bfe4bffb) C:\Windows\system32\DRIVERS\purendis.sys
15:58:57.0537 6476 purendis - ok
15:58:57.0557 6476 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
15:58:57.0567 6476 PxHlpa64 - ok
15:58:57.0607 6476 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
15:58:57.0667 6476 ql2300 - ok
15:58:57.0697 6476 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
15:58:57.0707 6476 ql40xx - ok
15:58:57.0727 6476 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
15:58:57.0747 6476 QWAVE - ok
15:58:57.0757 6476 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:58:57.0787 6476 QWAVEdrv - ok
15:58:57.0807 6476 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:58:57.0837 6476 RasAcd - ok
15:58:57.0867 6476 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:58:57.0897 6476 RasAgileVpn - ok
15:58:57.0917 6476 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
15:58:57.0997 6476 RasAuto - ok
15:58:58.0017 6476 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:58:58.0087 6476 Rasl2tp - ok
15:58:58.0107 6476 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
15:58:58.0235 6476 RasMan - ok
15:58:58.0259 6476 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:58:58.0309 6476 RasPppoe - ok
15:58:58.0332 6476 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:58:58.0359 6476 RasSstp - ok
15:58:58.0381 6476 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:58:58.0422 6476 rdbss - ok
15:58:58.0671 6476 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
15:58:58.0772 6476 rdpbus - ok
15:58:58.0788 6476 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:58:58.0816 6476 RDPCDD - ok
15:58:58.0832 6476 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:58:58.0874 6476 RDPENCDD - ok
15:58:58.0902 6476 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:58:58.0928 6476 RDPREFMP - ok
15:58:58.0964 6476 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
15:58:58.0991 6476 RDPWD - ok
15:58:59.0057 6476 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:58:59.0075 6476 rdyboost - ok
15:58:59.0107 6476 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
15:58:59.0158 6476 RemoteAccess - ok
15:58:59.0178 6476 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
15:58:59.0233 6476 RemoteRegistry - ok
15:58:59.0380 6476 RoxMediaDB12OEM (3c957189b31c34d3ad21967b12b6aed7) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
15:58:59.0450 6476 RoxMediaDB12OEM - ok
15:58:59.0476 6476 RoxWatch12 (2b73088cc2ca757a172b425c9398e5bc) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
15:58:59.0492 6476 RoxWatch12 - ok
15:58:59.0542 6476 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
15:58:59.0610 6476 RpcEptMapper - ok
15:58:59.0635 6476 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
15:58:59.0646 6476 RpcLocator - ok
15:58:59.0664 6476 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:58:59.0696 6476 RpcSs - ok
15:58:59.0735 6476 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:58:59.0780 6476 rspndr - ok
15:58:59.0866 6476 RTL8167 (6d3c7e7d82d3dc92dc2a8b0df9f20f8a) C:\Windows\system32\DRIVERS\Rt64win7.sys
15:58:59.0887 6476 RTL8167 - ok
15:58:59.0910 6476 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:58:59.0923 6476 SamSs - ok
15:58:59.0940 6476 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:58:59.0951 6476 sbp2port - ok
15:58:59.0971 6476 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
15:59:00.0000 6476 SCardSvr - ok
15:59:00.0024 6476 SCDEmu (b2f50286dc82b93c013e3fc57ba1a956) C:\Windows\system32\drivers\SCDEmu.sys
15:59:00.0039 6476 SCDEmu - ok
15:59:00.0088 6476 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:59:00.0136 6476 scfilter - ok
15:59:00.0174 6476 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
15:59:00.0246 6476 Schedule - ok
15:59:00.0283 6476 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:59:00.0309 6476 SCPolicySvc - ok
15:59:00.0338 6476 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
15:59:00.0350 6476 SDRSVC - ok
15:59:00.0369 6476 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:59:00.0415 6476 secdrv - ok
15:59:00.0452 6476 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
15:59:00.0492 6476 seclogon - ok
15:59:00.0519 6476 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
15:59:00.0557 6476 SENS - ok
15:59:00.0600 6476 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
15:59:00.0611 6476 SensrSvc - ok
15:59:00.0640 6476 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
15:59:00.0664 6476 Serenum - ok
15:59:00.0698 6476 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
15:59:00.0727 6476 Serial - ok
15:59:00.0757 6476 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
15:59:00.0781 6476 sermouse - ok
15:59:00.0846 6476 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
15:59:00.0895 6476 SessionEnv - ok
15:59:00.0917 6476 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:59:00.0944 6476 sffdisk - ok
15:59:00.0952 6476 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:59:00.0964 6476 sffp_mmc - ok
15:59:00.0983 6476 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:59:01.0001 6476 sffp_sd - ok
15:59:01.0012 6476 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
15:59:01.0023 6476 sfloppy - ok
15:59:01.0199 6476 SftService (74ec60e20516aaa573be74f31175270f) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
15:59:01.0226 6476 SftService - ok
15:59:01.0251 6476 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
15:59:01.0281 6476 SharedAccess - ok
15:59:01.0305 6476 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
15:59:01.0336 6476 ShellHWDetection - ok
15:59:01.0412 6476 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
15:59:01.0428 6476 SiSRaid2 - ok
15:59:01.0444 6476 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
15:59:01.0454 6476 SiSRaid4 - ok
15:59:01.0489 6476 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:59:01.0534 6476 Smb - ok
15:59:01.0572 6476 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
15:59:01.0625 6476 SNMPTRAP - ok
15:59:01.0701 6476 SolidWorks Licensing Service (4945020bc094c322571184a6e8056b3a) C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
15:59:01.0743 6476 SolidWorks Licensing Service ( UnsignedFile.Multi.Generic ) - warning
15:59:01.0743 6476 SolidWorks Licensing Service - detected UnsignedFile.Multi.Generic (1)
15:59:01.0764 6476 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:59:01.0772 6476 spldr - ok
15:59:01.0791 6476 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
15:59:01.0822 6476 Spooler - ok
15:59:01.0902 6476 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
15:59:01.0975 6476 sppsvc - ok
15:59:02.0014 6476 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
15:59:02.0054 6476 sppuinotify - ok
15:59:02.0095 6476 srv  (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:59:02.0138 6476 srv - ok
15:59:02.0165 6476 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:59:02.0195 6476 srv2 - ok
15:59:02.0221 6476 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:59:02.0231 6476 srvnet - ok
15:59:02.0256 6476 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
15:59:02.0298 6476 SSDPSRV - ok
15:59:02.0352 6476 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
15:59:02.0388 6476 SstpSvc - ok
15:59:02.0428 6476 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
15:59:02.0440 6476 stexstor - ok
15:59:02.0484 6476 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
15:59:02.0518 6476 stisvc - ok
15:59:02.0631 6476 stllssvr (7731f46ec0d687a931cba063e8f90ef0) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
15:59:02.0666 6476 stllssvr - ok
15:59:02.0683 6476 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
15:59:02.0692 6476 swenum - ok
15:59:02.0718 6476 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
15:59:02.0764 6476 swprv - ok
15:59:02.0802 6476 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
15:59:02.0858 6476 SysMain - ok
15:59:02.0906 6476 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
15:59:02.0921 6476 TabletInputService - ok
15:59:02.0938 6476 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
15:59:02.0980 6476 TapiSrv - ok
15:59:03.0003 6476 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
15:59:03.0029 6476 TBS - ok
15:59:03.0099 6476 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
15:59:03.0201 6476 Tcpip - ok
15:59:03.0329 6476 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
15:59:03.0359 6476 TCPIP6 - ok
15:59:03.0385 6476 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:59:03.0457 6476 tcpipreg - ok
15:59:03.0485 6476 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:59:03.0503 6476 TDPIPE - ok
15:59:03.0518 6476 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
15:59:03.0528 6476 TDTCP - ok
15:59:03.0548 6476 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:59:03.0577 6476 tdx - ok
15:59:03.0587 6476 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
15:59:03.0596 6476 TermDD - ok
15:59:03.0629 6476 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
15:59:03.0684 6476 TermService - ok
15:59:03.0703 6476 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
15:59:03.0751 6476 Themes - ok
15:59:03.0787 6476 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:59:03.0824 6476 THREADORDER - ok
15:59:03.0854 6476 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
15:59:03.0912 6476 TrkWks - ok
15:59:03.0940 6476 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
15:59:04.0000 6476 TrustedInstaller - ok
15:59:04.0022 6476 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:59:04.0062 6476 tssecsrv - ok
15:59:04.0082 6476 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:59:04.0091 6476 TsUsbFlt - ok
15:59:04.0149 6476 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
15:59:04.0165 6476 TsUsbGD - ok
15:59:04.0185 6476 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:59:04.0225 6476 tunnel - ok
15:59:04.0302 6476 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
15:59:04.0318 6476 uagp35 - ok
15:59:04.0353 6476 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:59:04.0399 6476 udfs - ok
15:59:04.0440 6476 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
15:59:04.0453 6476 UI0Detect - ok
15:59:04.0492 6476 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:59:04.0527 6476 uliagpkx - ok
15:59:04.0548 6476 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
15:59:04.0570 6476 umbus - ok
15:59:04.0592 6476 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
15:59:04.0603 6476 UmPass - ok
15:59:04.0620 6476 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
15:59:04.0659 6476 upnphost - ok
15:59:04.0690 6476 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
15:59:04.0753 6476 USBAAPL64 - ok
15:59:04.0852 6476 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\Windows\system32\DRIVERS\usbccgp.sys
15:59:04.0882 6476 usbccgp - ok
15:59:04.0913 6476 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:59:04.0934 6476 usbcir - ok
15:59:04.0950 6476 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
15:59:04.0981 6476 usbehci - ok
15:59:05.0013 6476 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
15:59:05.0028 6476 usbhub - ok
15:59:05.0078 6476 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
15:59:05.0122 6476 usbohci - ok
15:59:05.0570 6476 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:59:05.0726 6476 usbprint - ok
15:59:05.0762 6476 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:59:05.0791 6476 USBSTOR - ok
15:59:05.0829 6476 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
15:59:05.0848 6476 usbuhci - ok
15:59:05.0890 6476 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
15:59:05.0916 6476 UxSms - ok
15:59:05.0954 6476 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:59:05.0962 6476 VaultSvc - ok
15:59:05.0985 6476 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:59:05.0993 6476 vdrvroot - ok
15:59:06.0022 6476 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
15:59:06.0063 6476 vds - ok
15:59:06.0092 6476 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:59:06.0105 6476 vga - ok
15:59:06.0165 6476 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:59:06.0267 6476 VgaSave - ok
15:59:06.0302 6476 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:59:06.0318 6476 vhdmp - ok
15:59:06.0341 6476 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:59:06.0349 6476 viaide - ok
15:59:06.0369 6476 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:59:06.0377 6476 volmgr - ok
15:59:06.0394 6476 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:59:06.0406 6476 volmgrx - ok
15:59:06.0430 6476 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:59:06.0442 6476 volsnap - ok
15:59:06.0529 6476 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
15:59:06.0539 6476 vsmraid - ok
15:59:06.0592 6476 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
15:59:06.0641 6476 VSS - ok
15:59:06.0799 6476 vToolbarUpdater10.2.0 (3080f1f093869a19fb3d1f0226c73809) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
15:59:06.0821 6476 vToolbarUpdater10.2.0 - ok
15:59:06.0854 6476 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
15:59:06.0880 6476 vwifibus - ok
15:59:06.0917 6476 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
15:59:06.0931 6476 vwififlt - ok
15:59:06.0958 6476 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
15:59:07.0005 6476 W32Time - ok
15:59:07.0037 6476 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
15:59:07.0055 6476 WacomPen - ok
15:59:07.0121 6476 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:59:07.0158 6476 WANARP - ok
15:59:07.0161 6476 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:59:07.0185 6476 Wanarpv6 - ok
15:59:07.0327 6476 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
15:59:07.0381 6476 WatAdminSvc - ok
15:59:07.0427 6476 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
15:59:07.0476 6476 wbengine - ok
15:59:07.0526 6476 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
15:59:07.0558 6476 WbioSrvc - ok
15:59:07.0585 6476 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
15:59:07.0621 6476 wcncsvc - ok
15:59:07.0669 6476 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
15:59:07.0686 6476 WcsPlugInService - ok
15:59:07.0704 6476 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
15:59:07.0713 6476 Wd - ok
15:59:07.0739 6476 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:59:07.0757 6476 Wdf01000 - ok
15:59:07.0798 6476 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:59:07.0822 6476 WdiServiceHost - ok
15:59:07.0825 6476 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:59:07.0838 6476 WdiSystemHost - ok
15:59:07.0858 6476 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
15:59:07.0885 6476 WebClient - ok
15:59:07.0910 6476 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
15:59:07.0952 6476 Wecsvc - ok
15:59:07.0980 6476 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
15:59:08.0007 6476 wercplsupport - ok
15:59:08.0038 6476 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
15:59:08.0091 6476 WerSvc - ok
15:59:08.0138 6476 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:59:08.0167 6476 WfpLwf - ok
15:59:08.0192 6476 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
15:59:08.0202 6476 WimFltr - ok
15:59:08.0222 6476 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:59:08.0272 6476 WIMMount - ok
15:59:08.0299 6476 WinDefend - ok
15:59:08.0304 6476 WinHttpAutoProxySvc - ok
15:59:08.0349 6476 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
15:59:08.0377 6476 Winmgmt - ok
15:59:08.0422 6476 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
15:59:08.0488 6476 WinRM - ok
15:59:08.0558 6476 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
15:59:08.0586 6476 WinUsb - ok
15:59:08.0620 6476 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
15:59:08.0656 6476 Wlansvc - ok
15:59:08.0714 6476 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
15:59:08.0722 6476 wlcrasvc - ok
15:59:08.0839 6476 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:59:08.0872 6476 wlidsvc - ok
15:59:08.0899 6476 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
15:59:08.0921 6476 WmiAcpi - ok
15:59:08.0972 6476 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
15:59:09.0005 6476 wmiApSrv - ok
15:59:09.0028 6476 WMPNetworkSvc - ok
15:59:09.0084 6476 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
15:59:09.0104 6476 WPCSvc - ok
15:59:09.0130 6476 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
15:59:09.0173 6476 WPDBusEnum - ok
15:59:09.0220 6476 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:59:09.0257 6476 ws2ifsl - ok
15:59:09.0292 6476 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
15:59:09.0365 6476 wscsvc - ok
15:59:09.0406 6476 WSearch - ok
15:59:09.0457 6476 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
15:59:09.0551 6476 wuauserv - ok
15:59:09.0638 6476 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:59:09.0695 6476 WudfPf - ok
15:59:09.0728 6476 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:59:09.0766 6476 WUDFRd - ok
15:59:09.0782 6476 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
15:59:09.0808 6476 wudfsvc - ok
15:59:09.0835 6476 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
15:59:09.0892 6476 WwanSvc - ok
15:59:09.0914 6476 MBR (0x1B8) (e9f67288208d53ef770f82e186904857) \Device\Harddisk0\DR0
15:59:09.0940 6476 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
15:59:09.0940 6476 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
15:59:09.0975 6476 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
15:59:09.0975 6476 \Device\Harddisk0\DR0 - detected TDSS File System (1)
15:59:09.0984 6476 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
15:59:10.0211 6476 \Device\Harddisk1\DR1 - ok
15:59:10.0215 6476 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
15:59:10.0320 6476 \Device\Harddisk2\DR2 - ok
15:59:10.0338 6476 Boot (0x1200) (2896c877a4245a2d28ff8e05f0fcaf2e) \Device\Harddisk0\DR0\Partition0
15:59:10.0340 6476 \Device\Harddisk0\DR0\Partition0 - ok
15:59:10.0353 6476 Boot (0x1200) (b03a6bfc84a2db6b61f74f720740b165) \Device\Harddisk0\DR0\Partition1
15:59:10.0354 6476 \Device\Harddisk0\DR0\Partition1 - ok
15:59:10.0358 6476 Boot (0x1200) (432abaa4d726e866db3b98f18b2dcf27) \Device\Harddisk1\DR1\Partition0
15:59:10.0359 6476 \Device\Harddisk1\DR1\Partition0 - ok
15:59:10.0361 6476 Boot (0x1200) (a015d7820e171a2f71b244b96fe390de) \Device\Harddisk2\DR2\Partition0
15:59:10.0363 6476 \Device\Harddisk2\DR2\Partition0 - ok
15:59:10.0364 6476 ============================================================
15:59:10.0364 6476 Scan finished
15:59:10.0364 6476 ============================================================
15:59:10.0369 5468 Detected object count: 4
15:59:10.0369 5468 Actual detected object count: 4
15:59:36.0469 5468 LinksysUpdater ( UnsignedFile.Multi.Generic ) - skipped by user
15:59:36.0469 5468 LinksysUpdater ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:59:36.0470 5468 SolidWorks Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:59:36.0470 5468 SolidWorks Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:59:36.0498 5468 \Device\Harddisk0\DR0\# - copied to quarantine
15:59:36.0498 5468 \Device\Harddisk0\DR0 - copied to quarantine
15:59:36.0533 5468 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
15:59:36.0535 5468 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
15:59:36.0539 5468 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
15:59:36.0543 5468 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
15:59:36.0554 5468 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
15:59:36.0562 5468 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
15:59:36.0586 5468 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
15:59:36.0587 5468 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
15:59:36.0588 5468 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
15:59:36.0590 5468 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
15:59:36.0592 5468 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
15:59:36.0593 5468 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
15:59:36.0600 5468 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
15:59:36.0656 5468 \Device\Harddisk0\DR0 - ok
15:59:36.0699 5468 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure 
15:59:36.0700 5468 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
15:59:36.0700 5468 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 
15:59:41.0076 5096 Deinitialize success

