Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Higher CPU and Memory usage then normal


  • Please log in to reply
13 replies to this topic

#1 Sotyr

Sotyr

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:39 AM

Posted 05 December 2012 - 07:15 PM

Not too long ago I got rid of a virus (With the help of somebody here) and since I got rid of it (but not while I had it) My CPU and Memory usage have been higher. normally With 3 or 4 tabs of google crome,Skype and Avast Open My CPU usage moves between 4, 5,7 and maybe 14 Now it's going between 12,16,18,22, and goes to up around 100 when opening most anything. where as My memory is usually 1.53 GB (With Previously stated stuff open) And with skype alone open it's at 1.88 with one tab of google crome it goes too 2.14 GB. It probably sounds like a viruses doing but 3 different scans (Eset, Avast! and Malware-Bytes All Full scans) didn't find any more viruses.

When I ran Rkill it got these:

Processes terminated by Rkill or while it was running:
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\SysWOW64\rundll32.exe

I'm not sure if this is a mistake by Rkill or an infection (Because Rkill has killed Internet explorer and Skype when they weren't)

I posted this in another forum section I know but after over 5 days with no response and me thinking it's a virus instead of a computer problem I re-posted here. (I looked to see what I should do with no response after an amount of days but couldn't find anything except here which says after three days)

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 61,705 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:39 AM

Posted 05 December 2012 - 08:53 PM

Hello, RKill is to be run and then immediately you would run MBAM and your AV or tools to remove what malware that was stopped by it. The purpose of this tool is to stop certain processes and fix certain reg keys that stop us from using our normal clean up tools. When you reboot the machine these stopped processes are released. (less any malware contained or associated to to them)

I see you mention Eset, Avast! If you are running 2 AV's this can be the whole problem. Having 2 active will cause conflicts and slowness and more.
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#3 Sotyr

Sotyr
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:39 AM

Posted 05 December 2012 - 11:08 PM

I only run scans with Eset No security and not at the same time and I mean it's going slower general. Also I ran a virus scan after Rkill I forgot to mention, It found nothing,

Edited by Sotyr, 05 December 2012 - 11:52 PM.


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 61,705 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:39 AM

Posted 06 December 2012 - 11:04 AM

Hello, as you are not having redirects,let's a second opinion on thise files. Go to one of the following online services that analyzes suspicious files:In the "File to Scan" (Upload or Submit) box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis. If you get a message saying "File has already been analyzed", click Reanalyze or Scan again.
-- Post back with the results of the file analysis.
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#5 Sotyr

Sotyr
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:39 AM

Posted 06 December 2012 - 12:19 PM

None of them found anything on either C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe or C:\Windows\SysWOW64\rundll32.exe But since neither of them are infected why do I have a lot worse performance in task manager and a lot slower computer with less stuff open then normal?

Edit: And my network firewall was turned off by something that I don't know.

Edited by Sotyr, 06 December 2012 - 01:52 PM.


#6 robocop321

robocop321

  • Members
  • 114 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:01:39 PM

Posted 06 December 2012 - 03:53 PM

You might want to download CCleaner from Piriform. It will clean many files such as the temp files and also fix your registry issues which might be causing your CPU usage to be higher than normal. You might also want to get TFC.exe by old timer (someone will have the link for it maybe Boopme or Broni)
hope all goes well. I'm having trouble myself with some nasty malware or root-kit. getting Broni to help me.

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 61,705 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:39 AM

Posted 06 December 2012 - 07:54 PM

Lets run a fresh RKill,MBAM and TDSS and see the logs.



Please download Rkill by Grinler and save it to your desktop.Link 1
Link 2
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
Do not reboot the computer, you will need to run the application again.


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Please ask any needed questions,post logs and Let us know how the PC is running now.



Please Download TDSSkiller
Launch it.
Click on change parameters-Select TDLFS file system
Click on "Scan".
Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results.



Let's also run,,MiniToolBox
Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#8 Sotyr

Sotyr
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:39 AM

Posted 07 December 2012 - 01:52 AM

I hope it doesn't matter if google chrome was open, And Quarantine for the TDSSKiller right?

