svchost.exe with random music/radio

[helpmeplease1]

DDS.txt LOG

=================

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30

Run by ebhandari at 16:29:40 on 2012-07-03

Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.8055.4314 [GMT -7:00]

.

AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k WbioSvcGroup

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe

C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe

C:\Windows\system32\mfevtps.exe

C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe

C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\svchost.exe -k regsvc

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\WINDOWS\TIREMOTE\TIRemoteService.exe

C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Windows\SysWOW64\DllHost.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Protector Suite\upeksvr.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Protector Suite\psqltray.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe

C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\Microsoft Lync\communicator.exe

C:\Windows\SysWOW64\RunDll32.exe

C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\BigFix Enterprise\BES Client\BESClient.exe

C:\Program Files (x86)\McAfee\Common Framework\McTray.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\BigFix Enterprise\BES Client\BESClientUI.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Cisco Systems\VPN Client\vpngui.exe

C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Program Files\Sony\VAIO Power Management\SPMService.exe

C:\Windows\splwow64.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Microsoft Lync\UcMapi.exe

C:\Program Files (x86)\GL Wand\OracleBP.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\PROGRA~2\Java\jre6\bin\jp2launcher.exe

C:\Program Files (x86)\Java\jre6\bin\java.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE

C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe

-netsvcs

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Microsoft Office\Office14\NAMECONTROLSERVER.EXE

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\McAfee\VirusScan Enterprise\mcconsol.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://graceland/Pages/Home.aspx

uWindow Title = Windows Internet Explorer provided by Gracenote, Inc.

uInternet Settings,ProxyOverride = *.local

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Lync Browser Helper: {31d09ba0-12f5-4cce-be8a-2923e76605da} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111228165507.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [ares] "C:\Program Files (x86)\Ares\Ares.exe" -h

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [shStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Communicator] "C:\Program Files (x86)\Microsoft Lync\communicator.exe" /fromrunkey

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [<NO NAME>]

mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey

StartupFolder: C:\Users\EBHAND~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\VPNGUI~1.LNK - C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

mPolicies-system: SynchronousMachineGroupPolicy = 1 (0x1)

mPolicies-system: SynchronousUserGroupPolicy = 1 (0x1)

mPolicies-system: MaxGPOScriptWait = 0 (0x0)

IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

Trusted Zone: intuit.com\ttlc

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://oracleweb.webex.com/client/WBXclient-T27L10NSP31-13320/webex/ieatgpc1.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 172.24.1.155 10.8.142.103 10.3.8.39 10.3.8.28

TCP: Interfaces\{A8CF4239-A7E3-4B62-8017-972A18AE7E0F} : DhcpNameServer = 172.24.1.155 10.8.142.103 10.3.8.39 10.3.8.28

TCP: Interfaces\{EAD167A8-A26A-49B4-BC39-4F21FE88B4B3} : DhcpNameServer = 172.24.1.155 10.8.142.103 10.3.8.39 10.3.8.28

TCP: Interfaces\{EAD167A8-A26A-49B4-BC39-4F21FE88B4B3}\268616E646162796D256874756E6465646 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{EAD167A8-A26A-49B4-BC39-4F21FE88B4B3}\268616E646162796F57657563747 : DhcpNameServer = 8.8.8.8 208.67.222.222

TCP: Interfaces\{EAD167A8-A26A-49B4-BC39-4F21FE88B4B3}\96E66756E647F62797 : DhcpNameServer = 8.8.8.8 208.67.222.222

TCP: Interfaces\{EAD167A8-A26A-49B4-BC39-4F21FE88B4B3}\D416272796F64747 : DhcpNameServer = 4.2.2.1

TCP: Interfaces\{EAD167A8-A26A-49B4-BC39-4F21FE88B4B3}\D416272796F6474702C4F6262697 : DhcpNameServer = 4.2.2.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

LSA: Notification Packages = scecli C:\Program Files\Protector Suite\psqlpwd.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll

BHO-X64: Lync add-on BHO - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111228165507.dll

BHO-X64: scriptproxy - No File

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: SmartSelect - No File

TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"

mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun-x64: [shStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [Communicator] "C:\Program Files (x86)\Microsoft Lync\communicator.exe" /fromrunkey

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [(Default)]

mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"

mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath -

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]

R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-6-7 13336]

R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]

R2 McAfeeFramework;McAfee Framework Service;C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [2011-11-15 132672]

R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-12-28 190256]

R2 McTaskManager;McAfee Task Manager;C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [2011-1-12 209760]

R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-12-28 2255464]

R2 rimspci;rimspci;C:\Windows\system32\DRIVERS\rimssne64.sys --> C:\Windows\system32\DRIVERS\rimssne64.sys [?]

R2 risdsnpe;risdsnpe;C:\Windows\system32\DRIVERS\risdsne64.sys --> C:\Windows\system32\DRIVERS\risdsne64.sys [?]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-8-3 379496]

R2 TIRmtSvc;Track-It! Workstation Manager;C:\Windows\TIREMOTE\TIRemoteService.exe [2012-3-29 210944]

R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2011-6-17 575856]

R3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\system32\drivers\btwampfl.sys --> C:\Windows\system32\drivers\btwampfl.sys [?]

R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]

R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]

R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys --> C:\Windows\system32\DRIVERS\SFEP.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-3-2 136176]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-29 257224]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-3-2 136176]

S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-07-03 12:26:13 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{59F9BB98-0F78-485D-B249-70D14C8200DF}\offreg.dll

2012-07-03 12:25:03 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{59F9BB98-0F78-485D-B249-70D14C8200DF}\mpengine.dll

2012-07-02 21:07:40 20480 ----a-w- C:\Windows\svchost.exe

2012-06-29 00:26:40 209920 ----a-w- C:\Windows\System32\profsvc.dll

2012-06-29 00:26:35 1462272 ----a-w- C:\Windows\System32\crypt32.dll

2012-06-29 00:26:34 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-06-29 00:26:34 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2012-06-29 00:26:34 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-06-29 00:26:33 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-06-29 00:26:32 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2012-06-29 00:25:54 3216384 ----a-w- C:\Windows\System32\msi.dll

2012-06-29 00:25:53 2342400 ----a-w- C:\Windows\SysWow64\msi.dll

2012-06-26 06:02:13 -------- d-----w- C:\Users\ebhandari\AppData\Local\Vid-Saver

2012-06-26 06:02:12 -------- d-----w- C:\Program Files (x86)\Vid-Saver

2012-06-26 06:02:08 -------- d-----w- C:\Program Files (x86)\BitTorrent

2012-06-26 06:01:29 -------- d-----w- C:\Users\ebhandari\AppData\Roaming\BitTorrent

2012-06-21 15:47:23 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-21 15:47:05 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-21 15:46:27 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-21 15:46:27 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-21 15:40:50 -------- d-----w- C:\ProgramData\BigFix

2012-06-19 19:57:02 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-06-19 19:57:01 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-06-19 19:57:01 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-06-19 19:54:25 3146752 ----a-w- C:\Windows\System32\win32k.sys

2012-06-19 19:46:17 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-06-19 19:46:17 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll

2012-06-19 19:40:34 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-06-19 19:40:34 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-06-19 19:40:33 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

.

==================== Find3M ====================

.

2012-06-19 19:39:18 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-19 19:39:18 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-04-19 17:39:45 94208 ----a-w- C:\Windows\TIRHService.exe

.

============= FINISH: 16:31:14.93 ===============

ATTACH.TXT

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Enterprise

Boot Device: \Device\HarddiskVolume1

Install Date: 12/7/2011 1:27:04 PM

System Uptime: 7/2/2012 10:20:55 PM (18 hours ago)

.

Motherboard: Sony Corporation | | VAIO

Processor: Intel® Core i7 CPU M 640 @ 2.80GHz | N/A | 2800/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 466 GiB total, 348.133 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}

Description: Lexmark X422

Device ID: ROOT\IMAGE\0000

Manufacturer: Lexmark

Name: Lexmark X422

PNP Device ID: ROOT\IMAGE\0000

Service: usbscan

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Cisco Systems VPN Adapter for 64-bit Windows

Device ID: ROOT\NET\0000

Manufacturer: Cisco Systems

Name: Cisco Systems VPN Adapter for 64-bit Windows

PNP Device ID: ROOT\NET\0000

Service: CVirtA

.

==== System Restore Points ===================

.

RP100: 6/21/2012 8:45:19 AM - Windows Update

RP101: 6/26/2012 4:31:28 AM - Windows Update

RP102: 6/28/2012 5:26:52 PM - Windows Update

RP103: 7/3/2012 5:23:42 AM - Windows Update

.

==== Installed Programs ======================

.

.

Adobe Acrobat X Standard - English, Français, Deutsch

Adobe Digital Editions

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

ROGUEKILLER REPORT

RogueKiller V7.6.2 [07/02/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: ebhandari [Admin rights]

Mode: Scan -- Date: 07/03/2012 16:51:04

¤¤¤ Bad processes: 1 ¤¤¤

[sVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 4 ¤¤¤

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS725050A9A360 +++++

--- User ---

[MBR] d602b712dbc5b1ecd1bfb6e8f7a4dec0

[bSP] cd27ed3eb96aab5c994ff939e1f9cca6 : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo

User != LL1 ... KO!

--- LL1 ---

[MBR] 889f1cce0160e1126d14d1766f1f7b41

[bSP] cd27ed3eb96aab5c994ff939e1f9cca6 : Windows 7 MBR Code

Partition table:

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo

User != LL2 ... KO!

--- LL2 ---

[MBR] 889f1cce0160e1126d14d1766f1f7b41

[bSP] cd27ed3eb96aab5c994ff939e1f9cca6 : Windows 7 MBR Code

Partition table:

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo

Finished : << RKreport[1].txt >>

RKreport[1].txt

[gringo_pr]

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

• 
  
• Please do not run any tools unless instructed to do so.
  
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.

  [*]Please do not attach logs or use code boxes, just copy and paste the text.

  • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
    

  [*]Please read every post completely before doing anything.

  • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
    

  [*]Please provide feedback about your experience as we go.

  • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
  
  

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

• Download Security Check by screen317 from

here.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.

Link 1
Link 2
Link 3

1. Close any open browsers or any other programs that are open.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

• In your next post I need the following
  
• Log from Combofix
  
• let me know of any problems you may have had
  
• How is the computer doing now?
  

Gringo

[helpmeplease1]

Ok here we go 4 items:

==============================================================================

(1) CHECKUP.TXT

---------------------------------

Results of screen317's Security Check version 0.99.42

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Security Center service is not running! This report may not be accurate!

McAfee VirusScan Enterprise

Antivirus up to date! (On Access scanning disabled!)

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.61.0.1400

Java™ 6 Update 30

Java version out of Date!

Mozilla Firefox 11.0 Firefox out of Date!

````````Process Check: objlist.exe by Laurent````````

McAfee VirusScan Enterprise mfeann.exe

McAfee VirusScan Enterprise VsTskMgr.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 1%

````````````````````End of Log``````````````````````

=============================================================================

(2) LOG FROM COMBOFIX:

-------------------------------------

ComboFix 12-07-06.02 - ebhandari 07/06/2012 13:01:35.1.4 - x64

Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.8055.6298 [GMT -7:00]

Running from: c:\users\ebhandari\Desktop\ComboFix.exe

AV: McAfee VirusScan Enterprise *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: McAfee VirusScan Enterprise Antispyware Module *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

* Resident AV is active

.

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk

c:\windows\Installer\{1427c4e0-5d2d-54ec-86e7-77196502e050}\@

c:\windows\Installer\{1427c4e0-5d2d-54ec-86e7-77196502e050}\L\00000004.@

c:\windows\Installer\{1427c4e0-5d2d-54ec-86e7-77196502e050}\L\1afb2d56

c:\windows\Installer\{1427c4e0-5d2d-54ec-86e7-77196502e050}\L\201d3dde

c:\windows\Installer\{1427c4e0-5d2d-54ec-86e7-77196502e050}\n

c:\windows\Installer\{1427c4e0-5d2d-54ec-86e7-77196502e050}\U\00000004.@

c:\windows\Installer\{1427c4e0-5d2d-54ec-86e7-77196502e050}\U\00000008.@

c:\windows\Installer\{1427c4e0-5d2d-54ec-86e7-77196502e050}\U\000000cb.@

c:\windows\Installer\{1427c4e0-5d2d-54ec-86e7-77196502e050}\U\80000000.@

c:\windows\Installer\{1427c4e0-5d2d-54ec-86e7-77196502e050}\U\80000032.@

c:\windows\Installer\{1427c4e0-5d2d-54ec-86e7-77196502e050}\U\80000064.@

c:\windows\svchost.exe

c:\windows\assembly\GAC_32\Desktop.ini . . . . Failed to delete

c:\windows\assembly\GAC_64\Desktop.ini . . . . Failed to delete

.

Infected copy of c:\windows\system32\Services.exe was found and disinfected

Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-06-06 to 2012-07-06 )))))))))))))))))))))))))))))))

.

.

2012-07-06 20:10 . 2012-07-06 20:10 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-07-06 20:10 . 2012-07-06 20:10 -------- d-----w- c:\users\smitchell\AppData\Local\temp

2012-07-06 20:10 . 2012-07-06 20:10 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-06 20:10 . 2012-07-06 20:10 -------- d-----w- c:\users\Administrator\AppData\Local\temp

2012-07-06 20:10 . 2012-07-06 20:10 -------- d-----w- c:\users\admin\AppData\Local\temp

2012-07-06 16:41 . 2012-07-06 16:41 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%

2012-07-06 16:28 . 2012-07-06 16:28 -------- d-----w- c:\windows\Sun

2012-07-03 12:26 . 2012-07-05 09:25 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{59F9BB98-0F78-485D-B249-70D14C8200DF}\offreg.dll

2012-07-03 12:25 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{59F9BB98-0F78-485D-B249-70D14C8200DF}\mpengine.dll

2012-06-29 00:26 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll

2012-06-29 00:26 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll

2012-06-29 00:26 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll

2012-06-29 00:26 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll

2012-06-29 00:26 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll

2012-06-29 00:26 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2012-06-29 00:26 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

2012-06-29 00:25 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll

2012-06-29 00:25 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll

2012-06-26 06:02 . 2012-06-26 06:02 -------- d-----w- c:\users\ebhandari\AppData\Local\Vid-Saver

2012-06-26 06:02 . 2012-06-26 06:02 -------- d-----w- c:\program files (x86)\Vid-Saver

2012-06-26 06:02 . 2012-06-26 06:02 -------- d-----w- c:\program files (x86)\BitTorrent

2012-06-26 06:01 . 2012-07-02 16:24 -------- d-----w- c:\users\ebhandari\AppData\Roaming\BitTorrent

2012-06-21 15:47 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-21 15:47 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-21 15:47 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-21 15:47 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-21 15:47 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-21 15:47 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-21 15:47 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-21 15:46 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-21 15:46 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-21 15:40 . 2012-06-21 15:40 -------- d-----w- c:\programdata\BigFix

2012-06-19 19:57 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-06-19 19:57 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-06-19 19:57 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-06-19 19:54 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys

2012-06-19 19:46 . 2012-04-28 05:32 1112064 ----a-w- c:\windows\system32\rdpcorets.dll

2012-06-19 19:46 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-06-19 19:40 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-06-19 19:40 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-06-19 19:40 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-19 19:39 . 2012-03-29 23:07 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-06-19 19:39 . 2011-06-07 17:35 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-04-19 17:39 . 2012-03-29 19:40 94208 ----a-w- c:\windows\TIRHService.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-03-03 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]

"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2010-06-01 673136]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"ShStatEXE"="c:\program files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2011-01-12 215360]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"Communicator"="c:\program files (x86)\Microsoft Lync\communicator.exe" [2012-05-16 12098648]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-04-04 36760]

"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-04-04 815512]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-07 421736]

"McAfeeUpdaterUI"="c:\program files (x86)\McAfee\Common Framework\udaterui.exe" [2011-11-15 333376]

.

c:\users\ebhandari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-8 1128224]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

"SynchronousMachineGroupPolicy"= 1 (0x1)

"SynchronousUserGroupPolicy"= 1 (0x1)

"MaxGPOScriptWait"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli c:\program files\Protector Suite\psqlpwd.dll

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-03 136176]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-19 257224]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-03 136176]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-12-29 97960]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-06-07 1255736]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-12-29 281544]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]

S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-26 13672]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-12-29 156248]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-04 2255464]

S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimssne64.sys [2010-08-05 94208]

S2 risdsnpe;risdsnpe;c:\windows\system32\DRIVERS\risdsne64.sys [2010-08-05 78848]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-04 379496]

S2 TIRmtSvc;Track-It! Workstation Manager;c:\windows\TIREMOTE\TIRemoteService.exe [2011-10-31 210944]

S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-06-22 575856]

S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-08-05 342056]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-08-05 39464]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-18 56344]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-08-12 158976]

S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-06-10 57344]

S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-05-31 7689216]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-05-10 174184]

S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2007-08-03 11392]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

*Deregistered* - mfeavfk01

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-06 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 19:39]

.

2012-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-03 06:43]

.