MBAM Log:

Malwarebytes Anti-Malware (PRO) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.19.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Allen :: ALLEN-PC [administrator]

Protection: Enabled

4/19/2012 4:05:02 PM
mbam-log-2012-04-19 (16-05-02).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 207839
Time elapsed: 2 minute(s), 32 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


----------



## kevinf80 (Mar 21, 2006)

Thanks for the logs, TDSSKiller has nailed the rootkit, unfortunately Malwarebytes has not finished the infection off. OK we need to re-run Combofix.

Delete any versions of Combofix you have on your Desktop, download and save to your Desktop again from either of the following links:

*Link 1*
*Link 2*

Run Combofix again as you did previously, post the log on completion...

Kevin..


----------



## Worldinacup (Apr 10, 2012)

ComboFix 12-04-19.02 - Allen 04/19/2012 17:10:48.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6057.3832 [GMT -7:00]
Running from: c:\users\Allen\Desktop\ComboFix.exe
AV: AVG Internet Security 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-03-20 to 2012-04-20 )))))))))))))))))))))))))))))))
.
.
2012-04-20 00:15 . 2012-04-20 00:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-11 07:23 . 2012-02-28 07:37 174392 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-04-11 07:20 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 07:20 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 07:20 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-11 07:20 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 07:20 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 07:20 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-11 07:20 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-10 21:50 . 2012-01-09 08:26 24360 ----a-w- c:\windows\system32\drivers\avhips.sys
2012-04-10 21:50 . 2012-01-09 08:26 20264 ----a-w- c:\windows\system32\drivers\avfsmn.sys
2012-04-10 21:50 . 2012-04-10 21:50 -------- d-----w- c:\program files (x86)\Anvisoft
2012-04-10 21:27 . 2012-04-10 21:34 -------- d-----w- C:\sh4ldr
2012-04-10 21:27 . 2012-04-10 21:27 -------- d-----w- c:\program files\Enigma Software Group
2012-04-10 21:26 . 2012-04-10 21:34 -------- d-----w- c:\windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP
2012-04-10 21:26 . 2012-04-10 21:26 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-04-10 16:58 . 2012-04-19 23:04 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE
2012-04-10 07:11 . 2012-04-10 07:12 -------- d-----w- c:\program files\iTunes
2012-04-10 07:11 . 2012-04-10 07:12 -------- d-----w- c:\program files (x86)\iTunes
2012-04-10 07:11 . 2012-04-10 07:11 -------- d-----w- c:\program files\iPod
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-03-27 01:59 . 2012-04-10 16:57 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-26 03:31 . 2012-03-26 22:14 -------- d-----w- c:\users\Allen\AppData\Roaming\Tai
2012-03-26 03:31 . 2012-03-26 04:37 -------- d-----w- c:\users\Allen\AppData\Roaming\Xygof
2012-03-25 03:32 . 2012-03-25 03:51 -------- d-----w- c:\users\Allen\AppData\Roaming\redsn0w
2012-03-24 18:45 . 2012-03-24 17:04 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-03-24 18:43 . 2012-03-24 18:43 1270 ----a-w- C:\aaw7boot.cmd
2012-03-24 16:56 . 2012-03-20 20:41 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys
2012-03-24 16:56 . 2012-03-29 20:21 -------- d-----w- c:\program files (x86)\Lavasoft
2012-03-24 16:56 . 2012-03-29 20:27 -------- d-----w- c:\programdata\Lavasoft
2012-03-24 16:10 . 2012-03-24 16:10 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-24 16:10 . 2012-03-24 16:10 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 22:56 . 2011-09-10 06:07 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-20 01:28 . 2012-03-20 01:28 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\D3D4.tmp
2012-03-20 01:28 . 2012-03-20 01:28 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\D3C3.tmp
2012-02-17 06:38 . 2012-03-13 19:51 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-13 19:51 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-13 19:51 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-13 19:51 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-15 18:01 . 2012-02-15 18:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-02-15 18:01 . 2012-02-15 18:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 01:55 . 2012-02-15 01:55 276248 ----a-w- c:\windows\SysWow64\IntelCpHeciSvc.exe
2012-02-15 01:55 . 2012-02-15 01:55 5886232 ----a-w- c:\windows\system32\GfxUI.exe
2012-02-15 01:55 . 2012-02-15 01:55 511768 ----a-w- c:\windows\system32\igfxsrvc.exe
2012-02-15 01:55 . 2012-02-15 01:55 440600 ----a-w- c:\windows\system32\igfxpers.exe
2012-02-15 01:55 . 2012-02-15 01:55 398616 ----a-w- c:\windows\system32\hkcmd.exe
2012-02-15 01:55 . 2012-02-15 01:55 250136 ----a-w- c:\windows\system32\igfxext.exe
2012-02-15 01:55 . 2012-02-15 01:55 184600 ----a-w- c:\windows\system32\difx64.exe
2012-02-15 01:55 . 2012-02-15 01:55 170264 ----a-w- c:\windows\system32\igfxtray.exe
2012-02-15 01:53 . 2012-02-15 01:53 90112 ----a-w- c:\windows\system32\igfxCoIn_v2653.dll
2012-02-15 01:47 . 2012-02-15 01:47 8086528 ----a-w- c:\windows\system32\igdumd64.dll
2012-02-15 01:47 . 2012-02-15 01:47 14692224 ----a-w- c:\windows\system32\drivers\igdkmd64.sys
2012-02-15 01:47 . 2012-02-15 01:47 963912 ----a-w- c:\windows\system32\igkrng600.bin
2012-02-15 01:47 . 2012-02-15 01:47 79360 ----a-w- c:\windows\system32\igdde64.dll
2012-02-15 01:47 . 2012-02-15 01:47 261208 ----a-w- c:\windows\system32\igfcg600m.bin
2012-02-15 01:44 . 2011-06-30 03:40 6120960 ----a-w- c:\windows\SysWow64\igdumd32.dll
2012-02-15 01:44 . 2012-02-15 01:44 58880 ----a-w- c:\windows\SysWow64\igdde32.dll
2012-02-15 01:42 . 2011-06-30 03:40 9605632 ----a-w- c:\windows\system32\igd10umd64.dll
2012-02-15 01:35 . 2012-02-15 01:35 7794688 ----a-w- c:\windows\SysWow64\igd10umd32.dll
2012-02-15 01:07 . 2012-02-15 01:07 18125312 ----a-w- c:\windows\system32\ig4icd64.dll
2012-02-15 00:59 . 2012-02-15 00:59 13209600 ----a-w- c:\windows\SysWow64\ig4icd32.dll
2012-02-15 00:57 . 2012-02-15 00:57 439808 ----a-w- c:\windows\system32\igfxresn.lrc
2012-02-15 00:57 . 2012-02-15 00:57 439296 ----a-w- c:\windows\system32\igfxrrom.lrc
2012-02-15 00:57 . 2012-02-15 00:57 438784 ----a-w- c:\windows\system32\igfxrhrv.lrc
2012-02-15 00:57 . 2012-02-15 00:57 438272 ----a-w- c:\windows\system32\igfxrsky.lrc
2012-02-15 00:57 . 2012-02-15 00:57 437760 ----a-w- c:\windows\system32\igfxrtrk.lrc
2012-02-15 00:57 . 2012-02-15 00:57 437760 ----a-w- c:\windows\system32\igfxrsve.lrc
2012-02-15 00:57 . 2012-02-15 00:57 437760 ----a-w- c:\windows\system32\igfxrslv.lrc
2012-02-15 00:57 . 2012-02-15 00:57 437248 ----a-w- c:\windows\system32\igfxrtha.lrc
2012-02-15 00:57 . 2012-02-15 00:57 439296 ----a-w- c:\windows\system32\igfxrrus.lrc
2012-02-15 00:57 . 2012-02-15 00:57 438784 ----a-w- c:\windows\system32\igfxrptg.lrc
2012-02-15 00:57 . 2012-02-15 00:57 438784 ----a-w- c:\windows\system32\igfxrplk.lrc
2012-02-15 00:57 . 2012-02-15 00:57 438784 ----a-w- c:\windows\system32\igfxrita.lrc
2012-02-15 00:57 . 2012-02-15 00:57 437760 ----a-w- c:\windows\system32\igfxrptb.lrc
2012-02-15 00:57 . 2012-02-15 00:57 437760 ----a-w- c:\windows\system32\igfxrnor.lrc
2012-02-15 00:57 . 2012-02-15 00:57 432128 ----a-w- c:\windows\system32\igfxrjpn.lrc
2012-02-15 00:57 . 2012-02-15 00:57 430592 ----a-w- c:\windows\system32\igfxrkor.lrc
2012-02-15 00:57 . 2012-02-15 00:57 440320 ----a-w- c:\windows\system32\igfxrell.lrc
2012-02-15 00:57 . 2012-02-15 00:57 439808 ----a-w- c:\windows\system32\igfxrfra.lrc
2012-02-15 00:57 . 2012-02-15 00:57 438784 ----a-w- c:\windows\system32\igfxrdeu.lrc
2012-02-15 00:57 . 2012-02-15 00:57 438272 ----a-w- c:\windows\system32\igfxrhun.lrc
2012-02-15 00:57 . 2012-02-15 00:57 438272 ----a-w- c:\windows\system32\igfxrfin.lrc
2012-02-15 00:57 . 2012-02-15 00:57 435712 ----a-w- c:\windows\system32\igfxrheb.lrc
2012-02-15 00:57 . 2012-02-15 00:57 438784 ----a-w- c:\windows\system32\igfxrnld.lrc
2012-02-15 00:57 . 2012-02-15 00:57 438272 ----a-w- c:\windows\system32\igfxrcsy.lrc
2012-02-15 00:57 . 2012-02-15 00:57 437248 ----a-w- c:\windows\system32\igfxrdan.lrc
2012-02-15 00:57 . 2012-02-15 00:57 429056 ----a-w- c:\windows\system32\igfxrcht.lrc
2012-02-15 00:57 . 2012-02-15 00:57 428544 ----a-w- c:\windows\system32\igfxrchs.lrc
2012-02-15 00:57 . 2012-02-15 00:57 435712 ----a-w- c:\windows\system32\igfxrara.lrc
2012-02-15 00:57 . 2012-02-15 00:57 126976 ----a-w- c:\windows\system32\igfxcpl.cpl
2012-02-15 00:57 . 2012-02-15 00:57 386048 ----a-w- c:\windows\system32\igfxpph.dll
2012-02-15 00:57 . 2012-02-15 00:57 410624 ----a-w- c:\windows\system32\igfxTMM.dll
2012-02-15 00:57 . 2012-02-15 00:57 28672 ----a-w- c:\windows\system32\igfxexps.dll
2012-02-15 00:57 . 2011-06-30 03:40 63488 ----a-w- c:\windows\system32\igfxsrvc.dll
2012-02-15 00:56 . 2011-06-30 03:40 110592 ----a-w- c:\windows\system32\hccutils.dll
2012-02-15 00:56 . 2012-02-15 00:56 9216 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2012-02-15 00:56 . 2012-02-15 00:56 430080 ----a-w- c:\windows\system32\igfxdev.dll
2012-02-15 00:56 . 2012-02-15 00:56 172032 ----a-w- c:\windows\system32\gfxSrvc.dll
2012-02-15 00:56 . 2012-02-15 00:56 286208 ----a-w- c:\windows\system32\igfxrenu.lrc
2012-02-15 00:56 . 2012-02-15 00:56 142336 ----a-w- c:\windows\system32\igfxdo.dll
2012-02-15 00:56 . 2011-06-30 03:40 9007616 ----a-w- c:\windows\system32\igfxress.dll
2012-02-15 00:55 . 2012-02-15 00:55 25088 ----a-w- c:\windows\SysWow64\igfxexps32.dll
2012-02-15 00:54 . 2012-02-15 00:54 321024 ----a-w- c:\windows\SysWow64\igfxdv32.dll
2012-02-15 00:53 . 2012-02-15 00:53 524800 ----a-w- c:\windows\system32\iglhsip64.dll
2012-02-15 00:53 . 2012-02-15 00:53 519680 ----a-w- c:\windows\SysWow64\iglhsip32.dll
2012-02-15 00:53 . 2012-02-15 00:53 2967040 ----a-w- c:\windows\system32\igfxcmjit64.dll
2012-02-15 00:53 . 2012-02-15 00:53 237056 ----a-w- c:\windows\SysWow64\igfxcmrt32.dll
2012-02-15 00:53 . 2012-02-15 00:53 2321408 ----a-w- c:\windows\SysWow64\igfxcmjit32.dll
2012-02-15 00:53 . 2012-02-15 00:53 213504 ----a-w- c:\windows\system32\iglhcp64.dll
2012-02-15 00:53 . 2012-02-15 00:53 193024 ----a-w- c:\windows\system32\igfxcmrt64.dll
2012-02-15 00:53 . 2012-02-15 00:53 177152 ----a-w- c:\windows\SysWow64\iglhcp32.dll
2012-02-10 06:36 . 2012-03-13 19:51 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-13 19:51 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-07 18:02 . 2012-02-07 18:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-03 04:34 . 2012-03-13 19:51 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-01-25 06:38 . 2012-03-13 19:51 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 06:38 . 2012-03-13 19:51 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 06:33 . 2012-03-13 19:51 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
((((((((((((((((((((((((((((( [email protected]_02.05.11 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-03-31 00:53 . 2012-04-18 22:05 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2012-03-31 00:53 . 2012-04-19 02:46 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2012-04-19 22:33 . 2012-04-19 22:14 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012041920120420\index.dat
- 2012-04-18 22:26 . 2012-04-18 22:05 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012041820120419\index.dat
+ 2012-04-18 22:26 . 2012-04-19 02:46 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012041820120419\index.dat
- 2012-03-20 01:41 . 2012-04-18 22:05 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2012-03-20 01:41 . 2012-04-19 22:14 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2010-11-21 03:09 . 2012-04-19 22:15 58498 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-19 23:03 39988 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-08-28 03:35 . 2012-04-19 23:03 13728 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3563503147-2756799943-420070046-1000_UserData.bin
+ 2012-04-20 00:16 . 2012-04-20 00:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-19 02:04 . 2012-04-19 02:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-19 02:04 . 2012-04-19 02:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-20 00:16 . 2012-04-20 00:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-03-20 01:37 . 2012-04-19 01:56 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-03-20 01:37 . 2012-04-19 22:14 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 04:54 . 2012-04-20 00:16 376832 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-04-19 02:04 376832 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-08-29 01:53 . 2012-04-19 22:56 223384 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2009-07-14 04:54 . 2012-04-19 02:05 3604480 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-19 23:00 3604480 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-19 02:05 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-19 23:00 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-03-13 03:25 1869152 ----a-w- c:\program files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-13 1869152]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-02-28 740216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG10\avgtray.exe" [2012-01-18 2339168]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2011-06-15 307200]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-13 642856]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-03-13 982880]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"ROC_roc_dec12"="c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-18 928096]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Anvi Smart Defender"="c:\program files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe" [2012-02-03 715048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-09-18 560128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart\0lsdelete
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 asdsrv;Anvi Smart Defender Realtime Guard Service;c:\program files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe [2012-02-03 296232]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-28 136176]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-11-10 167264]
R3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2010-10-05 87336]
R3 cphs;Intel(R) Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-02-15 276248]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-08-28 1431888]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-28 136176]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 avfsmn;avfsmn;c:\windows\system32\DRIVERS\avfsmn.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG10\avgfws.exe [2011-03-10 2708024]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-01-31 7391072]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
S2 avhips;AntiMalware Host-based Intrusion Prevention System;c:\windows\system32\DRIVERS\avhips.sys [x]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2012-03-24 2152152]
S2 LinksysUpdater;Linksys Updater;c:\program files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-11-13 204800]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-09-24 641832]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [2012-03-13 918880]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2012-03-24 17152]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - LAVASOFT_KERNEXPLORER
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-20 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2012-03-20 17:04]
.
2012-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-28 04:19]
.
2012-04-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-28 04:19]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-01-25 1802472]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-15 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-15 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-15 440600]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Allen\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Allen\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.1.1 68.105.28.11 68.105.29.11
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Allen\AppData\Roaming\Mozilla\Firefox\Profiles\jhe5f2e4.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B5ca33d0f-a28b-40ef-bba1-e75d3462a936%7D&mid=723401a1c73c47d182722104e4131ab1-e84d043a854254fd25cce16dee0a8f29c2d2e908&ds=AVG&v=10.0.0.7&lang=us&pr=pa&d=2011-12-11%2010%3A49%3A07&sap=ku&q=
FF - user.js: general.useragent.extra.brc - 
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\java.exe
c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\AVG\AVG10\avgam.exe
c:\program files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2012-04-19 17:21:47 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-20 00:21
ComboFix2.txt 2012-04-19 02:10
.
Pre-Run: 689,734,836,224 bytes free
Post-Run: 689,430,913,024 bytes free
.
- - End Of File - - 749D08A73344CBFCBFEDB240761F50A4


----------



## kevinf80 (Mar 21, 2006)

Logs look OK, do the following:

Re-run TDSSKiller, when you see this entry *Device\Harddisk0\DR0 ( TDSS File System )* select *Delete* instead of *skip*

No need to post the full log, just confirm the TDSS file system deletion...

Next,

UNinstall Lavasofts Adaware, it will clash with you alreadt adequate set up of AVG and Windows Defender.

Next,

Run this please:

Download Security Check by screen317 from *HERE* or *HERE*.
Save it to your Desktop.
Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Post that log, let me know if you have any remaining issues or concerns..

Kevin


----------



## Worldinacup (Apr 10, 2012)

Checkup.txt:

Results of screen317's Security Check version 0.99.32 
Windows 7 x64 (UAC is enabled) 
Internet Explorer 9 
*`````````````````````````````` 
Antivirus/Firewall Check:* 
Windows Firewall Enabled! 
AVG PC Tuneup 2011 10.0.0.24 
WMI entry may not exist for antivirus; attempting automatic update. 
*``````````````````````````````` 
Anti-malware/Other Utilities Check:* 
AVG PC Tuneup 2011 10.0.0.24 
Java(TM) 6 Update 26 
Java(TM) 6 Update 3 
*Java version out of date!* 
Adobe Reader X (10.1.3) 
Mozilla Firefox (11.0.) 
*```````````````````````````````` 
Process Check: 
objlist.exe by Laurent* 
Malwarebytes' Anti-Malware mbamservice.exe 
Malwarebytes' Anti-Malware mbamgui.exe 
AVG avgwdsvc.exe 
AVG avgtray.exe 
Anvisoft Anvi Smart Defender ASDTray.exe 
*``````````End of Log````````````*


----------



## kevinf80 (Mar 21, 2006)

Thanks for that log, did you re-run TDSSKiller and delete TDSS file system? that is a remnant of the infection....