--------------------
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.07.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Skeith :: SHADOWSKEITH-PC [administrator]

12/6/2012 10:18:26 PM
mbam-log-2012-12-06 (22-18-26).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 256620
Time elapsed: 3 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
c:\users\skeeith\videos\gbpxp.exe (Trojan.Banker) -> Delete on reboot.
c:\users\skeeith\videos\mob127.bin (Malware.Trace) -> Delete on reboot.
c:\users\skeeith\pictures\cool profile pics\cool profile pics.exe (Trojan.Agent) -> Delete on reboot.

(end)


--------------------------------------------



22:33:22.0224 4460 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
22:33:22.0741 4460 ============================================================
22:33:22.0741 4460 Current date / time: 2012/12/06 22:33:22.0741
22:33:22.0741 4460 SystemInfo:
22:33:22.0741 4460
22:33:22.0742 4460 OS Version: 6.1.7601 ServicePack: 1.0
22:33:22.0742 4460 Product type: Workstation
22:33:22.0742 4460 ComputerName: SHADOWSKEITH-PC
22:33:22.0743 4460 UserName: Skeith
22:33:22.0743 4460 Windows directory: C:\Windows
22:33:22.0743 4460 System windows directory: C:\Windows
22:33:22.0743 4460 Running under WOW64
22:33:22.0743 4460 Processor architecture: Intel x64
22:33:22.0743 4460 Number of processors: 2
22:33:22.0743 4460 Page size: 0x1000
22:33:22.0743 4460 Boot type: Normal boot
22:33:22.0743 4460 ============================================================
22:33:26.0033 4460 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:33:26.0078 4460 ============================================================
22:33:26.0078 4460 \Device\Harddisk0\DR0:
22:33:26.0078 4460 MBR partitions:
22:33:26.0078 4460 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1DA0000
22:33:26.0078 4460 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1DB4000, BlocksNum 0x385D0000
22:33:26.0078 4460 ============================================================
22:33:26.0130 4460 C: <-> \Device\Harddisk0\DR0\Partition2
22:33:26.0130 4460 ============================================================
22:33:26.0130 4460 Initialize success
22:33:26.0130 4460 ============================================================
22:33:39.0767 5488 ============================================================
22:33:39.0767 5488 Scan started
22:33:39.0767 5488 Mode: Manual; TDLFS;
22:33:39.0767 5488 ============================================================
22:33:40.0573 5488 ================ Scan system memory ========================
22:33:40.0573 5488 System memory - ok
22:33:40.0574 5488 ================ Scan services =============================
22:33:41.0643 5488 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
22:33:41.0646 5488 1394ohci - ok
22:33:41.0702 5488 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
22:33:41.0711 5488 ACPI - ok
22:33:41.0732 5488 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
22:33:41.0734 5488 AcpiPmi - ok
22:33:41.0800 5488 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
22:33:41.0824 5488 adp94xx - ok
22:33:41.0858 5488 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
22:33:41.0863 5488 adpahci - ok
22:33:41.0871 5488 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
22:33:41.0874 5488 adpu320 - ok
22:33:41.0900 5488 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:33:41.0901 5488 AeLookupSvc - ok
22:33:41.0964 5488 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
22:33:41.0979 5488 AFD - ok
22:33:42.0005 5488 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
22:33:42.0007 5488 agp440 - ok
22:33:42.0031 5488 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
22:33:42.0038 5488 ALG - ok
22:33:42.0105 5488 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
22:33:42.0106 5488 aliide - ok
22:33:42.0213 5488 [ E2934A5F82E010D8783544536384B035 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
22:33:42.0220 5488 AMD External Events Utility - ok
22:33:42.0247 5488 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
22:33:42.0250 5488 amdide - ok
22:33:42.0284 5488 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
22:33:42.0285 5488 AmdK8 - ok
22:33:42.0311 5488 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
22:33:42.0312 5488 AmdPPM - ok
22:33:42.0338 5488 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
22:33:42.0341 5488 amdsata - ok
22:33:42.0394 5488 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
22:33:42.0403 5488 amdsbs - ok
22:33:42.0427 5488 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
22:33:42.0428 5488 amdxata - ok