2012-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-03 06:43]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]

@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"

[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]

2010-04-27 22:48 5947656 ----a-w- c:\program files\Protector Suite\farchns.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]

@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"

[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]

2010-04-27 22:48 5947656 ----a-w- c:\program files\Protector Suite\farchns.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-05-03 11842152]

"PSQLLauncher"="c:\program files\Protector Suite\launcher.exe" [2010-04-27 84744]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://graceland/Pages/Home.aspx

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

Trusted Zone: intuit.com\ttlc

TCP: DhcpNameServer = 172.24.1.155 10.8.142.103 10.3.8.39 10.3.8.28

FF - ProfilePath -

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-ares - c:\program files (x86)\Ares\Ares.exe

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,

43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,

27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}"=hex:51,66,7a,6c,4c,1d,38,12,ce,98,c3,

35,c7,5c,a0,09,c1,9c,6a,63,e2,38,41,ce

"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,

76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a

"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,

72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57

"{7DB2D5A0-7241-4E79-B68D-6309F01C5231}"=hex:51,66,7a,6c,4c,1d,38,12,ce,d6,a1,

79,73,3c,17,0b,c9,9b,20,49,f5,42,16,25

"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,

ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3

"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,

aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04

"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,

b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

"{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84,

f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63

"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,

2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:1a,f4,07,a5,d7,58,cd,01

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe

c:\program files (x86)\McAfee\Common Framework\FrameworkService.exe

c:\program files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe

c:\program files (x86)\McAfee\VirusScan Enterprise\mfeann.exe

c:\program files (x86)\McAfee\Common Framework\naPrdMgr.exe

c:\program files (x86)\Sony\VAIO Event Service\VESMgr.exe

c:\windows\SysWOW64\DllHost.exe

c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe

c:\\.\globalroot\systemroot\svchost.exe

c:\program files (x86)\BigFix Enterprise\BES Client\BESClient.exe

c:\program files (x86)\BigFix Enterprise\BES Client\BESClientUI.exe

.

**************************************************************************

.

Completion time: 2012-07-06 13:22:22 - machine was rebooted

ComboFix-quarantined-files.txt 2012-07-06 20:22

.

Pre-Run: 378,074,447,872 bytes free

Post-Run: 380,502,237,184 bytes free

.

- - End Of File - - C28C4E995862AE5C7EB6DD402CD4301A

==================================================

(3) Problems I have had:

--------------------------------

- my computer was blue screening periodically

- when re-booting it would take 2 or 3 re-boot before getting my computer to a point where I could open programs

- in the 2 or 3 times it would blue screen, or freeze at boot screen

====================================================

(4) How is the computer doing now?

------------------------------------------------

- I have not tried to reboot

- random music/radio is still there

[gringo_pr]

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.

• Download TDSSKiller and save it to your Desktop.
  
• doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  
• If an infected file is detected, the default action will be Cure, click on Continue.
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  

Please download aswMBR to your desktop.

• Double click the aswMBR.exe icon to run it
  
• it will ask to download extra definitions - ALLOW IT
  
• Click the Scan button to start the scan
  
• On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.
  

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo

[gringo_pr]

Greetings

I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools

Gringo

[helpmeplease1]

Hi,

Below is the report from TDSSKILLER.

When I ran aswMBR - it ran for about 5-10 minutes then automatically re-booted my machine. Should I rerun?

=========================

TDSSKILLER REPORT

---------------------------------------------------

22:07:46.0501 6952 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08

22:07:46.0939 6952 ============================================================

22:07:46.0939 6952 Current date / time: 2012/07/08 22:07:46.0939

22:07:46.0939 6952 SystemInfo:

22:07:46.0939 6952

22:07:46.0939 6952 OS Version: 6.1.7601 ServicePack: 1.0

22:07:46.0939 6952 Product type: Workstation

22:07:46.0939 6952 ComputerName: EBHANDARI-GNNB

22:07:46.0939 6952 UserName: ebhandari

22:07:46.0939 6952 Windows directory: C:\Windows

22:07:46.0939 6952 System windows directory: C:\Windows

22:07:46.0939 6952 Running under WOW64

22:07:46.0939 6952 Processor architecture: Intel x64

22:07:46.0939 6952 Number of processors: 4

22:07:46.0939 6952 Page size: 0x1000

22:07:46.0939 6952 Boot type: Normal boot

22:07:46.0939 6952 ============================================================

22:07:47.0626 6952 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

22:07:47.0630 6952 ============================================================

22:07:47.0630 6952 \Device\Harddisk0\DR0:

22:07:47.0630 6952 MBR partitions:

22:07:47.0630 6952 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

22:07:47.0630 6952 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353030

22:07:47.0630 6952 ============================================================

22:07:47.0658 6952 C: <-> \Device\Harddisk0\DR0\Partition1

22:07:47.0658 6952 ============================================================

22:07:47.0658 6952 Initialize success

22:07:47.0658 6952 ============================================================

22:07:50.0945 5448 ============================================================

22:07:50.0945 5448 Scan started

22:07:50.0945 5448 Mode: Manual;

22:07:50.0945 5448 ============================================================

22:07:53.0869 5448 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

22:07:53.0870 5448 1394ohci - ok

22:07:53.0962 5448 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

22:07:54.0032 5448 ACDaemon - ok

22:07:54.0153 5448 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

22:07:54.0155 5448 ACPI - ok

22:07:54.0237 5448 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

22:07:54.0238 5448 AcpiPmi - ok

22:07:54.0473 5448 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

22:07:54.0475 5448 AdobeFlashPlayerUpdateSvc - ok

22:07:54.0551 5448 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

22:07:54.0553 5448 adp94xx - ok

22:07:54.0609 5448 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

22:07:54.0611 5448 adpahci - ok

22:07:54.0669 5448 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

22:07:54.0671 5448 adpu320 - ok

22:07:54.0719 5448 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

22:07:54.0720 5448 AeLookupSvc - ok

22:07:54.0763 5448 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

22:07:54.0765 5448 AFD - ok

22:07:54.0795 5448 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

22:07:54.0796 5448 agp440 - ok

22:07:54.0811 5448 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

22:07:54.0815 5448 ALG - ok

22:07:54.0841 5448 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

22:07:54.0841 5448 aliide - ok

22:07:54.0845 5448 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

22:07:54.0845 5448 amdide - ok

22:07:54.0873 5448 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

22:07:54.0873 5448 AmdK8 - ok

22:07:54.0888 5448 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

22:07:54.0889 5448 AmdPPM - ok

22:07:54.0925 5448 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

22:07:54.0926 5448 amdsata - ok

22:07:54.0965 5448 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

22:07:54.0966 5448 amdsbs - ok

22:07:54.0979 5448 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

22:07:54.0980 5448 amdxata - ok

22:07:55.0060 5448 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

22:07:55.0061 5448 AppID - ok

22:07:55.0112 5448 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

22:07:55.0116 5448 AppIDSvc - ok

22:07:55.0251 5448 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

22:07:55.0251 5448 Appinfo - ok

22:07:55.0388 5448 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

22:07:55.0389 5448 Apple Mobile Device - ok

22:07:55.0449 5448 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll

22:07:55.0454 5448 AppMgmt - ok

22:07:55.0488 5448 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

22:07:55.0489 5448 arc - ok

22:07:55.0504 5448 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

22:07:55.0505 5448 arcsas - ok

22:07:55.0699 5448 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

22:07:55.0757 5448 aspnet_state - ok

22:07:55.0802 5448 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

22:07:55.0802 5448 AsyncMac - ok

22:07:55.0823 5448 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

22:07:55.0824 5448 atapi - ok

22:07:55.0876 5448 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

22:07:55.0908 5448 AudioEndpointBuilder - ok

22:07:55.0913 5448 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

22:07:55.0917 5448 AudioSrv - ok

22:07:55.0969 5448 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

22:07:55.0997 5448 AxInstSV - ok

22:07:56.0301 5448 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

22:07:56.0304 5448 b06bdrv - ok

22:07:56.0400 5448 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

22:07:56.0401 5448 b57nd60a - ok

22:07:56.0476 5448 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

22:07:56.0480 5448 BDESVC - ok

22:07:56.0490 5448 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

22:07:56.0490 5448 Beep - ok

22:07:57.0117 5448 BESClient (cbdc51c584fd4a6bbd06727d82a11428) C:\Program Files (x86)\BigFix Enterprise\BES Client\BESClient.exe

22:07:57.0137 5448 BESClient - ok

22:07:57.0480 5448 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

22:07:57.0518 5448 BFE - ok

22:07:57.0567 5448 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll

22:07:57.0644 5448 BITS - ok

22:07:57.0690 5448 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

22:07:57.0691 5448 blbdrive - ok

22:07:57.0766 5448 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe

22:07:57.0768 5448 Bonjour Service - ok

22:07:57.0797 5448 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

22:07:57.0798 5448 bowser - ok

22:07:57.0807 5448 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

22:07:57.0808 5448 BrFiltLo - ok

22:07:57.0818 5448 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

22:07:57.0818 5448 BrFiltUp - ok

22:07:57.0840 5448 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys

22:07:57.0841 5448 BridgeMP - ok

22:07:57.0869 5448 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

22:07:57.0907 5448 Browser - ok

22:07:57.0955 5448 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

22:07:57.0957 5448 Brserid - ok

22:07:57.0990 5448 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

22:07:57.0991 5448 BrSerWdm - ok

22:07:58.0005 5448 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

22:07:58.0006 5448 BrUsbMdm - ok

22:07:58.0009 5448 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

22:07:58.0010 5448 BrUsbSer - ok

22:07:58.0067 5448 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys

22:07:58.0068 5448 BthEnum - ok

22:07:58.0096 5448 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

22:07:58.0097 5448 BTHMODEM - ok

22:07:58.0184 5448 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys

22:07:58.0185 5448 BthPan - ok

22:07:58.0307 5448 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys

22:07:58.0309 5448 BTHPORT - ok

22:07:58.0426 5448 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

22:07:58.0429 5448 bthserv - ok

22:07:58.0460 5448 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys

22:07:58.0461 5448 BTHUSB - ok

22:07:58.0567 5448 btwampfl (59e3510784548c6939c1b3b985c232e3) C:\Windows\system32\drivers\btwampfl.sys

22:07:58.0569 5448 btwampfl - ok

22:07:58.0671 5448 btwaudio (1872074ed0a3fb22e3f1e3197b984bfa) C:\Windows\system32\drivers\btwaudio.sys

22:07:58.0672 5448 btwaudio - ok

22:07:58.0697 5448 btwavdt (691cf076c33ab1c3a5b2fd5450300733) C:\Windows\system32\DRIVERS\btwavdt.sys

22:07:58.0698 5448 btwavdt - ok

22:07:58.0832 5448 btwdins (8ba6e93a182126781952a7895ec1e4b2) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

22:07:58.0837 5448 btwdins - ok

22:07:58.0865 5448 btwl2cap (07096d2bc22ccb6cea5a532df0be8a75) C:\Windows\system32\DRIVERS\btwl2cap.sys

22:07:58.0865 5448 btwl2cap - ok

22:07:58.0879 5448 btwrchid (c9273b20dec8ce38dbce5d29de63c907) C:\Windows\system32\DRIVERS\btwrchid.sys

22:07:58.0879 5448 btwrchid - ok

22:07:58.0925 5448 catchme - ok

22:07:58.0952 5448 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

22:07:58.0953 5448 cdfs - ok

22:07:58.0985 5448 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys

22:07:58.0986 5448 cdrom - ok

22:07:59.0023 5448 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

22:07:59.0069 5448 CertPropSvc - ok

22:07:59.0103 5448 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

22:07:59.0103 5448 circlass - ok

22:07:59.0138 5448 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

22:07:59.0139 5448 CLFS - ok

22:07:59.0360 5448 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

22:07:59.0364 5448 clr_optimization_v2.0.50727_32 - ok

22:07:59.0462 5448 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

22:07:59.0466 5448 clr_optimization_v2.0.50727_64 - ok

22:07:59.0543 5448 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

22:07:59.0544 5448 clr_optimization_v4.0.30319_32 - ok

22:07:59.0626 5448 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

22:07:59.0627 5448 clr_optimization_v4.0.30319_64 - ok

22:07:59.0670 5448 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

22:07:59.0671 5448 CmBatt - ok

22:07:59.0696 5448 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

22:07:59.0697 5448 cmdide - ok

22:07:59.0735 5448 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

22:07:59.0737 5448 CNG - ok

22:07:59.0761 5448 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

22:07:59.0762 5448 Compbatt - ok

22:07:59.0806 5448 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

22:07:59.0807 5448 CompositeBus - ok

22:07:59.0818 5448 COMSysApp - ok

22:07:59.0828 5448 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

22:07:59.0828 5448 crcdisk - ok

22:07:59.0886 5448 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll

22:07:59.0921 5448 CryptSvc - ok

22:08:00.0066 5448 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys

22:08:00.0078 5448 CSC - ok

22:08:00.0223 5448 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll

22:08:00.0226 5448 CscService - ok

22:08:00.0274 5448 CVirtA (44bddeb03c84a1c993c992ffb5700357) C:\Windows\system32\DRIVERS\CVirtA64.sys

22:08:00.0275 5448 CVirtA - ok

22:08:00.0482 5448 CVPND (66257cb4e4fb69887cddc71663741435) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe

22:08:00.0488 5448 CVPND - ok

22:08:00.0637 5448 CVPNDRVA (cc8e52daa9826064ba464dbe531f2bb5) C:\Windows\system32\Drivers\CVPNDRVA.sys

22:08:00.0639 5448 CVPNDRVA - ok

22:08:00.0690 5448 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

22:08:00.0693 5448 DcomLaunch - ok

22:08:00.0749 5448 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

22:08:00.0757 5448 defragsvc - ok

22:08:00.0792 5448 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

22:08:00.0793 5448 DfsC - ok

22:08:00.0852 5448 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

22:08:00.0911 5448 Dhcp - ok

22:08:00.0951 5448 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

22:08:00.0952 5448 discache - ok

22:08:01.0005 5448 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

22:08:01.0006 5448 Disk - ok

22:08:01.0093 5448 DNE (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys

22:08:01.0094 5448 DNE - ok

22:08:01.0194 5448 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

22:08:01.0228 5448 Dnscache - ok

22:08:01.0258 5448 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

22:08:01.0295 5448 dot3svc - ok

22:08:01.0326 5448 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

22:08:01.0328 5448 DPS - ok

22:08:01.0355 5448 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

22:08:01.0356 5448 drmkaud - ok

22:08:01.0410 5448 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

22:08:01.0415 5448 DXGKrnl - ok

22:08:01.0444 5448 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

22:08:01.0447 5448 EapHost - ok

22:08:01.0585 5448 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

22:08:01.0599 5448 ebdrv - ok

22:08:01.0687 5448 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

22:08:01.0688 5448 EFS - ok

22:08:01.0756 5448 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

22:08:01.0808 5448 ehRecvr - ok

22:08:01.0836 5448 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

22:08:01.0840 5448 ehSched - ok

22:08:01.0899 5448 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

22:08:01.0902 5448 elxstor - ok

22:08:01.0919 5448 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

22:08:01.0920 5448 ErrDev - ok

22:08:01.0994 5448 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

22:08:01.0997 5448 EventSystem - ok

22:08:02.0018 5448 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

22:08:02.0019 5448 exfat - ok

22:08:02.0104 5448 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

22:08:02.0105 5448 fastfat - ok

22:08:02.0190 5448 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

22:08:02.0193 5448 Fax - ok

22:08:02.0208 5448 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

22:08:02.0209 5448 fdc - ok

22:08:02.0227 5448 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

22:08:02.0228 5448 fdPHost - ok

22:08:02.0243 5448 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

22:08:02.0244 5448 FDResPub - ok

22:08:02.0253 5448 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

22:08:02.0253 5448 FileInfo - ok

22:08:02.0271 5448 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

22:08:02.0272 5448 Filetrace - ok

22:08:02.0300 5448 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

22:08:02.0301 5448 flpydisk - ok

22:08:02.0331 5448 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

22:08:02.0333 5448 FltMgr - ok

22:08:02.0445 5448 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

22:08:02.0451 5448 FontCache - ok

22:08:02.0498 5448 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

22:08:02.0499 5448 FontCache3.0.0.0 - ok

22:08:02.0521 5448 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

22:08:02.0522 5448 FsDepends - ok

22:08:02.0556 5448 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

22:08:02.0557 5448 Fs_Rec - ok

22:08:02.0594 5448 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

22:08:02.0595 5448 fvevol - ok

22:08:02.0667 5448 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

22:08:02.0668 5448 gagp30kx - ok

22:08:02.0758 5448 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

22:08:02.0758 5448 GEARAspiWDM - ok

22:08:02.0947 5448 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

22:08:02.0976 5448 gpsvc - ok

22:08:03.0076 5448 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

22:08:03.0077 5448 gupdate - ok

22:08:03.0090 5448 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

22:08:03.0091 5448 gupdatem - ok

22:08:03.0115 5448 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

22:08:03.0116 5448 gusvc - ok

22:08:03.0140 5448 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

22:08:03.0141 5448 hcw85cir - ok

22:08:03.0180 5448 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

22:08:03.0182 5448 HdAudAddService - ok

22:08:03.0208 5448 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

22:08:03.0209 5448 HDAudBus - ok

22:08:03.0270 5448 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys

22:08:03.0271 5448 HECIx64 - ok

22:08:03.0297 5448 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

22:08:03.0297 5448 HidBatt - ok

22:08:03.0356 5448 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

22:08:03.0357 5448 HidBth - ok

22:08:03.0372 5448 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

22:08:03.0373 5448 HidIr - ok

22:08:03.0393 5448 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll

22:08:03.0397 5448 hidserv - ok

22:08:03.0436 5448 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

22:08:03.0437 5448 HidUsb - ok

22:08:03.0475 5448 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

22:08:03.0500 5448 hkmsvc - ok

22:08:03.0586 5448 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

22:08:03.0611 5448 HomeGroupListener - ok

22:08:03.0661 5448 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

22:08:03.0661 5448 HomeGroupProvider - ok

22:08:03.0704 5448 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

22:08:03.0704 5448 HpSAMD - ok

22:08:03.0829 5448 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

22:08:03.0833 5448 HTTP - ok

22:08:03.0897 5448 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

22:08:03.0898 5448 hwpolicy - ok

22:08:03.0938 5448 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

22:08:03.0939 5448 i8042prt - ok

22:08:03.0995 5448 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys

22:08:03.0998 5448 iaStor - ok

22:08:04.0074 5448 IAStorDataMgrSvc (31a0e93cdf29007d6c6fffb632f375ed) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