Uninstall *Java(TM) 6 Update 3 * via start > control panel > UNinstall a Program.

Next,

You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. 
For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. 
The most current version of Sun Java is: Java Runtime Environment Version 6 Update 31.


 Go to *Sun Java*
 Select *Windows 7/XP/Vista/2000/2003/2008* If using 64 bit OS Select *Information about the 64-bit Java plug-in* and follow prompts
 Install the new version by running the newly-downloaded file with the java icon which will be at your desktop, and follow the on-screen instructions.
 Reboot your computer

Next,

I need an Online AV scan, if this comes back good we`ll clean up, remove tools etc....

*Run ESET Online Scan*

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
*ESET OnlineScan*
Click the







button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on







to download the ESET Smart Installer. *Save* it to your desktop.
Double click on the







icon on your desktop.

Check








Click the







button.
Accept any security warnings from your browser.
Check








*Ensure remove found threats is checked*
Push the *Start* button.
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push








Push







, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Push the







button.
Push








You can refer to *this animation* by *neomage* if needed.
Frequently asked questions available *Here* *Please read them before running the scan.*

*Also be aware this scan can take several hours to complete depending on the size of your system.*

ESET log can be found here *"C:\Program Files\ESET\EsetOnlineScanner\log.txt".*

When ESET completes ensure that you turn all of your AVG security back on, as this includes its own Firewall turn OFF the windows FW

Thanks,

Kevin...


----------



## Worldinacup (Apr 10, 2012)

Yes, I did re-run TDSSKiller and I deleted TDSS file system.

ESET Scan Log:

[email protected] as downloader log:
all ok
[email protected] as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=cac890821791de4db3a961802ba70dc1
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-04-21 07:43:10
# local_time=2012-04-21 12:43:10 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1032 16777213 100 89 0 77236403 0 0
# compatibility_mode=5893 16776574 100 94 1879812 86562509 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=282622
# found=2
# cleaned=2
# scan_time=18330
F:\Seagate Backup\Downloads\FreeYouTubeDownloaderSetup(1).exe multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
F:\Seagate Backup\Downloads\FreeYouTubeDownloaderSetup.exe multiple threats (deleted - quarantined) 00000000000000000000000000000000 C


----------



## kevinf80 (Mar 21, 2006)

How is your system running, any remaining issues or concerns?


----------



## Worldinacup (Apr 10, 2012)

My browser seems to be getting hijacked now and then, but everything else is great!


----------



## kevinf80 (Mar 21, 2006)

If your browser is still being hijacked then all is not well. OK do the following;

Download aswMBR from *Here*
*If it asks to update during the process please allow this to happen.*


 Save aswMBR.exe to your Desktop
 Double click aswMBR.exe to run it
 Ensure Quick scan is selected,then select Scan button to start the scan as illustrated below










Note: Do not take action against any ***Rootkit*** entries until I have reviewed the log. Often there are false positives

Once the scan finishes click Save log to save the log to your Desktop.










Copy and paste the contents of aswMBR.txt back here for review


----------



## Worldinacup (Apr 10, 2012)

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-21 15:02:51
-----------------------------
15:02:51.758 OS Version: Windows x64 6.1.7601 Service Pack 1
15:02:51.758 Number of processors: 4 586 0x2A07
15:02:51.758 ComputerName: ALLEN-PC UserName: Allen
15:02:53.883 Initialize success
15:03:43.482 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:03:43.484 Disk 0 Vendor: ST31000524AS JC47 Size: 953869MB BusType: 3
15:03:43.513 Disk 0 MBR read successfully
15:03:43.516 Disk 0 MBR scan
15:03:43.518 Disk 0 Windows VISTA default MBR code
15:03:43.521 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
15:03:43.528 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 14142 MB offset 81920
15:03:43.543 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 939686 MB offset 29044736
15:03:43.556 Disk 0 scanning C:\Windows\system32\drivers
15:03:49.437 Service scanning
15:04:00.958 Modules scanning
15:04:00.966 Disk 0 trace - called modules:
15:04:00.977 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys 
15:04:00.982 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006574060]
15:04:01.311 3 CLASSPNP.SYS[fffff8800161743f] -> nt!IofCallDriver -> [0xfffffa80060e5520]
15:04:01.317 5 ACPI.sys[fffff88000f6d7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80060e1680]
15:04:01.322 Scan finished successfully
15:04:27.583 Disk 0 MBR has been saved successfully to "C:\Users\Allen\Desktop\MBR.dat"
15:04:27.586 The log file has been saved successfully to "C:\Users\Allen\Desktop\aswMBR Scanlog [4-21-12].txt"


----------



## kevinf80 (Mar 21, 2006)

That log has returned clean, OK re-run TDSSKiller as before, I give instructions again:


Download *TDSSKiller* and save it to your Desktop.
Doubleclick on *TDSSKiller.exe* to run the application.
Click on* "Change parameters"* and place a checkmark next to Verify *Driver Digital Signature* and *Detect TDLFS file system*, then click OK










Select Scan
If an infected file is detected, the default action will be *Cure*, click on *Continue.*










If a suspicious file is detected, the default action will be *Skip*, click on *Continue.*










It may ask you to reboot the computer to complete the process. Click on *Reboot Now*.










If no reboot is require, click on *Report*. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "*TDSSKiller.[Version]_[Date]_[Time]_log.txt*". Please copy and paste the contents of that file here.