22:33:42.0535 5488 [ 59D01FA91962C9C1E9B4022B2D3B46DB ] AppHostSvc C:\Windows\system32\inetsrv\apphostsvc.dll
22:33:42.0540 5488 AppHostSvc - ok
22:33:42.0620 5488 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
22:33:42.0627 5488 AppID - ok
22:33:42.0656 5488 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
22:33:42.0657 5488 AppIDSvc - ok
22:33:42.0730 5488 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
22:33:42.0734 5488 Appinfo - ok
22:33:42.0941 5488 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:33:42.0945 5488 Apple Mobile Device - ok
22:33:43.0030 5488 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
22:33:43.0032 5488 arc - ok
22:33:43.0116 5488 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
22:33:43.0121 5488 arcsas - ok
22:33:43.0498 5488 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:33:43.0551 5488 aspnet_state - ok
22:33:43.0610 5488 [ 4FCAEF0C5BE7629AEB878998E0FE959B ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
22:33:43.0612 5488 aswFsBlk - ok
22:33:43.0680 5488 [ 9FFC732E12FF53E05FE9E02C8C00CE87 ] aswFW C:\Windows\system32\drivers\aswFW.sys
22:33:43.0682 5488 aswFW - ok
22:33:43.0723 5488 [ 6B91E6D483AADB3FC4E13E2355200611 ] aswKbd C:\Windows\system32\drivers\aswKbd.sys
22:33:43.0725 5488 aswKbd - ok
22:33:43.0780 5488 [ B50CDD87772D6A11CB90924AAD399DF8 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
22:33:43.0782 5488 aswMonFlt - ok
22:33:43.0803 5488 [ 518B8D447A1975AB46DA093A2E743256 ] aswNdis C:\Windows\system32\DRIVERS\aswNdis.sys
22:33:43.0804 5488 aswNdis - ok
22:33:43.0882 5488 [ 5A832BBB1B563B6B3FDA46239B630037 ] aswNdis2 C:\Windows\system32\drivers\aswNdis2.sys
22:33:43.0886 5488 aswNdis2 - ok
22:33:43.0929 5488 [ 57768C7DB4681F2510F247F82EF31D4F ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
22:33:43.0931 5488 aswRdr - ok
22:33:43.0965 5488 [ E71D826A1F3CE9C9DE3E77F2D02AFFBF ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
22:33:43.0974 5488 aswSnx - ok
22:33:44.0008 5488 [ 538A32E2C99BF073D4CA76C30BEDAA60 ] aswSP C:\Windows\system32\drivers\aswSP.sys
22:33:44.0013 5488 aswSP - ok
22:33:44.0023 5488 [ 6EDC79D73745FD44C41B55B2D13D0B70 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
22:33:44.0025 5488 aswTdi - ok
22:33:44.0046 5488 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:33:44.0047 5488 AsyncMac - ok
22:33:44.0070 5488 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
22:33:44.0071 5488 atapi - ok
22:33:44.0112 5488 [ FB7602C5C508BE281368AAE0B61B51C6 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
22:33:44.0115 5488 AtiHdmiService - ok
22:33:44.0231 5488 [ ADF81052D94BCD3FF7DB2FE59E3ED6F4 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
22:33:44.0309 5488 atikmdag - ok
22:33:44.0333 5488 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\Windows\system32\drivers\AtiPcie.sys
22:33:44.0334 5488 AtiPcie - ok
22:33:44.0369 5488 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:33:44.0376 5488 AudioEndpointBuilder - ok
22:33:44.0386 5488 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
22:33:44.0390 5488 AudioSrv - ok
22:33:44.0452 5488 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
22:33:44.0454 5488 avast! Antivirus - ok
22:33:44.0493 5488 [ BC0E07A768A0A14C48E3CE1875F2C377 ] avast! Firewall C:\Program Files\AVAST Software\Avast\afwServ.exe
22:33:44.0495 5488 avast! Firewall - ok
22:33:44.0520 5488 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
22:33:44.0523 5488 AxInstSV - ok
22:33:44.0555 5488 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
22:33:44.0561 5488 b06bdrv - ok
22:33:44.0596 5488 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
22:33:44.0599 5488 b57nd60a - ok
22:33:44.0615 5488 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
22:33:44.0617 5488 BDESVC - ok
22:33:44.0639 5488 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
22:33:44.0641 5488 Beep - ok
22:33:44.0697 5488 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
22:33:44.0705 5488 BFE - ok
22:33:44.0734 5488 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
22:33:44.0743 5488 BITS - ok
22:33:44.0763 5488 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
22:33:44.0765 5488 blbdrive - ok
22:33:44.0863 5488 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:33:44.0868 5488 Bonjour Service - ok
22:33:44.0918 5488 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:33:44.0920 5488 bowser - ok
22:33:44.0947 5488 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
22:33:44.0949 5488 BrFiltLo - ok
22:33:44.0954 5488 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
22:33:44.0955 5488 BrFiltUp - ok