22:08:04.0075 5448 IAStorDataMgrSvc - ok

22:08:04.0111 5448 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

22:08:04.0113 5448 iaStorV - ok

22:08:04.0239 5448 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

22:08:04.0300 5448 idsvc - ok

22:08:04.0335 5448 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

22:08:04.0336 5448 iirsp - ok

22:08:04.0412 5448 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

22:08:04.0450 5448 IKEEXT - ok

22:08:04.0511 5448 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys

22:08:04.0512 5448 Impcd - ok

22:08:04.0688 5448 IntcAzAudAddService (26407a11d7e222afb7ce32700abbd9d1) C:\Windows\system32\drivers\RTKVHD64.sys

22:08:04.0700 5448 IntcAzAudAddService - ok

22:08:04.0789 5448 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

22:08:04.0790 5448 intelide - ok

22:08:04.0828 5448 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

22:08:04.0828 5448 intelppm - ok

22:08:04.0914 5448 IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

22:08:04.0915 5448 IntuitUpdateServiceV4 - ok

22:08:04.0938 5448 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

22:08:04.0943 5448 IPBusEnum - ok

22:08:04.0963 5448 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

22:08:04.0964 5448 IpFilterDriver - ok

22:08:05.0019 5448 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

22:08:05.0022 5448 iphlpsvc - ok

22:08:05.0059 5448 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

22:08:05.0060 5448 IPMIDRV - ok

22:08:05.0092 5448 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

22:08:05.0093 5448 IPNAT - ok

22:08:05.0190 5448 iPod Service (755e4ba6dce627a2683bb7640553c8d6) C:\Program Files\iPod\bin\iPodService.exe

22:08:05.0194 5448 iPod Service - ok

22:08:05.0221 5448 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

22:08:05.0222 5448 IRENUM - ok

22:08:05.0235 5448 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

22:08:05.0236 5448 isapnp - ok

22:08:05.0259 5448 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

22:08:05.0261 5448 iScsiPrt - ok

22:08:05.0288 5448 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

22:08:05.0288 5448 kbdclass - ok

22:08:05.0318 5448 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

22:08:05.0319 5448 kbdhid - ok

22:08:05.0354 5448 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

22:08:05.0355 5448 KeyIso - ok

22:08:05.0369 5448 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

22:08:05.0369 5448 KSecDD - ok

22:08:05.0439 5448 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

22:08:05.0440 5448 KSecPkg - ok

22:08:05.0457 5448 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

22:08:05.0457 5448 ksthunk - ok

22:08:05.0527 5448 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

22:08:05.0546 5448 KtmRm - ok

22:08:05.0610 5448 L1C (033b4aed2c5519072c0d81e00804d003) C:\Windows\system32\DRIVERS\L1C62x64.sys

22:08:05.0611 5448 L1C - ok

22:08:05.0665 5448 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll

22:08:05.0709 5448 LanmanServer - ok

22:08:05.0747 5448 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

22:08:05.0780 5448 LanmanWorkstation - ok

22:08:05.0809 5448 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

22:08:05.0810 5448 lltdio - ok

22:08:05.0850 5448 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

22:08:05.0857 5448 lltdsvc - ok

22:08:05.0872 5448 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

22:08:05.0877 5448 lmhosts - ok

22:08:05.0905 5448 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

22:08:05.0906 5448 LSI_FC - ok

22:08:05.0940 5448 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

22:08:05.0940 5448 LSI_SAS - ok

22:08:05.0966 5448 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

22:08:05.0967 5448 LSI_SAS2 - ok

22:08:05.0998 5448 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

22:08:05.0999 5448 LSI_SCSI - ok

22:08:06.0035 5448 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

22:08:06.0036 5448 luafv - ok

22:08:06.0132 5448 McAfeeFramework (3ef9511390f9106dd8cf0747baeb335c) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe

22:08:06.0133 5448 McAfeeFramework - ok

22:08:06.0211 5448 McShield (00315dc847778d65728197b63803b523) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

22:08:06.0212 5448 McShield - ok

22:08:06.0318 5448 McTaskManager (b15bb3aef59158b4e1dda5328c842713) C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe

22:08:06.0320 5448 McTaskManager - ok

22:08:06.0385 5448 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

22:08:06.0441 5448 Mcx2Svc - ok

22:08:06.0464 5448 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

22:08:06.0465 5448 megasas - ok

22:08:06.0501 5448 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

22:08:06.0503 5448 MegaSR - ok

22:08:06.0555 5448 mfeapfk (0d121a46e0148a3bc941fa3bb0269329) C:\Windows\system32\drivers\mfeapfk.sys

22:08:06.0556 5448 mfeapfk - ok

22:08:06.0605 5448 mfeavfk (93f251905c028809ffb49f95a63fcbc9) C:\Windows\system32\drivers\mfeavfk.sys

22:08:06.0607 5448 mfeavfk - ok

22:08:06.0635 5448 mfeavfk01 - ok

22:08:06.0733 5448 mfehidk (a282a937127ea7b15eb85559e59ae576) C:\Windows\system32\drivers\mfehidk.sys

22:08:06.0736 5448 mfehidk - ok

22:08:06.0768 5448 mferkdet (04d7e0e2a48730a1c535837f105e6352) C:\Windows\system32\drivers\mferkdet.sys

22:08:06.0768 5448 mferkdet - ok

22:08:06.0836 5448 mfevtp (45f1580c7c9f49a68b72ef2ccefef3a3) C:\Windows\system32\mfevtps.exe

22:08:06.0838 5448 mfevtp - ok

22:08:06.0880 5448 mfewfpk (325dd1031cfd71bd4d8afdb1faaf3bea) C:\Windows\system32\drivers\mfewfpk.sys

22:08:06.0881 5448 mfewfpk - ok

22:08:06.0952 5448 Microsoft SharePoint Workspace Audit Service - ok

22:08:06.0986 5448 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

22:08:06.0987 5448 MMCSS - ok

22:08:07.0045 5448 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

22:08:07.0046 5448 Modem - ok

22:08:07.0068 5448 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

22:08:07.0068 5448 monitor - ok

22:08:07.0093 5448 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

22:08:07.0093 5448 mouclass - ok

22:08:07.0135 5448 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

22:08:07.0136 5448 mouhid - ok

22:08:07.0163 5448 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

22:08:07.0164 5448 mountmgr - ok

22:08:07.0208 5448 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

22:08:07.0209 5448 mpio - ok

22:08:07.0238 5448 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

22:08:07.0239 5448 mpsdrv - ok

22:08:07.0335 5448 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

22:08:07.0372 5448 MpsSvc - ok

22:08:07.0386 5448 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

22:08:07.0388 5448 MRxDAV - ok

22:08:07.0404 5448 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

22:08:07.0405 5448 mrxsmb - ok

22:08:07.0459 5448 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

22:08:07.0461 5448 mrxsmb10 - ok

22:08:07.0477 5448 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

22:08:07.0478 5448 mrxsmb20 - ok

22:08:07.0497 5448 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

22:08:07.0497 5448 msahci - ok

22:08:07.0513 5448 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

22:08:07.0514 5448 msdsm - ok

22:08:07.0535 5448 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

22:08:07.0541 5448 MSDTC - ok

22:08:07.0563 5448 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

22:08:07.0564 5448 Msfs - ok

22:08:07.0572 5448 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

22:08:07.0573 5448 mshidkmdf - ok

22:08:07.0591 5448 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

22:08:07.0592 5448 msisadrv - ok

22:08:07.0621 5448 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

22:08:07.0628 5448 MSiSCSI - ok

22:08:07.0630 5448 msiserver - ok

22:08:07.0660 5448 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

22:08:07.0661 5448 MSKSSRV - ok

22:08:07.0665 5448 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

22:08:07.0665 5448 MSPCLOCK - ok

22:08:07.0673 5448 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

22:08:07.0674 5448 MSPQM - ok

22:08:07.0707 5448 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

22:08:07.0709 5448 MsRPC - ok

22:08:07.0718 5448 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

22:08:07.0719 5448 mssmbios - ok

22:08:07.0722 5448 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

22:08:07.0723 5448 MSTEE - ok

22:08:07.0737 5448 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

22:08:07.0737 5448 MTConfig - ok

22:08:07.0758 5448 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

22:08:07.0759 5448 Mup - ok

22:08:07.0796 5448 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

22:08:07.0799 5448 napagent - ok

22:08:07.0936 5448 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

22:08:07.0939 5448 NativeWifiP - ok

22:08:08.0118 5448 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

22:08:08.0123 5448 NDIS - ok

22:08:08.0149 5448 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

22:08:08.0150 5448 NdisCap - ok

22:08:08.0176 5448 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

22:08:08.0177 5448 NdisTapi - ok

22:08:08.0199 5448 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

22:08:08.0200 5448 Ndisuio - ok

22:08:08.0230 5448 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

22:08:08.0231 5448 NdisWan - ok

22:08:08.0261 5448 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

22:08:08.0262 5448 NDProxy - ok

22:08:08.0286 5448 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

22:08:08.0287 5448 NetBIOS - ok

22:08:08.0310 5448 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

22:08:08.0312 5448 NetBT - ok

22:08:08.0346 5448 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

22:08:08.0347 5448 Netlogon - ok

22:08:08.0401 5448 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

22:08:08.0407 5448 Netman - ok

22:08:08.0523 5448 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

22:08:08.0574 5448 NetMsmqActivator - ok

22:08:08.0588 5448 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

22:08:08.0589 5448 NetPipeActivator - ok

22:08:08.0628 5448 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

22:08:08.0631 5448 netprofm - ok

22:08:08.0647 5448 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

22:08:08.0648 5448 NetTcpActivator - ok

22:08:08.0652 5448 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

22:08:08.0653 5448 NetTcpPortSharing - ok

22:08:09.0312 5448 NETw5s64 (18555f48844c2861d9dce8f2b7223ae5) C:\Windows\system32\DRIVERS\NETw5s64.sys

22:08:09.0413 5448 NETw5s64 - ok

22:08:09.0524 5448 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

22:08:09.0525 5448 nfrd960 - ok

22:08:09.0613 5448 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

22:08:09.0615 5448 NlaSvc - ok

22:08:09.0635 5448 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

22:08:09.0636 5448 Npfs - ok

22:08:09.0658 5448 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

22:08:09.0662 5448 nsi - ok

22:08:09.0669 5448 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

22:08:09.0670 5448 nsiproxy - ok

22:08:09.0758 5448 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

22:08:09.0772 5448 Ntfs - ok

22:08:09.0874 5448 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

22:08:09.0874 5448 Null - ok

22:08:09.0909 5448 NVHDA (960e39a54e525df58cb29193147dffa1) C:\Windows\system32\drivers\nvhda64v.sys

22:08:09.0910 5448 NVHDA - ok

22:08:11.0278 5448 nvlddmkm (69ff3b6f43817da715824ca79742dec5) C:\Windows\system32\DRIVERS\nvlddmkm.sys

22:08:11.0333 5448 nvlddmkm - ok

22:08:11.0466 5448 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

22:08:11.0467 5448 nvraid - ok

22:08:11.0486 5448 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

22:08:11.0488 5448 nvstor - ok

22:08:11.0550 5448 nvsvc (799ac71b5dabda9955f7043a083ec611) C:\Windows\system32\nvvsvc.exe

22:08:11.0555 5448 nvsvc - ok

22:08:11.0778 5448 nvUpdatusService (a2422cba523e9b297d02dd140bc672f0) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

22:08:11.0787 5448 nvUpdatusService - ok

22:08:11.0880 5448 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

22:08:11.0881 5448 nv_agp - ok

22:08:11.0915 5448 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

22:08:11.0916 5448 ohci1394 - ok

22:08:12.0032 5448 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

22:08:12.0079 5448 ose - ok

22:08:12.0591 5448 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

22:08:12.0670 5448 osppsvc - ok

22:08:12.0827 5448 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

22:08:12.0829 5448 p2pimsvc - ok

22:08:12.0851 5448 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

22:08:12.0861 5448 p2psvc - ok

22:08:12.0894 5448 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

22:08:12.0895 5448 Parport - ok

22:08:12.0910 5448 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys

22:08:12.0911 5448 partmgr - ok

22:08:12.0925 5448 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

22:08:12.0932 5448 PcaSvc - ok

22:08:12.0961 5448 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

22:08:12.0962 5448 pci - ok

22:08:12.0975 5448 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

22:08:12.0975 5448 pciide - ok

22:08:12.0994 5448 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

22:08:12.0995 5448 pcmcia - ok

22:08:13.0005 5448 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

22:08:13.0006 5448 pcw - ok

22:08:13.0043 5448 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

22:08:13.0046 5448 PEAUTH - ok

22:08:13.0113 5448 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll

22:08:13.0120 5448 PeerDistSvc - ok

22:08:13.0194 5448 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

22:08:13.0196 5448 PerfHost - ok

22:08:13.0513 5448 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

22:08:13.0574 5448 pla - ok

22:08:13.0617 5448 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

22:08:13.0659 5448 PlugPlay - ok

22:08:13.0673 5448 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

22:08:13.0677 5448 PNRPAutoReg - ok

22:08:13.0702 5448 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

22:08:13.0704 5448 PNRPsvc - ok

22:08:13.0739 5448 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

22:08:13.0784 5448 PolicyAgent - ok

22:08:13.0815 5448 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

22:08:13.0816 5448 Power - ok

22:08:13.0868 5448 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

22:08:13.0869 5448 PptpMiniport - ok

22:08:13.0896 5448 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

22:08:13.0897 5448 Processor - ok

22:08:13.0936 5448 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll

22:08:13.0978 5448 ProfSvc - ok

22:08:14.0004 5448 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

22:08:14.0006 5448 ProtectedStorage - ok

22:08:14.0021 5448 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

22:08:14.0022 5448 Psched - ok

22:08:14.0078 5448 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

22:08:14.0085 5448 ql2300 - ok

22:08:14.0206 5448 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

22:08:14.0207 5448 ql40xx - ok

22:08:14.0232 5448 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

22:08:14.0240 5448 QWAVE - ok

22:08:14.0249 5448 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

22:08:14.0249 5448 QWAVEdrv - ok

22:08:14.0255 5448 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

22:08:14.0256 5448 RasAcd - ok

22:08:14.0287 5448 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

22:08:14.0288 5448 RasAgileVpn - ok

22:08:14.0305 5448 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

22:08:14.0313 5448 RasAuto - ok

22:08:14.0339 5448 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

22:08:14.0340 5448 Rasl2tp - ok

22:08:14.0366 5448 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

22:08:14.0408 5448 RasMan - ok

22:08:14.0422 5448 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

22:08:14.0423 5448 RasPppoe - ok

22:08:14.0436 5448 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

22:08:14.0437 5448 RasSstp - ok

22:08:14.0457 5448 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

22:08:14.0459 5448 rdbss - ok

22:08:14.0476 5448 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

22:08:14.0477 5448 rdpbus - ok

22:08:14.0492 5448 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

22:08:14.0493 5448 RDPCDD - ok

22:08:14.0532 5448 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys

22:08:14.0533 5448 RDPDR - ok

22:08:14.0581 5448 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

22:08:14.0582 5448 RDPENCDD - ok

22:08:14.0587 5448 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

22:08:14.0587 5448 RDPREFMP - ok

22:08:14.0637 5448 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys

22:08:14.0637 5448 RdpVideoMiniport - ok

22:08:14.0665 5448 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys

22:08:14.0666 5448 RDPWD - ok

22:08:14.0694 5448 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

22:08:14.0695 5448 rdyboost - ok

22:08:14.0730 5448 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

22:08:14.0735 5448 RemoteAccess - ok

22:08:14.0767 5448 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

22:08:14.0772 5448 RemoteRegistry - ok

22:08:14.0809 5448 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys

22:08:14.0811 5448 RFCOMM - ok

22:08:14.0845 5448 rimspci (fa6abc06b629da29634d31f1fe0347bd) C:\Windows\system32\DRIVERS\rimssne64.sys

