Inactive I want someone to help me please, I am keep getting Malwarebytes Anti-Malware popups

Vijay murthy · Oct 5, 2012

Hello friends, please someone help me with this issue. I am keep getting Malwarebyites Antimalware popups. I am scared that my system has been infected. Few days back it was showing incoming and svchost.exe and I tried with different antivirus free editions. Now I am getting popup as outgoing, I request your help.

Broni · Oct 5, 2012

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

Vijay murthy · Oct 6, 2012

Hello sir, thanks for your reply. Now I am about to follow all 5 steps which you asked me to follow. Before that I need to tell you one thing, I had already installed malwarebyites antimalware in my system and now it is showing you have "Trial 0 day remaining", but still I am able to scan my system as of today. I would like to know if I can perform scan even after trial days ?..

I got McAfee free 30 days edition now, I will uninstall it and I will install Avista Home (free) edition upon your reply.

Thanks sir.

Broni · Oct 6, 2012

MBAM will still work. You have to update it manually before running it.

If you want to uninstall McAfee make sure to use this tool: http://majorgeeks.com/McAfee_Consumer_Product_Removal_Tool_d5420.html

Vijay murthy · Oct 7, 2012

Hello sir, I have finished the steps you have asked me to finish and I got bit confusion here. I ran GMER but I did not see that I need to run it by disconnecting internet. I clicked on it and it ran automatic scan, but I had to close it since the internet was connected. Then I disconnected the internet and closed all programs and and re-clicked on GMER and I pressed scan, I don't know if I have run it as per your instructions or not, but I got logs of all so I am attaching them here. Please have a look. Thanks.

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.07.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
User :: USER-PC [administrator]

07-10-2012 21:51:52
mbam-log-2012-10-07 (21-51-52).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 190686
Time elapsed: 11 minute(s), 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-10-07 22:41:10
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEVT-60A23T0 rev.02.01A02
Running: yjwp6osu.exe; Driver: C:\Users\User\AppData\Local\Temp\kxldapob.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8E653708]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x8F4237C8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x8E65411C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8E65EF28]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8E65EF74]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8E65F0F6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8E65EE96]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x8F423BBA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8E65EEDE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0x8E654310]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThreadEx [0x8E654498]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8E65F0B0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0x8E654A9C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8E653756]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x8F4238AC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8E6533BE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8E6537A4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8E658456]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8E655464]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8E65EF52]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8E65EF96]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8E65F11A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8E65EEBC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8E65F03A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8E65EF06]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8E65F0D4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x8F423A2C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8E655330]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThreadEx [0x8E65506C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8E6537F2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8E653840]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0x8E65491C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8E653448]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8E6535F8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8E65359E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0x8E654BFE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0x8E654D5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8E653668]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x8F423AF6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0x8E654794]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8E65388E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x8F423962]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8F43B966]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13C1 83A8E3D9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83AC7D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 83ACEDC0 4 Bytes [08, 37, 65, 8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 83ACEDE8 4 Bytes [C8, 37, 42, 8F] {ENTER 0x4237, 0x8f}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1153 83ACEE48 4 Bytes [1C, 41, 65, 8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 83ACEE9C 8 Bytes [28, EF, 65, 8E, 74, EF, 65, ...]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 83ACEEA8 4 Bytes [F6, F0, 65, 8E]
.text ...
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 83C5BC30 5 Bytes JMP 8F438806 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject + 27 83C74250 5 Bytes JMP 8F43A338 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 83C89397 4 Bytes CALL 8E655B07 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 83CA31A0 4 Bytes CALL 8E655B1D \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 83D2D078 7 Bytes JMP 8F43B96A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[108] kernel32.dll!GetBinaryTypeW + 70 758469F4 1 Byte [62]
.text C:\Windows\system32\csrss.exe[452] kernel32.dll!GetBinaryTypeW + 70 758469F4 1 Byte [62]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[456] kernel32.dll!GetBinaryTypeW + 70 758469F4 1 Byte [62]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[464] kernel32.dll!GetBinaryTypeW + 70 758469F4 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[496] ntdll.dll!LdrUnloadDll 76E4C86E 5 Bytes JMP 000603FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[496] ntdll.dll!LdrLoadDll 76E5223E 5 Bytes JMP 000601F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[496] kernel32.dll!GetBinaryTypeW + 70 758469F4 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[496] USER32.dll!UnhookWindowsHookEx 75C9CC7B 5 Bytes JMP 00090A08
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[496] USER32.dll!UnhookWinEvent 75C9D924 5 Bytes JMP 000903FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[496] USER32.dll!SetWindowsHookExW 75CA210A 5 Bytes JMP 00090804
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[496] USER32.dll!SetWinEventHook 75CA507E 5 Bytes JMP 000901F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[496] USER32.dll!SetWindowsHookExA 75CC6DFA 5 Bytes JMP 00090600
.text C:\Windows\system32\wininit.exe[504] kernel32.dll!GetBinaryTypeW + 70 758469F4 1 Byte [62]
.text C:\Windows\system32\csrss.exe[516] kernel32.dll!GetBinaryTypeW + 70 758469F4 1 Byte [62]
.text C:\Windows\system32\services.exe[556] kernel32.dll!GetBinaryTypeW + 70 758469F4 1 Byte [62]
.text C:\Windows\system32\lsass.exe[580] kernel32.dll!GetBinaryTypeW + 70 758469F4 1 Byte [62]
.text C:\Windows\system32\lsm.exe[588] kernel32.dll!GetBinaryTypeW + 70 758469F4 1 Byte [62]
.text ...
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1460] kernel32.dll!SetUnhandledExceptionFilter 7582F4FB 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1460] kernel32.dll!GetBinaryTypeW + 70 758469F4 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[1564] kernel32.dll!GetBinaryTypeW + 70 758469F4 1 Byte [62]
.text C:\Windows\Explorer.EXE[1588] kernel32.dll!GetBinaryTypeW + 70 758469F4 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[1688] kernel32.dll!GetBinaryTypeW + 70 758469F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1716] kernel32.dll!GetBinaryTypeW + 70 758469F4 1 Byte [62]
.text ...
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[2176] ntdll.dll!LdrUnloadDll 76E4C86E 5 Bytes JMP 001603FC
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[2176] ntdll.dll!LdrLoadDll 76E5223E 5 Bytes JMP 001601F8
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[2176] kernel32.dll!GetBinaryTypeW + 70 758469F4 1 Byte [62]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[2176] USER32.dll!UnhookWindowsHookEx 75C9CC7B 5 Bytes JMP 00240A08
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[2176] USER32.dll!UnhookWinEvent 75C9D924 5 Bytes JMP 002403FC
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[2176] USER32.dll!SetWindowsHookExW 75CA210A 5 Bytes JMP 00240804
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[2176] USER32.dll!SetWinEventHook 75CA507E 5 Bytes JMP 002401F8
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[2176] USER32.dll!SetWindowsHookExA 75CC6DFA 5 Bytes JMP 00240600
.text C:\Windows\system32\svchost.exe[2200] ntdll.dll!LdrUnloadDll 76E4C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[2200] ntdll.dll!LdrLoadDll 76E5223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[2200] kernel32.dll!GetBinaryTypeW + 70 758469F4 1 Byte [62]
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2204] kernel32.dll!GetBinaryTypeW + 70 758469F4 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[2232] ntdll.dll!LdrUnloadDll 76E4C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\SearchIndexer.exe[2232] ntdll.dll!LdrLoadDll 76E5223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\SearchIndexer.exe[2232] kernel32.dll!GetBinaryTypeW + 70 758469F4 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[2232] USER32.dll!UnhookWindowsHookEx 75C9CC7B 5 Bytes JMP 00100A08
.text C:\Windows\system32\SearchIndexer.exe[2232] USER32.dll!UnhookWinEvent 75C9D924 5 Bytes JMP 001003FC