22:33:44.0991 5488 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
22:33:44.0993 5488 BridgeMP - ok
22:33:45.0031 5488 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
22:33:45.0032 5488 Browser - ok
22:33:45.0045 5488 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
22:33:45.0048 5488 Brserid - ok
22:33:45.0054 5488 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
22:33:45.0055 5488 BrSerWdm - ok
22:33:45.0060 5488 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
22:33:45.0061 5488 BrUsbMdm - ok
22:33:45.0065 5488 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
22:33:45.0068 5488 BrUsbSer - ok
22:33:45.0080 5488 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
22:33:45.0081 5488 BTHMODEM - ok
22:33:45.0106 5488 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
22:33:45.0109 5488 bthserv - ok
22:33:45.0112 5488 catchme - ok
22:33:45.0129 5488 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:33:45.0131 5488 cdfs - ok
22:33:45.0152 5488 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
22:33:45.0154 5488 cdrom - ok
22:33:45.0197 5488 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
22:33:45.0200 5488 CertPropSvc - ok
22:33:45.0223 5488 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
22:33:45.0225 5488 circlass - ok
22:33:45.0242 5488 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
22:33:45.0246 5488 CLFS - ok
22:33:45.0301 5488 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:33:45.0304 5488 clr_optimization_v2.0.50727_32 - ok
22:33:45.0340 5488 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:33:45.0344 5488 clr_optimization_v2.0.50727_64 - ok
22:33:45.0429 5488 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:33:45.0495 5488 clr_optimization_v4.0.30319_32 - ok
22:33:45.0531 5488 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:33:45.0551 5488 clr_optimization_v4.0.30319_64 - ok
22:33:45.0567 5488 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
22:33:45.0569 5488 CmBatt - ok
22:33:45.0573 5488 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
22:33:45.0574 5488 cmdide - ok
22:33:45.0643 5488 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
22:33:45.0647 5488 CNG - ok
22:33:45.0664 5488 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
22:33:45.0666 5488 Compbatt - ok
22:33:45.0686 5488 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
22:33:45.0688 5488 CompositeBus - ok
22:33:45.0698 5488 COMSysApp - ok
22:33:45.0704 5488 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
22:33:45.0705 5488 crcdisk - ok
22:33:45.0755 5488 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:33:45.0758 5488 CryptSvc - ok
22:33:45.0831 5488 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
22:33:45.0839 5488 cvhsvc - ok
22:33:45.0884 5488 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
22:33:45.0892 5488 DcomLaunch - ok
22:33:45.0910 5488 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
22:33:45.0914 5488 defragsvc - ok
22:33:45.0920 5488 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:33:45.0922 5488 DfsC - ok
22:33:45.0962 5488 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
22:33:45.0966 5488 Dhcp - ok
22:33:45.0982 5488 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
22:33:45.0984 5488 discache - ok
22:33:45.0997 5488 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
22:33:45.0998 5488 Disk - ok
22:33:46.0032 5488 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:33:46.0035 5488 Dnscache - ok
22:33:46.0049 5488 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
22:33:46.0053 5488 dot3svc - ok
22:33:46.0066 5488 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
22:33:46.0070 5488 DPS - ok
22:33:46.0100 5488 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:33:46.0102 5488 drmkaud - ok
22:33:46.0131 5488 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:33:46.0142 5488 DXGKrnl - ok
22:33:46.0148 5488 EagleX64 - ok
22:33:46.0165 5488 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
22:33:46.0168 5488 EapHost - ok
22:33:46.0220 5488 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
22:33:46.0275 5488 ebdrv - ok
22:33:46.0290 5488 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
22:33:46.0292 5488 EFS - ok
22:33:46.0385 5488 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:33:46.0395 5488 ehRecvr - ok
22:33:46.0405 5488 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
22:33:46.0406 5488 ehSched - ok
22:33:46.0423 5488 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
22:33:46.0428 5488 elxstor - ok
22:33:46.0432 5488 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