22:08:14.0846 5448 rimspci - ok

22:08:14.0877 5448 RimUsb (7b04c9843921ab1f695fb395422c5360) C:\Windows\system32\Drivers\RimUsb_AMD64.sys

22:08:14.0878 5448 RimUsb - ok

22:08:14.0919 5448 risdsnpe (8f8539a7f5c117d4407b2985995671f2) C:\Windows\system32\DRIVERS\risdsne64.sys

22:08:14.0920 5448 risdsnpe - ok

22:08:14.0937 5448 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

22:08:14.0945 5448 RpcEptMapper - ok

22:08:15.0032 5448 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

22:08:15.0047 5448 RpcLocator - ok

22:08:15.0118 5448 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

22:08:15.0121 5448 RpcSs - ok

22:08:15.0187 5448 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

22:08:15.0188 5448 rspndr - ok

22:08:15.0207 5448 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys

22:08:15.0208 5448 s3cap - ok

22:08:15.0242 5448 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

22:08:15.0243 5448 SamSs - ok

22:08:15.0262 5448 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

22:08:15.0263 5448 sbp2port - ok

22:08:15.0291 5448 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

22:08:15.0298 5448 SCardSvr - ok

22:08:15.0326 5448 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

22:08:15.0327 5448 scfilter - ok

22:08:15.0410 5448 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

22:08:15.0445 5448 Schedule - ok

22:08:15.0474 5448 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

22:08:15.0475 5448 SCPolicySvc - ok

22:08:15.0513 5448 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys

22:08:15.0514 5448 sdbus - ok

22:08:15.0593 5448 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

22:08:15.0623 5448 SDRSVC - ok

22:08:15.0684 5448 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

22:08:15.0684 5448 secdrv - ok

22:08:15.0695 5448 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

22:08:15.0731 5448 seclogon - ok

22:08:15.0753 5448 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll

22:08:15.0755 5448 SENS - ok

22:08:15.0767 5448 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

22:08:15.0769 5448 SensrSvc - ok

22:08:15.0773 5448 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

22:08:15.0774 5448 Serenum - ok

22:08:15.0814 5448 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

22:08:15.0816 5448 Serial - ok

22:08:15.0837 5448 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

22:08:15.0837 5448 sermouse - ok

22:08:15.0871 5448 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

22:08:15.0901 5448 SessionEnv - ok

22:08:15.0994 5448 SFEP (70f9c476b62de4f2823e918a6c181ade) C:\Windows\system32\DRIVERS\SFEP.sys

22:08:15.0994 5448 SFEP - ok

22:08:16.0059 5448 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

22:08:16.0060 5448 sffdisk - ok

22:08:16.0101 5448 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

22:08:16.0102 5448 sffp_mmc - ok

22:08:16.0119 5448 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

22:08:16.0120 5448 sffp_sd - ok

22:08:16.0145 5448 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

22:08:16.0146 5448 sfloppy - ok

22:08:16.0208 5448 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

22:08:16.0216 5448 SharedAccess - ok

22:08:16.0253 5448 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

22:08:16.0256 5448 ShellHWDetection - ok

22:08:16.0290 5448 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

22:08:16.0291 5448 SiSRaid2 - ok

22:08:16.0317 5448 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

22:08:16.0318 5448 SiSRaid4 - ok

22:08:16.0349 5448 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

22:08:16.0350 5448 Smb - ok

22:08:16.0411 5448 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

22:08:16.0416 5448 SNMPTRAP - ok

22:08:16.0453 5448 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

22:08:16.0453 5448 spldr - ok

22:08:16.0491 5448 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

22:08:16.0494 5448 Spooler - ok

22:08:16.0954 5448 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

22:08:16.0968 5448 sppsvc - ok

22:08:17.0070 5448 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

22:08:17.0075 5448 sppuinotify - ok

22:08:17.0120 5448 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

22:08:17.0123 5448 srv - ok

22:08:17.0181 5448 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

22:08:17.0184 5448 srv2 - ok

22:08:17.0214 5448 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

22:08:17.0215 5448 srvnet - ok

22:08:17.0250 5448 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

22:08:17.0252 5448 SSDPSRV - ok

22:08:17.0273 5448 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

22:08:17.0278 5448 SstpSvc - ok

22:08:17.0348 5448 Stereo Service (80d035bcaa65a0644ea169d6ca6bcb98) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

22:08:17.0350 5448 Stereo Service - ok

22:08:17.0401 5448 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

22:08:17.0402 5448 stexstor - ok

22:08:17.0470 5448 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

22:08:17.0505 5448 stisvc - ok

22:08:17.0527 5448 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys

22:08:17.0528 5448 storflt - ok

22:08:17.0552 5448 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll

22:08:17.0555 5448 StorSvc - ok

22:08:17.0580 5448 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys

22:08:17.0581 5448 storvsc - ok

22:08:17.0587 5448 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

22:08:17.0588 5448 swenum - ok

22:08:17.0626 5448 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

22:08:17.0639 5448 swprv - ok

22:08:17.0662 5448 Synth3dVsc - ok

22:08:17.0732 5448 SynTP (20f8f4c2ed3f492da318d98e72f77209) C:\Windows\system32\DRIVERS\SynTP.sys

22:08:17.0734 5448 SynTP - ok

22:08:17.0864 5448 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

22:08:17.0880 5448 SysMain - ok

22:08:18.0145 5448 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

22:08:18.0178 5448 TabletInputService - ok

22:08:18.0229 5448 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

22:08:18.0274 5448 TapiSrv - ok

22:08:18.0343 5448 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

22:08:18.0344 5448 TBS - ok

22:08:18.0620 5448 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys

22:08:18.0658 5448 Tcpip - ok

22:08:18.0861 5448 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys

22:08:18.0869 5448 TCPIP6 - ok

22:08:18.0934 5448 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

22:08:18.0935 5448 tcpipreg - ok

22:08:18.0967 5448 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

22:08:18.0968 5448 TDPIPE - ok

22:08:18.0997 5448 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

22:08:18.0998 5448 TDTCP - ok

22:08:19.0017 5448 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

22:08:19.0018 5448 tdx - ok

22:08:19.0067 5448 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

22:08:19.0068 5448 TermDD - ok

22:08:19.0157 5448 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

22:08:19.0162 5448 TermService - ok

22:08:19.0219 5448 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

22:08:19.0224 5448 Themes - ok

22:08:19.0254 5448 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

22:08:19.0255 5448 THREADORDER - ok

22:08:19.0312 5448 TIRmtSvc (8b522b91be7ce217efc1fa6c70c4465a) C:\WINDOWS\TIREMOTE\TIRemoteService.exe

22:08:19.0314 5448 TIRmtSvc - ok

22:08:19.0336 5448 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

22:08:19.0341 5448 TrkWks - ok

22:08:19.0396 5448 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

22:08:19.0397 5448 TrustedInstaller - ok

22:08:19.0463 5448 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

22:08:19.0464 5448 tssecsrv - ok

22:08:19.0496 5448 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

22:08:19.0497 5448 TsUsbFlt - ok

22:08:19.0501 5448 tsusbhub - ok

22:08:19.0556 5448 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

22:08:19.0557 5448 tunnel - ok

22:08:19.0585 5448 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

22:08:19.0586 5448 uagp35 - ok

22:08:19.0626 5448 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

22:08:19.0628 5448 udfs - ok

22:08:19.0655 5448 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

22:08:19.0660 5448 UI0Detect - ok

22:08:19.0680 5448 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

22:08:19.0680 5448 uliagpkx - ok

22:08:19.0702 5448 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

22:08:19.0702 5448 umbus - ok

22:08:19.0713 5448 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

22:08:19.0714 5448 UmPass - ok

22:08:19.0744 5448 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll

22:08:19.0784 5448 UmRdpService - ok

22:08:19.0808 5448 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

22:08:19.0813 5448 upnphost - ok

22:08:19.0902 5448 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys

22:08:19.0903 5448 USBAAPL64 - ok

22:08:19.0982 5448 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

22:08:19.0983 5448 usbccgp - ok

22:08:20.0025 5448 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

22:08:20.0026 5448 usbcir - ok

22:08:20.0049 5448 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys

22:08:20.0050 5448 usbehci - ok

22:08:20.0090 5448 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

22:08:20.0092 5448 usbhub - ok

22:08:20.0114 5448 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

22:08:20.0114 5448 usbohci - ok

22:08:20.0146 5448 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

22:08:20.0146 5448 usbprint - ok

22:08:20.0208 5448 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

22:08:20.0208 5448 usbscan - ok

22:08:20.0259 5448 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

22:08:20.0260 5448 USBSTOR - ok

22:08:20.0326 5448 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

22:08:20.0326 5448 usbuhci - ok

22:08:20.0421 5448 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys

22:08:20.0423 5448 usbvideo - ok

22:08:20.0469 5448 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

22:08:20.0475 5448 UxSms - ok

22:08:20.0601 5448 VAIO Event Service (a60605fc66552b421ee1f3d4ebb9a4e0) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe

22:08:20.0602 5448 VAIO Event Service - ok

22:08:20.0699 5448 VAIO Power Management (d469be2723f79cf4b384680b1fdc577d) C:\Program Files\Sony\VAIO Power Management\SPMService.exe

22:08:20.0702 5448 VAIO Power Management - ok

22:08:20.0723 5448 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

22:08:20.0724 5448 VaultSvc - ok

22:08:20.0742 5448 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

22:08:20.0743 5448 vdrvroot - ok

22:08:20.0804 5448 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

22:08:20.0852 5448 vds - ok

22:08:20.0895 5448 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

22:08:20.0895 5448 vga - ok

22:08:20.0924 5448 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

22:08:20.0925 5448 VgaSave - ok

22:08:20.0951 5448 VGPU - ok

22:08:20.0988 5448 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

22:08:20.0990 5448 vhdmp - ok

22:08:21.0008 5448 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

22:08:21.0008 5448 viaide - ok

22:08:21.0065 5448 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys

22:08:21.0067 5448 vmbus - ok

22:08:21.0122 5448 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys

22:08:21.0122 5448 VMBusHID - ok

22:08:21.0187 5448 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

22:08:21.0188 5448 volmgr - ok

22:08:21.0253 5448 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

22:08:21.0255 5448 volmgrx - ok

22:08:21.0375 5448 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

22:08:21.0377 5448 volsnap - ok

22:08:21.0451 5448 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

22:08:21.0452 5448 vsmraid - ok

22:08:21.0596 5448 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

22:08:21.0648 5448 VSS - ok

22:08:21.0756 5448 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

22:08:21.0756 5448 vwifibus - ok

22:08:21.0781 5448 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

22:08:21.0782 5448 vwififlt - ok

22:08:21.0818 5448 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

22:08:21.0819 5448 vwifimp - ok

22:08:21.0856 5448 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

22:08:21.0866 5448 W32Time - ok

22:08:21.0899 5448 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

22:08:21.0900 5448 WacomPen - ok

22:08:22.0009 5448 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

22:08:22.0010 5448 WANARP - ok

22:08:22.0014 5448 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

22:08:22.0016 5448 Wanarpv6 - ok

22:08:22.0246 5448 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

22:08:22.0298 5448 WatAdminSvc - ok

22:08:22.0432 5448 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

22:08:22.0492 5448 wbengine - ok

22:08:22.0625 5448 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

22:08:22.0627 5448 WbioSrvc - ok

22:08:22.0683 5448 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

22:08:22.0715 5448 wcncsvc - ok

22:08:22.0732 5448 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

22:08:22.0735 5448 WcsPlugInService - ok

22:08:22.0790 5448 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

22:08:22.0791 5448 Wd - ok

22:08:22.0855 5448 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

22:08:22.0858 5448 Wdf01000 - ok

22:08:22.0879 5448 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

22:08:22.0886 5448 WdiServiceHost - ok

22:08:22.0889 5448 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

22:08:22.0891 5448 WdiSystemHost - ok

22:08:22.0960 5448 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

22:08:23.0017 5448 WebClient - ok

22:08:23.0044 5448 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

22:08:23.0052 5448 Wecsvc - ok

22:08:23.0089 5448 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

22:08:23.0093 5448 wercplsupport - ok

22:08:23.0121 5448 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

22:08:23.0125 5448 WerSvc - ok

22:08:23.0163 5448 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

22:08:23.0164 5448 WfpLwf - ok

22:08:23.0178 5448 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

22:08:23.0179 5448 WIMMount - ok

22:08:23.0205 5448 WinDefend - ok

22:08:23.0212 5448 WinHttpAutoProxySvc - ok

22:08:23.0294 5448 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

22:08:23.0301 5448 Winmgmt - ok

22:08:23.0457 5448 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

22:08:23.0506 5448 WinRM - ok

22:08:23.0876 5448 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys

22:08:23.0877 5448 WinUsb - ok

22:08:24.0016 5448 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

22:08:24.0026 5448 Wlansvc - ok

22:08:24.0076 5448 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

22:08:24.0077 5448 WmiAcpi - ok

22:08:24.0136 5448 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

22:08:24.0142 5448 wmiApSrv - ok

22:08:24.0176 5448 WMPNetworkSvc - ok

22:08:24.0198 5448 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

22:08:24.0203 5448 WPCSvc - ok

22:08:24.0233 5448 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

22:08:24.0235 5448 WPDBusEnum - ok

22:08:24.0256 5448 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

22:08:24.0256 5448 ws2ifsl - ok

22:08:24.0283 5448 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll

22:08:24.0285 5448 wscsvc - ok

22:08:24.0288 5448 WSearch - ok

22:08:24.0430 5448 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll

22:08:24.0440 5448 wuauserv - ok

22:08:24.0611 5448 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

22:08:24.0612 5448 WudfPf - ok

22:08:24.0627 5448 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

22:08:24.0628 5448 WUDFRd - ok

22:08:24.0653 5448 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

22:08:24.0690 5448 wudfsvc - ok

22:08:24.0717 5448 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

22:08:24.0726 5448 WwanSvc - ok

22:08:24.0773 5448 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

22:08:24.0802 5448 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected

22:08:24.0803 5448 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)

22:08:24.0834 5448 Boot (0x1200) (4580e43ecdae801d8652a68ac2c6795d) \Device\Harddisk0\DR0\Partition0

22:08:24.0836 5448 \Device\Harddisk0\DR0\Partition0 - ok

22:08:24.0849 5448 Boot (0x1200) (c6124f9b61ca809682374e09392d1537) \Device\Harddisk0\DR0\Partition1

22:08:24.0850 5448 \Device\Harddisk0\DR0\Partition1 - ok

22:08:24.0850 5448 ============================================================

22:08:24.0850 5448 Scan finished

22:08:24.0850 5448 ============================================================

22:08:24.0863 4228 Detected object count: 1

22:08:24.0863 4228 Actual detected object count: 1

22:09:06.0569 4228 \Device\Harddisk0\DR0\# - copied to quarantine

22:09:06.0574 4228 \Device\Harddisk0\DR0 - copied to quarantine

22:09:06.0603 4228 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine

22:09:06.0740 4228 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine

22:09:06.0774 4228 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine

22:09:11.0878 4228 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine

22:09:12.0064 4228 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine

22:09:17.0915 4228 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine

22:09:18.0041 4228 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine

22:09:18.0141 4228 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine

22:09:18.0252 4228 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine

22:09:18.0518 4228 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine

22:09:18.0648 4228 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine

22:09:18.0747 4228 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine

22:09:18.0755 4228 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine

22:09:18.0761 4228 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine

22:09:18.0789 4228 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine

22:09:18.0941 4228 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot

22:09:18.0971 4228 \Device\Harddisk0\DR0 - ok

22:09:18.0978 4228 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure

22:09:58.0111 6888 Deinitialize success

[gringo_pr]

Rerun once more and let me know if it does the same thing

gringo

[helpmeplease1]

Please see below aseMBR report.

I would like to add this experience has been very good so far. Your quick response time is great and much appreciated.