Kevin


----------



## Worldinacup (Apr 10, 2012)

11:50:17.0850 5464 TDSS rootkit removing tool 2.7.31.0 Apr 20 2012 19:49:47
11:50:19.0119 5464 ============================================================
11:50:19.0119 5464 Current date / time: 2012/04/22 11:50:19.0119
11:50:19.0119 5464 SystemInfo:
11:50:19.0120 5464 
11:50:19.0120 5464 OS Version: 6.1.7601 ServicePack: 1.0
11:50:19.0120 5464 Product type: Workstation
11:50:19.0120 5464 ComputerName: ALLEN-PC
11:50:19.0120 5464 UserName: Allen
11:50:19.0120 5464 Windows directory: C:\Windows
11:50:19.0120 5464 System windows directory: C:\Windows
11:50:19.0120 5464 Running under WOW64
11:50:19.0120 5464 Processor architecture: Intel x64
11:50:19.0120 5464 Number of processors: 4
11:50:19.0120 5464 Page size: 0x1000
11:50:19.0120 5464 Boot type: Normal boot
11:50:19.0120 5464 ============================================================
11:50:21.0973 5464 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:50:21.0977 5464 Drive \Device\Harddisk1\DR1 - Size: 0x1E3E0000 (0.47 Gb), SectorSize: 0x200, Cylinders: 0x3D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:50:21.0979 5464 Drive \Device\Harddisk2\DR2 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:50:21.0981 5464 \Device\Harddisk0\DR0:
11:50:21.0981 5464 MBR partitions:
11:50:21.0981 5464 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1B9F000
11:50:21.0981 5464 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1BB3000, BlocksNum 0x72B53000
11:50:21.0981 5464 \Device\Harddisk1\DR1:
11:50:21.0983 5464 MBR partitions:
11:50:21.0983 5464 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x6, StartLBA 0xED, BlocksNum 0xF1DA3
11:50:21.0983 5464 \Device\Harddisk2\DR2:
11:50:21.0983 5464 MBR partitions:
11:50:21.0983 5464 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
11:50:22.0028 5464 C: <-> \Device\Harddisk0\DR0\Partition1
11:50:22.0053 5464 F: <-> \Device\Harddisk2\DR2\Partition0
11:50:22.0054 5464 Initialize success
11:50:22.0054 5464 ============================================================
11:51:24.0868 5716 ============================================================
11:51:24.0868 5716 Scan started
11:51:24.0868 5716 Mode: Manual; SigCheck; TDLFS; 
11:51:24.0868 5716 ============================================================
11:51:25.0818 5716 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
11:51:25.0991 5716 1394ohci - ok
11:51:26.0024 5716 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
11:51:26.0044 5716 ACPI - ok
11:51:26.0058 5716 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
11:51:26.0117 5716 AcpiPmi - ok
11:51:26.0310 5716 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:51:26.0322 5716 AdobeARMservice - ok
11:51:26.0354 5716 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
11:51:26.0377 5716 adp94xx - ok
11:51:26.0421 5716 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
11:51:26.0443 5716 adpahci - ok
11:51:26.0461 5716 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
11:51:26.0480 5716 adpu320 - ok
11:51:26.0505 5716 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
11:51:26.0655 5716 AeLookupSvc - ok
11:51:26.0689 5716 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
11:51:26.0732 5716 AFD - ok
11:51:26.0751 5716 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
11:51:26.0766 5716 agp440 - ok
11:51:26.0778 5716 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
11:51:26.0814 5716 ALG - ok
11:51:26.0872 5716 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
11:51:26.0896 5716 aliide - ok
11:51:27.0008 5716 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
11:51:27.0029 5716 amdide - ok
11:51:27.0155 5716 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
11:51:27.0190 5716 AmdK8 - ok
11:51:27.0208 5716 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
11:51:27.0238 5716 AmdPPM - ok
11:51:27.0258 5716 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
11:51:27.0267 5716 amdsata - ok
11:51:27.0284 5716 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
11:51:27.0295 5716 amdsbs - ok
11:51:27.0310 5716 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
11:51:27.0317 5716 amdxata - ok
11:51:27.0382 5716 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
11:51:27.0500 5716 AppID - ok
11:51:27.0526 5716 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
11:51:27.0579 5716 AppIDSvc - ok
11:51:27.0605 5716 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
11:51:27.0648 5716 Appinfo - ok
11:51:27.0722 5716 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:51:27.0736 5716 Apple Mobile Device - ok
11:51:27.0778 5716 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
11:51:27.0794 5716 arc - ok
11:51:27.0834 5716 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
11:51:27.0855 5716 arcsas - ok
11:51:27.0928 5716 asdsrv (2be4aa54c7728b7a432713961b09fa89) C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe
11:51:28.0019 5716 asdsrv - ok
11:51:28.0119 5716 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
11:51:28.0150 5716 aspnet_state - ok
11:51:28.0178 5716 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:51:28.0238 5716 AsyncMac - ok
11:51:28.0259 5716 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
11:51:28.0266 5716 atapi - ok
11:51:28.0354 5716 athr (195786ed7a26e1913a4f9799fdbc2c71) C:\Windows\system32\DRIVERS\athrx.sys
11:51:28.0458 5716 athr - ok
11:51:28.0558 5716 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
11:51:28.0611 5716 AudioEndpointBuilder - ok
11:51:28.0619 5716 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
11:51:28.0646 5716 AudioSrv - ok
11:51:28.0697 5716 avfsmn (7f5ea096d5edbaa9caeedf07dfae65da) C:\Windows\system32\DRIVERS\avfsmn.sys
11:51:28.0720 5716 avfsmn - ok
11:51:28.0836 5716 AVG Security Toolbar Service (d45b7995761253a92ab071d576114f28) C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe
11:51:28.0874 5716 AVG Security Toolbar Service - ok
11:51:28.0906 5716 Avgfwfd (705417fd6c165ccf926aca943b478d68) C:\Windows\system32\DRIVERS\avgfwd6a.sys
11:51:28.0918 5716 Avgfwfd - ok
11:51:29.0009 5716 avgfws (2f0c5ae2352f22b587edc2829c971262) C:\Program Files (x86)\AVG\AVG10\avgfws.exe
11:51:29.0090 5716 avgfws - ok
11:51:29.0408 5716 AVGIDSAgent (7a0f6a3e0e41425b9ba54616b482668a) C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
11:51:29.0489 5716 AVGIDSAgent - ok
11:51:29.0526 5716 AVGIDSDriver (e6671e90d38c88764412e07c9d9b3d63) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
11:51:29.0539 5716 AVGIDSDriver - ok
11:51:29.0574 5716 AVGIDSEH (1553b388e0f0462c25ad8f30c3c29e83) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
11:51:29.0585 5716 AVGIDSEH - ok
11:51:29.0608 5716 AVGIDSFilter (dca426a66739e75f51a72160dfb945ad) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
11:51:29.0620 5716 AVGIDSFilter - ok
11:51:29.0652 5716 Avgldx64 (ff7383388a7d2283dae5831abc2b0720) C:\Windows\system32\DRIVERS\avgldx64.sys
11:51:29.0670 5716 Avgldx64 - ok
11:51:29.0687 5716 Avgmfx64 (997d002827d3e3dcbbb25bf46db161ab) C:\Windows\system32\DRIVERS\avgmfx64.sys
11:51:29.0699 5716 Avgmfx64 - ok
11:51:29.0762 5716 Avgrkx64 (bccfe3374c887075cde2ac8fdb1cb2f8) C:\Windows\system32\DRIVERS\avgrkx64.sys
11:51:29.0774 5716 Avgrkx64 - ok
11:51:29.0817 5716 Avgtdia (0d49adcebe243b79366ea523b647519a) C:\Windows\system32\DRIVERS\avgtdia.sys
11:51:29.0836 5716 Avgtdia - ok
11:51:29.0895 5716 avgwd (fc2bc51120a945f7c70376495e4e7737) C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
11:51:29.0912 5716 avgwd - ok
11:51:29.0946 5716 avhips (e0edb0f31b9755fb8f8017f3326de033) C:\Windows\system32\DRIVERS\avhips.sys
11:51:29.0959 5716 avhips - ok
11:51:30.0007 5716 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
11:51:30.0112 5716 AxInstSV - ok
11:51:30.0176 5716 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
11:51:30.0222 5716 b06bdrv - ok
11:51:30.0289 5716 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:51:30.0348 5716 b57nd60a - ok
11:51:30.0382 5716 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
11:51:30.0422 5716 BDESVC - ok
11:51:30.0445 5716 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:51:30.0496 5716 Beep - ok
11:51:30.0566 5716 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
11:51:30.0619 5716 BFE - ok
11:51:30.0663 5716 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
11:51:30.0714 5716 BITS - ok
11:51:30.0748 5716 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
11:51:30.0760 5716 blbdrive - ok
11:51:30.0864 5716 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
11:51:30.0883 5716 Bonjour Service - ok
11:51:30.0911 5716 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
11:51:30.0955 5716 bowser - ok
11:51:30.0973 5716 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
11:51:31.0002 5716 BrFiltLo - ok
11:51:31.0073 5716 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
11:51:31.0093 5716 BrFiltUp - ok
11:51:31.0167 5716 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
11:51:31.0216 5716 BridgeMP - ok
11:51:31.0248 5716 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
11:51:31.0299 5716 Browser - ok
11:51:31.0335 5716 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:51:31.0441 5716 Brserid - ok
11:51:31.0487 5716 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:51:31.0552 5716 BrSerWdm - ok
11:51:31.0631 5716 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:51:31.0659 5716 BrUsbMdm - ok
11:51:31.0694 5716 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:51:31.0719 5716 BrUsbSer - ok
11:51:31.0744 5716 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
11:51:31.0776 5716 BTHMODEM - ok
11:51:31.0884 5716 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
11:51:31.0937 5716 bthserv - ok
11:51:32.0064 5716 catchme - ok
11:51:32.0183 5716 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:51:32.0228 5716 cdfs - ok
11:51:32.0264 5716 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
11:51:32.0299 5716 cdrom - ok
11:51:32.0417 5716 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
11:51:32.0468 5716 CertPropSvc - ok
11:51:32.0491 5716 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
11:51:32.0509 5716 circlass - ok
11:51:32.0554 5716 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:51:32.0575 5716 CLFS - ok
11:51:32.0622 5716 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:51:32.0688 5716 clr_optimization_v2.0.50727_32 - ok
11:51:32.0719 5716 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:51:32.0735 5716 clr_optimization_v2.0.50727_64 - ok
11:51:32.0785 5716 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:51:32.0816 5716 clr_optimization_v4.0.30319_32 - ok
11:51:32.0847 5716 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:51:32.0858 5716 clr_optimization_v4.0.30319_64 - ok
11:51:32.0876 5716 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
11:51:32.0949 5716 CmBatt - ok
11:51:32.0997 5716 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
11:51:33.0012 5716 cmdide - ok
11:51:33.0037 5716 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
11:51:33.0067 5716 CNG - ok
11:51:33.0136 5716 CnxtHdAudService (5c855932e4df00b1b6f5f6f57e82b6c5) C:\Windows\system32\drivers\CHDRT64.sys
11:51:33.0172 5716 CnxtHdAudService - ok
11:51:33.0214 5716 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
11:51:33.0228 5716 Compbatt - ok
11:51:33.0278 5716 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
11:51:33.0306 5716 CompositeBus - ok
11:51:33.0312 5716 COMSysApp - ok
11:51:33.0401 5716 CoordinatorServiceHost (f46ff007508c32788d8d5f32f27c25c7) C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
11:51:33.0436 5716 CoordinatorServiceHost - ok
11:51:33.0502 5716 cphs (df3e8c2c443d3618260dff5705ce2df5) C:\Windows\SysWow64\IntelCpHeciSvc.exe
11:51:33.0522 5716 cphs - ok
11:51:33.0560 5716 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
11:51:33.0575 5716 crcdisk - ok
11:51:33.0608 5716 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
11:51:33.0669 5716 CryptSvc - ok
11:51:33.0805 5716 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
11:51:33.0885 5716 DcomLaunch - ok
11:51:34.0041 5716 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
11:51:34.0097 5716 defragsvc - ok
11:51:34.0132 5716 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
11:51:34.0180 5716 DfsC - ok
11:51:34.0227 5716 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
11:51:34.0303 5716 Dhcp - ok
11:51:34.0336 5716 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:51:34.0392 5716 discache - ok
11:51:34.0432 5716 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
11:51:34.0440 5716 Disk - ok
11:51:34.0463 5716 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