22:33:46.0433 5488 ErrDev - ok
22:33:46.0454 5488 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
22:33:46.0459 5488 EventSystem - ok
22:33:46.0493 5488 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
22:33:46.0495 5488 exfat - ok
22:33:46.0514 5488 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:33:46.0516 5488 fastfat - ok
22:33:46.0542 5488 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
22:33:46.0550 5488 Fax - ok
22:33:46.0554 5488 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
22:33:46.0556 5488 fdc - ok
22:33:46.0578 5488 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
22:33:46.0581 5488 fdPHost - ok
22:33:46.0590 5488 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
22:33:46.0592 5488 FDResPub - ok
22:33:46.0603 5488 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:33:46.0605 5488 FileInfo - ok
22:33:46.0613 5488 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:33:46.0615 5488 Filetrace - ok
22:33:46.0620 5488 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
22:33:46.0621 5488 flpydisk - ok
22:33:46.0633 5488 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:33:46.0637 5488 FltMgr - ok
22:33:46.0666 5488 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
22:33:46.0672 5488 FontCache - ok
22:33:46.0702 5488 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:33:46.0705 5488 FontCache3.0.0.0 - ok
22:33:46.0717 5488 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
22:33:46.0719 5488 FsDepends - ok
22:33:46.0737 5488 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:33:46.0738 5488 Fs_Rec - ok
22:33:46.0756 5488 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
22:33:46.0758 5488 fvevol - ok
22:33:46.0769 5488 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
22:33:46.0771 5488 gagp30kx - ok
22:33:46.0830 5488 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:33:46.0832 5488 GEARAspiWDM - ok
22:33:46.0864 5488 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
22:33:46.0872 5488 gpsvc - ok
22:33:46.0950 5488 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:33:46.0952 5488 gupdate - ok
22:33:46.0991 5488 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:33:46.0993 5488 gupdatem - ok
22:33:47.0069 5488 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
22:33:47.0078 5488 gusvc - ok
22:33:47.0121 5488 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
22:33:47.0124 5488 hamachi - ok
22:33:47.0146 5488 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
22:33:47.0148 5488 hcw85cir - ok
22:33:47.0169 5488 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
22:33:47.0172 5488 HDAudBus - ok
22:33:47.0181 5488 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
22:33:47.0183 5488 HidBatt - ok
22:33:47.0197 5488 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
22:33:47.0199 5488 HidBth - ok
22:33:47.0207 5488 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
22:33:47.0209 5488 HidIr - ok
22:33:47.0230 5488 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
22:33:47.0232 5488 hidserv - ok
22:33:47.0272 5488 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
22:33:47.0273 5488 HidUsb - ok
22:33:47.0282 5488 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:33:47.0285 5488 hkmsvc - ok
22:33:47.0299 5488 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:33:47.0303 5488 HomeGroupListener - ok
22:33:47.0341 5488 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:33:47.0346 5488 HomeGroupProvider - ok
22:33:47.0358 5488 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
22:33:47.0360 5488 HpSAMD - ok
22:33:47.0383 5488 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:33:47.0390 5488 HTTP - ok
22:33:47.0398 5488 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
22:33:47.0399 5488 hwpolicy - ok
22:33:47.0432 5488 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
22:33:47.0434 5488 i8042prt - ok
22:33:47.0462 5488 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
22:33:47.0469 5488 iaStorV - ok
22:33:47.0507 5488 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:33:47.0518 5488 idsvc - ok
22:33:47.0529 5488 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
22:33:47.0532 5488 iirsp - ok
22:33:47.0563 5488 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
22:33:47.0572 5488 IKEEXT - ok
22:33:47.0638 5488 [ 9526F32B8A76F8DC25A1587400E30084 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
22:33:47.0684 5488 IntcAzAudAddService - ok
22:33:47.0700 5488 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
22:33:47.0701 5488 intelide - ok
22:33:47.0715 5488 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