===============================================

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-07-09 11:59:00

-----------------------------

11:59:00.158 OS Version: Windows x64 6.1.7601 Service Pack 1

11:59:00.173 Number of processors: 4 586 0x2505

11:59:00.173 ComputerName: EBHANDARI-GNNB UserName: ebhandari

11:59:02.201 Initialize success

11:59:07.443 AVAST engine defs: 12070801

12:02:47.264 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

12:02:47.264 Disk 0 Vendor: Hitachi_ PC4O Size: 476940MB BusType: 3

12:02:47.280 Disk 0 MBR read successfully

12:02:47.280 Disk 0 MBR scan

12:02:47.295 Disk 0 Windows 7 default MBR code

12:02:47.311 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048

12:02:47.327 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848

12:02:47.389 Disk 0 scanning C:\Windows\system32\drivers

12:03:08.530 Service scanning

12:03:45.551 Modules scanning

12:03:45.551 Disk 0 trace - called modules:

12:03:45.583 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll

12:03:45.583 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007d90060]

12:03:46.097 3 CLASSPNP.SYS[fffff88001aa643f] -> nt!IofCallDriver -> [0xfffffa8007a40690]

12:03:46.097 5 ACPI.sys[fffff88000ed77a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007a46050]

12:03:47.595 AVAST engine scan C:\Windows

12:03:58.173 AVAST engine scan C:\Windows\system32

12:10:08.757 AVAST engine scan C:\Windows\system32\drivers

12:10:27.057 AVAST engine scan C:\Users\ebhandari

12:18:11.659 AVAST engine scan C:\ProgramData

12:20:00.710 Scan finished successfully

12:23:47.211 Disk 0 MBR has been saved successfully to "C:\Users\ebhandari\Desktop\New folder\MBR.dat"

12:23:47.211 The log file has been saved successfully to "C:\Users\ebhandari\Desktop\New folder\aswMBR.txt"

[gringo_pr]

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

 ClearJavaCache:: 

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe

This will let ComboFix run again.

Restart if you have to.

Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

• In your next post I need the following
  

1. report from Combofix
   
2. let me know of any problems you may have had
   
3. How is the computer doing now after running the script?

Gringo

[helpmeplease1]

Please see below:

(1) Report from Combofix

(2)/(3) Seems like my machine is working fine. No issues re-booting and hard drive seems to be churning less

What's next?

=========================================

COMBOFIX REPORT

-----------------------------------------------------------------

ComboFix 12-07-06.02 - ebhandari 07/09/2012 14:12:48.2.4 - x64

Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.8055.5627 [GMT -7:00]

Running from: c:\users\ebhandari\Desktop\ComboFix.exe

Command switches used :: c:\users\ebhandari\Desktop\CFScript.txt

AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\svchost.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-06-09 to 2012-07-09 )))))))))))))))))))))))))))))))

.

.

2012-07-09 21:24 . 2012-07-09 21:24 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-07-09 21:24 . 2012-07-09 21:24 -------- d-----w- c:\users\smitchell\AppData\Local\temp

2012-07-09 21:24 . 2012-07-09 21:24 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-09 21:24 . 2012-07-09 21:24 -------- d-----w- c:\users\Administrator\AppData\Local\temp

2012-07-09 21:24 . 2012-07-09 21:24 -------- d-----w- c:\users\admin\AppData\Local\temp

2012-07-09 05:09 . 2012-07-09 05:09 -------- d-----w- C:\TDSSKiller_Quarantine

2012-07-06 16:41 . 2012-07-06 16:41 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%

2012-07-06 16:28 . 2012-07-06 16:28 -------- d-----w- c:\windows\Sun

2012-07-03 12:26 . 2012-07-05 09:25 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{59F9BB98-0F78-485D-B249-70D14C8200DF}\offreg.dll

2012-07-03 12:25 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{59F9BB98-0F78-485D-B249-70D14C8200DF}\mpengine.dll

2012-06-29 00:26 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll

2012-06-29 00:26 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll

2012-06-29 00:26 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll

2012-06-29 00:26 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll

2012-06-29 00:26 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll

2012-06-29 00:26 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2012-06-29 00:26 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

2012-06-29 00:25 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll

2012-06-29 00:25 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll

2012-06-26 06:02 . 2012-06-26 06:02 -------- d-----w- c:\users\ebhandari\AppData\Local\Vid-Saver

2012-06-26 06:02 . 2012-06-26 06:02 -------- d-----w- c:\program files (x86)\Vid-Saver

2012-06-26 06:02 . 2012-06-26 06:02 -------- d-----w- c:\program files (x86)\BitTorrent

2012-06-26 06:01 . 2012-07-02 16:24 -------- d-----w- c:\users\ebhandari\AppData\Roaming\BitTorrent

2012-06-21 15:47 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-21 15:47 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-21 15:47 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-21 15:47 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-21 15:47 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-21 15:47 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-21 15:47 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-21 15:46 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-21 15:46 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-21 15:40 . 2012-06-21 15:40 -------- d-----w- c:\programdata\BigFix

2012-06-19 19:57 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-06-19 19:57 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-06-19 19:57 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-06-19 19:54 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys

2012-06-19 19:46 . 2012-04-28 05:32 1112064 ----a-w- c:\windows\system32\rdpcorets.dll

2012-06-19 19:46 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-06-19 19:40 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-06-19 19:40 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-06-19 19:40 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-19 19:39 . 2012-03-29 23:07 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-06-19 19:39 . 2011-06-07 17:35 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-04-19 17:39 . 2012-03-29 19:40 94208 ----a-w- c:\windows\TIRHService.exe

.

.

((((((((((((((((((((((((((((( SnapShot@2012-07-06_20.13.34 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-07-02 15:56 . 2012-07-09 04:53 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat

- 2012-07-02 15:56 . 2012-07-06 18:05 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat

- 2012-07-02 15:54 . 2012-07-06 20:12 98304 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat

+ 2012-07-02 15:54 . 2012-07-09 04:53 98304 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat

+ 2011-06-07 00:08 . 2012-07-09 05:14 42482 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-07-09 05:29 33150 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-12-07 20:11 . 2012-07-09 05:34 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-12-07 20:11 . 2012-07-06 20:12 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-12-07 20:11 . 2012-07-09 05:34 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2011-12-07 20:11 . 2012-07-06 20:12 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-07-06 20:12 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-07-09 05:34 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2012-01-03 17:57 . 2012-07-09 05:29 8270 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-527237240-764733703-1801674531-20392_UserData.bin

+ 2011-05-19 16:26 . 2012-07-09 05:10 1837 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat

- 2011-05-19 16:26 . 2012-07-06 20:10 1837 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat

+ 2012-07-09 05:10 . 2012-07-09 05:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-07-06 20:11 . 2012-07-06 20:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-07-06 20:11 . 2012-07-06 20:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-07-09 05:10 . 2012-07-09 05:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-02-23 18:17 . 2012-07-09 04:53 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

- 2012-02-23 18:17 . 2012-07-06 20:12 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2009-07-14 04:54 . 2012-07-09 04:53 458752 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2012-07-06 20:12 458752 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-06-07 16:48 . 2012-07-09 16:27 268676 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin

+ 2009-07-14 02:36 . 2012-07-09 05:32 762202 c:\windows\system32\perfc009.dat

+ 2009-07-14 05:01 . 2012-07-09 05:10 390644 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2012-07-06 20:10 390644 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 02:36 . 2012-07-09 05:32 2493400 c:\windows\system32\perfh009.dat

- 2011-12-07 19:41 . 2012-07-06 20:10 1590088 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2011-12-07 19:41 . 2012-07-09 05:10 1590088 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2012-02-20 19:21 . 2012-07-09 05:10 7806980 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-527237240-764733703-1801674531-20392-8192.dat

- 2012-02-20 19:21 . 2012-07-06 20:11 7806980 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-527237240-764733703-1801674531-20392-8192.dat

- 2012-07-02 16:24 . 2012-07-06 20:10 3730040 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat

+ 2012-07-02 16:24 . 2012-07-09 05:10 3730040 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat

+ 2009-07-14 04:54 . 2012-07-09 04:53 10502144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-07-06 20:12 10502144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-07-06 20:12 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-07-09 04:53 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2012-03-19 17:03 . 2012-07-03 05:13 19915560 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-527237240-764733703-1801674531-20392-4096.dat

+ 2012-03-19 17:03 . 2012-07-09 05:10 19915560 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-527237240-764733703-1801674531-20392-4096.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-03-03 39408]

"ares"="c:\program files (x86)\Ares\Ares.exe" [bU]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]

"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2010-06-01 673136]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"ShStatEXE"="c:\program files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2011-01-12 215360]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"Communicator"="c:\program files (x86)\Microsoft Lync\communicator.exe" [2012-05-16 12098648]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-04-04 36760]

"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-04-04 815512]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-07 421736]

"McAfeeUpdaterUI"="c:\program files (x86)\McAfee\Common Framework\udaterui.exe" [2011-11-15 333376]

.

c:\users\ebhandari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-8 1128224]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

"SynchronousMachineGroupPolicy"= 1 (0x1)

"SynchronousUserGroupPolicy"= 1 (0x1)

"MaxGPOScriptWait"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli c:\program files\Protector Suite\psqlpwd.dll

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-03 136176]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-19 257224]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-03 136176]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-12-29 97960]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-06-07 1255736]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-12-29 281544]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]

S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-26 13672]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-12-29 156248]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-04 2255464]

S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimssne64.sys [2010-08-05 94208]

S2 risdsnpe;risdsnpe;c:\windows\system32\DRIVERS\risdsne64.sys [2010-08-05 78848]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-04 379496]

S2 TIRmtSvc;Track-It! Workstation Manager;c:\windows\TIREMOTE\TIRemoteService.exe [2011-10-31 210944]

S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-06-22 575856]

S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-08-05 342056]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-08-05 39464]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-18 56344]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-08-12 158976]

S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-06-10 57344]

S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-05-31 7689216]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-05-10 174184]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2007-08-03 11392]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - aswMBR

*Deregistered* - mfeavfk01

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-09 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 19:39]

.

2012-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-03 06:43]

.

2012-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-03 06:43]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]

@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"

[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]

2010-04-27 22:48 5947656 ----a-w- c:\program files\Protector Suite\farchns.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]

@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"

[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]

2010-04-27 22:48 5947656 ----a-w- c:\program files\Protector Suite\farchns.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-05-03 11842152]

"PSQLLauncher"="c:\program files\Protector Suite\launcher.exe" [2010-04-27 84744]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://graceland/Pages/Home.aspx

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

Trusted Zone: intuit.com\ttlc

TCP: DhcpNameServer = 172.24.1.155 10.8.142.103 10.3.8.28

FF - ProfilePath -

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,

43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,

27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}"=hex:51,66,7a,6c,4c,1d,38,12,ce,98,c3,

35,c7,5c,a0,09,c1,9c,6a,63,e2,38,41,ce

"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,

76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a

"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,

72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57

"{7DB2D5A0-7241-4E79-B68D-6309F01C5231}"=hex:51,66,7a,6c,4c,1d,38,12,ce,d6,a1,

79,73,3c,17,0b,c9,9b,20,49,f5,42,16,25

"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,

ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3

"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,

aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04

"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,

b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

"{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84,

f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63

"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,

2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:1a,f4,07,a5,d7,58,cd,01

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-07-09 14:27:35

ComboFix-quarantined-files.txt 2012-07-09 21:27

ComboFix2.txt 2012-07-06 20:22

.

Pre-Run: 379,129,917,440 bytes free

Post-Run: 379,263,778,816 bytes free

.

- - End Of File - - BC8F7DF6C795CC8E97264708946FE188

[gringo_pr]

Hello

I would like to see a report that combofix makes.

extra combofix report

• push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  
• please copy and past the following into the box
  

C:\Qoobox\Add-Remove Programs.txt

• click ok
  

copy and paste the report into this topic for me to review

Gringo

[helpmeplease1]

Adobe Acrobat X Standard - English, Français, Deutsch

Adobe Digital Editions

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Apple Application Support

Apple Software Update

ArcSoft WebCam Companion 3

BitTorrent

Cisco WebEx Meetings

Conversation Translator

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

GL Wand

Google Toolbar for Internet Explorer

Google Update Helper

Intel® Control Center

Intel® Rapid Storage Technology

Intel® Turbo Boost Technology Driver

Japanese Fonts Support For Adobe Reader X

Java Auto Updater

Java 6 Update 30

Malwarebytes Anti-Malware version 1.61.0.1400

McAfee Agent

McAfee VirusScan Enterprise

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office Live Meeting 2007

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Mozilla Firefox 11.0 (x86 en-US)

Numara Track-It! 10.5 Agent

NVIDIA PhysX

NVIDIA Stereoscopic 3D Driver

Realtek High Definition Audio Driver

RSA SecurID Software Token

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589337) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition

Tivoli Endpoint Manager Client

Tivoli Endpoint Manager Server API

TurboTax 2011

TurboTax 2011 wcaiper

TurboTax 2011 WinPerFedFormset

TurboTax 2011 WinPerReleaseEngine

TurboTax 2011 WinPerTaxSupport

TurboTax 2011 wrapper

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

VAIO Control Center

Vid-Saver

WinZip 14.5

[helpmeplease1]

Also, I have received this morning the following message:

"Host Process for Windows Tasks has stopped working"

i have received it twice in the last hour.

[helpmeplease1]

I received the same warning another 2 times.

[gringo_pr]

Greetings

I would like you to rerun TDSSkiller once more for me

gringo

[helpmeplease1]

TDSSKiller detected no threat.

Btw after rebooting I have not received the "Host Process for Windows Tasks has stopped working" message

===============================

TDSSKILLER REPORT

--------------------------------------------------

10:41:11.0833 3796 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35

10:41:12.0379 3796 ============================================================

10:41:12.0379 3796 Current date / time: 2012/07/11 10:41:12.0379

10:41:12.0379 3796 SystemInfo:

10:41:12.0379 3796

10:41:12.0379 3796 OS Version: 6.1.7601 ServicePack: 1.0

10:41:12.0379 3796 Product type: Workstation

10:41:12.0379 3796 ComputerName: EBHANDARI-GNNB

10:41:12.0379 3796 UserName: ebhandari

10:41:12.0379 3796 Windows directory: C:\Windows

10:41:12.0379 3796 System windows directory: C:\Windows

10:41:12.0379 3796 Running under WOW64

10:41:12.0379 3796 Processor architecture: Intel x64

10:41:12.0379 3796 Number of processors: 4

10:41:12.0379 3796 Page size: 0x1000

10:41:12.0379 3796 Boot type: Normal boot

10:41:12.0379 3796 ============================================================

10:41:12.0878 3796 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

10:41:12.0878 3796 ============================================================

10:41:12.0878 3796 \Device\Harddisk0\DR0:

10:41:12.0878 3796 MBR partitions:

10:41:12.0878 3796 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

10:41:12.0878 3796 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353030

10:41:12.0878 3796 ============================================================

10:41:12.0910 3796 C: <-> \Device\Harddisk0\DR0\Partition1

10:41:12.0910 3796 ============================================================

10:41:12.0910 3796 Initialize success

10:41:12.0910 3796 ============================================================

10:41:15.0187 4244 ============================================================

10:41:15.0187 4244 Scan started

10:41:15.0187 4244 Mode: Manual;

10:41:15.0187 4244 ============================================================

10:41:16.0201 4244 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

10:41:16.0201 4244 1394ohci - ok

10:41:16.0529 4244 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

10:41:16.0591 4244 ACDaemon - ok

10:41:16.0997 4244 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

10:41:16.0997 4244 ACPI - ok

10:41:17.0106 4244 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

10:41:17.0106 4244 AcpiPmi - ok

10:41:17.0496 4244 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

10:41:17.0496 4244 AdobeFlashPlayerUpdateSvc - ok

10:41:17.0746 4244 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

10:41:17.0746 4244 adp94xx - ok

10:41:17.0948 4244 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

10:41:17.0948 4244 adpahci - ok

10:41:18.0073 4244 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

10:41:18.0073 4244 adpu320 - ok

10:41:18.0198 4244 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

10:41:18.0198 4244 AeLookupSvc - ok

10:41:18.0526 4244 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

10:41:18.0526 4244 AFD - ok

10:41:18.0557 4244 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

10:41:18.0557 4244 agp440 - ok

10:41:18.0588 4244 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

10:41:18.0588 4244 ALG - ok

10:41:18.0650 4244 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

10:41:18.0650 4244 aliide - ok

10:41:18.0666 4244 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

10:41:18.0666 4244 amdide - ok

10:41:18.0682 4244 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

10:41:18.0682 4244 AmdK8 - ok

10:41:18.0728 4244 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

10:41:18.0728 4244 AmdPPM - ok

10:41:18.0775 4244 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

10:41:18.0775 4244 amdsata - ok

10:41:18.0838 4244 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

10:41:18.0838 4244 amdsbs - ok

10:41:18.0931 4244 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

10:41:18.0931 4244 amdxata - ok

10:41:19.0150 4244 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

10:41:19.0150 4244 AppID - ok

10:41:19.0274 4244 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

10:41:19.0290 4244 AppIDSvc - ok

10:41:19.0415 4244 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

10:41:19.0415 4244 Appinfo - ok

10:41:19.0758 4244 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

10:41:19.0758 4244 Apple Mobile Device - ok

10:41:20.0070 4244 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll

10:41:20.0070 4244 AppMgmt - ok

10:41:20.0117 4244 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

10:41:20.0117 4244 arc - ok

10:41:20.0148 4244 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

10:41:20.0148 4244 arcsas - ok

10:41:20.0367 4244 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

10:41:20.0491 4244 aspnet_state - ok

10:41:20.0585 4244 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

10:41:20.0585 4244 AsyncMac - ok

10:41:20.0694 4244 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

10:41:20.0694 4244 atapi - ok

10:41:21.0053 4244 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

10:41:21.0162 4244 AudioEndpointBuilder - ok

10:41:21.0162 4244 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

10:41:21.0162 4244 AudioSrv - ok

10:41:21.0225 4244 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

10:41:21.0256 4244 AxInstSV - ok

10:41:21.0490 4244 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

10:41:21.0490 4244 b06bdrv - ok

10:41:21.0708 4244 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

10:41:21.0708 4244 b57nd60a - ok

10:41:21.0864 4244 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

10:41:21.0880 4244 BDESVC - ok

10:41:21.0911 4244 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

10:41:21.0911 4244 Beep - ok

10:41:23.0097 4244 BESClient (cbdc51c584fd4a6bbd06727d82a11428) C:\Program Files (x86)\BigFix Enterprise\BES Client\BESClient.exe