11:51:34.0543 5716 Dnscache - ok
11:51:34.0580 5716 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
11:51:34.0634 5716 dot3svc - ok
11:51:34.0653 5716 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
11:51:34.0697 5716 DPS - ok
11:51:34.0734 5716 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:51:34.0763 5716 drmkaud - ok
11:51:34.0832 5716 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
11:51:34.0864 5716 DXGKrnl - ok
11:51:34.0886 5716 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
11:51:34.0935 5716 EapHost - ok
11:51:35.0114 5716 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
11:51:35.0187 5716 ebdrv - ok
11:51:35.0215 5716 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
11:51:35.0259 5716 EFS - ok
11:51:35.0329 5716 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
11:51:35.0391 5716 ehRecvr - ok
11:51:35.0403 5716 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
11:51:35.0428 5716 ehSched - ok
11:51:35.0463 5716 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
11:51:35.0488 5716 elxstor - ok
11:51:35.0502 5716 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
11:51:35.0528 5716 ErrDev - ok
11:51:35.0707 5716 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
11:51:35.0915 5716 EventSystem - ok
11:51:35.0998 5716 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:51:36.0041 5716 exfat - ok
11:51:36.0109 5716 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:51:36.0184 5716 fastfat - ok
11:51:36.0283 5716 Fax  (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
11:51:36.0358 5716 Fax - ok
11:51:36.0391 5716 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
11:51:36.0423 5716 fdc - ok
11:51:36.0495 5716 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
11:51:36.0539 5716 fdPHost - ok
11:51:36.0550 5716 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
11:51:36.0609 5716 FDResPub - ok
11:51:36.0629 5716 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:51:36.0637 5716 FileInfo - ok
11:51:36.0655 5716 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:51:36.0705 5716 Filetrace - ok
11:51:36.0797 5716 FLEXnet Licensing Service (73081cf28f0ae20a52ca4f67cee6e6b0) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
11:51:36.0824 5716 FLEXnet Licensing Service - ok
11:51:36.0958 5716 FLEXnet Licensing Service 64 (5cee6cd43ae5844c49300ea0b1e557ee) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
11:51:37.0017 5716 FLEXnet Licensing Service 64 - ok
11:51:37.0036 5716 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
11:51:37.0046 5716 flpydisk - ok
11:51:37.0063 5716 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
11:51:37.0083 5716 FltMgr - ok
11:51:37.0116 5716 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
11:51:37.0189 5716 FontCache - ok
11:51:37.0259 5716 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:51:37.0273 5716 FontCache3.0.0.0 - ok
11:51:37.0289 5716 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:51:37.0299 5716 FsDepends - ok
11:51:37.0342 5716 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
11:51:37.0355 5716 Fs_Rec - ok
11:51:37.0374 5716 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:51:37.0396 5716 fvevol - ok
11:51:37.0413 5716 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
11:51:37.0434 5716 gagp30kx - ok
11:51:37.0523 5716 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:51:37.0534 5716 GEARAspiWDM - ok
11:51:37.0628 5716 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
11:51:37.0640 5716 GoToAssist - ok
11:51:37.0683 5716 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
11:51:37.0727 5716 gpsvc - ok
11:51:37.0809 5716 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:51:37.0822 5716 gupdate - ok
11:51:37.0840 5716 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:51:37.0852 5716 gupdatem - ok
11:51:37.0880 5716 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
11:51:37.0889 5716 hamachi - ok
11:51:37.0929 5716 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:51:37.0984 5716 hcw85cir - ok
11:51:38.0012 5716 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
11:51:38.0047 5716 HDAudBus - ok
11:51:38.0070 5716 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
11:51:38.0102 5716 HidBatt - ok
11:51:38.0128 5716 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
11:51:38.0149 5716 HidBth - ok
11:51:38.0176 5716 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
11:51:38.0187 5716 HidIr - ok
11:51:38.0233 5716 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
11:51:38.0288 5716 hidserv - ok
11:51:38.0317 5716 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
11:51:38.0333 5716 HidUsb - ok
11:51:38.0362 5716 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
11:51:38.0409 5716 hkmsvc - ok
11:51:38.0494 5716 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
11:51:38.0528 5716 HomeGroupListener - ok
11:51:38.0608 5716 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
11:51:38.0627 5716 HomeGroupProvider - ok
11:51:38.0664 5716 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
11:51:38.0680 5716 HpSAMD - ok
11:51:38.0736 5716 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
11:51:38.0790 5716 HTTP - ok
11:51:38.0844 5716 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
11:51:38.0857 5716 hwpolicy - ok
11:51:38.0893 5716 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
11:51:38.0919 5716 i8042prt - ok
11:51:38.0989 5716 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
11:51:39.0008 5716 iaStorV - ok
11:51:39.0066 5716 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:51:39.0096 5716 idsvc - ok
11:51:39.0342 5716 igfx (276ee9cdab16c50e1df0e4cefa882f5f) C:\Windows\system32\DRIVERS\igdkmd64.sys
11:51:39.0775 5716 igfx - ok
11:51:39.0824 5716 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
11:51:39.0838 5716 iirsp - ok
11:51:39.0876 5716 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
11:51:39.0927 5716 IKEEXT - ok
11:51:39.0946 5716 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
11:51:39.0964 5716 IntcDAud - ok
11:51:40.0000 5716 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
11:51:40.0013 5716 intelide - ok
11:51:40.0082 5716 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
11:51:40.0108 5716 intelppm - ok
11:51:40.0141 5716 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
11:51:40.0198 5716 IPBusEnum - ok
11:51:40.0222 5716 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:51:40.0247 5716 IpFilterDriver - ok
11:51:40.0334 5716 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
11:51:40.0381 5716 iphlpsvc - ok
11:51:40.0404 5716 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
11:51:40.0430 5716 IPMIDRV - ok
11:51:40.0452 5716 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:51:40.0487 5716 IPNAT - ok
11:51:40.0596 5716 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
11:51:40.0626 5716 iPod Service - ok
11:51:40.0686 5716 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:51:40.0714 5716 IRENUM - ok
11:51:40.0839 5716 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
11:51:40.0861 5716 isapnp - ok
11:51:40.0890 5716 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
11:51:40.0911 5716 iScsiPrt - ok
11:51:40.0934 5716 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
11:51:40.0942 5716 kbdclass - ok
11:51:40.0984 5716 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
11:51:41.0014 5716 kbdhid - ok
11:51:41.0042 5716 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:51:41.0056 5716 KeyIso - ok
11:51:41.0104 5716 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
11:51:41.0117 5716 KSecDD - ok
11:51:41.0141 5716 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
11:51:41.0150 5716 KSecPkg - ok
11:51:41.0167 5716 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:51:41.0208 5716 ksthunk - ok
11:51:41.0234 5716 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
11:51:41.0290 5716 KtmRm - ok
11:51:41.0323 5716 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
11:51:41.0412 5716 LanmanServer - ok
11:51:41.0442 5716 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
11:51:41.0496 5716 LanmanWorkstation - ok
11:51:41.0578 5716 LinksysUpdater (06dc2fdc6282f0d68910417b1150c848) C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe
11:51:41.0586 5716 LinksysUpdater ( UnsignedFile.Multi.Generic ) - warning
11:51:41.0587 5716 LinksysUpdater - detected UnsignedFile.Multi.Generic (1)
11:51:41.0646 5716 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:51:41.0706 5716 lltdio - ok
11:51:41.0732 5716 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
11:51:41.0773 5716 lltdsvc - ok
11:51:41.0812 5716 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
11:51:41.0836 5716 lmhosts - ok
11:51:41.0920 5716 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
11:51:41.0938 5716 LSI_FC - ok
11:51:41.0955 5716 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
11:51:41.0971 5716 LSI_SAS - ok
11:51:41.0985 5716 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
11:51:41.0994 5716 LSI_SAS2 - ok
11:51:42.0011 5716 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
11:51:42.0020 5716 LSI_SCSI - ok
11:51:42.0039 5716 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:51:42.0078 5716 luafv - ok
11:51:42.0187 5716 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
11:51:42.0201 5716 MBAMProtector - ok
11:51:42.0258 5716 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
11:51:42.0279 5716 MBAMService - ok
11:51:42.0303 5716 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
11:51:42.0321 5716 Mcx2Svc - ok
11:51:42.0340 5716 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
11:51:42.0348 5716 megasas - ok
11:51:42.0390 5716 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
11:51:42.0424 5716 MegaSR - ok
11:51:42.0464 5716 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
11:51:42.0477 5716 MEIx64 - ok
11:51:42.0546 5716 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
11:51:42.0559 5716 Microsoft Office Groove Audit Service - ok
11:51:42.0580 5716 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:51:42.0639 5716 MMCSS - ok
11:51:42.0690 5716 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:51:42.0735 5716 Modem - ok
11:51:42.0755 5716 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:51:42.0780 5716 monitor - ok
11:51:42.0815 5716 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
11:51:42.0829 5716 mouclass - ok
11:51:42.0847 5716 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:51:42.0883 5716 mouhid - ok
11:51:43.0045 5716 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
11:51:43.0067 5716 mountmgr - ok
11:51:43.0146 5716 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
11:51:43.0167 5716 mpio - ok
11:51:43.0181 5716 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:51:43.0206 5716 mpsdrv - ok
11:51:43.0251 5716 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
11:51:43.0323 5716 MpsSvc - ok
11:51:43.0352 5716 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
11:51:43.0391 5716 MRxDAV - ok
11:51:43.0423 5716 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:51:43.0488 5716 mrxsmb - ok
11:51:43.0509 5716 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:51:43.0528 5716 mrxsmb10 - ok
11:51:43.0540 5716 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:51:43.0549 5716 mrxsmb20 - ok
11:51:43.0568 5716 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
11:51:43.0577 5716 msahci - ok
11:51:43.0589 5716 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
11:51:43.0599 5716 msdsm - ok
11:51:43.0614 5716 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
11:51:43.0640 5716 MSDTC - ok
11:51:43.0717 5716 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:51:43.0761 5716 Msfs - ok
11:51:43.0803 5716 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:51:43.0863 5716 mshidkmdf - ok
11:51:43.0890 5716 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
11:51:43.0900 5716 msisadrv - ok
11:51:43.0941 5716 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
11:51:44.0020 5716 MSiSCSI - ok
11:51:44.0026 5716 msiserver - ok
11:51:44.0062 5716 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:51:44.0112 5716 MSKSSRV - ok
11:51:44.0136 5716 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:51:44.0189 5716 MSPCLOCK - ok
11:51:44.0219 5716 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:51:44.0264 5716 MSPQM - ok
11:51:44.0295 5716 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
11:51:44.0308 5716 MsRPC - ok
11:51:44.0325 5716 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
11:51:44.0333 5716 mssmbios - ok