22:33:47.0717 5488 intelppm - ok
22:33:47.0733 5488 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:33:47.0736 5488 IPBusEnum - ok
22:33:47.0751 5488 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:33:47.0753 5488 IpFilterDriver - ok
22:33:47.0784 5488 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:33:47.0790 5488 iphlpsvc - ok
22:33:47.0808 5488 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
22:33:47.0816 5488 IPMIDRV - ok
22:33:47.0846 5488 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
22:33:47.0848 5488 IPNAT - ok
22:33:47.0919 5488 [ B474C756C13960793C7583B766F904C4 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
22:33:47.0926 5488 iPod Service - ok
22:33:47.0948 5488 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:33:47.0951 5488 IRENUM - ok
22:33:47.0964 5488 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
22:33:47.0966 5488 isapnp - ok
22:33:47.0983 5488 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
22:33:47.0988 5488 iScsiPrt - ok
22:33:48.0029 5488 [ D85F3F18E44F7447B5F1BA5C85BAEB7C ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
22:33:48.0032 5488 k57nd60a - ok
22:33:48.0041 5488 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
22:33:48.0043 5488 kbdclass - ok
22:33:48.0063 5488 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
22:33:48.0064 5488 kbdhid - ok
22:33:48.0072 5488 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
22:33:48.0073 5488 KeyIso - ok
22:33:48.0104 5488 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:33:48.0106 5488 KSecDD - ok
22:33:48.0121 5488 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
22:33:48.0123 5488 KSecPkg - ok
22:33:48.0134 5488 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
22:33:48.0135 5488 ksthunk - ok
22:33:48.0164 5488 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
22:33:48.0171 5488 KtmRm - ok
22:33:48.0206 5488 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
22:33:48.0211 5488 LanmanServer - ok
22:33:48.0244 5488 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:33:48.0248 5488 LanmanWorkstation - ok
22:33:48.0278 5488 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:33:48.0280 5488 lltdio - ok
22:33:48.0311 5488 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:33:48.0315 5488 lltdsvc - ok
22:33:48.0332 5488 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
22:33:48.0335 5488 lmhosts - ok
22:33:48.0370 5488 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
22:33:48.0373 5488 LSI_FC - ok
22:33:48.0384 5488 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
22:33:48.0386 5488 LSI_SAS - ok
22:33:48.0405 5488 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
22:33:48.0407 5488 LSI_SAS2 - ok
22:33:48.0418 5488 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
22:33:48.0420 5488 LSI_SCSI - ok
22:33:48.0437 5488 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
22:33:48.0439 5488 luafv - ok
22:33:48.0502 5488 [ F6963E48385A5637FC4E51DC0F8234A0 ] lxebCATSCustConnectService C:\Windows\system32\spool\DRIVERS\x64\3\\lxebserv.exe
22:33:48.0523 5488 lxebCATSCustConnectService - ok
22:33:48.0538 5488 lxeb_device - ok
22:33:48.0583 5488 [ 922CBAC7B992B9614CAB7122F4BF9406 ] ManyCam C:\Windows\system32\DRIVERS\mcvidrv_x64.sys
22:33:48.0585 5488 ManyCam - ok
22:33:48.0600 5488 [ 34A42DD7CF525D0D2C5232916496E4B8 ] mcaudrv_simple C:\Windows\system32\drivers\mcaudrv_x64.sys
22:33:48.0602 5488 mcaudrv_simple - ok
22:33:48.0625 5488 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:33:48.0628 5488 Mcx2Svc - ok
22:33:48.0643 5488 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
22:33:48.0645 5488 megasas - ok
22:33:48.0673 5488 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
22:33:48.0677 5488 MegaSR - ok
22:33:48.0728 5488 Microsoft SharePoint Workspace Audit Service - ok
22:33:48.0749 5488 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
22:33:48.0752 5488 MMCSS - ok
22:33:48.0763 5488 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
22:33:48.0765 5488 Modem - ok
22:33:48.0783 5488 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:33:48.0783 5488 monitor - ok
22:33:48.0827 5488 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
22:33:48.0828 5488 mouclass - ok
22:33:48.0856 5488 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:33:48.0858 5488 mouhid - ok
22:33:48.0883 5488 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
22:33:48.0885 5488 mountmgr - ok
22:33:48.0903 5488 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
22:33:48.0905 5488 mpio - ok
22:33:48.0919 5488 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:33:48.0922 5488 mpsdrv - ok