10:41:23.0221 4244 BESClient - ok

10:41:24.0064 4244 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

10:41:24.0204 4244 BFE - ok

10:41:25.0171 4244 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll

10:41:25.0187 4244 BITS - ok

10:41:25.0281 4244 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

10:41:25.0281 4244 blbdrive - ok

10:41:25.0437 4244 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe

10:41:25.0437 4244 Bonjour Service - ok

10:41:25.0468 4244 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

10:41:25.0468 4244 bowser - ok

10:41:25.0499 4244 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

10:41:25.0499 4244 BrFiltLo - ok

10:41:25.0515 4244 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

10:41:25.0530 4244 BrFiltUp - ok

10:41:25.0561 4244 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys

10:41:25.0561 4244 BridgeMP - ok

10:41:25.0764 4244 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

10:41:25.0827 4244 Browser - ok

10:41:26.0263 4244 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

10:41:26.0263 4244 Brserid - ok

10:41:26.0388 4244 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

10:41:26.0388 4244 BrSerWdm - ok

10:41:26.0451 4244 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

10:41:26.0451 4244 BrUsbMdm - ok

10:41:26.0482 4244 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

10:41:26.0482 4244 BrUsbSer - ok

10:41:26.0638 4244 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys

10:41:26.0638 4244 BthEnum - ok

10:41:26.0809 4244 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

10:41:26.0809 4244 BTHMODEM - ok

10:41:26.0887 4244 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys

10:41:26.0887 4244 BthPan - ok

10:41:27.0293 4244 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys

10:41:27.0309 4244 BTHPORT - ok

10:41:27.0449 4244 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

10:41:27.0465 4244 bthserv - ok

10:41:27.0574 4244 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys

10:41:27.0574 4244 BTHUSB - ok

10:41:27.0870 4244 btwampfl (59e3510784548c6939c1b3b985c232e3) C:\Windows\system32\drivers\btwampfl.sys

10:41:27.0886 4244 btwampfl - ok

10:41:28.0042 4244 btwaudio (1872074ed0a3fb22e3f1e3197b984bfa) C:\Windows\system32\drivers\btwaudio.sys

10:41:28.0042 4244 btwaudio - ok

10:41:28.0135 4244 btwavdt (691cf076c33ab1c3a5b2fd5450300733) C:\Windows\system32\DRIVERS\btwavdt.sys

10:41:28.0135 4244 btwavdt - ok

10:41:28.0588 4244 btwdins (8ba6e93a182126781952a7895ec1e4b2) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

10:41:28.0603 4244 btwdins - ok

10:41:28.0650 4244 btwl2cap (07096d2bc22ccb6cea5a532df0be8a75) C:\Windows\system32\DRIVERS\btwl2cap.sys

10:41:28.0650 4244 btwl2cap - ok

10:41:28.0666 4244 btwrchid (c9273b20dec8ce38dbce5d29de63c907) C:\Windows\system32\DRIVERS\btwrchid.sys

10:41:28.0666 4244 btwrchid - ok

10:41:28.0697 4244 catchme - ok

10:41:28.0713 4244 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

10:41:28.0713 4244 cdfs - ok

10:41:28.0744 4244 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys

10:41:28.0744 4244 cdrom - ok

10:41:28.0791 4244 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

10:41:28.0822 4244 CertPropSvc - ok

10:41:28.0853 4244 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

10:41:28.0853 4244 circlass - ok

10:41:29.0165 4244 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

10:41:29.0165 4244 CLFS - ok

10:41:29.0430 4244 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

10:41:29.0446 4244 clr_optimization_v2.0.50727_32 - ok

10:41:29.0555 4244 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

10:41:29.0555 4244 clr_optimization_v2.0.50727_64 - ok

10:41:29.0805 4244 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

10:41:30.0148 4244 clr_optimization_v4.0.30319_32 - ok

10:41:30.0257 4244 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

10:41:30.0273 4244 clr_optimization_v4.0.30319_64 - ok

10:41:30.0304 4244 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

10:41:30.0304 4244 CmBatt - ok

10:41:30.0320 4244 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

10:41:30.0320 4244 cmdide - ok

10:41:30.0366 4244 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

10:41:30.0366 4244 CNG - ok

10:41:30.0429 4244 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

10:41:30.0429 4244 Compbatt - ok

10:41:30.0491 4244 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

10:41:30.0491 4244 CompositeBus - ok

10:41:30.0507 4244 COMSysApp - ok

10:41:30.0507 4244 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

10:41:30.0507 4244 crcdisk - ok

10:41:30.0554 4244 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll

10:41:30.0585 4244 CryptSvc - ok

10:41:30.0632 4244 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys

10:41:30.0632 4244 CSC - ok

10:41:30.0788 4244 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll

10:41:30.0803 4244 CscService - ok

10:41:30.0850 4244 CVirtA (44bddeb03c84a1c993c992ffb5700357) C:\Windows\system32\DRIVERS\CVirtA64.sys

10:41:30.0850 4244 CVirtA - ok

10:41:31.0146 4244 CVPND (66257cb4e4fb69887cddc71663741435) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe

10:41:31.0162 4244 CVPND - ok

10:41:31.0443 4244 CVPNDRVA (cc8e52daa9826064ba464dbe531f2bb5) C:\Windows\system32\Drivers\CVPNDRVA.sys

10:41:31.0443 4244 CVPNDRVA - ok

10:41:31.0505 4244 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

10:41:31.0505 4244 DcomLaunch - ok

10:41:31.0661 4244 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

10:41:31.0677 4244 defragsvc - ok

10:41:31.0708 4244 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

10:41:31.0708 4244 DfsC - ok

10:41:31.0786 4244 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

10:41:31.0802 4244 Dhcp - ok

10:41:31.0895 4244 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

10:41:31.0895 4244 discache - ok

10:41:31.0973 4244 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

10:41:31.0973 4244 Disk - ok

10:41:32.0036 4244 DNE (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys

10:41:32.0036 4244 DNE - ok

10:41:32.0082 4244 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

10:41:32.0114 4244 Dnscache - ok

10:41:32.0238 4244 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

10:41:32.0285 4244 dot3svc - ok

10:41:32.0316 4244 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

10:41:32.0316 4244 DPS - ok

10:41:32.0363 4244 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

10:41:32.0363 4244 drmkaud - ok

10:41:32.0566 4244 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

10:41:32.0582 4244 DXGKrnl - ok

10:41:32.0628 4244 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

10:41:32.0628 4244 EapHost - ok

10:41:33.0424 4244 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

10:41:33.0440 4244 ebdrv - ok

10:41:33.0611 4244 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

10:41:33.0611 4244 EFS - ok

10:41:33.0814 4244 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

10:41:33.0861 4244 ehRecvr - ok

10:41:33.0892 4244 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

10:41:33.0892 4244 ehSched - ok

10:41:34.0064 4244 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

10:41:34.0064 4244 elxstor - ok

10:41:34.0110 4244 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

10:41:34.0110 4244 ErrDev - ok

10:41:34.0251 4244 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

10:41:34.0266 4244 EventSystem - ok

10:41:34.0407 4244 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

10:41:34.0407 4244 exfat - ok

10:41:34.0438 4244 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

10:41:34.0438 4244 fastfat - ok

10:41:34.0734 4244 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

10:41:34.0734 4244 Fax - ok

10:41:34.0781 4244 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

10:41:34.0781 4244 fdc - ok

10:41:34.0859 4244 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

10:41:34.0875 4244 fdPHost - ok

10:41:34.0937 4244 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

10:41:34.0937 4244 FDResPub - ok

10:41:34.0984 4244 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

10:41:34.0984 4244 FileInfo - ok

10:41:35.0062 4244 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

10:41:35.0062 4244 Filetrace - ok

10:41:35.0093 4244 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

10:41:35.0093 4244 flpydisk - ok

10:41:35.0265 4244 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

10:41:35.0265 4244 FltMgr - ok

10:41:35.0514 4244 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

10:41:35.0530 4244 FontCache - ok

10:41:35.0592 4244 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

10:41:35.0608 4244 FontCache3.0.0.0 - ok

10:41:35.0639 4244 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

10:41:35.0639 4244 FsDepends - ok

10:41:35.0670 4244 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

10:41:35.0670 4244 Fs_Rec - ok

10:41:35.0811 4244 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

10:41:35.0811 4244 fvevol - ok

10:41:35.0858 4244 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

10:41:35.0858 4244 gagp30kx - ok

10:41:35.0889 4244 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

10:41:35.0889 4244 GEARAspiWDM - ok

10:41:36.0107 4244 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

10:41:36.0138 4244 gpsvc - ok

10:41:36.0372 4244 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

10:41:36.0372 4244 gupdate - ok

10:41:36.0404 4244 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

10:41:36.0404 4244 gupdatem - ok

10:41:36.0435 4244 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

10:41:36.0435 4244 gusvc - ok

10:41:36.0466 4244 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

10:41:36.0466 4244 hcw85cir - ok

10:41:36.0513 4244 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

10:41:36.0513 4244 HdAudAddService - ok

10:41:36.0638 4244 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

10:41:36.0638 4244 HDAudBus - ok

10:41:36.0669 4244 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys

10:41:36.0669 4244 HECIx64 - ok

10:41:36.0684 4244 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

10:41:36.0684 4244 HidBatt - ok

10:41:36.0716 4244 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

10:41:36.0716 4244 HidBth - ok

10:41:36.0731 4244 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

10:41:36.0731 4244 HidIr - ok

10:41:36.0747 4244 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll

10:41:36.0747 4244 hidserv - ok

10:41:36.0778 4244 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

10:41:36.0778 4244 HidUsb - ok

10:41:36.0825 4244 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

10:41:36.0840 4244 hkmsvc - ok

10:41:36.0996 4244 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

10:41:37.0028 4244 HomeGroupListener - ok

10:41:37.0137 4244 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

10:41:37.0137 4244 HomeGroupProvider - ok

10:41:37.0199 4244 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

10:41:37.0199 4244 HpSAMD - ok

10:41:37.0262 4244 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

10:41:37.0262 4244 HTTP - ok

10:41:37.0277 4244 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

10:41:37.0277 4244 hwpolicy - ok

10:41:37.0308 4244 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

10:41:37.0324 4244 i8042prt - ok

10:41:37.0355 4244 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys

10:41:37.0371 4244 iaStor - ok

10:41:37.0511 4244 IAStorDataMgrSvc (31a0e93cdf29007d6c6fffb632f375ed) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

10:41:37.0511 4244 IAStorDataMgrSvc - ok

10:41:37.0589 4244 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

10:41:37.0605 4244 iaStorV - ok

10:41:37.0698 4244 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

10:41:37.0745 4244 idsvc - ok

10:41:37.0839 4244 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

10:41:37.0839 4244 iirsp - ok

10:41:37.0901 4244 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

10:41:37.0964 4244 IKEEXT - ok

10:41:37.0995 4244 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys

10:41:37.0995 4244 Impcd - ok

10:41:38.0416 4244 IntcAzAudAddService (26407a11d7e222afb7ce32700abbd9d1) C:\Windows\system32\drivers\RTKVHD64.sys

10:41:38.0432 4244 IntcAzAudAddService - ok

10:41:38.0666 4244 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

10:41:38.0666 4244 intelide - ok

10:41:38.0728 4244 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

10:41:38.0728 4244 intelppm - ok

10:41:38.0900 4244 IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

10:41:38.0900 4244 IntuitUpdateServiceV4 - ok

10:41:38.0962 4244 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

10:41:38.0962 4244 IPBusEnum - ok

10:41:39.0009 4244 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

10:41:39.0024 4244 IpFilterDriver - ok

10:41:39.0258 4244 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

10:41:39.0274 4244 iphlpsvc - ok

10:41:39.0321 4244 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

10:41:39.0321 4244 IPMIDRV - ok

10:41:39.0508 4244 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

10:41:39.0508 4244 IPNAT - ok

10:41:39.0789 4244 iPod Service (755e4ba6dce627a2683bb7640553c8d6) C:\Program Files\iPod\bin\iPodService.exe

10:41:39.0789 4244 iPod Service - ok

10:41:39.0836 4244 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

10:41:39.0836 4244 IRENUM - ok

10:41:39.0882 4244 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

10:41:39.0882 4244 isapnp - ok

10:41:39.0992 4244 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

10:41:39.0992 4244 iScsiPrt - ok

10:41:40.0054 4244 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

10:41:40.0054 4244 kbdclass - ok

10:41:40.0085 4244 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

10:41:40.0085 4244 kbdhid - ok

10:41:40.0101 4244 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

10:41:40.0101 4244 KeyIso - ok

10:41:40.0194 4244 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

10:41:40.0194 4244 KSecDD - ok

10:41:40.0273 4244 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

10:41:40.0273 4244 KSecPkg - ok

10:41:40.0319 4244 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

10:41:40.0319 4244 ksthunk - ok

10:41:40.0366 4244 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

10:41:40.0382 4244 KtmRm - ok

10:41:40.0553 4244 L1C (033b4aed2c5519072c0d81e00804d003) C:\Windows\system32\DRIVERS\L1C62x64.sys

10:41:40.0553 4244 L1C - ok

10:41:40.0631 4244 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll

10:41:40.0678 4244 LanmanServer - ok

10:41:40.0709 4244 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

10:41:40.0741 4244 LanmanWorkstation - ok

10:41:40.0772 4244 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

10:41:40.0772 4244 lltdio - ok

10:41:40.0850 4244 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

10:41:40.0865 4244 lltdsvc - ok

10:41:40.0943 4244 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

10:41:40.0943 4244 lmhosts - ok

10:41:41.0084 4244 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

10:41:41.0084 4244 LSI_FC - ok

10:41:41.0209 4244 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

10:41:41.0209 4244 LSI_SAS - ok

10:41:41.0271 4244 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

10:41:41.0271 4244 LSI_SAS2 - ok

10:41:41.0302 4244 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

10:41:41.0302 4244 LSI_SCSI - ok

10:41:41.0333 4244 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

10:41:41.0333 4244 luafv - ok

10:41:41.0552 4244 McAfeeFramework (3ef9511390f9106dd8cf0747baeb335c) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe

10:41:41.0552 4244 McAfeeFramework - ok

10:41:41.0661 4244 McShield (00315dc847778d65728197b63803b523) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

10:41:41.0661 4244 McShield - ok

10:41:41.0755 4244 McTaskManager (b15bb3aef59158b4e1dda5328c842713) C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe

10:41:41.0755 4244 McTaskManager - ok

10:41:41.0848 4244 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

10:41:41.0911 4244 Mcx2Svc - ok

10:41:41.0942 4244 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

10:41:41.0957 4244 megasas - ok

10:41:41.0989 4244 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

10:41:41.0989 4244 MegaSR - ok

10:41:42.0129 4244 mfeapfk (0d121a46e0148a3bc941fa3bb0269329) C:\Windows\system32\drivers\mfeapfk.sys

10:41:42.0129 4244 mfeapfk - ok

10:41:42.0191 4244 mfeavfk (93f251905c028809ffb49f95a63fcbc9) C:\Windows\system32\drivers\mfeavfk.sys

10:41:42.0191 4244 mfeavfk - ok

10:41:42.0207 4244 mfeavfk01 - ok

10:41:42.0269 4244 mfehidk (a282a937127ea7b15eb85559e59ae576) C:\Windows\system32\drivers\mfehidk.sys

10:41:42.0269 4244 mfehidk - ok

10:41:42.0285 4244 mferkdet (04d7e0e2a48730a1c535837f105e6352) C:\Windows\system32\drivers\mferkdet.sys

10:41:42.0285 4244 mferkdet - ok

10:41:42.0425 4244 mfevtp (45f1580c7c9f49a68b72ef2ccefef3a3) C:\Windows\system32\mfevtps.exe

10:41:42.0425 4244 mfevtp - ok

10:41:42.0503 4244 mfewfpk (325dd1031cfd71bd4d8afdb1faaf3bea) C:\Windows\system32\drivers\mfewfpk.sys