.text C:\Windows\system32\SearchIndexer.exe[2232] USER32.dll!SetWindowsHookExW 75CA210A 5 Bytes JMP 00100804
.text C:\Windows\system32\SearchIndexer.exe[2232] USER32.dll!SetWinEventHook 75CA507E 5 Bytes JMP 001001F8
.text C:\Windows\system32\SearchIndexer.exe[2232] USER32.dll!SetWindowsHookExA 75CC6DFA 5 Bytes JMP 00100600
.text C:\Windows\System32\svchost.exe[2312] ntdll.dll!LdrUnloadDll 76E4C86E 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[2312] ntdll.dll!LdrLoadDll 76E5223E 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[2312] kernel32.dll!GetBinaryTypeW + 70 758469F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[2312] USER32.dll!UnhookWindowsHookEx 75C9CC7B 5 Bytes JMP 00250A08
.text C:\Windows\System32\svchost.exe[2312] USER32.dll!UnhookWinEvent 75C9D924 5 Bytes JMP 002503FC
.text C:\Windows\System32\svchost.exe[2312] USER32.dll!SetWindowsHookExW 75CA210A 5 Bytes JMP 00250804
.text C:\Windows\System32\svchost.exe[2312] USER32.dll!SetWinEventHook 75CA507E 5 Bytes JMP 002501F8
.text C:\Windows\System32\svchost.exe[2312] USER32.dll!SetWindowsHookExA 75CC6DFA 5 Bytes JMP 00250600
.text C:\Windows\System32\igfxpers.exe[2444] ntdll.dll!LdrUnloadDll 76E4C86E 5 Bytes JMP 001603FC
.text C:\Windows\System32\igfxpers.exe[2444] ntdll.dll!LdrLoadDll 76E5223E 5 Bytes JMP 001601F8
.text C:\Windows\System32\igfxpers.exe[2444] kernel32.dll!GetBinaryTypeW + 70 758469F4 1 Byte [62]
.text C:\Windows\System32\igfxpers.exe[2444] USER32.dll!UnhookWindowsHookEx 75C9CC7B 5 Bytes JMP 00310A08
.text C:\Windows\System32\igfxpers.exe[2444] USER32.dll!UnhookWinEvent 75C9D924 5 Bytes JMP 003103FC
.text C:\Windows\System32\igfxpers.exe[2444] USER32.dll!SetWindowsHookExW 75CA210A 5 Bytes JMP 00310804
.text C:\Windows\System32\igfxpers.exe[2444] USER32.dll!SetWinEventHook 75CA507E 5 Bytes JMP 003101F8
.text C:\Windows\System32\igfxpers.exe[2444] USER32.dll!SetWindowsHookExA 75CC6DFA 5 Bytes JMP 00310600
.text C:\Program Files\Bzeek\bzeek.exe[2512] ntdll.dll!LdrUnloadDll 76E4C86E 5 Bytes JMP 000903FC
.text C:\Program Files\Bzeek\bzeek.exe[2512] ntdll.dll!LdrLoadDll 76E5223E 5 Bytes JMP 000901F8
.text C:\Program Files\Bzeek\bzeek.exe[2512] kernel32.dll!GetBinaryTypeW + 70 758469F4 1 Byte [62]
.text C:\Program Files\Bzeek\bzeek.exe[2512] USER32.dll!UnhookWindowsHookEx 75C9CC7B 5 Bytes JMP 00120A08
.text C:\Program Files\Bzeek\bzeek.exe[2512] USER32.dll!UnhookWinEvent 75C9D924 5 Bytes JMP 001203FC
.text C:\Program Files\Bzeek\bzeek.exe[2512] USER32.dll!SetWindowsHookExW 75CA210A 5 Bytes JMP 00120804
.text C:\Program Files\Bzeek\bzeek.exe[2512] USER32.dll!SetWinEventHook 75CA507E 5 Bytes JMP 001201F8
.text C:\Program Files\Bzeek\bzeek.exe[2512] USER32.dll!SetWindowsHookExA 75CC6DFA 5 Bytes JMP 00120600
.text C:\Program Files\Bzeek\bzeek.exe[2512] WS2_32.dll!getaddrinfo 75664296 5 Bytes JMP 288C7900 C:\Program Files\SpeedBit Video Accelerator\Accelerator.dll (Accelerator/SpeedBit Ltd.)
.text C:\Program Files\Bzeek\bzeek.exe[2512] WS2_32.dll!GetAddrInfoW 75664889 5 Bytes JMP 288C6810 C:\Program Files\SpeedBit Video Accelerator\Accelerator.dll (Accelerator/SpeedBit Ltd.)
.text C:\Program Files\Bzeek\bzeek.exe[2512] WS2_32.dll!GetAddrInfoExW 7566D1EA 5 Bytes JMP 288C7050 C:\Program Files\SpeedBit Video Accelerator\Accelerator.dll (Accelerator/SpeedBit Ltd.)
.text C:\Program Files\Bzeek\bzeek.exe[2512] WS2_32.dll!GetAddrInfoExA 7567469B 5 Bytes JMP 288C6D20 C:\Program Files\SpeedBit Video Accelerator\Accelerator.dll (Accelerator/SpeedBit Ltd.)
.text C:\Program Files\Bzeek\bzeek.exe[2512] WS2_32.dll!gethostbyname 75677673 5 Bytes JMP 288C6BB0 C:\Program Files\SpeedBit Video Accelerator\Accelerator.dll (Accelerator/SpeedBit Ltd.)
.text C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe[3092] ntdll.dll!LdrUnloadDll 76E4C86E 5 Bytes JMP 001603FC
.text C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe[3092] ntdll.dll!LdrLoadDll 76E5223E 5 Bytes JMP 001601F8
.text C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe[3092] kernel32.dll!GetBinaryTypeW + 70 758469F4 1 Byte [62]
.text C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe[3092] USER32.dll!UnhookWindowsHookEx 75C9CC7B 5 Bytes JMP 00180A08
.text C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe[3092] USER32.dll!UnhookWinEvent 75C9D924 5 Bytes JMP 001803FC
.text C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe[3092] USER32.dll!SetWindowsHookExW 75CA210A 5 Bytes JMP 00180804
.text C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe[3092] USER32.dll!SetWinEventHook 75CA507E 5 Bytes JMP 001801F8
.text C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe[3092] USER32.dll!SetWindowsHookExA 75CC6DFA 5 Bytes JMP 00180600
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3264] ntdll.dll!LdrUnloadDll 76E4C86E 5 Bytes JMP 001603FC
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3264] ntdll.dll!LdrLoadDll 76E5223E 5 Bytes JMP 001601F8
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3264] kernel32.dll!GetBinaryTypeW + 70 758469F4 1 Byte [62]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3264] USER32.dll!UnhookWindowsHookEx 75C9CC7B 5 Bytes JMP 00340A08
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3264] USER32.dll!UnhookWinEvent 75C9D924 5 Bytes JMP 003403FC
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3264] USER32.dll!SetWindowsHookExW 75CA210A 5 Bytes JMP 00340804
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3264] USER32.dll!SetWinEventHook 75CA507E 5 Bytes JMP 003401F8
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3264] USER32.dll!SetWindowsHookExA 75CC6DFA 5 Bytes JMP 00340600
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3424] kernel32.dll!GetBinaryTypeW + 70 758469F4 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3424] WS2_32.dll!getaddrinfo 75664296 5 Bytes JMP 288C7900 C:\Program Files\SpeedBit Video Accelerator\Accelerator.dll (Accelerator/SpeedBit Ltd.)
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3424] WS2_32.dll!GetAddrInfoW 75664889 5 Bytes JMP 288C6810 C:\Program Files\SpeedBit Video Accelerator\Accelerator.dll (Accelerator/SpeedBit Ltd.)
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3424] WS2_32.dll!GetAddrInfoExW 7566D1EA 5 Bytes JMP 288C7050 C:\Program Files\SpeedBit Video Accelerator\Accelerator.dll (Accelerator/SpeedBit Ltd.)
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3424] WS2_32.dll!GetAddrInfoExA 7567469B 5 Bytes JMP 288C6D20 C:\Program Files\SpeedBit Video Accelerator\Accelerator.dll (Accelerator/SpeedBit Ltd.)
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3424] WS2_32.dll!gethostbyname 75677673 5 Bytes JMP 288C6BB0 C:\Program Files\SpeedBit Video Accelerator\Accelerator.dll (Accelerator/SpeedBit Ltd.)
.text C:\Windows\system32\WUDFHost.exe[3840] ntdll.dll!LdrUnloadDll 76E4C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\WUDFHost.exe[3840] ntdll.dll!LdrLoadDll 76E5223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\WUDFHost.exe[3840] kernel32.dll!GetBinaryTypeW + 70 758469F4 1 Byte [62]
.text C:\Windows\system32\WUDFHost.exe[3840] USER32.dll!UnhookWindowsHookEx 75C9CC7B 5 Bytes JMP 000D0A08
.text C:\Windows\system32\WUDFHost.exe[3840] USER32.dll!UnhookWinEvent 75C9D924 5 Bytes JMP 000D03FC
.text C:\Windows\system32\WUDFHost.exe[3840] USER32.dll!SetWindowsHookExW 75CA210A 5 Bytes JMP 000D0804
.text C:\Windows\system32\WUDFHost.exe[3840] USER32.dll!SetWinEventHook 75CA507E 5 Bytes JMP 000D01F8
.text C:\Windows\system32\WUDFHost.exe[3840] USER32.dll!SetWindowsHookExA 75CC6DFA 5 Bytes JMP 000D0600
.text C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4088] ntdll.dll!LdrUnloadDll 76E4C86E 5 Bytes JMP 001603FC
.text C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4088] ntdll.dll!LdrLoadDll 76E5223E 5 Bytes JMP 001601F8
.text C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4088] kernel32.dll!GetBinaryTypeW + 70 758469F4 1 Byte [62]
.text C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4088] USER32.dll!UnhookWindowsHookEx 75C9CC7B 5 Bytes JMP 00240A08
.text C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4088] USER32.dll!UnhookWinEvent 75C9D924 5 Bytes JMP 002403FC
.text C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4088] USER32.dll!SetWindowsHookExW 75CA210A 5 Bytes JMP 00240804
.text C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4088] USER32.dll!SetWinEventHook 75CA507E 5 Bytes JMP 002401F8
.text C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4088] USER32.dll!SetWindowsHookExA 75CC6DFA 5 Bytes JMP 00240600
.text C:\Windows\system32\svchost.exe[4944] ntdll.dll!LdrUnloadDll 76E4C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[4944] ntdll.dll!LdrLoadDll 76E5223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[4944] kernel32.dll!GetBinaryTypeW + 70 758469F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[4944] USER32.dll!UnhookWindowsHookEx 75C9CC7B 5 Bytes JMP 00420A08
.text C:\Windows\system32\svchost.exe[4944] USER32.dll!UnhookWinEvent 75C9D924 5 Bytes JMP 004203FC
.text C:\Windows\system32\svchost.exe[4944] USER32.dll!SetWindowsHookExW 75CA210A 5 Bytes JMP 00420804
.text C:\Windows\system32\svchost.exe[4944] USER32.dll!SetWinEventHook 75CA507E 5 Bytes JMP 004201F8
.text C:\Windows\system32\svchost.exe[4944] USER32.dll!SetWindowsHookExA 75CC6DFA 5 Bytes JMP 00420600
.text C:\Users\User\Desktop\updated files\before updated files\yjwp6osu.exe[5392] kernel32.dll!GetBinaryTypeW + 70 758469F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[5764] kernel32.dll!GetBinaryTypeW + 70 758469F4 1 Byte [62]
.text C:\Windows\system32\AUDIODG.EXE[6048] kernel32.dll!GetBinaryTypeW + 70 758469F4 1 Byte [62]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1460] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [715BF6D0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)
IAT C:\Program Files\AVAST Software\Avast\AvastUI.exe[3424] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [715BF6D0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e02a824c1430
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e02a824c1430@f01c13e5d99c 0xDF 0x33 0xE6 0x5D ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e02a824c1430@8c7712795979 0xF5 0x73 0xF9 0x6D ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e02a824c1430 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e02a824c1430@f01c13e5d99c 0xDF 0x33 0xE6 0x5D ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e02a824c1430@8c7712795979 0xF5 0x73 0xF9 0x6D ...