22:33:48.0942 5488 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
22:33:48.0951 5488 MpsSvc - ok
22:33:48.0965 5488 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:33:48.0968 5488 MRxDAV - ok
22:33:48.0987 5488 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:33:48.0989 5488 mrxsmb - ok
22:33:49.0001 5488 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:33:49.0005 5488 mrxsmb10 - ok
22:33:49.0017 5488 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:33:49.0020 5488 mrxsmb20 - ok
22:33:49.0039 5488 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
22:33:49.0040 5488 msahci - ok
22:33:49.0078 5488 [ A592A054D78750B4D73ABAA4C94DECDF ] MSCamSvc C:\Program Files\Microsoft LifeCam\MSCamS64.exe
22:33:49.0080 5488 MSCamSvc - ok
22:33:49.0105 5488 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
22:33:49.0107 5488 msdsm - ok
22:33:49.0136 5488 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
22:33:49.0140 5488 MSDTC - ok
22:33:49.0157 5488 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:33:49.0158 5488 Msfs - ok
22:33:49.0168 5488 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
22:33:49.0170 5488 mshidkmdf - ok
22:33:49.0193 5488 [ 55218F924E55FD2786ED40EDF4ED79C3 ] MSHUSBVideo C:\Windows\system32\Drivers\nx6000.sys
22:33:49.0195 5488 MSHUSBVideo - ok
22:33:49.0201 5488 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
22:33:49.0202 5488 msisadrv - ok
22:33:49.0230 5488 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:33:49.0234 5488 MSiSCSI - ok
22:33:49.0238 5488 msiserver - ok
22:33:49.0264 5488 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:33:49.0266 5488 MSKSSRV - ok
22:33:49.0277 5488 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:33:49.0279 5488 MSPCLOCK - ok
22:33:49.0291 5488 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:33:49.0292 5488 MSPQM - ok
22:33:49.0311 5488 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:33:49.0314 5488 MsRPC - ok
22:33:49.0326 5488 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
22:33:49.0326 5488 mssmbios - ok
22:33:49.0336 5488 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:33:49.0338 5488 MSTEE - ok
22:33:49.0348 5488 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
22:33:49.0349 5488 MTConfig - ok
22:33:49.0367 5488 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
22:33:49.0368 5488 Mup - ok
22:33:49.0389 5488 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
22:33:49.0396 5488 napagent - ok
22:33:49.0418 5488 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:33:49.0423 5488 NativeWifiP - ok
22:33:49.0498 5488 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
22:33:49.0507 5488 NDIS - ok
22:33:49.0526 5488 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
22:33:49.0528 5488 NdisCap - ok
22:33:49.0547 5488 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:33:49.0548 5488 NdisTapi - ok
22:33:49.0563 5488 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:33:49.0565 5488 Ndisuio - ok
22:33:49.0585 5488 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:33:49.0587 5488 NdisWan - ok
22:33:49.0597 5488 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:33:49.0599 5488 NDProxy - ok
22:33:49.0619 5488 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:33:49.0620 5488 NetBIOS - ok
22:33:49.0632 5488 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
22:33:49.0636 5488 NetBT - ok
22:33:49.0653 5488 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
22:33:49.0655 5488 Netlogon - ok
22:33:49.0698 5488 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
22:33:49.0703 5488 Netman - ok
22:33:49.0722 5488 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:33:49.0749 5488 NetMsmqActivator - ok
22:33:49.0753 5488 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:33:49.0755 5488 NetPipeActivator - ok
22:33:49.0775 5488 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
22:33:49.0781 5488 netprofm - ok
22:33:49.0786 5488 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:33:49.0787 5488 NetTcpActivator - ok
22:33:49.0791 5488 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:33:49.0792 5488 NetTcpPortSharing - ok
22:33:49.0809 5488 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
22:33:49.0811 5488 nfrd960 - ok
22:33:49.0838 5488 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
22:33:49.0843 5488 NlaSvc - ok
22:33:49.0850 5488 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:33:49.0852 5488 Npfs - ok
22:33:49.0861 5488 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
22:33:49.0864 5488 nsi - ok