11:51:44.0346 5716 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:51:44.0373 5716 MSTEE - ok
11:51:44.0388 5716 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
11:51:44.0398 5716 MTConfig - ok
11:51:44.0429 5716 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:51:44.0440 5716 Mup - ok
11:51:44.0475 5716 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
11:51:44.0533 5716 napagent - ok
11:51:44.0577 5716 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:51:44.0614 5716 NativeWifiP - ok
11:51:44.0769 5716 NAUpdate (1bbbf640bc0e0b750537baece8d66c18) C:\Program Files (x86)\Nero\Update\NASvc.exe
11:51:44.0794 5716 NAUpdate - ok
11:51:44.0859 5716 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
11:51:44.0889 5716 NDIS - ok
11:51:44.0911 5716 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:51:44.0936 5716 NdisCap - ok
11:51:45.0022 5716 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:51:45.0063 5716 NdisTapi - ok
11:51:45.0079 5716 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
11:51:45.0131 5716 Ndisuio - ok
11:51:45.0150 5716 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
11:51:45.0189 5716 NdisWan - ok
11:51:45.0301 5716 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
11:51:45.0345 5716 NDProxy - ok
11:51:45.0375 5716 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:51:45.0429 5716 NetBIOS - ok
11:51:45.0452 5716 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
11:51:45.0492 5716 NetBT - ok
11:51:45.0562 5716 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:51:45.0577 5716 Netlogon - ok
11:51:45.0604 5716 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
11:51:45.0666 5716 Netman - ok
11:51:45.0749 5716 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:51:45.0824 5716 NetMsmqActivator - ok
11:51:45.0828 5716 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:51:45.0841 5716 NetPipeActivator - ok
11:51:45.0864 5716 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
11:51:45.0904 5716 netprofm - ok
11:51:45.0909 5716 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:51:45.0916 5716 NetTcpActivator - ok
11:51:45.0950 5716 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:51:45.0957 5716 NetTcpPortSharing - ok
11:51:46.0008 5716 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
11:51:46.0024 5716 nfrd960 - ok
11:51:46.0064 5716 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
11:51:46.0120 5716 NlaSvc - ok
11:51:46.0201 5716 nmservice (cd2fe9c33cfd0fe0af124e05907e5c3d) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
11:51:46.0224 5716 nmservice - ok
11:51:46.0353 5716 NOBU (b9b72faaaa41d59b73b88fe3dd737ed1) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
11:51:46.0410 5716 NOBU - ok
11:51:46.0428 5716 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:51:46.0454 5716 Npfs - ok
11:51:46.0476 5716 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
11:51:46.0516 5716 nsi - ok
11:51:46.0558 5716 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:51:46.0597 5716 nsiproxy - ok
11:51:46.0644 5716 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
11:51:46.0697 5716 Ntfs - ok
11:51:46.0712 5716 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:51:46.0736 5716 Null - ok
11:51:46.0754 5716 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
11:51:46.0796 5716 nvraid - ok
11:51:46.0828 5716 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
11:51:46.0841 5716 nvstor - ok
11:51:46.0875 5716 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
11:51:46.0891 5716 nv_agp - ok
11:51:47.0062 5716 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:51:47.0085 5716 odserv - ok
11:51:47.0115 5716 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
11:51:47.0145 5716 ohci1394 - ok
11:51:47.0176 5716 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:51:47.0191 5716 ose - ok
11:51:47.0229 5716 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:51:47.0274 5716 p2pimsvc - ok
11:51:47.0327 5716 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
11:51:47.0347 5716 p2psvc - ok
11:51:47.0362 5716 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
11:51:47.0373 5716 Parport - ok
11:51:47.0431 5716 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
11:51:47.0452 5716 partmgr - ok
11:51:47.0487 5716 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
11:51:47.0525 5716 PcaSvc - ok
11:51:47.0581 5716 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
11:51:47.0598 5716 pci - ok
11:51:47.0631 5716 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
11:51:47.0640 5716 pciide - ok
11:51:47.0657 5716 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
11:51:47.0668 5716 pcmcia - ok
11:51:47.0687 5716 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:51:47.0694 5716 pcw - ok
11:51:47.0744 5716 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:51:47.0811 5716 PEAUTH - ok
11:51:47.0880 5716 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
11:51:47.0910 5716 PerfHost - ok
11:51:47.0958 5716 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
11:51:48.0021 5716 pla - ok
11:51:48.0113 5716 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
11:51:48.0162 5716 PlugPlay - ok
11:51:48.0196 5716 pnarp (4ff73a83a25d0eead4f5e6c841bb6704) C:\Windows\system32\DRIVERS\pnarp.sys
11:51:48.0206 5716 pnarp - ok
11:51:48.0246 5716 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
11:51:48.0299 5716 PNRPAutoReg - ok
11:51:48.0396 5716 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:51:48.0415 5716 PNRPsvc - ok
11:51:48.0458 5716 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
11:51:48.0520 5716 PolicyAgent - ok
11:51:48.0548 5716 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
11:51:48.0604 5716 Power - ok
11:51:48.0657 5716 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
11:51:48.0704 5716 PptpMiniport - ok
11:51:48.0747 5716 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
11:51:48.0779 5716 Processor - ok
11:51:48.0798 5716 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
11:51:48.0849 5716 ProfSvc - ok
11:51:48.0893 5716 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:51:48.0907 5716 ProtectedStorage - ok
11:51:48.0949 5716 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
11:51:48.0995 5716 Psched - ok
11:51:49.0013 5716 purendis (9a68a89f10f283a23afee2a1bfe4bffb) C:\Windows\system32\DRIVERS\purendis.sys
11:51:49.0018 5716 purendis - ok
11:51:49.0041 5716 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
11:51:49.0050 5716 PxHlpa64 - ok
11:51:49.0187 5716 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
11:51:49.0239 5716 ql2300 - ok
11:51:49.0259 5716 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
11:51:49.0269 5716 ql40xx - ok
11:51:49.0288 5716 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
11:51:49.0303 5716 QWAVE - ok
11:51:49.0319 5716 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:51:49.0364 5716 QWAVEdrv - ok
11:51:49.0423 5716 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:51:49.0457 5716 RasAcd - ok
11:51:49.0522 5716 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:51:49.0571 5716 RasAgileVpn - ok
11:51:49.0611 5716 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
11:51:49.0692 5716 RasAuto - ok
11:51:49.0722 5716 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:51:49.0800 5716 Rasl2tp - ok
11:51:49.0847 5716 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
11:51:49.0897 5716 RasMan - ok
11:51:49.0922 5716 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:51:49.0995 5716 RasPppoe - ok
11:51:50.0044 5716 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:51:50.0105 5716 RasSstp - ok
11:51:50.0127 5716 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
11:51:50.0166 5716 rdbss - ok
11:51:50.0234 5716 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
11:51:50.0255 5716 rdpbus - ok
11:51:50.0292 5716 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:51:50.0326 5716 RDPCDD - ok
11:51:50.0335 5716 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:51:50.0369 5716 RDPENCDD - ok
11:51:50.0387 5716 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:51:50.0411 5716 RDPREFMP - ok
11:51:50.0494 5716 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
11:51:50.0538 5716 RDPWD - ok
11:51:50.0562 5716 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
11:51:50.0579 5716 rdyboost - ok
11:51:50.0595 5716 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
11:51:50.0627 5716 RemoteAccess - ok
11:51:50.0650 5716 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
11:51:50.0706 5716 RemoteRegistry - ok
11:51:51.0120 5716 RoxMediaDB12OEM (3c957189b31c34d3ad21967b12b6aed7) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
11:51:51.0163 5716 RoxMediaDB12OEM - ok
11:51:51.0196 5716 RoxWatch12 (2b73088cc2ca757a172b425c9398e5bc) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
11:51:51.0206 5716 RoxWatch12 - ok
11:51:51.0230 5716 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
11:51:51.0280 5716 RpcEptMapper - ok
11:51:51.0298 5716 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
11:51:51.0310 5716 RpcLocator - ok
11:51:51.0345 5716 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
11:51:51.0381 5716 RpcSs - ok
11:51:51.0439 5716 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:51:51.0492 5716 rspndr - ok
11:51:51.0566 5716 RTL8167 (6d3c7e7d82d3dc92dc2a8b0df9f20f8a) C:\Windows\system32\DRIVERS\Rt64win7.sys
11:51:51.0586 5716 RTL8167 - ok
11:51:51.0607 5716 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:51:51.0621 5716 SamSs - ok
11:51:51.0644 5716 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
11:51:51.0653 5716 sbp2port - ok
11:51:51.0675 5716 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
11:51:51.0702 5716 SCardSvr - ok
11:51:51.0745 5716 SCDEmu (b2f50286dc82b93c013e3fc57ba1a956) C:\Windows\system32\drivers\SCDEmu.sys
11:51:51.0761 5716 SCDEmu - ok
11:51:51.0834 5716 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
11:51:51.0906 5716 scfilter - ok
11:51:51.0964 5716 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
11:51:52.0041 5716 Schedule - ok
11:51:52.0113 5716 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
11:51:52.0151 5716 SCPolicySvc - ok
11:51:52.0176 5716 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
11:51:52.0205 5716 SDRSVC - ok
11:51:52.0240 5716 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:51:52.0293 5716 secdrv - ok
11:51:52.0315 5716 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
11:51:52.0383 5716 seclogon - ok
11:51:52.0406 5716 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
11:51:52.0461 5716 SENS - ok
11:51:52.0483 5716 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
11:51:52.0505 5716 SensrSvc - ok
11:51:52.0553 5716 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
11:51:52.0609 5716 Serenum - ok
11:51:52.0694 5716 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
11:51:52.0723 5716 Serial - ok
11:51:52.0753 5716 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
11:51:52.0777 5716 sermouse - ok
11:51:52.0799 5716 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
11:51:52.0872 5716 SessionEnv - ok
11:51:52.0888 5716 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
11:51:52.0903 5716 sffdisk - ok
11:51:52.0911 5716 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
11:51:52.0928 5716 sffp_mmc - ok
11:51:52.0937 5716 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
11:51:52.0948 5716 sffp_sd - ok
11:51:52.0958 5716 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
11:51:52.0967 5716 sfloppy - ok
11:51:53.0119 5716 SftService (74ec60e20516aaa573be74f31175270f) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
11:51:53.0174 5716 SftService - ok
11:51:53.0205 5716 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
11:51:53.0234 5716 SharedAccess - ok
11:51:53.0260 5716 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
11:51:53.0310 5716 ShellHWDetection - ok
11:51:53.0375 5716 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
11:51:53.0390 5716 SiSRaid2 - ok
11:51:53.0407 5716 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
11:51:53.0416 5716 SiSRaid4 - ok
11:51:53.0469 5716 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:51:53.0512 5716 Smb - ok
11:51:53.0551 5716 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
11:51:53.0583 5716 SNMPTRAP - ok
11:51:53.0680 5716 SolidWorks Licensing Service (4945020bc094c322571184a6e8056b3a) C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
11:51:53.0714 5716 SolidWorks Licensing Service ( UnsignedFile.Multi.Generic ) - warning
11:51:53.0714 5716 SolidWorks Licensing Service - detected UnsignedFile.Multi.Generic (1)