---- EOF - GMER 1.0.15 ----
.

Vijay murthy · Oct 7, 2012

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by User at 22:47:31 on 2012-10-07
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.91.1033.18.1910.503 [GMT 5.5:30]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Bzeek\bzeek.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\igfxpers.exe
C:\Program Files\Bzeek\bzeek.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [SpeedBitVideoAccelerator] "c:\program files\speedbit video accelerator\VideoAccelerator.exe" /startup
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Bzeek Icon] "c:\program files\bzeek\bzeek.exe" trayicon
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\program files\speedbit video accelerator\SBLSP.dll
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe
TCP: DhcpNameServer = 113.193.12.14 113.193.1.14
TCP: Interfaces\{4390AB2B-939C-47C5-9369-A5CF37C887CD} : DhcpNameServer = 192.168.42.129
TCP: Interfaces\{47D46CE0-4985-4E9B-B151-6835EACF3982} : DhcpNameServer = 113.193.12.14 113.193.1.14
TCP: Interfaces\{A3A372C7-BA17-4833-8915-6EA0C23BC1D3} : DhcpNameServer = 192.168.1.1 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\yra6pxlo.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://in.search.yahoo.com/search?fr=mcafee&p=
FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\users\user\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\users\user\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\user\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_278.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111434&tt=050412_30b
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 16d0d10c00000000000064315063ee5a
FF - user.js: extensions.BabylonToolbar_i.hardId - 16d0d10c00000000000064315063ee5a
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15437
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.179:04:30
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2012-10-5 28552]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-10-7 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-10-7 355632]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-7-28 63960]
R2 AERTFilters;Andrea RT Filters Service;c:\program files\realtek\audio\hda\AERTSrv.exe [2011-6-23 87968]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-10-7 21256]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-7 58680]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-10-7 44808]
R2 bzeeksvc;Bzeek Service;c:\program files\bzeek\bzeek.exe [2012-9-14 4985056]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-10-4 399432]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-10-4 676936]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-10-3 1153368]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\intel\intel(r) management engine components\uns\UNS.exe [2011-6-23 2320920]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\speedb~1\videoacceleratorservice.exe -start -scm --> c:\progra~1\speedb~1\VideoAcceleratorService.exe -start -scm [?]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2011-6-23 297000]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2011-6-23 33320]
R3 BzeekDM;BzeekDM;c:\windows\system32\drivers\drone.sys [2012-9-14 147584]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-7-29 132352]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2010-3-5 232960]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [2009-9-29 12160]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [2009-9-29 10496]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [2009-9-29 12928]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-10-4 22856]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S2 XAMPP;XAMPP Service;c:\xampp\service.exe --> c:\xampp\service.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-2 250288]
S3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\drivers\lgandbus.sys [2010-12-7 14336]
S3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\drivers\lganddiag.sys [2010-12-7 20736]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\drivers\lgandgps.sys [2010-12-7 20096]
S3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\drivers\lgandmodem.sys [2010-12-7 25088]
S3 AndNetDiag;LG AndroidNet USB Serial Port;c:\windows\system32\drivers\lgandnetdiag.sys [2010-11-29 23168]
S3 AndNetGps;LG AndroidNet USB GPS NMEA Port;c:\windows\system32\drivers\lgandnetgps.sys [2010-11-29 22272]
S3 ANDNetModem;LG AndroidNet USB Modem;c:\windows\system32\drivers\lgandnetmodem.sys [2010-11-29 28032]
S3 andnetndis;LG AndroidNet NDIS Ethernet Adapter;c:\windows\system32\drivers\lgandnetndis.sys [2010-11-29 69632]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\lgandadb.sys [2010-8-2 25728]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 BzeekDP;BzeekDP Drone Service;c:\windows\system32\drivers\drone.sys [2012-9-14 147584]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-3-17 115168]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-4-6 15872]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-4-7 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-4-6 1343400]
.
=============== Created Last 30 ================
.
2012-10-07 11:15:3044784----a-w-c:\windows\system32\drivers\aswRdr2.sys
2012-10-07 11:15:25729752----a-w-c:\windows\system32\drivers\aswSnx.sys
2012-10-07 11:15:2458680----a-w-c:\windows\system32\drivers\aswMonFlt.sys
2012-10-07 11:14:5441224----a-w-c:\windows\avastSS.scr
2012-10-05 14:28:1728552----a-w-c:\windows\system32\drivers\pavboot.sys
2012-10-05 14:28:07--------d-----w-c:\program files\Panda Security
2012-10-05 14:17:45--------d-----w-c:\users\user\appdata\roaming\QuickScan
2012-10-04 11:07:0096224----a-w-c:\program files\mozilla firefox\webapprt-stub.exe
2012-10-04 11:07:0091104----a-w-c:\program files\mozilla firefox\smime3.dll
2012-10-04 11:07:00889816----a-w-c:\program files\mozilla firefox\uninstall\helper.exe
2012-10-04 11:07:00270816----a-w-c:\program files\mozilla firefox\updater.exe
2012-10-04 11:07:0019424----a-w-c:\program files\mozilla firefox\xpcom.dll
2012-10-04 11:07:00157272----a-w-c:\program files\mozilla firefox\webapp-uninstaller.exe
2012-10-04 11:07:00155104----a-w-c:\program files\mozilla firefox\softokn3.dll
2012-10-04 11:07:0014678496----a-w-c:\program files\mozilla firefox\xul.dll
2012-10-04 11:07:00145376----a-w-c:\program files\mozilla firefox\ssl3.dll
2012-10-04 10:15:4822856----a-w-c:\windows\system32\drivers\mbam.sys
2012-10-04 10:15:47--------d-----w-c:\program files\Malwarebytes' Anti-Malware
2012-10-03 19:00:47--------d-----w-c:\users\user\appdata\roaming\Safer Networking
2012-10-02 19:55:15--------d-----w-c:\programdata\Spybot - Search & Destroy
2012-10-02 19:55:15--------d-----w-c:\program files\Spybot - Search & Destroy
2012-10-01 18:20:47--------d-----w-C:\$RECYCLE.BIN
2012-10-01 11:18:56--------d-----w-C:\TDSSKiller_Quarantine
2012-09-29 21:25:17--------d-----w-c:\users\user\appdata\local\temp
2012-09-29 21:11:4098816----a-w-c:\windows\sed.exe
2012-09-29 21:11:40518144----a-w-c:\windows\SWREG.exe
2012-09-29 21:11:40256000----a-w-c:\windows\PEV.exe
2012-09-29 21:11:40208896----a-w-c:\windows\MBR.exe
2012-09-29 11:18:43--------d-----w-c:\program files\SpeedBit Video Accelerator
2012-09-29 11:15:27--------d-----w-c:\users\user\appdata\roaming\AVG
2012-09-29 11:14:05--------d-----w-c:\programdata\AVG
2012-09-29 11:13:57--------d-sh--w-c:\programdata\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2012-09-29 11:09:56172032----a-w-c:\windows\system32\AniGIF.ocx
2012-09-29 10:23:0056200----a-w-c:\programdata\microsoft\windows defender\definition updates\{4e8b16db-ae59-461a-b365-140c81cc57c2}\offreg.dll
2012-09-28 09:52:42--------d-----w-c:\users\user\appdata\roaming\AVG2013
2012-09-28 09:44:11--------d-----w-c:\programdata\AVG2013
2012-09-28 09:44:11--------d-----w-C:\$AVG
2012-09-27 19:50:35--------d-----w-c:\users\user\appdata\roaming\Malwarebytes
2012-09-27 19:49:58--------d-----w-c:\programdata\Malwarebytes
2012-09-27 19:41:54--------d-----w-c:\programdata\AVAST Software
2012-09-27 19:41:54--------d-----w-c:\program files\AVAST Software
2012-09-27 18:45:17--------d-----w-c:\users\user\appdata\local\MFAData
2012-09-27 18:45:17--------d-----w-c:\users\user\appdata\local\Avg2013
2012-09-27 18:45:17--------d-----w-c:\programdata\MFAData
2012-09-27 09:56:13--------d-----w-c:\users\user\appdata\roaming\FreeVideoConverter
2012-09-27 09:56:13--------d-----w-c:\program files\Free Video Converter
2012-09-26 17:26:35--------d-----w-c:\users\user\appdata\roaming\IDM
2012-09-26 17:26:28--------d-----w-c:\program files\Internet Download Manager
2012-09-26 13:34:256980552----a-w-c:\programdata\microsoft\windows defender\definition updates\{4e8b16db-ae59-461a-b365-140c81cc57c2}\mpengine.dll
2012-09-26 11:17:02--------d-----w-c:\program files\PowerDataRecovery
2012-09-26 11:13:55--------d-----w-c:\program files\LSoft Technologies
2012-09-26 07:52:19--------d-----w-c:\program files\PDF Password Remover v3.1
2012-09-17 18:32:5293672----a-w-c:\windows\system32\WindowsAccessBridge.dll
2012-09-15 16:04:40--------d-----w-c:\programdata\BlueStacksSetup
2012-09-15 16:04:40--------d-----w-c:\programdata\BlueStacks
2012-09-14 16:20:44--------d-----w-c:\users\user\appdata\roaming\TeamViewer
2012-09-14 14:55:52--------d-----w-c:\programdata\Connectify
2012-09-14 14:12:12147584----a-w-c:\windows\system32\drivers\drone.sys
2012-09-14 14:08:31--------d-----w-c:\program files\Virtual Router
2012-09-12 06:29:55--------d-----w-c:\users\user\appdata\roaming\Ashampoo
2012-09-12 06:29:47--------d-----w-c:\users\user\appdata\local\ashampoo
2012-09-12 06:29:47--------d-----w-c:\programdata\ashampoo
2012-09-12 06:29:44--------d-----w-c:\program files\Ashampoo
2012-09-11 08:28:11650752----a-w-c:\windows\system32\xvidcore.dll
2012-09-11 08:28:11243200----a-w-c:\windows\system32\xvidvfw.dll
2012-09-11 08:28:11216064----a-w-c:\windows\system32\lagarith.dll
2012-09-11 08:28:11151552----a-w-c:\windows\system32\ac3acm.acm
2012-09-11 08:28:10178688----a-w-c:\windows\system32\unrar.dll
2012-09-11 08:28:09112640----a-w-c:\windows\system32\ff_vfw.dll
2012-09-11 08:28:07--------d-----w-c:\program files\K-Lite Codec Pack
2012-09-10 12:54:22--------d-----w-c:\program files\TeamViewer
.
==================== Find3M ====================
.
2012-10-02 17:49:192560----a-w-c:\windows\_MSRSTRT.EXE
2012-09-21 10:01:59696240----a-w-c:\windows\system32\FlashPlayerApp.exe
2012-09-21 10:01:5873136----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-17 18:32:44821736----a-w-c:\windows\system32\npdeployJava1.dll
2012-09-17 18:32:44746984----a-w-c:\windows\system32\deployJava1.dll
2012-09-03 07:17:251024----a-w-c:\windows\system32\thunk.dll
2012-07-16 01:55:02409088----a-w-c:\windows\system32\systemcpl.dll
2012-07-16 01:55:0213824----a-w-c:\windows\system32\slwga.dll
.
============= FINISH: 22:48:25.53 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 23-06-2011 15:21:17
System Uptime: 07-10-2012 21:46:37 (1 hours ago)
.
Motherboard: Hewlett-Packard | | 1425
Processor: Intel(R) Pentium(R) CPU P6200 @ 2.13GHz | CPU | 2133/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 58 GiB total, 37.122 GiB free.
D: is FIXED (NTFS) - 117 GiB total, 104.127 GiB free.
E: is FIXED (NTFS) - 122 GiB total, 116.368 GiB free.
F: is CDROM ()
H: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Bluetooth Device (Personal Area Network)
Device ID: BTH\MS_BTHPAN\7&2EA01765&0&2
Manufacturer: Microsoft
Name: Bluetooth Device (Personal Area Network)
PNP Device ID: BTH\MS_BTHPAN\7&2EA01765&0&2
Service: BthPan
.
==== System Restore Points ===================
.
RP147: 04-10-2012 16:07:30 - Removed BlueStacks
RP148: 07-10-2012 16:44:21 - avast! Free Antivirus Setup
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
7-Zip 9.20
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
Apple Application Support
Ashampoo Burning Studio 6 FREE v.6.81
Atheros Driver Installation Program
avast! Free Antivirus
Broadcom 2070 Bluetooth 3.0
Broadcom 802.11 Wireless LAN Adapter
Bzeek Version 0.9.186
CCleaner
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
CyberLink YouCam
Google Chrome
Google Talk (remove only)
Google Talk Plugin
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Components
Java 7 Update 7
Java Auto Updater
JavaFX 2.1.1
K-Lite Mega Codec Pack 9.2.0
LG Bluetooth Drivers
LG United Mobile Drivers
Malwarebytes Anti-Malware version 1.65.0.1400
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MiniTool Power Data Recovery
Mozilla Firefox 16.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Panda ActiveScan 2.0
Picasa 3
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Recuva
RtVOsd
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Shared C Run-time for x86
Skype™ 5.10
SpeedBit Video Accelerator
Spybot - Search & Destroy
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2597970) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.6195
WavePad Sound Editor
Windows Media Player Firefox Plugin
YouTrader 4 Terminal
.
==== Event Viewer Messages From Past Week ========
.
30-09-2012 23:28:46, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the vToolbarUpdater12.2.6 service to connect.
30-09-2012 23:28:46, Error: Service Control Manager [7000] - The vToolbarUpdater12.2.6 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
30-09-2012 02:23:45, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSnx aswSP aswTdi AVGIDSDriver AVGIDSShim Avgldx86 Avgmfx86 Avgtdix CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf ws2ifsl
30-09-2012 02:23:40, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
30-09-2012 02:23:40, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
30-09-2012 02:23:40, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
30-09-2012 02:23:40, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
30-09-2012 02:23:40, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
30-09-2012 02:23:40, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
30-09-2012 02:23:40, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
30-09-2012 02:23:40, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
30-09-2012 02:23:40, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
30-09-2012 02:23:40, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
30-09-2012 02:23:40, Error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: A device attached to the system is not functioning.
07-10-2012 21:47:04, Error: Service Control Manager [7000] - The XAMPP Service service failed to start due to the following error: The system cannot find the file specified.
07-10-2012 15:42:33, Error: Microsoft-Windows-SharedAccess_NAT [30009] - The DHCP allocator encountered a network error while attempting to reply on IP address 0.0.0.0 to a request from a client. The data is the error code.
07-10-2012 13:09:41, Error: Service Control Manager [7034] - The VideoAcceleratorService service terminated unexpectedly. It has done this 1 time(s).
04-10-2012 16:06:16, Error: Service Control Manager [7023] - The BlueStacks Android Service service terminated with the following error: An exception occurred in the service when handling the control request.
03-10-2012 00:39:09, Error: Microsoft-Windows-DistributedCOM [10001] - Unable to start a DCOM Server: {F87B28F1-DA9A-4F35-8EC0-800EFCF26B83} as /. The error: "5" Happened while starting this command: C:\Windows\System32\slui.exe -Embedding
02-10-2012 20:56:16, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
02-10-2012 20:56:16, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
02-10-2012 20:56:16, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
02-10-2012 20:55:49, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
02-10-2012 20:55:49, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
02-10-2012 00:07:15, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x00000000, 0x000000ff, 0x00000008, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 100212-15943-01.
01-10-2012 23:59:33, Error: NetBT [4311] - Initialization failed because the driver device could not be created. Use the string "E02A8240E396" to identify the interface for which initialization failed. It represents the MAC address of the failed interface or the Globally Unique Interface Identifier (GUID) if NetBT was unable to map from GUID to MAC address. If neither the MAC address nor the GUID were available, the string represents a cluster device name.
01-10-2012 23:46:29, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
01-10-2012 17:02:13, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
.
==== End Of File ===========================