10:41:42.0503 4244 mfewfpk - ok

10:41:42.0613 4244 Microsoft SharePoint Workspace Audit Service - ok

10:41:42.0628 4244 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

10:41:42.0628 4244 MMCSS - ok

10:41:42.0675 4244 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

10:41:42.0675 4244 Modem - ok

10:41:42.0722 4244 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

10:41:42.0722 4244 monitor - ok

10:41:42.0753 4244 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

10:41:42.0753 4244 mouclass - ok

10:41:42.0784 4244 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

10:41:42.0784 4244 mouhid - ok

10:41:42.0815 4244 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

10:41:42.0815 4244 mountmgr - ok

10:41:42.0862 4244 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

10:41:42.0862 4244 mpio - ok

10:41:42.0956 4244 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

10:41:42.0956 4244 mpsdrv - ok

10:41:43.0065 4244 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

10:41:43.0112 4244 MpsSvc - ok

10:41:43.0143 4244 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

10:41:43.0143 4244 MRxDAV - ok

10:41:43.0159 4244 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

10:41:43.0159 4244 mrxsmb - ok

10:41:43.0190 4244 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

10:41:43.0205 4244 mrxsmb10 - ok

10:41:43.0268 4244 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

10:41:43.0268 4244 mrxsmb20 - ok

10:41:43.0315 4244 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

10:41:43.0315 4244 msahci - ok

10:41:43.0424 4244 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

10:41:43.0424 4244 msdsm - ok

10:41:43.0471 4244 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

10:41:43.0471 4244 MSDTC - ok

10:41:43.0502 4244 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

10:41:43.0502 4244 Msfs - ok

10:41:43.0517 4244 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

10:41:43.0517 4244 mshidkmdf - ok

10:41:43.0533 4244 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

10:41:43.0533 4244 msisadrv - ok

10:41:43.0673 4244 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

10:41:43.0673 4244 MSiSCSI - ok

10:41:43.0673 4244 msiserver - ok

10:41:43.0736 4244 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

10:41:43.0736 4244 MSKSSRV - ok

10:41:43.0736 4244 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

10:41:43.0736 4244 MSPCLOCK - ok

10:41:43.0736 4244 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

10:41:43.0736 4244 MSPQM - ok

10:41:43.0783 4244 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

10:41:43.0783 4244 MsRPC - ok

10:41:43.0814 4244 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

10:41:43.0829 4244 mssmbios - ok

10:41:43.0829 4244 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

10:41:43.0829 4244 MSTEE - ok

10:41:43.0892 4244 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

10:41:43.0892 4244 MTConfig - ok

10:41:43.0954 4244 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

10:41:43.0954 4244 Mup - ok

10:41:44.0001 4244 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

10:41:44.0001 4244 napagent - ok

10:41:44.0079 4244 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

10:41:44.0079 4244 NativeWifiP - ok

10:41:44.0282 4244 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

10:41:44.0297 4244 NDIS - ok

10:41:44.0329 4244 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

10:41:44.0329 4244 NdisCap - ok

10:41:44.0344 4244 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

10:41:44.0344 4244 NdisTapi - ok

10:41:44.0375 4244 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

10:41:44.0375 4244 Ndisuio - ok

10:41:44.0407 4244 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

10:41:44.0407 4244 NdisWan - ok

10:41:44.0500 4244 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

10:41:44.0500 4244 NDProxy - ok

10:41:44.0516 4244 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

10:41:44.0516 4244 NetBIOS - ok

10:41:44.0547 4244 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

10:41:44.0547 4244 NetBT - ok

10:41:44.0594 4244 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

10:41:44.0594 4244 Netlogon - ok

10:41:44.0672 4244 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

10:41:44.0687 4244 Netman - ok

10:41:44.0797 4244 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

10:41:44.0890 4244 NetMsmqActivator - ok

10:41:44.0921 4244 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

10:41:44.0921 4244 NetPipeActivator - ok

10:41:44.0968 4244 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

10:41:44.0968 4244 netprofm - ok

10:41:44.0984 4244 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

10:41:44.0984 4244 NetTcpActivator - ok

10:41:44.0999 4244 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

10:41:44.0999 4244 NetTcpPortSharing - ok

10:41:45.0998 4244 NETw5s64 (18555f48844c2861d9dce8f2b7223ae5) C:\Windows\system32\DRIVERS\NETw5s64.sys

10:41:46.0107 4244 NETw5s64 - ok

10:41:46.0279 4244 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

10:41:46.0279 4244 nfrd960 - ok

10:41:46.0419 4244 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

10:41:46.0419 4244 NlaSvc - ok

10:41:46.0481 4244 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

10:41:46.0481 4244 Npfs - ok

10:41:46.0513 4244 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

10:41:46.0528 4244 nsi - ok

10:41:46.0575 4244 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

10:41:46.0575 4244 nsiproxy - ok

10:41:46.0856 4244 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

10:41:46.0871 4244 Ntfs - ok

10:41:47.0074 4244 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

10:41:47.0074 4244 Null - ok

10:41:47.0121 4244 NVHDA (960e39a54e525df58cb29193147dffa1) C:\Windows\system32\drivers\nvhda64v.sys

10:41:47.0121 4244 NVHDA - ok

10:41:49.0071 4244 nvlddmkm (69ff3b6f43817da715824ca79742dec5) C:\Windows\system32\DRIVERS\nvlddmkm.sys

10:41:49.0133 4244 nvlddmkm - ok

10:41:49.0352 4244 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

10:41:49.0367 4244 nvraid - ok

10:41:49.0445 4244 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

10:41:49.0445 4244 nvstor - ok

10:41:49.0617 4244 nvsvc (799ac71b5dabda9955f7043a083ec611) C:\Windows\system32\nvvsvc.exe

10:41:49.0648 4244 nvsvc - ok

10:41:50.0288 4244 nvUpdatusService (a2422cba523e9b297d02dd140bc672f0) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

10:41:50.0288 4244 nvUpdatusService - ok

10:41:50.0553 4244 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

10:41:50.0553 4244 nv_agp - ok

10:41:50.0647 4244 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

10:41:50.0647 4244 ohci1394 - ok

10:41:50.0725 4244 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

10:41:50.0787 4244 ose - ok

10:41:51.0271 4244 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

10:41:51.0333 4244 osppsvc - ok

10:41:51.0567 4244 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

10:41:51.0567 4244 p2pimsvc - ok

10:41:51.0723 4244 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

10:41:51.0739 4244 p2psvc - ok

10:41:51.0770 4244 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

10:41:51.0770 4244 Parport - ok

10:41:51.0801 4244 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys

10:41:51.0801 4244 partmgr - ok

10:41:51.0817 4244 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

10:41:51.0817 4244 PcaSvc - ok

10:41:51.0848 4244 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

10:41:51.0848 4244 pci - ok

10:41:51.0848 4244 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

10:41:51.0848 4244 pciide - ok

10:41:51.0895 4244 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

10:41:51.0895 4244 pcmcia - ok

10:41:51.0942 4244 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

10:41:51.0942 4244 pcw - ok

10:41:52.0035 4244 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

10:41:52.0051 4244 PEAUTH - ok

10:41:52.0144 4244 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll

10:41:52.0144 4244 PeerDistSvc - ok

10:41:52.0332 4244 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

10:41:52.0332 4244 PerfHost - ok

10:41:52.0550 4244 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

10:41:52.0597 4244 pla - ok

10:41:52.0644 4244 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

10:41:52.0644 4244 PlugPlay - ok

10:41:52.0722 4244 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

10:41:52.0722 4244 PNRPAutoReg - ok

10:41:52.0753 4244 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

10:41:52.0768 4244 PNRPsvc - ok

10:41:52.0846 4244 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

10:41:52.0893 4244 PolicyAgent - ok

10:41:52.0924 4244 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

10:41:52.0924 4244 Power - ok

10:41:53.0065 4244 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

10:41:53.0065 4244 PptpMiniport - ok

10:41:53.0096 4244 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

10:41:53.0096 4244 Processor - ok

10:41:53.0127 4244 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll

10:41:53.0143 4244 ProfSvc - ok

10:41:53.0158 4244 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

10:41:53.0174 4244 ProtectedStorage - ok

10:41:53.0190 4244 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

10:41:53.0190 4244 Psched - ok

10:41:53.0392 4244 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

10:41:53.0408 4244 ql2300 - ok

10:41:53.0626 4244 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

10:41:53.0642 4244 ql40xx - ok

10:41:53.0673 4244 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

10:41:53.0673 4244 QWAVE - ok

10:41:53.0720 4244 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

10:41:53.0720 4244 QWAVEdrv - ok

10:41:53.0736 4244 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

10:41:53.0736 4244 RasAcd - ok

10:41:53.0782 4244 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

10:41:53.0782 4244 RasAgileVpn - ok

10:41:53.0892 4244 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

10:41:53.0907 4244 RasAuto - ok

10:41:53.0938 4244 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

10:41:53.0938 4244 Rasl2tp - ok

10:41:53.0985 4244 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

10:41:53.0985 4244 RasMan - ok

10:41:54.0016 4244 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

10:41:54.0016 4244 RasPppoe - ok

10:41:54.0032 4244 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

10:41:54.0032 4244 RasSstp - ok

10:41:54.0063 4244 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

10:41:54.0079 4244 rdbss - ok

10:41:54.0141 4244 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

10:41:54.0141 4244 rdpbus - ok

10:41:54.0204 4244 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

10:41:54.0204 4244 RDPCDD - ok

10:41:54.0250 4244 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys

10:41:54.0250 4244 RDPDR - ok

10:41:54.0282 4244 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

10:41:54.0282 4244 RDPENCDD - ok

10:41:54.0297 4244 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

10:41:54.0313 4244 RDPREFMP - ok

10:41:54.0406 4244 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys

10:41:54.0406 4244 RdpVideoMiniport - ok

10:41:54.0516 4244 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys

10:41:54.0516 4244 RDPWD - ok

10:41:54.0562 4244 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

10:41:54.0562 4244 rdyboost - ok

10:41:54.0609 4244 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

10:41:54.0625 4244 RemoteAccess - ok

10:41:54.0765 4244 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

10:41:54.0765 4244 RemoteRegistry - ok

10:41:54.0843 4244 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys

10:41:54.0843 4244 RFCOMM - ok

10:41:54.0906 4244 rimspci (fa6abc06b629da29634d31f1fe0347bd) C:\Windows\system32\DRIVERS\rimssne64.sys

10:41:54.0906 4244 rimspci - ok

10:41:54.0921 4244 RimUsb (7b04c9843921ab1f695fb395422c5360) C:\Windows\system32\Drivers\RimUsb_AMD64.sys

10:41:54.0921 4244 RimUsb - ok

10:41:55.0030 4244 risdsnpe (8f8539a7f5c117d4407b2985995671f2) C:\Windows\system32\DRIVERS\risdsne64.sys

10:41:55.0030 4244 risdsnpe - ok

10:41:55.0077 4244 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

10:41:55.0093 4244 RpcEptMapper - ok

10:41:55.0108 4244 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

10:41:55.0108 4244 RpcLocator - ok

10:41:55.0155 4244 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

10:41:55.0155 4244 RpcSs - ok

10:41:55.0186 4244 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

10:41:55.0186 4244 rspndr - ok

10:41:55.0218 4244 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys

10:41:55.0218 4244 s3cap - ok

10:41:55.0249 4244 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

10:41:55.0249 4244 SamSs - ok

10:41:55.0389 4244 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

10:41:55.0389 4244 sbp2port - ok

10:41:55.0436 4244 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

10:41:55.0436 4244 SCardSvr - ok

10:41:55.0467 4244 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

10:41:55.0467 4244 scfilter - ok

10:41:55.0639 4244 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

10:41:55.0686 4244 Schedule - ok

10:41:55.0779 4244 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

10:41:55.0779 4244 SCPolicySvc - ok

10:41:55.0888 4244 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys

10:41:55.0888 4244 sdbus - ok

10:41:55.0920 4244 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

10:41:55.0935 4244 SDRSVC - ok

10:41:55.0966 4244 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

10:41:55.0966 4244 secdrv - ok

10:41:55.0982 4244 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

10:41:56.0013 4244 seclogon - ok

10:41:56.0076 4244 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll

10:41:56.0076 4244 SENS - ok

10:41:56.0138 4244 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

10:41:56.0154 4244 SensrSvc - ok

10:41:56.0154 4244 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

10:41:56.0154 4244 Serenum - ok

10:41:56.0185 4244 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

10:41:56.0185 4244 Serial - ok

10:41:56.0216 4244 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

10:41:56.0216 4244 sermouse - ok

10:41:56.0247 4244 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

10:41:56.0278 4244 SessionEnv - ok

10:41:56.0310 4244 SFEP (70f9c476b62de4f2823e918a6c181ade) C:\Windows\system32\DRIVERS\SFEP.sys

10:41:56.0310 4244 SFEP - ok

10:41:56.0356 4244 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

10:41:56.0356 4244 sffdisk - ok

10:41:56.0434 4244 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

10:41:56.0434 4244 sffp_mmc - ok

10:41:56.0450 4244 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

10:41:56.0466 4244 sffp_sd - ok

10:41:56.0512 4244 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

10:41:56.0512 4244 sfloppy - ok

10:41:56.0700 4244 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

10:41:56.0731 4244 SharedAccess - ok

10:41:56.0871 4244 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

10:41:56.0871 4244 ShellHWDetection - ok

10:41:56.0902 4244 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

10:41:56.0902 4244 SiSRaid2 - ok

10:41:56.0918 4244 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

10:41:56.0918 4244 SiSRaid4 - ok

10:41:56.0949 4244 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

10:41:56.0949 4244 Smb - ok

10:41:56.0996 4244 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

10:41:56.0996 4244 SNMPTRAP - ok

10:41:57.0027 4244 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

10:41:57.0027 4244 spldr - ok

10:41:57.0152 4244 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

10:41:57.0168 4244 Spooler - ok

10:41:57.0464 4244 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

10:41:57.0464 4244 sppsvc - ok

10:41:57.0729 4244 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

10:41:57.0729 4244 sppuinotify - ok

10:41:57.0870 4244 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

10:41:57.0870 4244 srv - ok

10:41:57.0963 4244 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

10:41:57.0963 4244 srv2 - ok

10:41:58.0010 4244 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

10:41:58.0010 4244 srvnet - ok

10:41:58.0057 4244 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

10:41:58.0057 4244 SSDPSRV - ok

10:41:58.0072 4244 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

10:41:58.0072 4244 SstpSvc - ok

10:41:58.0150 4244 Stereo Service (80d035bcaa65a0644ea169d6ca6bcb98) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

10:41:58.0150 4244 Stereo Service - ok

10:41:58.0166 4244 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

10:41:58.0166 4244 stexstor - ok

10:41:58.0338 4244 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

10:41:58.0369 4244 stisvc - ok

10:41:58.0384 4244 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys

10:41:58.0384 4244 storflt - ok

10:41:58.0416 4244 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll

10:41:58.0416 4244 StorSvc - ok

10:41:58.0431 4244 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys

10:41:58.0431 4244 storvsc - ok

10:41:58.0447 4244 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

10:41:58.0447 4244 swenum - ok

10:41:58.0540 4244 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

10:41:58.0572 4244 swprv - ok

10:41:58.0603 4244 Synth3dVsc - ok

10:41:58.0650 4244 SynTP (20f8f4c2ed3f492da318d98e72f77209) C:\Windows\system32\DRIVERS\SynTP.sys

10:41:58.0650 4244 SynTP - ok

10:41:58.0930 4244 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

10:41:58.0946 4244 SysMain - ok

10:41:59.0055 4244 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

10:41:59.0086 4244 TabletInputService - ok

10:41:59.0227 4244 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

10:41:59.0227 4244 TapiSrv - ok

10:41:59.0258 4244 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

10:41:59.0258 4244 TBS - ok

10:41:59.0523 4244 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys

10:41:59.0539 4244 Tcpip - ok

10:41:59.0866 4244 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys

10:41:59.0866 4244 TCPIP6 - ok

10:42:00.0100 4244 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

10:42:00.0100 4244 tcpipreg - ok

10:42:00.0132 4244 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

10:42:00.0132 4244 TDPIPE - ok

10:42:00.0147 4244 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

10:42:00.0147 4244 TDTCP - ok

10:42:00.0178 4244 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

10:42:00.0178 4244 tdx - ok

10:42:00.0272 4244 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

10:42:00.0272 4244 TermDD - ok

10:42:00.0350 4244 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

10:42:00.0381 4244 TermService - ok

10:42:00.0412 4244 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

10:42:00.0412 4244 Themes - ok

10:42:00.0428 4244 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

10:42:00.0428 4244 THREADORDER - ok

10:42:00.0568 4244 TIRmtSvc (8b522b91be7ce217efc1fa6c70c4465a) C:\WINDOWS\TIREMOTE\TIRemoteService.exe