11:51:53.0735 5716 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:51:53.0748 5716 spldr - ok
11:51:53.0770 5716 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
11:51:53.0800 5716 Spooler - ok
11:51:53.0983 5716 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
11:51:54.0086 5716 sppsvc - ok
11:51:54.0251 5716 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
11:51:54.0287 5716 sppuinotify - ok
11:51:54.0324 5716 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
11:51:54.0362 5716 srv - ok
11:51:54.0394 5716 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
11:51:54.0424 5716 srv2 - ok
11:51:54.0450 5716 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
11:51:54.0483 5716 srvnet - ok
11:51:54.0519 5716 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
11:51:54.0576 5716 SSDPSRV - ok
11:51:54.0597 5716 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
11:51:54.0622 5716 SstpSvc - ok
11:51:54.0649 5716 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
11:51:54.0657 5716 stexstor - ok
11:51:54.0713 5716 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
11:51:54.0753 5716 stisvc - ok
11:51:54.0818 5716 stllssvr (7731f46ec0d687a931cba063e8f90ef0) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
11:51:54.0831 5716 stllssvr - ok
11:51:54.0845 5716 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
11:51:54.0852 5716 swenum - ok
11:51:54.0872 5716 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
11:51:54.0921 5716 swprv - ok
11:51:55.0011 5716 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
11:51:55.0078 5716 SysMain - ok
11:51:55.0127 5716 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
11:51:55.0150 5716 TabletInputService - ok
11:51:55.0167 5716 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
11:51:55.0213 5716 TapiSrv - ok
11:51:55.0248 5716 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
11:51:55.0274 5716 TBS - ok
11:51:55.0341 5716 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
11:51:55.0398 5716 Tcpip - ok
11:51:55.0435 5716 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
11:51:55.0461 5716 TCPIP6 - ok
11:51:55.0489 5716 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
11:51:55.0529 5716 tcpipreg - ok
11:51:55.0547 5716 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:51:55.0556 5716 TDPIPE - ok
11:51:55.0572 5716 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
11:51:55.0582 5716 TDTCP - ok
11:51:55.0594 5716 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
11:51:55.0632 5716 tdx - ok
11:51:55.0667 5716 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
11:51:55.0675 5716 TermDD - ok
11:51:55.0726 5716 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
11:51:55.0777 5716 TermService - ok
11:51:55.0799 5716 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
11:51:55.0819 5716 Themes - ok
11:51:55.0841 5716 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:51:55.0865 5716 THREADORDER - ok
11:51:55.0883 5716 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
11:51:55.0925 5716 TrkWks - ok
11:51:55.0977 5716 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
11:51:56.0026 5716 TrustedInstaller - ok
11:51:56.0051 5716 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:51:56.0104 5716 tssecsrv - ok
11:51:56.0153 5716 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
11:51:56.0179 5716 TsUsbFlt - ok
11:51:56.0278 5716 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
11:51:56.0313 5716 TsUsbGD - ok
11:51:56.0402 5716 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
11:51:56.0453 5716 tunnel - ok
11:51:56.0497 5716 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
11:51:56.0513 5716 uagp35 - ok
11:51:56.0532 5716 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
11:51:56.0587 5716 udfs - ok
11:51:56.0619 5716 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
11:51:56.0638 5716 UI0Detect - ok
11:51:56.0679 5716 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
11:51:56.0695 5716 uliagpkx - ok
11:51:56.0767 5716 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
11:51:56.0795 5716 umbus - ok
11:51:56.0829 5716 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
11:51:56.0846 5716 UmPass - ok
11:51:56.0874 5716 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
11:51:56.0923 5716 upnphost - ok
11:51:56.0952 5716 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
11:51:57.0070 5716 USBAAPL64 - ok
11:51:57.0088 5716 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\Windows\system32\DRIVERS\usbccgp.sys
11:51:57.0127 5716 usbccgp - ok
11:51:57.0150 5716 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
11:51:57.0171 5716 usbcir - ok
11:51:57.0187 5716 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
11:51:57.0213 5716 usbehci - ok
11:51:57.0261 5716 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
11:51:57.0309 5716 usbhub - ok
11:51:57.0332 5716 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
11:51:57.0355 5716 usbohci - ok
11:51:57.0391 5716 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
11:51:57.0420 5716 usbprint - ok
11:51:57.0444 5716 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:51:57.0486 5716 USBSTOR - ok
11:51:57.0542 5716 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
11:51:57.0573 5716 usbuhci - ok
11:51:57.0620 5716 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
11:51:57.0673 5716 UxSms - ok
11:51:57.0700 5716 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:51:57.0708 5716 VaultSvc - ok
11:51:57.0781 5716 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
11:51:57.0795 5716 vdrvroot - ok
11:51:57.0836 5716 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
11:51:57.0888 5716 vds - ok
11:51:57.0913 5716 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:51:57.0925 5716 vga - ok
11:51:57.0944 5716 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:51:57.0999 5716 VgaSave - ok
11:51:58.0032 5716 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
11:51:58.0051 5716 vhdmp - ok
11:51:58.0070 5716 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
11:51:58.0078 5716 viaide - ok
11:51:58.0123 5716 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
11:51:58.0138 5716 volmgr - ok
11:51:58.0156 5716 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
11:51:58.0168 5716 volmgrx - ok
11:51:58.0185 5716 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
11:51:58.0196 5716 volsnap - ok
11:51:58.0217 5716 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
11:51:58.0255 5716 vsmraid - ok
11:51:58.0288 5716 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
11:51:58.0358 5716 VSS - ok
11:51:58.0562 5716 vToolbarUpdater10.2.0 (3080f1f093869a19fb3d1f0226c73809) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
11:51:58.0606 5716 vToolbarUpdater10.2.0 - ok
11:51:58.0659 5716 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
11:51:58.0701 5716 vwifibus - ok
11:51:58.0838 5716 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
11:51:58.0861 5716 vwififlt - ok
11:51:58.0913 5716 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
11:51:58.0960 5716 W32Time - ok
11:51:58.0983 5716 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
11:51:59.0001 5716 WacomPen - ok
11:51:59.0042 5716 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:51:59.0132 5716 WANARP - ok
11:51:59.0135 5716 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:51:59.0159 5716 Wanarpv6 - ok
11:51:59.0206 5716 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
11:51:59.0257 5716 WatAdminSvc - ok
11:51:59.0295 5716 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
11:51:59.0375 5716 wbengine - ok
11:51:59.0411 5716 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
11:51:59.0435 5716 WbioSrvc - ok
11:51:59.0456 5716 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
11:51:59.0482 5716 wcncsvc - ok
11:51:59.0532 5716 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
11:51:59.0555 5716 WcsPlugInService - ok
11:51:59.0575 5716 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
11:51:59.0583 5716 Wd - ok
11:51:59.0654 5716 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:51:59.0678 5716 Wdf01000 - ok
11:51:59.0694 5716 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:51:59.0838 5716 WdiServiceHost - ok
11:51:59.0864 5716 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:51:59.0886 5716 WdiSystemHost - ok
11:51:59.0994 5716 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
11:52:00.0038 5716 WebClient - ok
11:52:00.0113 5716 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
11:52:00.0201 5716 Wecsvc - ok
11:52:00.0309 5716 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
11:52:00.0347 5716 wercplsupport - ok
11:52:00.0467 5716 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
11:52:00.0521 5716 WerSvc - ok
11:52:00.0567 5716 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:52:00.0607 5716 WfpLwf - ok
11:52:00.0638 5716 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
11:52:00.0676 5716 WimFltr - ok
11:52:00.0716 5716 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:52:00.0724 5716 WIMMount - ok
11:52:00.0744 5716 WinDefend - ok
11:52:00.0751 5716 WinHttpAutoProxySvc - ok
11:52:00.0787 5716 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
11:52:00.0825 5716 Winmgmt - ok
11:52:01.0016 5716 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
11:52:01.0099 5716 WinRM - ok
11:52:01.0286 5716 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
11:52:01.0315 5716 WinUsb - ok
11:52:01.0340 5716 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
11:52:01.0375 5716 Wlansvc - ok
11:52:01.0475 5716 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
11:52:01.0507 5716 wlcrasvc - ok
11:52:01.0590 5716 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:52:01.0622 5716 wlidsvc - ok
11:52:01.0661 5716 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
11:52:01.0686 5716 WmiAcpi - ok
11:52:01.0764 5716 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
11:52:01.0800 5716 wmiApSrv - ok
11:52:01.0832 5716 WMPNetworkSvc - ok
11:52:01.0879 5716 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
11:52:01.0908 5716 WPCSvc - ok
11:52:01.0926 5716 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
11:52:01.0945 5716 WPDBusEnum - ok
11:52:01.0965 5716 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:52:02.0024 5716 ws2ifsl - ok
11:52:02.0037 5716 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
11:52:02.0065 5716 wscsvc - ok
11:52:02.0071 5716 WSearch - ok
11:52:02.0126 5716 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
11:52:02.0210 5716 wuauserv - ok
11:52:02.0266 5716 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
11:52:02.0318 5716 WudfPf - ok
11:52:02.0348 5716 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:52:02.0384 5716 WUDFRd - ok
11:52:02.0394 5716 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
11:52:02.0418 5716 wudfsvc - ok
11:52:02.0438 5716 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
11:52:02.0470 5716 WwanSvc - ok
11:52:02.0534 5716 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
11:52:02.0668 5716 \Device\Harddisk0\DR0 - ok
11:52:02.0676 5716 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
11:52:02.0893 5716 \Device\Harddisk1\DR1 - ok
11:52:02.0896 5716 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
11:52:02.0996 5716 \Device\Harddisk2\DR2 - ok
11:52:03.0000 5716 Boot (0x1200) (2896c877a4245a2d28ff8e05f0fcaf2e) \Device\Harddisk0\DR0\Partition0
11:52:03.0001 5716 \Device\Harddisk0\DR0\Partition0 - ok
11:52:03.0015 5716 Boot (0x1200) (b03a6bfc84a2db6b61f74f720740b165) \Device\Harddisk0\DR0\Partition1
11:52:03.0016 5716 \Device\Harddisk0\DR0\Partition1 - ok
11:52:03.0020 5716 Boot (0x1200) (432abaa4d726e866db3b98f18b2dcf27) \Device\Harddisk1\DR1\Partition0
11:52:03.0022 5716 \Device\Harddisk1\DR1\Partition0 - ok
11:52:03.0025 5716 Boot (0x1200) (a015d7820e171a2f71b244b96fe390de) \Device\Harddisk2\DR2\Partition0
11:52:03.0027 5716 \Device\Harddisk2\DR2\Partition0 - ok
11:52:03.0028 5716 ============================================================
11:52:03.0028 5716 Scan finished
11:52:03.0028 5716 ============================================================
11:52:03.0037 5724 Detected object count: 2
11:52:03.0037 5724 Actual detected object count: 2
11:52:14.0318 5724 LinksysUpdater ( UnsignedFile.Multi.Generic ) - skipped by user
11:52:14.0318 5724 LinksysUpdater ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:52:14.0319 5724 SolidWorks Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
11:52:14.0319 5724 SolidWorks Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip


----------



## kevinf80 (Mar 21, 2006)

The MD5`s for those files indicated as suspicious by TDSSKiller are returned as clean by VirusTotal. 

Are the redirects specific to one browser, eg Firefox?


----------



## Worldinacup (Apr 10, 2012)

I tested Google Chrome, Mozilla Firefox, and Safari just now. It only redirects on Google Chrome and Firefox.


----------



## kevinf80 (Mar 21, 2006)

UNinstall, then re-install those two browsers....


----------



## Worldinacup (Apr 10, 2012)

My searches are still being redirected...


----------



## kevinf80 (Mar 21, 2006)

Download the *Windows Defender Offline Tool* and save to your Desktop.
You will have to select the correct version for your system, either 32 or 64 bit










Double click







to run the tool, Windows 7 or Vista user right click and select "Run as Administrator"

Read the instructions in the new window and select "Next"










In the new window accept the agreement:










In the new window select your USB Flash Drive, then select "Next"










In the new window ensure you Flash drive is selected, if not click on "Refresh" then select "Next"










In the new window accept the formatting alert by selecting "Next"










Files will be Downloaded:










Files will be processed and created










Flash drive will be formatted and prepared










Files will be added to the Flash Drive and the tool will be created.










The procedure is finished and the Tool created, click on "Finish" to complete.










Plug the USB into the sick PC and boot up, if it does not boot from the flash drive change the boot options as required, Use F12 as it boots, change options...
As it boots you`ll see files being loaded and the windows splash screen, eventually the tool will run a "Quick Scan" follow the prompts and deal with what it finds. 
When complete do a full scan, deal with what it finds.
When finished, remove the USB stick then press the *Esc key* to boot into regular windows.
Navigate to the following file:
*"C:\windows\windows defender offline\support\mssWrapper.log"* Open with notepad and copy and paste it into a reply.


----------



## Worldinacup (Apr 10, 2012)

I have completed the quick and full scan, but, I cannot find the log file in the location you have provided.


----------



## kevinf80 (Mar 21, 2006)

Did the offline tool clean anything? are the re-directs still happening?

Run this and post the log:

Please download *SystemLook* from one of the links below and save it to your Desktop.
*Link 1*
*Link 2*

Double-click *SystemLook.exe* to run it.
Copy the content of the following codebox into the main textfield:


```
:filefind
mssWrapper.log
:dir
windows defender offline /s
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found on your Desktop entitled *SystemLook.txt*

Kevin

windows defender offline
mssWrapper.log


----------



## Worldinacup (Apr 10, 2012)

It was still unable to find the file...

SystemLook 30.07.11 by jpshortstuff
Log created at 00:45 on 23/04/2012 by Allen
Administrator - Elevation successful

========== filefind ==========

Searching for "mssWrapper.log"
No files found.

========== dir ==========

windows defender offline - Unable to find folder.

-= EOF =-

When I scanned with the windows defender offline, around 6 infections were found and removed; a few of them had to do with Java/Exploit, if that helps at all. However, my browser is still being hijacked...


----------



## kevinf80 (Mar 21, 2006)

Start Firefox, use the help tab at the top, select "Re-Start with Addons disabled" does it still redirect in that mode?


----------



## Worldinacup (Apr 10, 2012)

None of my searches have been redirected in this mode.


----------



## kevinf80 (Mar 21, 2006)

Can you do the same with Chrome, i`m not familiar with that browser so am no sure how to boot it with addons disabled.

The way forward would be to do a clean re-install of those two browsers, make sure no settings etc are saved...

Kevin


----------



## Worldinacup (Apr 10, 2012)

The "safe mode" seems to eliminate all redirection of searches. How can I do a clean re-install of the two browsers?


----------



## kevinf80 (Mar 21, 2006)

For Firefox go here http://kb.mozillazine.org/Uninstalling_firefox

For Chrome go here http://support.google.com/chrome/bin/answer.py?hl=en&answer=95319

When you`ve completed that, run TFC and Re-Boot...

Download







TFC to your desktop, from either of the following links
*Link 1*
*Link 2*

 Save any open work. TFC will close all open application windows.
 Double-click TFC.exe to run the program. Vista or Windows 7 users right click and select Run as Administartor
 If prompted, click "Yes" to reboot.
TFC will automatically close any open programs, *including your Desktop*. Let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. TFC may re-boot your system, if not *Re-boot it yourself to complete cleaning process* *<---- Very Important *

Keep TFC it is an excellent utility to keep your system optimized, it empties all user temp folders, Java cache etc etc. *Always remember to re-boot after a run, even if not prompted*

Let me know how you get on...

Kevin


----------



## Worldinacup (Apr 10, 2012)

Okay, I've done that, and it seems to have ended the hijacking. Thank you! I just have one more problem: When I click the "Start" icon at the bottom left of the screen, and I look at "All Programs," most of the folders and subfolders are empty. How can I fix this?


----------



## kevinf80 (Mar 21, 2006)

You should have told me that earlier, those folders contain shortcuts to the main executable in C:\Program Files\program name folders.

Certain infections move those shortcuts to temporary folders, also check your accessories folder that may be the same. Some of the tools we have used empty temp folders as part of their routine, so we may have lost those shortcuts.

Lets try "UnHideMe" by Grinler first, see if they can be restored:

*Unhidetool*

Once the program has been downloaded, double-click on the Unhide.exe icon on your desktop and allow the program to run. This program will remove the +H, or hidden, attribute from all the files on your hard drives. If there are any files that were purposely hidden by you, you will need to hide them again after this tool is run.
Please be patient as this may take several minutes to run, it will scan and fix all Hard drives on your system. You will see a new window with the drive being processed, typically C:\ as below:










Changing as the next drive is processed as below:










You will get a success alert at the end.










Re-boot and see if your files are present. A log will be saved in the same place as the tool, post that please. Also check the Accessories folder..

Kevin...


----------



## Worldinacup (Apr 10, 2012)

Unhide by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Unhide.exe can be found at this link:
http://www.bleepingcomputer.com/forums/topic405109.html

Program started at: 04/24/2012 03:28:36 PM
Windows Version: Windows 7

Please be patient while your files are made visible again.

Processing the C:\ drive
Finished processing the C:\ drive. 230703 files processed.

Processing the E:\ drive
Finished processing the E:\ drive. 210 files processed.

Processing the F:\ drive
Finished processing the F:\ drive. 87036 files processed.

The C:\Users\Allen\AppData\Local\Temp\smtmp\ folder does not exist!!
Unhide cannot restore your missing shortcuts!!
Please see this topic in order to learn how to restore default
Start Menu shortcuts: http://www.bleepingcomputer.com/forums/topic405109.html

Searching for Windows Registry changes made by FakeHDD rogues.
- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
No registry changes detected.

Restarting Explorer.exe in order to apply changes.

Program finished at: 04/24/2012 03:35:49 PM
Execution time: 0 hours(s), 7 minute(s), and 12 seconds(s)


----------



## kevinf80 (Mar 21, 2006)

What is the status of your system at present, I take it unhideme was unsuccessful....


----------



## Worldinacup (Apr 10, 2012)

Yes, it was unsuccessful. The good thing is that that is my only problem, getting shortcuts back.


----------



## kevinf80 (Mar 21, 2006)

OK, thanks for the update, lets clean up first then tackle the other issue...

*Step 1*

Remove Combofix now that we're done with it

Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")









 Please follow the prompts to uninstall Combofix.
 You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.
The above procedure will delete the following:

 ComboFix and its associated files and folders.
 VundoFix backups, if present
 The C:_OtMoveIt folder, if present
 Reset the clock settings.
 Hide file extensions, if required.
 Hide System/Hidden files, if required.
 Reset System Restore.

*It is very important that you get a successful uninstall because of the extra functions done at the same time, let me know if this does not happen.*

*Step 2*

Remove ESET online scanner:


 Click Start, type *Uninstall a Program* into the Search programs and files box, and then press ENTER.
 Click to select *ESET Online Scanner* from the listing of installed products, and then click Uninstall/Change from the bar that displays the available tasks. Uninstall *ESETonline Scanner*, only re-boot if prompted.

*Step 3*


Download *OTC* by OldTimer and save it to your *desktop.* *Alternative mirror*
Double click







icon to start the program. 
If you are using Vista or Windows 7, please right-click and choose run as administrator
Then Click the big







button.
You will get a prompt saying "_Begining Cleanup Process_". Please select *Yes*.
Restart your computer when prompted.
This will remove tools we have used and itself.

*Any tools/logs remaining on the Desktop can be deleted.*

*Step 4*

Go here http://www.filehippo.com/updatechecker/ d/l and run the FileHippo Update Checker. Update as suggested by the checker, *ignore* any *Beta* updates.

*Step 5*

Re-run TFC, re-boot when complete.

Let me know if those steps complete OK.

Regarding the other issue. There are two ways to takle this:

1. Uninstall/Reinstall each program that has the shortcut missing from Start > All programs > program folder.

2. Copy a short cut to the program executable from the folder in *C:\Program Files\Program name (iTunes for example)* to *C:\Program data\Microsoft\Windows\Start menu\Programs\Program name (iTunes for example)*.

To do no. 2 Navigate to *C:\Program Files\iTunes* Open that folder, right click on the executable and select *copy*. Next Navigate *C:\Program data\Microsoft\Windows\Start menu\Programs\iTunes* Open that folder and select *Paste*

You would continue and do that for every empty folder.

It would also be necessary to Show hidden files and folders, also show extensions for known file types to assist with no. 2

Let me know how you get on..

Kevin


----------



## Worldinacup (Apr 10, 2012)

Hey Kevin, sorry for such a late response. I haven't had the time to get all of the "all programs" folders restored, but I have gotten a few. Thank you so much for helping me fix my computer problems! It is nice to know that people like you are willing to volunteer time and effort to help people like me fix these computer problems! Once again, thank you, and God bless!


----------



## kevinf80 (Mar 21, 2006)

Its replies like your that make it all worthwhile. When you get all of the folders restored use the "Mark solved" tab at the top of the thread so we know all is OK,
If you have any remaining issues or concerns let me know first..

Take care,

Kevin


----------