Broni · Oct 7, 2012

Download TDSSKiller and save it to your desktop.

Extract (unzip) its contents to your desktop.
Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

=============================

Download RogueKiller on the desktop
Close all the running programs
Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
Otherwise just double-click on RogueKiller.exe
Pre-scan will start. Let it finish.
Click on SCAN button.
Wait until the Status box shows Scan Finished
Click on Delete.
Wait until the Status box shows Deleting Finished.
Click on Report and copy/paste the content of the Notepad into your next reply.
RKreport.txt could also be found on your desktop.
If more than one log is produced post all logs.
If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

==========================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

Vijay murthy · Oct 8, 2012

09:33:57.0888 3436 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
09:33:58.0543 3436 ============================================================
09:33:58.0543 3436 Current date / time: 2012/10/08 09:33:58.0543
09:33:58.0543 3436 SystemInfo:
09:33:58.0543 3436
09:33:58.0543 3436 OS Version: 6.1.7601 ServicePack: 1.0
09:33:58.0543 3436 Product type: Workstation
09:33:58.0543 3436 ComputerName: USER-PC
09:33:58.0543 3436 UserName: User
09:33:58.0543 3436 Windows directory: C:\Windows
09:33:58.0543 3436 System windows directory: C:\Windows
09:33:58.0543 3436 Processor architecture: Intel x86
09:33:58.0543 3436 Number of processors: 2
09:33:58.0543 3436 Page size: 0x1000
09:33:58.0543 3436 Boot type: Normal boot
09:33:58.0543 3436 ============================================================
09:33:59.0979 3436 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
09:33:59.0979 3436 ============================================================
09:33:59.0979 3436 \Device\Harddisk0\DR0:
09:33:59.0979 3436 MBR partitions:
09:33:59.0979 3436 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
09:33:59.0979 3436 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x74FE000
09:33:59.0979 3436 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x7530800, BlocksNum 0xEA60000
09:33:59.0979 3436 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x15F90800, BlocksNum 0xF49D800
09:33:59.0979 3436 ============================================================
09:34:00.0025 3436 C: <-> \Device\Harddisk0\DR0\Partition2
09:34:00.0197 3436 D: <-> \Device\Harddisk0\DR0\Partition3
09:34:00.0369 3436 E: <-> \Device\Harddisk0\DR0\Partition4
09:34:00.0369 3436 ============================================================
09:34:00.0369 3436 Initialize success
09:34:00.0369 3436 ============================================================
09:34:03.0099 5800 ============================================================
09:34:03.0099 5800 Scan started
09:34:03.0099 5800 Mode: Manual;
09:34:03.0099 5800 ============================================================
09:34:05.0251 5800 ================ Scan system memory ========================
09:34:05.0251 5800 System memory - ok
09:34:05.0251 5800 ================ Scan services =============================
09:34:05.0641 5800 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
09:34:05.0641 5800 1394ohci - ok
09:34:05.0688 5800 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
09:34:05.0704 5800 ACPI - ok
09:34:05.0735 5800 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
09:34:05.0735 5800 AcpiPmi - ok
09:34:05.0875 5800 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
09:34:05.0875 5800 AdobeARMservice - ok
09:34:06.0000 5800 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
09:34:06.0000 5800 AdobeFlashPlayerUpdateSvc - ok
09:34:06.0141 5800 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
09:34:06.0141 5800 adp94xx - ok
09:34:06.0172 5800 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
09:34:06.0172 5800 adpahci - ok
09:34:06.0219 5800 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
09:34:06.0219 5800 adpu320 - ok
09:34:06.0297 5800 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
09:34:06.0297 5800 AeLookupSvc - ok
09:34:06.0437 5800 [ A6CE73469591554279DA63BE715DBC93 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
09:34:06.0437 5800 AERTFilters - ok
09:34:06.0499 5800 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
09:34:06.0515 5800 AFD - ok
09:34:06.0546 5800 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
09:34:06.0546 5800 agp440 - ok
09:34:06.0609 5800 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
09:34:06.0609 5800 aic78xx - ok
09:34:06.0702 5800 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
09:34:06.0702 5800 ALG - ok
09:34:06.0796 5800 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
09:34:06.0796 5800 aliide - ok
09:34:06.0811 5800 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
09:34:06.0811 5800 amdagp - ok
09:34:06.0858 5800 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
09:34:06.0858 5800 amdide - ok
09:34:06.0936 5800 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
09:34:06.0936 5800 AmdK8 - ok
09:34:06.0936 5800 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
09:34:06.0952 5800 AmdPPM - ok
09:34:06.0999 5800 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
09:34:06.0999 5800 amdsata - ok
09:34:07.0046 5800 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
09:34:07.0061 5800 amdsbs - ok
09:34:07.0077 5800 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
09:34:07.0077 5800 amdxata - ok
09:34:07.0139 5800 [ 3E59DF4984FBD6800D6621480B38A34E ] Andbus C:\Windows\system32\DRIVERS\lgandbus.sys
09:34:07.0170 5800 Andbus - ok
09:34:07.0248 5800 [ 8E0BF6F3B2C9C292BC7CE0DE727CDD56 ] AndDiag C:\Windows\system32\DRIVERS\lganddiag.sys
09:34:07.0248 5800 AndDiag - ok
09:34:07.0295 5800 [ 1D2C90E25483363D54B652898BBC8F2A ] AndGps C:\Windows\system32\DRIVERS\lgandgps.sys
09:34:07.0295 5800 AndGps - ok
09:34:07.0358 5800 [ B1B06A95DA2CAC7FA19832C60C348C85 ] ANDModem C:\Windows\system32\DRIVERS\lgandmodem.sys
09:34:07.0358 5800 ANDModem - ok
09:34:07.0389 5800 andnetadb - ok
09:34:07.0420 5800 [ A9EA7C3CFCBEE7FDD8FEED28692684E3 ] AndNetDiag C:\Windows\system32\DRIVERS\lgandnetdiag.sys
09:34:07.0436 5800 AndNetDiag - ok
09:34:07.0467 5800 [ 0863139F017029B7A9545D9389682BBB ] AndNetGps C:\Windows\system32\DRIVERS\lgandnetgps.sys
09:34:07.0467 5800 AndNetGps - ok
09:34:07.0498 5800 [ 40AC5219DDE356AB1B5BFE6DDE1CD022 ] ANDNetModem C:\Windows\system32\DRIVERS\lgandnetmodem.sys
09:34:07.0498 5800 ANDNetModem - ok
09:34:07.0545 5800 [ D1240F055057ADAAD67DCE49CC5EE76C ] andnetndis C:\Windows\system32\DRIVERS\lgandnetndis.sys
09:34:07.0545 5800 andnetndis - ok
09:34:07.0576 5800 [ 54A40A58FF71936026F2E49ECFD487B8 ] androidusb C:\Windows\system32\Drivers\lgandadb.sys
09:34:07.0576 5800 androidusb - ok
09:34:07.0685 5800 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
09:34:07.0701 5800 AppID - ok
09:34:07.0732 5800 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
09:34:07.0732 5800 AppIDSvc - ok
09:34:07.0794 5800 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
09:34:07.0794 5800 Appinfo - ok
09:34:07.0888 5800 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
09:34:07.0888 5800 AppMgmt - ok
09:34:07.0966 5800 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
09:34:07.0966 5800 arc - ok
09:34:07.0982 5800 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
09:34:07.0982 5800 arcsas - ok
09:34:08.0106 5800 [ F5DC168BF77572D51BE28BA261B30CB4 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
09:34:08.0106 5800 aswFsBlk - ok
09:34:08.0169 5800 [ F76E51561562AC4105DBBE53FC99BC10 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
09:34:08.0169 5800 aswMonFlt - ok
09:34:08.0216 5800 [ 924819669AFD0EDF5C067193D371FAB0 ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
09:34:08.0216 5800 aswRdr - ok
09:34:08.0372 5800 [ 30E45AF8B4D83176CA850FC9699E860B ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
09:34:08.0372 5800 aswSnx - ok
09:34:08.0496 5800 [ F04BDBCB965C05C51F4A7DE7B62063D6 ] aswSP C:\Windows\system32\drivers\aswSP.sys
09:34:08.0512 5800 aswSP - ok
09:34:08.0559 5800 [ DFE9152ABFA89BB8CFDC057409B2D4DA ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
09:34:08.0559 5800 aswTdi - ok
09:34:08.0606 5800 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
09:34:08.0606 5800 AsyncMac - ok
09:34:08.0652 5800 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
09:34:08.0652 5800 atapi - ok
09:34:08.0746 5800 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:34:08.0746 5800 AudioEndpointBuilder - ok
09:34:08.0762 5800 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
09:34:08.0762 5800 Audiosrv - ok
09:34:09.0011 5800 [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
09:34:09.0011 5800 avast! Antivirus - ok
09:34:09.0074 5800 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
09:34:09.0074 5800 AxInstSV - ok
09:34:09.0214 5800 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
09:34:09.0214 5800 b06bdrv - ok
09:34:09.0276 5800 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
09:34:09.0276 5800 b57nd60x - ok
09:34:09.0448 5800 [ 9C3B534854F0152ED4711D936A2192EB ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys
09:34:09.0464 5800 BCM43XX - ok
09:34:09.0495 5800 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
09:34:09.0495 5800 BDESVC - ok
09:34:09.0526 5800 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
09:34:09.0526 5800 Beep - ok
09:34:09.0573 5800 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
09:34:09.0573 5800 BFE - ok
09:34:09.0635 5800 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\system32\qmgr.dll
09:34:09.0651 5800 BITS - ok
09:34:09.0713 5800 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
09:34:09.0713 5800 blbdrive - ok
09:34:09.0744 5800 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
09:34:09.0744 5800 bowser - ok
09:34:09.0760 5800 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:34:09.0760 5800 BrFiltLo - ok
09:34:09.0776 5800 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:34:09.0791 5800 BrFiltUp - ok
09:34:09.0838 5800 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
09:34:09.0854 5800 BridgeMP - ok
09:34:09.0869 5800 [ 6E11F33D14D020F58D5E02E4D67DFA19 ] Browser C:\Windows\System32\browser.dll
09:34:09.0869 5800 Browser - ok
09:34:09.0932 5800 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
09:34:09.0932 5800 Brserid - ok
09:34:09.0947 5800 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
09:34:09.0947 5800 BrSerWdm - ok
09:34:09.0963 5800 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
09:34:09.0963 5800 BrUsbMdm - ok
09:34:09.0978 5800 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
09:34:09.0978 5800 BrUsbSer - ok
09:34:10.0056 5800 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
09:34:10.0056 5800 BthEnum - ok
09:34:10.0088 5800 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
09:34:10.0088 5800 BTHMODEM - ok
09:34:10.0119 5800 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