10:42:00.0568 4244 TIRmtSvc - ok

10:42:00.0646 4244 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

10:42:00.0646 4244 TrkWks - ok

10:42:00.0693 4244 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

10:42:00.0693 4244 TrustedInstaller - ok

10:42:00.0724 4244 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

10:42:00.0724 4244 tssecsrv - ok

10:42:00.0740 4244 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

10:42:00.0740 4244 TsUsbFlt - ok

10:42:00.0740 4244 tsusbhub - ok

10:42:00.0880 4244 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

10:42:00.0880 4244 tunnel - ok

10:42:00.0912 4244 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

10:42:00.0912 4244 uagp35 - ok

10:42:00.0943 4244 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

10:42:00.0943 4244 udfs - ok

10:42:00.0974 4244 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

10:42:00.0974 4244 UI0Detect - ok

10:42:01.0005 4244 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

10:42:01.0005 4244 uliagpkx - ok

10:42:01.0036 4244 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

10:42:01.0036 4244 umbus - ok

10:42:01.0052 4244 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

10:42:01.0052 4244 UmPass - ok

10:42:01.0193 4244 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll

10:42:01.0208 4244 UmRdpService - ok

10:42:01.0239 4244 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

10:42:01.0239 4244 upnphost - ok

10:42:01.0286 4244 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys

10:42:01.0286 4244 USBAAPL64 - ok

10:42:01.0317 4244 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

10:42:01.0317 4244 usbccgp - ok

10:42:01.0489 4244 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

10:42:01.0489 4244 usbcir - ok

10:42:01.0520 4244 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys

10:42:01.0536 4244 usbehci - ok

10:42:01.0598 4244 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

10:42:01.0598 4244 usbhub - ok

10:42:01.0614 4244 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

10:42:01.0614 4244 usbohci - ok

10:42:01.0645 4244 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

10:42:01.0645 4244 usbprint - ok

10:42:01.0676 4244 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

10:42:01.0692 4244 usbscan - ok

10:42:01.0707 4244 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

10:42:01.0707 4244 USBSTOR - ok

10:42:01.0754 4244 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

10:42:01.0754 4244 usbuhci - ok

10:42:01.0785 4244 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys

10:42:01.0801 4244 usbvideo - ok

10:42:01.0817 4244 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

10:42:01.0832 4244 UxSms - ok

10:42:02.0051 4244 VAIO Event Service (a60605fc66552b421ee1f3d4ebb9a4e0) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe

10:42:02.0051 4244 VAIO Event Service - ok

10:42:02.0129 4244 VAIO Power Management (d469be2723f79cf4b384680b1fdc577d) C:\Program Files\Sony\VAIO Power Management\SPMService.exe

10:42:02.0129 4244 VAIO Power Management - ok

10:42:02.0144 4244 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

10:42:02.0144 4244 VaultSvc - ok

10:42:02.0253 4244 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

10:42:02.0253 4244 vdrvroot - ok

10:42:02.0316 4244 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

10:42:02.0363 4244 vds - ok

10:42:02.0409 4244 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

10:42:02.0409 4244 vga - ok

10:42:02.0425 4244 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

10:42:02.0425 4244 VgaSave - ok

10:42:02.0425 4244 VGPU - ok

10:42:02.0503 4244 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

10:42:02.0503 4244 vhdmp - ok

10:42:02.0534 4244 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

10:42:02.0534 4244 viaide - ok

10:42:02.0565 4244 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys

10:42:02.0565 4244 vmbus - ok

10:42:02.0565 4244 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys

10:42:02.0565 4244 VMBusHID - ok

10:42:02.0581 4244 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

10:42:02.0581 4244 volmgr - ok

10:42:02.0628 4244 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

10:42:02.0628 4244 volmgrx - ok

10:42:02.0659 4244 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

10:42:02.0659 4244 volsnap - ok

10:42:02.0706 4244 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

10:42:02.0706 4244 vsmraid - ok

10:42:03.0236 4244 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

10:42:03.0330 4244 VSS - ok

10:42:03.0533 4244 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

10:42:03.0533 4244 vwifibus - ok

10:42:03.0548 4244 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

10:42:03.0548 4244 vwififlt - ok

10:42:03.0564 4244 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

10:42:03.0564 4244 vwifimp - ok

10:42:03.0907 4244 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

10:42:03.0938 4244 W32Time - ok

10:42:04.0001 4244 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

10:42:04.0001 4244 WacomPen - ok

10:42:04.0141 4244 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

10:42:04.0141 4244 WANARP - ok

10:42:04.0157 4244 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

10:42:04.0157 4244 Wanarpv6 - ok

10:42:04.0266 4244 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

10:42:04.0437 4244 WatAdminSvc - ok

10:42:04.0562 4244 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

10:42:04.0640 4244 wbengine - ok

10:42:05.0405 4244 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

10:42:05.0451 4244 WbioSrvc - ok

10:42:05.0904 4244 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

10:42:05.0919 4244 wcncsvc - ok

10:42:05.0966 4244 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

10:42:05.0982 4244 WcsPlugInService - ok

10:42:06.0200 4244 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

10:42:06.0200 4244 Wd - ok

10:42:06.0902 4244 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

10:42:06.0918 4244 Wdf01000 - ok

10:42:07.0074 4244 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

10:42:07.0121 4244 WdiServiceHost - ok

10:42:07.0121 4244 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

10:42:07.0121 4244 WdiSystemHost - ok

10:42:07.0417 4244 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

10:42:07.0417 4244 WebClient - ok

10:42:07.0807 4244 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

10:42:07.0823 4244 Wecsvc - ok

10:42:07.0963 4244 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

10:42:07.0963 4244 wercplsupport - ok

10:42:08.0088 4244 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

10:42:08.0103 4244 WerSvc - ok

10:42:08.0431 4244 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

10:42:08.0431 4244 WfpLwf - ok

10:42:08.0525 4244 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

10:42:08.0525 4244 WIMMount - ok

10:42:08.0634 4244 WinDefend - ok

10:42:08.0665 4244 WinHttpAutoProxySvc - ok

10:42:08.0837 4244 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

10:42:08.0852 4244 Winmgmt - ok

10:42:10.0553 4244 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

10:42:10.0709 4244 WinRM - ok

10:42:11.0785 4244 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys

10:42:11.0785 4244 WinUsb - ok

10:42:12.0503 4244 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

10:42:12.0628 4244 Wlansvc - ok

10:42:12.0752 4244 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

10:42:12.0752 4244 WmiAcpi - ok

10:42:13.0096 4244 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

10:42:13.0111 4244 wmiApSrv - ok

10:42:13.0205 4244 WMPNetworkSvc - ok

10:42:13.0345 4244 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

10:42:13.0345 4244 WPCSvc - ok

10:42:13.0564 4244 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

10:42:13.0595 4244 WPDBusEnum - ok

10:42:13.0688 4244 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

10:42:13.0688 4244 ws2ifsl - ok

10:42:13.0891 4244 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll

10:42:13.0891 4244 wscsvc - ok

10:42:13.0891 4244 WSearch - ok

10:42:16.0122 4244 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll

10:42:16.0122 4244 wuauserv - ok

10:42:17.0261 4244 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

10:42:17.0261 4244 WudfPf - ok

10:42:17.0292 4244 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

10:42:17.0292 4244 WUDFRd - ok

10:42:17.0323 4244 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

10:42:17.0370 4244 wudfsvc - ok

10:42:17.0822 4244 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

10:42:17.0838 4244 WwanSvc - ok

10:42:18.0010 4244 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

10:42:20.0147 4244 \Device\Harddisk0\DR0 - ok

10:42:20.0194 4244 Boot (0x1200) (4580e43ecdae801d8652a68ac2c6795d) \Device\Harddisk0\DR0\Partition0

10:42:20.0225 4244 \Device\Harddisk0\DR0\Partition0 - ok

10:42:20.0256 4244 Boot (0x1200) (c6124f9b61ca809682374e09392d1537) \Device\Harddisk0\DR0\Partition1

10:42:20.0272 4244 \Device\Harddisk0\DR0\Partition1 - ok

10:42:20.0272 4244 ============================================================

10:42:20.0272 4244 Scan finished

10:42:20.0272 4244 ============================================================

10:42:20.0287 0636 Detected object count: 0

10:42:20.0287 0636 Actual detected object count: 0

[gringo_pr]

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur

Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

• Programs to remove
  
  • 
    BitTorrent
    Java™ 6 Update 30

• Please download and install

Revo Uninstaller FreeDouble click Revo Uninstaller to run it.
From the list of programs double click on The Program to remove
When prompted if you want to uninstall click Yes.
Be sure the Moderate option is selected then click Next.
The program will run, If prompted again click Yes
when the built-in uninstaller is finished click on Next.
Once the program has searched for leftovers click Next.
Check/tick the bolded items only on the list then click Delete
when prompted click on Yes and then on next.
put a check on any folders that are found and select delete
when prompted select yes then on next
Once done click Finish.

.

Install Java:

Please go here to install Java

• click on the Free Java Download Button
  
• click on Agree and start Free download
  
• click on Run
  
• click on run again
  
• click on install
  
• when install is complete click on close
  

Clean Out Temp Files

• This small application you may want to keep and use once a week to keep the computer clean.
  Download CCleaner from here http://www.ccleaner.com/
  
  • Run the installer to install the application.
    
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
    
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
    
  • Click Run Cleaner.
    
  • Close CCleaner.
    

: Malwarebytes' Anti-Malware :

• I would like you to rerun MBAM
  
• Double-click mbam icon
  
• go to the update tab at the top
  
• click on check for updates
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select Perform quick scan, then click Scan.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  
• When completed, a log will open in Notepad. please copy and paste the log into your next reply
  
  • If you accidentally close it, the log file is saved here and will be named like this:
    
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.

Click OK to either and let MBAM proceed with the disinfection process.

If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

• Go Here to download HijackThis Installer
  
• Save HijackThis Installer to your desktop.
  
• Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  
• By default it will install to C:\Program Files\Trend Micro\HijackThis .
  
• Click on Install.
  
• It will create a HijackThis icon on the desktop.
  
• Once installed it will launch Hijackthis.
  
• Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  
• Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  
• Come back here to this thread and Paste the log in your next reply.
  
• DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  
• DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.
  

NOTE**

sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe

(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit

(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit

and select to run as administrator

"information and logs"

• In your next post I need the following
  

1. Log From MBAM
   
2. report from Hijackthis
   
3. let me know of any problems you may have had
   
4. How is the computer doing now?
   

Gringo

[helpmeplease1]

(1) log from MBAM - see bleow

(2) Report from Hijackthis - see below

(3) do not seem to have any issues

(4) no issues as in the past

================================

LOG FROM MBAM

----------------------------------------------------

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.07.12.11

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

ebhandari :: EBHANDARI-GNNB [administrator]

7/12/2012 3:19:53 PM

mbam-log-2012-07-12 (15-19-53).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 299779

Time elapsed: 3 minute(s), 54 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

==========================================

Report from Hijackthis

--------------------------------------------

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 3:27:01 PM, on 7/12/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16447)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\SysWOW64\RunDll32.exe

C:\Program Files (x86)\Microsoft Lync\communicator.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe

C:\Program Files (x86)\McAfee\Common Framework\McTray.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE

C:\Program Files (x86)\BigFix Enterprise\BES Client\BESClientUI.exe

C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Program Files (x86)\Windows Media Player\wmplayer.exe

C:\Program Files (x86)\Microsoft Lync\UcMapi.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe

C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Microsoft Office\Office14\NAMECONTROLSERVER.EXE

C:\PROGRA~2\Java\jre6\bin\jp2launcher.exe

C:\Program Files (x86)\Java\jre6\bin\java.exe

C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Users\ebhandari\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://graceland/Pages/Home.aspx

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Gracenote, Inc.

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Lync add-on BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111228165507.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

O4 - HKLM\..\Run: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"

O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Communicator] "C:\Program Files (x86)\Microsoft Lync\communicator.exe" /fromrunkey

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey

O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [ares] "C:\Program Files (x86)\Ares\Ares.exe" -h

O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

O4 - Global Startup: Bluetooth.lnk = ?

O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll

O9 - Extra 'Tools' menuitem: Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://oracleweb.webex.com/client/WBXclient-T27L10NSP31-13320/webex/ieatgpc1.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = gracenote.gracenote.com

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = gracenote.gracenote.com

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = gracenote.gracenote.com,gracenote.gracenote.com,gracenote.gracenote.com,gracenote.gracenote.com,gracenote.gracenote.com,gracenote.gracenote.com,gracenote.gracenote.com,gracenote.gracenote.com,gracenote.gracenote.com,gracenote.gracenote.com,gracenote.grace

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = gracenote.gracenote.com

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = gracenote.gracenote.com,gracenote.gracenote.com,gracenote.gracenote.com,gracenote.gracenote.com,gracenote.gracenote.com,gracenote.gracenote.com,gracenote.gracenote.com,gracenote.gracenote.com,gracenote.gracenote.com,gracenote.gracenote.com,gracenote.grace

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = gracenote.gracenote.com,gracenote.gracenote.com,gracenote.gracenote.com,gracenote.gracenote.com,gracenote.gracenote.com,gracenote.gracenote.com,gracenote.gracenote.com,gracenote.gracenote.com,gracenote.gracenote.com,gracenote.gracenote.com,gracenote.grace

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: BES Client (BESClient) - Unknown owner - C:\Program Files (x86)\BigFix Enterprise\BES Client\BESClient.exe (file missing)

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: Track-It! Workstation Manager (TIRmtSvc) - Numara Software, Inc. - C:\WINDOWS\TIREMOTE\TIRemoteService.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe

O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 15443 bytes

[gringo_pr]

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional

These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

• Run HijackThis
  
• Click on the Scan button
  
• Put a check beside all of the items listed below (if present):
  
  • 
    O4 - HKLM\..\Run: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
    O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [ares] "C:\Program Files (x86)\Ares\Ares.exe" -h
    O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
    
    

  [*] Close all open windows and browsers/email, etc...

  [*] Click on the "Fix Checked" button

  [*] When completed, close the application.

  • NOTE**You can research each of those lines
  >here< and see if you want to keep them or not
  just copy the name between the brackets and paste into the search space
  O4 - HKLM\..\Run: [IntelliPoint]
  

NOTE**

sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe

(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit

(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit

and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

• Turn off the real time scanner of any existing antivirus program while performing the online scan
  
• click on the Run ESET Online Scanner button
  
• Tick the box next to YES, I accept the Terms of Use.
  
  • Click Start
    

  [*]When asked, allow the add/on to be installed

  • Click Start
    

  [*]Make sure that the option Remove found threats is unticked

  [*]Click on Advanced Settings, ensure the options

  • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    

  [*]Click Scan

  [*]wait for the virus definitions to be downloaded

  [*]Wait for the scan to finish

When the scan is complete

• If no threats were found
  
  • put a checkmark in "Uninstall application on close"
    
  • close program
    
  • report to me that nothing was found
    

• If threats were found
  
  • click on "list of threats found"
    
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
    
  • Click on back
    
  • put a checkmark in "Uninstall application on close"
    
  • click on finish
    
  • close program
    
  • copy and paste the report here
    

Gringo

[gringo_pr]

Greetings

I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools

Gringo

[helpmeplease1]

I need a little more time.

Thanks

[gringo_pr]

no problem

gringo

[helpmeplease1]

ESET SCAN REPORT

------------------------------------------

C:\System Volume Information\SystemRestore\FRStaging\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GO5Y9JPZ\kittyflix_com[1].htm HTML/ScrInject.B.Gen virus

C:\TDSSKiller_Quarantine\08.07.2012_22.07.46\mbr0000\tdlfs0000\tsk0000.dta a variant of Win32/Olmarik.AYI trojan

C:\TDSSKiller_Quarantine\08.07.2012_22.07.46\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AK trojan

C:\TDSSKiller_Quarantine\08.07.2012_22.07.46\mbr0000\tdlfs0000\tsk0009.dta a variant of Win32/Olmarik.AYI trojan

[gringo_pr]

Hello

There are some minor things in your online scan that should be removed.

delete files

• Copy all text in the quote box (below)...to Notepad.

  @echo off
  rd /s /q "C:\TDSSKiller_Quarantine\"
  del %0

• Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
  It should look like this: <--XP<--vista
  
• Double click on delfile.bat to execute it.
  A black CMD window will flash, then disappear...this is normal.
  
• The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.
  

The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.

Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.

:Why we need to remove some of our tools:

• Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight.
  They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.
  The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.

:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

• To re-enable your Emulation drivers, double click DeFogger to run the tool.
  
  • The application window will appear
    
  • Click the Re-enable button to re-enable your CD Emulation drivers
    
  • Click Yes to continue
    
  • A 'Finished!' message will appear
    
  • Click OK
    
  • DeFogger will now ask to reboot the machine - click OK.
    

Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

• turn off all active protection software
  
• push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  
• please copy and past the following into the box ComboFix /Uninstall and click OK.
  
• Note the space between the X and the /Uninstall, it needs to be there.
  
• 
  

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.

• Double-click OTCleanIt.exe.
  
• Click the CleanUp! button.
  
• Select Yes when the "Begin cleanup Process?" prompt appears.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes, if not delete it by yourself.
  
• If asked to restart the computer, please do so
  

Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls
CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner
Malwarebytes' Anti-Malware The Gold standerd today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

• Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  
• WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  
• Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
  totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)
  Note** If you decide to install MSE you will need to uninstall your present Antivirus
  

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety
Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum
COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here --><-- Don't worry every little bit helps.

Gringo

[helpmeplease1]

I will work on this today.

Thanks