09:34:10.0119 5800 BthPan - ok
09:34:10.0166 5800 [ C2FBF6D271D9A94D839C416BF186EAD9 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
09:34:10.0166 5800 BTHPORT - ok
09:34:10.0244 5800 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
09:34:10.0244 5800 bthserv - ok
09:34:10.0275 5800 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
09:34:10.0275 5800 BTHUSB - ok
09:34:10.0337 5800 [ 525432CFD6D8C004860AF7ECD0A84234 ] btwampfl C:\Windows\system32\drivers\btwampfl.sys
09:34:10.0353 5800 btwampfl - ok
09:34:10.0400 5800 [ CF8799A563F734984D4E053CACEC1426 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
09:34:10.0400 5800 btwaudio - ok
09:34:10.0431 5800 [ 9ED9932043D599AEA04F6EA2D86964A1 ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
09:34:10.0431 5800 btwavdt - ok
09:34:10.0571 5800 [ 110496CF8143FEA63B7A31DAD175829B ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
09:34:10.0587 5800 btwdins - ok
09:34:10.0634 5800 [ DE53089F0678CB5F0AFEB867ACB0FB05 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
09:34:10.0634 5800 btwl2cap - ok
09:34:10.0665 5800 [ 373D1BB0F7DC8F1931F9B7E0DE3E9A30 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
09:34:10.0665 5800 btwrchid - ok
09:34:10.0868 5800 [ 004F7E4279F9A0895012C9B6D62CB38D ] BzeekDM C:\Windows\system32\DRIVERS\drone.sys
09:34:10.0868 5800 BzeekDM - ok
09:34:10.0930 5800 [ 004F7E4279F9A0895012C9B6D62CB38D ] BzeekDP C:\Windows\system32\DRIVERS\drone.sys
09:34:10.0946 5800 BzeekDP - ok
09:34:11.0538 5800 [ 521ECA0880A63630D5123886D5E0827E ] bzeeksvc C:\Program Files\Bzeek\bzeek.exe
09:34:11.0570 5800 bzeeksvc - ok
09:34:11.0741 5800 catchme - ok
09:34:11.0757 5800 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
09:34:11.0757 5800 cdfs - ok
09:34:11.0819 5800 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys
09:34:11.0819 5800 cdrom - ok
09:34:11.0913 5800 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
09:34:11.0928 5800 CertPropSvc - ok
09:34:12.0006 5800 CFcatchme - ok
09:34:12.0053 5800 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
09:34:12.0053 5800 circlass - ok
09:34:12.0116 5800 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
09:34:12.0116 5800 CLFS - ok
09:34:12.0615 5800 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:34:12.0833 5800 clr_optimization_v2.0.50727_32 - ok
09:34:13.0722 5800 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:34:14.0144 5800 clr_optimization_v4.0.30319_32 - ok
09:34:14.0206 5800 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
09:34:14.0206 5800 CmBatt - ok
09:34:14.0268 5800 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
09:34:14.0268 5800 cmdide - ok
09:34:14.0378 5800 [ 6427525D76F61D0C519B008D3680E8E7 ] CNG C:\Windows\system32\Drivers\cng.sys
09:34:14.0378 5800 CNG - ok
09:34:14.0471 5800 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
09:34:14.0471 5800 Compbatt - ok
09:34:14.0565 5800 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
09:34:14.0565 5800 CompositeBus - ok
09:34:14.0627 5800 COMSysApp - ok
09:34:14.0658 5800 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
09:34:14.0658 5800 crcdisk - ok
09:34:14.0721 5800 [ A585BEBF7D054BD9618EDA0922D5484A ] CryptSvc C:\Windows\system32\cryptsvc.dll
09:34:14.0721 5800 CryptSvc - ok
09:34:14.0768 5800 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
09:34:14.0768 5800 CSC - ok
09:34:14.0799 5800 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
09:34:14.0814 5800 CscService - ok
09:34:14.0846 5800 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
09:34:14.0846 5800 DcomLaunch - ok
09:34:14.0877 5800 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
09:34:14.0892 5800 defragsvc - ok
09:34:14.0955 5800 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
09:34:14.0955 5800 DfsC - ok
09:34:15.0033 5800 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
09:34:15.0033 5800 Dhcp - ok
09:34:15.0064 5800 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
09:34:15.0064 5800 discache - ok
09:34:15.0095 5800 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
09:34:15.0095 5800 Disk - ok
09:34:15.0142 5800 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
09:34:15.0142 5800 Dnscache - ok
09:34:15.0236 5800 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
09:34:15.0236 5800 dot3svc - ok
09:34:15.0267 5800 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
09:34:15.0267 5800 DPS - ok
09:34:15.0329 5800 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
09:34:15.0329 5800 drmkaud - ok
09:34:15.0376 5800 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
09:34:15.0376 5800 DXGKrnl - ok
09:34:15.0423 5800 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
09:34:15.0423 5800 EapHost - ok
09:34:15.0532 5800 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
09:34:15.0626 5800 ebdrv - ok
09:34:15.0672 5800 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
09:34:15.0672 5800 EFS - ok
09:34:15.0735 5800 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
09:34:15.0735 5800 ehRecvr - ok
09:34:15.0766 5800 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
09:34:15.0766 5800 ehSched - ok
09:34:15.0797 5800 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
09:34:15.0813 5800 elxstor - ok
09:34:15.0860 5800 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
09:34:15.0860 5800 ErrDev - ok
09:34:15.0906 5800 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
09:34:15.0922 5800 EventSystem - ok
09:34:15.0938 5800 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
09:34:15.0938 5800 exfat - ok
09:34:15.0969 5800 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
09:34:15.0969 5800 fastfat - ok
09:34:16.0016 5800 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
09:34:16.0031 5800 Fax - ok
09:34:16.0078 5800 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
09:34:16.0078 5800 fdc - ok
09:34:16.0125 5800 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
09:34:16.0125 5800 fdPHost - ok
09:34:16.0156 5800 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
09:34:16.0156 5800 FDResPub - ok
09:34:16.0172 5800 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
09:34:16.0187 5800 FileInfo - ok
09:34:16.0203 5800 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
09:34:16.0203 5800 Filetrace - ok
09:34:16.0218 5800 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
09:34:16.0218 5800 flpydisk - ok
09:34:16.0265 5800 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
09:34:16.0265 5800 FltMgr - ok
09:34:16.0296 5800 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
09:34:16.0312 5800 FontCache - ok
09:34:16.0390 5800 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
09:34:16.0484 5800 FontCache3.0.0.0 - ok
09:34:16.0499 5800 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
09:34:16.0515 5800 FsDepends - ok
09:34:16.0546 5800 [ A574B4360E438977038AAE4BF60D79A2 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
09:34:16.0546 5800 Fs_Rec - ok
09:34:16.0608 5800 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
09:34:16.0608 5800 fvevol - ok
09:34:16.0624 5800 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
09:34:16.0624 5800 gagp30kx - ok
09:34:16.0686 5800 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
09:34:16.0702 5800 gpsvc - ok
09:34:16.0796 5800 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
09:34:16.0796 5800 gusvc - ok
09:34:16.0827 5800 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
09:34:16.0827 5800 hcw85cir - ok
09:34:16.0905 5800 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:34:16.0905 5800 HdAudAddService - ok
09:34:16.0920 5800 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
09:34:16.0936 5800 HDAudBus - ok
09:34:16.0967 5800 [ A88485DC6A7136C10D9A6C7E38FDFE3C ] HECI C:\Windows\system32\DRIVERS\HECI.sys
09:34:16.0967 5800 HECI - ok
09:34:16.0998 5800 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
09:34:16.0998 5800 HidBatt - ok
09:34:17.0030 5800 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
09:34:17.0030 5800 HidBth - ok
09:34:17.0045 5800 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
09:34:17.0045 5800 HidIr - ok
09:34:17.0076 5800 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
09:34:17.0076 5800 hidserv - ok
09:34:17.0108 5800 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
09:34:17.0108 5800 HidUsb - ok
09:34:17.0139 5800 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
09:34:17.0154 5800 hkmsvc - ok
09:34:17.0186 5800 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
09:34:17.0201 5800 HomeGroupListener - ok
09:34:17.0217 5800 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
09:34:17.0232 5800 HomeGroupProvider - ok
09:34:17.0279 5800 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
09:34:17.0279 5800 HpSAMD - ok
09:34:17.0342 5800 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
09:34:17.0357 5800 HTTP - ok
09:34:17.0435 5800 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
09:34:17.0435 5800 hwpolicy - ok
09:34:17.0482 5800 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
09:34:17.0482 5800 i8042prt - ok
09:34:17.0544 5800 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
09:34:17.0544 5800 iaStorV - ok
09:34:17.0622 5800 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:34:17.0654 5800 idsvc - ok
09:34:17.0919 5800 [ 40F8A0F85BCE94F766808AEEE8F96FA8 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
09:34:18.0122 5800 igfx - ok
09:34:18.0153 5800 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
09:34:18.0153 5800 iirsp - ok
09:34:18.0200 5800 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
09:34:18.0200 5800 IKEEXT - ok
09:34:18.0246 5800 [ 03C0D99BC2913226F1CEA7CB0D984659 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
09:34:18.0246 5800 Impcd - ok
09:34:18.0340 5800 [ D887BB07C8DEE2F1CEB50F12FA96EC17 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
09:34:18.0418 5800 IntcAzAudAddService - ok
09:34:18.0480 5800 [ BF31740828A26AB451803E3B35432651 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
09:34:18.0480 5800 IntcDAud - ok
09:34:18.0496 5800 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
09:34:18.0496 5800 intelide - ok
09:34:18.0558 5800 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
09:34:18.0558 5800 intelppm - ok
09:34:18.0590 5800 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
09:34:18.0590 5800 IPBusEnum - ok
09:34:18.0621 5800 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:34:18.0621 5800 IpFilterDriver - ok
09:34:18.0668 5800 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
09:34:18.0683 5800 iphlpsvc - ok
09:34:18.0714 5800 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
09:34:18.0714 5800 IPMIDRV - ok
09:34:18.0730 5800 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
09:34:18.0730 5800 IPNAT - ok
09:34:18.0746 5800 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
09:34:18.0761 5800 IRENUM - ok
09:34:18.0792 5800 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
09:34:18.0792 5800 isapnp - ok
09:34:18.0824 5800 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
09:34:18.0839 5800 iScsiPrt - ok
09:34:18.0870 5800 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
09:34:18.0870 5800 kbdclass - ok
09:34:18.0902 5800 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
09:34:18.0902 5800 kbdhid - ok
09:34:18.0917 5800 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
09:34:18.0917 5800 KeyIso - ok
09:34:18.0948 5800 [ F4647BB23DB9038A7536CF6B68F4207F ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
09:34:18.0948 5800 KSecDD - ok
09:34:18.0964 5800 [ E73CAE53BBB72BA26918492C6B4C229D ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
09:34:18.0964 5800 KSecPkg - ok
09:34:19.0011 5800 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
09:34:19.0011 5800 KtmRm - ok
09:34:19.0058 5800 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll
09:34:19.0058 5800 LanmanServer - ok
09:34:19.0073 5800 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:34:19.0073 5800 LanmanWorkstation - ok
09:34:19.0120 5800 [ 4DD47B5AF0B24871EBB9EFC012A7474E ] LgBttPort C:\Windows\system32\DRIVERS\lgbtport.sys
09:34:19.0120 5800 LgBttPort - ok
09:34:19.0167 5800 [ 1D038CA6C529203087A990E5E97887B4 ] lgbusenum C:\Windows\system32\DRIVERS\lgbtbus.sys
09:34:19.0167 5800 lgbusenum - ok
09:34:19.0214 5800 [ 26F1976A330195D62A6224C76968CF0D ] LGVMODEM C:\Windows\system32\DRIVERS\lgvmodem.sys
09:34:19.0214 5800 LGVMODEM - ok
09:34:19.0260 5800 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
09:34:19.0260 5800 lltdio - ok
09:34:19.0292 5800 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
09:34:19.0307 5800 lltdsvc - ok
09:34:19.0323 5800 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
09:34:19.0323 5800 lmhosts - ok
09:34:19.0416 5800 [ 7485FBCEF9136F530953575E2977859D ] LMS C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
09:34:19.0432 5800 LMS - ok
09:34:19.0448 5800 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
09:34:19.0463 5800 LSI_FC - ok
09:34:19.0479 5800 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
09:34:19.0479 5800 LSI_SAS - ok
09:34:19.0494 5800 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:34:19.0510 5800 LSI_SAS2 - ok
09:34:19.0526 5800 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:34:19.0526 5800 LSI_SCSI - ok
09:34:19.0541 5800 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
09:34:19.0541 5800 luafv - ok
09:34:19.0619 5800 [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
09:34:19.0635 5800 MBAMProtector - ok
09:34:19.0666 5800 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
09:34:19.0666 5800 MBAMScheduler - ok
09:34:19.0713 5800 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
09:34:19.0713 5800 MBAMService - ok
09:34:19.0744 5800 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
09:34:19.0760 5800 Mcx2Svc - ok
09:34:19.0775 5800 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
09:34:19.0791 5800 megasas - ok
09:34:19.0806 5800 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
09:34:19.0806 5800 MegaSR - ok
09:34:19.0869 5800 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
09:34:19.0884 5800 Microsoft Office Groove Audit Service - ok
09:34:19.0916 5800 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
09:34:19.0916 5800 MMCSS - ok
09:34:19.0947 5800 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
09:34:19.0947 5800 Modem - ok
09:34:19.0962 5800 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
09:34:19.0962 5800 monitor - ok
09:34:19.0994 5800 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
09:34:20.0009 5800 mouclass - ok
09:34:20.0009 5800 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
09:34:20.0009 5800 mouhid - ok
09:34:20.0056 5800 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
09:34:20.0056 5800 mountmgr - ok
09:34:20.0150 5800 [ 4256F4C8607AFF934B972FFC869E40FC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
09:34:20.0150 5800 MozillaMaintenance - ok
09:34:20.0181 5800 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
09:34:20.0181 5800 mpio - ok
09:34:20.0212 5800 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
09:34:20.0212 5800 mpsdrv - ok
09:34:20.0259 5800 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
09:34:20.0274 5800 MpsSvc - ok
09:34:20.0321 5800 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
09:34:20.0337 5800 MRxDAV - ok
09:34:20.0352 5800 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
09:34:20.0368 5800 mrxsmb - ok
09:34:20.0384 5800 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:34:20.0399 5800 mrxsmb10 - ok
09:34:20.0430 5800 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:34:20.0430 5800 mrxsmb20 - ok
09:34:20.0477 5800 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
09:34:20.0477 5800 msahci - ok
09:34:20.0508 5800 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
09:34:20.0508 5800 msdsm - ok
09:34:20.0540 5800 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
09:34:20.0540 5800 MSDTC - ok
09:34:20.0571 5800 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
09:34:20.0571 5800 Msfs - ok
09:34:20.0571 5800 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
09:34:20.0571 5800 mshidkmdf - ok
09:34:20.0618 5800 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
09:34:20.0618 5800 msisadrv - ok
09:34:20.0664 5800 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
09:34:20.0664 5800 MSiSCSI - ok
09:34:20.0680 5800 msiserver - ok
09:34:20.0696 5800 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
09:34:20.0711 5800 MSKSSRV - ok
09:34:20.0727 5800 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
09:34:20.0727 5800 MSPCLOCK - ok
09:34:20.0742 5800 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
09:34:20.0742 5800 MSPQM - ok
09:34:20.0774 5800 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
09:34:20.0774 5800 MsRPC - ok
09:34:20.0805 5800 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
09:34:20.0805 5800 mssmbios - ok
09:34:20.0820 5800 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
09:34:20.0836 5800 MSTEE - ok
09:34:20.0836 5800 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
09:34:20.0836 5800 MTConfig - ok
09:34:20.0867 5800 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
09:34:20.0867 5800 Mup - ok
09:34:20.0898 5800 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
09:34:20.0898 5800 napagent - ok
09:34:20.0945 5800 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
09:34:20.0961 5800 NativeWifiP - ok
09:34:21.0008 5800 [ E7C54812A2AAF43316EB6930C1FFA108 ] NDIS C:\Windows\system32\drivers\ndis.sys
09:34:21.0008 5800 NDIS - ok
09:34:21.0039 5800 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
09:34:21.0039 5800 NdisCap - ok
09:34:21.0070 5800 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
09:34:21.0070 5800 NdisTapi - ok
09:34:21.0101 5800 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
09:34:21.0117 5800 Ndisuio - ok
09:34:21.0148 5800 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
09:34:21.0148 5800 NdisWan - ok
09:34:21.0195 5800 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
09:34:21.0195 5800 NDProxy - ok
09:34:21.0257 5800 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
09:34:21.0257 5800 NetBIOS - ok
09:34:21.0288 5800 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
09:34:21.0288 5800 NetBT - ok
09:34:21.0304 5800 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
09:34:21.0304 5800 Netlogon - ok
09:34:21.0351 5800 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
09:34:21.0366 5800 Netman - ok
09:34:21.0398 5800 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
09:34:21.0413 5800 netprofm - ok
09:34:21.0444 5800 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:34:21.0444 5800 NetTcpPortSharing - ok
09:34:21.0460 5800 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
09:34:21.0460 5800 nfrd960 - ok
09:34:21.0491 5800 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
09:34:21.0507 5800 NlaSvc - ok
09:34:21.0522 5800 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
09:34:21.0522 5800 Npfs - ok
09:34:21.0554 5800 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
09:34:21.0554 5800 nsi - ok
09:34:21.0569 5800 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
09:34:21.0569 5800 nsiproxy - ok
09:34:21.0616 5800 [ 81189C3D7763838E55C397759D49007A ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
09:34:21.0647 5800 Ntfs - ok
09:34:21.0678 5800 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
09:34:21.0694 5800 Null - ok
09:34:21.0725 5800 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
09:34:21.0725 5800 nvraid - ok
09:34:21.0756 5800 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
09:34:21.0756 5800 nvstor - ok
09:34:21.0803 5800 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
09:34:21.0803 5800 nv_agp - ok
09:34:21.0975 5800 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:34:21.0990 5800 odserv - ok
09:34:22.0037 5800 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
09:34:22.0037 5800 ohci1394 - ok
09:34:22.0084 5800 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:34:22.0084 5800 ose - ok
09:34:22.0131 5800 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
09:34:22.0131 5800 p2pimsvc - ok
09:34:22.0193 5800 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
09:34:22.0193 5800 p2psvc - ok
09:34:22.0224 5800 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
09:34:22.0240 5800 Parport - ok
09:34:22.0271 5800 [ BF8F6AF06DA75B336F07E23AEF97D93B ] partmgr C:\Windows\system32\drivers\partmgr.sys
09:34:22.0271 5800 partmgr - ok
09:34:22.0287 5800 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
09:34:22.0287 5800 Parvdm - ok
09:34:22.0365 5800 [ 3ADB8BD6154A3EF87496E8FCE9C22493 ] pavboot C:\Windows\system32\drivers\pavboot.sys
09:34:22.0365 5800 pavboot - ok
09:34:22.0427 5800 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
09:34:22.0427 5800 PcaSvc - ok
09:34:22.0490 5800 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
09:34:22.0490 5800 pci - ok
09:34:22.0536 5800 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
09:34:22.0536 5800 pciide - ok
09:34:22.0568 5800 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
09:34:22.0568 5800 pcmcia - ok
09:34:22.0583 5800 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
09:34:22.0583 5800 pcw - ok
09:34:22.0599 5800 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
09:34:22.0614 5800 PEAUTH - ok
09:34:22.0692 5800 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
09:34:22.0724 5800 PeerDistSvc - ok
09:34:22.0848 5800 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
09:34:22.0864 5800 pla - ok
09:34:22.0911 5800 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
09:34:22.0911 5800 PlugPlay - ok
09:34:22.0958 5800 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
09:34:22.0973 5800 PNRPAutoReg - ok
09:34:22.0989 5800 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
09:34:22.0989 5800 PNRPsvc - ok
09:34:23.0036 5800 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

Vijay murthy · Oct 8, 2012

09:34:23.0051 5800 PolicyAgent - ok
09:34:23.0098 5800 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
09:34:23.0098 5800 Power - ok
09:34:23.0129 5800 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
09:34:23.0129 5800 PptpMiniport - ok
09:34:23.0145 5800 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
09:34:23.0145 5800 Processor - ok
09:34:23.0192 5800 [ 43CA4CCC22D52FB58E8988F0198851D0 ] ProfSvc C:\Windows\system32\profsvc.dll
09:34:23.0192 5800 ProfSvc - ok
09:34:23.0207 5800 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
09:34:23.0223 5800 ProtectedStorage - ok
09:34:23.0285 5800 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
09:34:23.0285 5800 Psched - ok
09:34:23.0348 5800 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
09:34:23.0394 5800 ql2300 - ok
09:34:23.0426 5800 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
09:34:23.0426 5800 ql40xx - ok
09:34:23.0457 5800 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
09:34:23.0472 5800 QWAVE - ok
09:34:23.0488 5800 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
09:34:23.0504 5800 QWAVEdrv - ok
09:34:23.0519 5800 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
09:34:23.0519 5800 RasAcd - ok
09:34:23.0550 5800 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
09:34:23.0550 5800 RasAgileVpn - ok
09:34:23.0566 5800 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
09:34:23.0582 5800 RasAuto - ok
09:34:23.0582 5800 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
09:34:23.0597 5800 Rasl2tp - ok
09:34:23.0675 5800 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
09:34:23.0675 5800 RasMan - ok
09:34:23.0706 5800 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
09:34:23.0706 5800 RasPppoe - ok
09:34:23.0722 5800 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
09:34:23.0722 5800 RasSstp - ok
09:34:23.0769 5800 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
09:34:23.0769 5800 rdbss - ok
09:34:23.0784 5800 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
09:34:23.0800 5800 rdpbus - ok
09:34:23.0816 5800 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
09:34:23.0831 5800 RDPCDD - ok
09:34:23.0862 5800 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
09:34:23.0862 5800 RDPDR - ok
09:34:23.0909 5800 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
09:34:23.0909 5800 RDPENCDD - ok
09:34:23.0909 5800 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
09:34:23.0925 5800 RDPREFMP - ok
09:34:23.0956 5800 [ 68A0387F58E226DEEE23D9715955572A ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
09:34:23.0956 5800 RdpVideoMiniport - ok
09:34:23.0987 5800 [ 244C83332F44589AE98FC347F11B2693 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
09:34:24.0003 5800 RDPWD - ok
09:34:24.0050 5800 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
09:34:24.0050 5800 rdyboost - ok
09:34:24.0096 5800 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
09:34:24.0112 5800 RemoteAccess - ok
09:34:24.0143 5800 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
09:34:24.0143 5800 RemoteRegistry - ok
09:34:24.0190 5800 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
09:34:24.0190 5800 RFCOMM - ok
09:34:24.0237 5800 [ 564297827D213F52C7A3A2FF749568CA ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
09:34:24.0237 5800 ROOTMODEM - ok
09:34:24.0268 5800 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
09:34:24.0268 5800 RpcEptMapper - ok
09:34:24.0284 5800 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
09:34:24.0299 5800 RpcLocator - ok
09:34:24.0330 5800 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
09:34:24.0330 5800 RpcSs - ok
09:34:24.0377 5800 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
09:34:24.0377 5800 rspndr - ok
09:34:24.0440 5800 [ 5283B9A27FF230F2FF70D92451FF409A ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
09:34:24.0440 5800 RTL8167 - ok
09:34:24.0502 5800 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
09:34:24.0502 5800 s3cap - ok
09:34:24.0518 5800 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
09:34:24.0533 5800 SamSs - ok
09:34:24.0549 5800 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
09:34:24.0549 5800 sbp2port - ok
09:34:24.0705 5800 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
09:34:24.0720 5800 SBSDWSCService - ok
09:34:24.0752 5800 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
09:34:24.0767 5800 SCardSvr - ok
09:34:24.0783 5800 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
09:34:24.0783 5800 scfilter - ok
09:34:24.0830 5800 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
09:34:24.0845 5800 Schedule - ok
09:34:24.0861 5800 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
09:34:24.0861 5800 SCPolicySvc - ok
09:34:24.0892 5800 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
09:34:24.0908 5800 SDRSVC - ok
09:34:24.0939 5800 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
09:34:24.0939 5800 secdrv - ok
09:34:24.0970 5800 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
09:34:24.0986 5800 seclogon - ok
09:34:25.0017 5800 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
09:34:25.0032 5800 SENS - ok
09:34:25.0032 5800 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
09:34:25.0048 5800 SensrSvc - ok
09:34:25.0064 5800 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
09:34:25.0064 5800 Serenum - ok
09:34:25.0110 5800 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
09:34:25.0110 5800 Serial - ok
09:34:25.0142 5800 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
09:34:25.0142 5800 sermouse - ok
09:34:25.0188 5800 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
09:34:25.0188 5800 SessionEnv - ok
09:34:25.0220 5800 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
09:34:25.0220 5800 sffdisk - ok
09:34:25.0235 5800 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
09:34:25.0235 5800 sffp_mmc - ok
09:34:25.0251 5800 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
09:34:25.0251 5800 sffp_sd - ok
09:34:25.0251 5800 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
09:34:25.0251 5800 sfloppy - ok
09:34:25.0360 5800 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
09:34:25.0360 5800 SharedAccess - ok
09:34:25.0485 5800 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:34:25.0485 5800 ShellHWDetection - ok
09:34:25.0532 5800 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
09:34:25.0532 5800 sisagp - ok
09:34:25.0563 5800 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:34:25.0563 5800 SiSRaid2 - ok
09:34:25.0578 5800 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
09:34:25.0578 5800 SiSRaid4 - ok
09:34:25.0672 5800 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
09:34:25.0688 5800 SkypeUpdate - ok
09:34:25.0703 5800 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
09:34:25.0703 5800 Smb - ok
09:34:25.0766 5800 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
09:34:25.0766 5800 SNMPTRAP - ok
09:34:25.0812 5800 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
09:34:25.0812 5800 spldr - ok
09:34:25.0922 5800 [ 866A43013535DC8587C258E43579C764 ] Spooler C:\Windows\System32\spoolsv.exe
09:34:25.0922 5800 Spooler - ok
09:34:26.0156 5800 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
09:34:26.0171 5800 sppsvc - ok
09:34:26.0218 5800 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
09:34:26.0234 5800 sppuinotify - ok
09:34:26.0265 5800 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
09:34:26.0265 5800 srv - ok
09:34:26.0358 5800 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
09:34:26.0358 5800 srv2 - ok
09:34:26.0390 5800 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
09:34:26.0390 5800 srvnet - ok
09:34:26.0421 5800 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
09:34:26.0421 5800 SSDPSRV - ok
09:34:26.0452 5800 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
09:34:26.0468 5800 SstpSvc - ok
09:34:26.0499 5800 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
09:34:26.0499 5800 stexstor - ok
09:34:26.0530 5800 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
09:34:26.0546 5800 StiSvc - ok
09:34:26.0592 5800 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
09:34:26.0592 5800 storflt - ok
09:34:26.0608 5800 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
09:34:26.0608 5800 storvsc - ok
09:34:26.0670 5800 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
09:34:26.0670 5800 swenum - ok
09:34:26.0702 5800 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
09:34:26.0717 5800 swprv - ok
09:34:26.0733 5800 Synth3dVsc - ok
09:34:26.0780 5800 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
09:34:26.0842 5800 SysMain - ok
09:34:26.0904 5800 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:34:26.0904 5800 TabletInputService - ok
09:34:26.0951 5800 [ 11D34FC869F5BDA29949FE3858380894 ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys
09:34:26.0967 5800 tap0901 - ok
09:34:27.0045 5800 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
09:34:27.0045 5800 TapiSrv - ok
09:34:27.0092 5800 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
09:34:27.0092 5800 TBS - ok
09:34:27.0154 5800 [ 65D10B191C59C5501A1263FC33F6894B ] Tcpip C:\Windows\system32\drivers\tcpip.sys
09:34:27.0185 5800 Tcpip - ok
09:34:27.0248 5800 [ 65D10B191C59C5501A1263FC33F6894B ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
09:34:27.0248 5800 TCPIP6 - ok
09:34:27.0310 5800 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
09:34:27.0310 5800 tcpipreg - ok
09:34:27.0341 5800 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
09:34:27.0357 5800 TDPIPE - ok
09:34:27.0372 5800 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
09:34:27.0372 5800 TDTCP - ok
09:34:27.0404 5800 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
09:34:27.0404 5800 tdx - ok
09:34:27.0435 5800 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
09:34:27.0450 5800 TermDD - ok
09:34:27.0466 5800 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
09:34:27.0482 5800 TermService - ok
09:34:27.0528 5800 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
09:34:27.0528 5800 Themes - ok
09:34:27.0560 5800 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
09:34:27.0560 5800 THREADORDER - ok
09:34:27.0606 5800 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
09:34:27.0606 5800 TrkWks - ok
09:34:27.0731 5800 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:34:27.0731 5800 TrustedInstaller - ok
09:34:27.0762 5800 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
09:34:27.0762 5800 tssecsrv - ok
09:34:27.0794 5800 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
09:34:27.0794 5800 TsUsbFlt - ok
09:34:27.0809 5800 tsusbhub - ok
09:34:27.0856 5800 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
09:34:27.0856 5800 tunnel - ok
09:34:27.0887 5800 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
09:34:27.0887 5800 uagp35 - ok
09:34:27.0918 5800 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
09:34:27.0934 5800 udfs - ok
09:34:27.0950 5800 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
09:34:27.0965 5800 UI0Detect - ok
09:34:27.0996 5800 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
09:34:27.0996 5800 uliagpkx - ok
09:34:28.0028 5800 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
09:34:28.0028 5800 umbus - ok
09:34:28.0059 5800 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
09:34:28.0059 5800 UmPass - ok
09:34:28.0106 5800 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
09:34:28.0106 5800 UmRdpService - ok
09:34:28.0511 5800 [ 765F2DD351BA064F657751D8D75E58C0 ] UNS C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
09:34:28.0527 5800 UNS - ok
09:34:28.0574 5800 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
09:34:28.0574 5800 upnphost - ok
09:34:28.0605 5800 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
09:34:28.0605 5800 usbccgp - ok
09:34:28.0636 5800 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
09:34:28.0636 5800 usbcir - ok
09:34:28.0683 5800 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\drivers\usbehci.sys
09:34:28.0683 5800 usbehci - ok
09:34:28.0698 5800 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
09:34:28.0698 5800 usbhub - ok
09:34:28.0745 5800 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
09:34:28.0745 5800 usbohci - ok
09:34:28.0776 5800 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
09:34:28.0776 5800 usbprint - ok
09:34:28.0808 5800 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:34:28.0808 5800 USBSTOR - ok
09:34:28.0808 5800 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
09:34:28.0823 5800 usbuhci - ok
09:34:28.0901 5800 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
09:34:28.0901 5800 usbvideo - ok
09:34:28.0932 5800 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
09:34:28.0932 5800 UxSms - ok
09:34:28.0948 5800 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
09:34:28.0948 5800 VaultSvc - ok
09:34:28.0979 5800 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
09:34:28.0979 5800 vdrvroot - ok
09:34:29.0026 5800 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
09:34:29.0026 5800 vds - ok
09:34:29.0057 5800 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
09:34:29.0057 5800 vga - ok
09:34:29.0073 5800 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
09:34:29.0088 5800 VgaSave - ok
09:34:29.0088 5800 VGPU - ok
09:34:29.0151 5800 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
09:34:29.0151 5800 vhdmp - ok
09:34:29.0198 5800 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
09:34:29.0198 5800 viaagp - ok
09:34:29.0229 5800 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
09:34:29.0229 5800 ViaC7 - ok
09:34:29.0260 5800 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
09:34:29.0260 5800 viaide - ok
09:34:29.0291 5800 VideoAcceleratorService - ok
09:34:29.0307 5800 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
09:34:29.0307 5800 vmbus - ok
09:34:29.0322 5800 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
09:34:29.0322 5800 VMBusHID - ok
09:34:29.0338 5800 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
09:34:29.0338 5800 volmgr - ok
09:34:29.0354 5800 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
09:34:29.0369 5800 volmgrx - ok
09:34:29.0385 5800 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
09:34:29.0400 5800 volsnap - ok
09:34:29.0416 5800 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
09:34:29.0416 5800 vsmraid - ok
09:34:29.0494 5800 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
09:34:29.0510 5800 VSS - ok
09:34:29.0541 5800 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
09:34:29.0541 5800 vwifibus - ok
09:34:29.0572 5800 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
09:34:29.0572 5800 vwififlt - ok
09:34:29.0603 5800 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
09:34:29.0603 5800 vwifimp - ok
09:34:29.0650 5800 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
09:34:29.0650 5800 W32Time - ok
09:34:29.0681 5800 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
09:34:29.0697 5800 WacomPen - ok
09:34:29.0728 5800 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
09:34:29.0728 5800 WANARP - ok
09:34:29.0728 5800 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
09:34:29.0728 5800 Wanarpv6 - ok
09:34:30.0024 5800 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
09:34:30.0040 5800 WatAdminSvc - ok
09:34:30.0102 5800 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
09:34:30.0149 5800 wbengine - ok
09:34:30.0227 5800 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
09:34:30.0227 5800 WbioSrvc - ok
09:34:30.0274 5800 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
09:34:30.0274 5800 wcncsvc - ok
09:34:30.0305 5800 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:34:30.0305 5800 WcsPlugInService - ok
09:34:30.0336 5800 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
09:34:30.0336 5800 Wd - ok
09:34:30.0368 5800 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
09:34:30.0368 5800 Wdf01000 - ok
09:34:30.0414 5800 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
09:34:30.0414 5800 WdiServiceHost - ok
09:34:30.0430 5800 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
09:34:30.0430 5800 WdiSystemHost - ok
09:34:30.0492 5800 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
09:34:30.0508 5800 WebClient - ok
09:34:30.0539 5800 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
09:34:30.0555 5800 Wecsvc - ok
09:34:30.0570 5800 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
09:34:30.0570 5800 wercplsupport - ok
09:34:30.0617 5800 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
09:34:30.0617 5800 WerSvc - ok
09:34:30.0648 5800 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
09:34:30.0648 5800 WfpLwf - ok
09:34:30.0680 5800 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
09:34:30.0680 5800 WIMMount - ok
09:34:30.0758 5800 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
09:34:30.0758 5800 WinDefend - ok
09:34:30.0758 5800 WinHttpAutoProxySvc - ok
09:34:30.0945 5800 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
09:34:30.0945 5800 Winmgmt - ok
09:34:30.0992 5800 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
09:34:31.0023 5800 WinRM - ok
09:34:31.0116 5800 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
09:34:31.0116 5800 WinUsb - ok
09:34:31.0179 5800 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
09:34:31.0210 5800 Wlansvc - ok
09:34:31.0257 5800 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
09:34:31.0257 5800 WmiAcpi - ok
09:34:31.0350 5800 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
09:34:31.0350 5800 wmiApSrv - ok
09:34:31.0522 5800 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
09:34:31.0522 5800 WMPNetworkSvc - ok
09:34:31.0553 5800 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
09:34:31.0553 5800 WPCSvc - ok
09:34:31.0600 5800 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
09:34:31.0600 5800 WPDBusEnum - ok
09:34:31.0631 5800 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
09:34:31.0631 5800 ws2ifsl - ok
09:34:31.0647 5800 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll
09:34:31.0647 5800 wscsvc - ok
09:34:31.0647 5800 WSearch - ok
09:34:31.0709 5800 [ 3026418A50C5B4761BEFA632CEDB7406 ] wuauserv C:\Windows\system32\wuaueng.dll
09:34:31.0725 5800 wuauserv - ok
09:34:31.0756 5800 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
09:34:31.0756 5800 WudfPf - ok
09:34:31.0803 5800 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
09:34:31.0803 5800 WUDFRd - ok
09:34:31.0834 5800 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
09:34:31.0834 5800 wudfsvc - ok
09:34:31.0865 5800 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
09:34:31.0881 5800 WwanSvc - ok
09:34:31.0912 5800 XAMPP - ok
09:34:31.0959 5800 ================ Scan global ===============================
09:34:31.0990 5800 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
09:34:32.0052 5800 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
09:34:32.0068 5800 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
09:34:32.0099 5800 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
09:34:32.0146 5800 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
09:34:32.0162 5800 [Global] - ok
09:34:32.0162 5800 ================ Scan MBR ==================================
09:34:32.0177 5800 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
09:34:33.0035 5800 \Device\Harddisk0\DR0 - ok
09:34:33.0035 5800 ================ Scan VBR ==================================
09:34:33.0035 5800 [ A07F6F2C70B73E8338A3719800CF228C ] \Device\Harddisk0\DR0\Partition1
09:34:33.0051 5800 \Device\Harddisk0\DR0\Partition1 - ok
09:34:33.0051 5800 [ DA54D8C36393419F674970DB33F5FB25 ] \Device\Harddisk0\DR0\Partition2
09:34:33.0051 5800 \Device\Harddisk0\DR0\Partition2 - ok
09:34:33.0066 5800 [ 80044D650CBC7D6C671B04A924817659 ] \Device\Harddisk0\DR0\Partition3
09:34:33.0066 5800 \Device\Harddisk0\DR0\Partition3 - ok
09:34:33.0098 5800 [ 6EE3B3E77880CA64B6F62409669D826D ] \Device\Harddisk0\DR0\Partition4
09:34:33.0098 5800 \Device\Harddisk0\DR0\Partition4 - ok
09:34:33.0098 5800 ============================================================
09:34:33.0098 5800 Scan finished
09:34:33.0098 5800 ============================================================
09:34:33.0285 2956 Detected object count: 0
09:34:33.0285 2956 Actual detected object count: 0
09:34:37.0902 3940 Deinitialize success

Vijay murthy · Oct 8, 2012

RogueKiller V8.1.1 [10/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : User [Admin rights]
Mode : Scan -- Date : 10/08/2012 09:24:59
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 8 ¤¤¤
[TASK][SUSP PATH] {33DE9F5C-4DD9-4450-951C-1BEEABE0DD1F} : C:\Windows\System32\pcalua.exe -a C:\Users\User\Desktop\fxc4setup.exe -d C:\Users\User\Desktop -> FOUND
[TASK][SUSP PATH] {A28CEAE7-C399-4DCC-91F2-85297367A9AC} : C:\Windows\System32\pcalua.exe -a C:\Users\User\Desktop\phptriad2-2-1.exe -d "C:\Program Files\Mozilla Firefox" -> FOUND
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD3200BEVT-60A23T0 ATA Device +++++
--- User ---
[MBR] 8c98d83112b310773fcdfecc5f91964e
[BSP] 86972ab7057de3dc16d9615a9bba0e92 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 59900 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 122882048 | Size: 120000 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 368642048 | Size: 125243 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1].txt >>
RKreport[1].txt

Vijay murthy · Oct 8, 2012

RogueKiller V8.1.1 [10/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : User [Admin rights]
Mode : Remove -- Date : 10/08/2012 09:29:35
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 8 ¤¤¤
[TASK][SUSP PATH] {33DE9F5C-4DD9-4450-951C-1BEEABE0DD1F} : C:\Windows\System32\pcalua.exe -a C:\Users\User\Desktop\fxc4setup.exe -d C:\Users\User\Desktop -> DELETED
[TASK][SUSP PATH] {A28CEAE7-C399-4DCC-91F2-85297367A9AC} : C:\Windows\System32\pcalua.exe -a C:\Users\User\Desktop\phptriad2-2-1.exe -d "C:\Program Files\Mozilla Firefox" -> DELETED
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD3200BEVT-60A23T0 ATA Device +++++
--- User ---
[MBR] 8c98d83112b310773fcdfecc5f91964e
[BSP] 86972ab7057de3dc16d9615a9bba0e92 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 59900 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 122882048 | Size: 120000 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 368642048 | Size: 125243 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

Vijay murthy · Oct 8, 2012

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-08 09:37:03
-----------------------------
09:37:03.966 OS Version: Windows 6.1.7601 Service Pack 1
09:37:03.966 Number of processors: 2 586 0x2505
09:37:03.981 ComputerName: USER-PC UserName: User
09:37:14.402 Initialize success
09:37:14.808 AVAST engine defs: 12100702
09:38:36.610 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
09:38:36.612 Disk 0 Vendor: WDC_WD3200BEVT-60A23T0 02.01A02 Size: 305245MB BusType: 11
09:38:36.640 Disk 0 MBR read successfully
09:38:36.643 Disk 0 MBR scan
09:38:36.646 Disk 0 Windows 7 default MBR code
09:38:36.649 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
09:38:36.666 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 59900 MB offset 206848
09:38:36.682 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 120000 MB offset 122882048
09:38:36.709 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 125243 MB offset 368642048
09:38:36.718 Disk 0 scanning sectors +625139712
09:38:36.783 Disk 0 scanning C:\Windows\system32\drivers
09:38:50.172 Service scanning
09:39:53.517 Modules scanning
09:40:22.433 Disk 0 trace - called modules:
09:40:22.456 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
09:40:22.461 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8659ea20]
09:40:22.466 3 CLASSPNP.SYS[8978b59e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x86482908]
09:40:22.842 AVAST engine scan C:\Windows
09:40:25.557 AVAST engine scan C:\Windows\system32
09:43:07.815 AVAST engine scan C:\Windows\system32\drivers
09:43:27.655 AVAST engine scan C:\Users\User
09:48:43.116 AVAST engine scan C:\ProgramData
09:49:16.666 Scan finished successfully
09:49:35.042 Disk 0 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
09:49:35.048 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR.txt"

Broni · Oct 8, 2012

Good

Create new restore point before proceeding with the next step....
How to:
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

==========================

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
If restarting doesn't help use restore point you created prior to running Combofix.
Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

Vijay murthy · Oct 10, 2012

Hello sir, thanks for your help. I actually could not follow the instructions what you asked me to do. I did some mistake so I thought of give it up. I have decided to format entire C drive and install new windows copy. Once again thanks for your help.

Broni · Oct 10, 2012

Thank you for letting me know

Inactive I want someone to help me please, I am keep getting Malwarebytes Anti-Malware popups

Vijay murthy

Posts: 10 +0

Attachments

Broni

Posts: 56,041 +516

Vijay murthy

Posts: 10 +0

Broni

Posts: 56,041 +516

Vijay murthy

Posts: 10 +0

Vijay murthy

Posts: 10 +0

Broni

Posts: 56,041 +516

Vijay murthy

Posts: 10 +0

Vijay murthy

Posts: 10 +0

Vijay murthy

Posts: 10 +0

Vijay murthy

Posts: 10 +0

Vijay murthy

Posts: 10 +0

Broni

Posts: 56,041 +516

Vijay murthy

Posts: 10 +0

Broni

Posts: 56,041 +516

Similar threads

Latest posts