22:33:49.0878 5488 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:33:49.0880 5488 nsiproxy - ok
22:33:49.0929 5488 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:33:49.0954 5488 Ntfs - ok
22:33:49.0963 5488 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
22:33:49.0965 5488 Null - ok
22:33:49.0977 5488 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:33:49.0979 5488 nvraid - ok
22:33:49.0994 5488 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:33:49.0996 5488 nvstor - ok
22:33:50.0023 5488 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
22:33:50.0025 5488 nv_agp - ok
22:33:50.0038 5488 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
22:33:50.0040 5488 ohci1394 - ok
22:33:50.0081 5488 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:33:50.0085 5488 ose - ok
22:33:50.0175 5488 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:33:50.0254 5488 osppsvc - ok
22:33:50.0279 5488 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:33:50.0284 5488 p2pimsvc - ok
22:33:50.0301 5488 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
22:33:50.0308 5488 p2psvc - ok
22:33:50.0313 5488 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
22:33:50.0315 5488 Parport - ok
22:33:50.0335 5488 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:33:50.0337 5488 partmgr - ok
22:33:50.0347 5488 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
22:33:50.0350 5488 PcaSvc - ok
22:33:50.0367 5488 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
22:33:50.0369 5488 pci - ok
22:33:50.0383 5488 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
22:33:50.0385 5488 pciide - ok
22:33:50.0401 5488 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
22:33:50.0404 5488 pcmcia - ok
22:33:50.0416 5488 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
22:33:50.0417 5488 pcw - ok
22:33:50.0434 5488 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:33:50.0440 5488 PEAUTH - ok
22:33:50.0494 5488 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
22:33:50.0497 5488 PerfHost - ok
22:33:50.0540 5488 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
22:33:50.0566 5488 pla - ok
22:33:50.0590 5488 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:33:50.0597 5488 PlugPlay - ok
22:33:50.0604 5488 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:33:50.0607 5488 PNRPAutoReg - ok
22:33:50.0620 5488 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:33:50.0624 5488 PNRPsvc - ok
22:33:50.0644 5488 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:33:50.0650 5488 PolicyAgent - ok
22:33:50.0673 5488 [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power C:\Windows\system32\umpo.dll
22:33:50.0677 5488 Power - ok
22:33:50.0707 5488 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:33:50.0709 5488 PptpMiniport - ok
22:33:50.0726 5488 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
22:33:50.0728 5488 Processor - ok
22:33:50.0766 5488 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
22:33:50.0771 5488 ProfSvc - ok
22:33:50.0777 5488 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:33:50.0779 5488 ProtectedStorage - ok
22:33:50.0792 5488 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:33:50.0793 5488 Psched - ok
22:33:50.0825 5488 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
22:33:50.0825 5488 PxHlpa64 - ok
22:33:50.0860 5488 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
22:33:50.0884 5488 ql2300 - ok
22:33:50.0900 5488 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
22:33:50.0902 5488 ql40xx - ok
22:33:50.0928 5488 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
22:33:50.0932 5488 QWAVE - ok
22:33:50.0944 5488 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:33:50.0945 5488 QWAVEdrv - ok
22:33:50.0949 5488 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:33:50.0950 5488 RasAcd - ok
22:33:50.0975 5488 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
22:33:50.0977 5488 RasAgileVpn - ok
22:33:50.0984 5488 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
22:33:50.0988 5488 RasAuto - ok
22:33:51.0004 5488 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:33:51.0006 5488 Rasl2tp - ok
22:33:51.0027 5488 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
22:33:51.0032 5488 RasMan - ok
22:33:51.0054 5488 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:33:51.0056 5488 RasPppoe - ok
22:33:51.0072 5488 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:33:51.0074 5488 RasSstp - ok
22:33:51.0084 5488 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:33:51.0088 5488 rdbss - ok
22:33:51.0102 5488 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
22:33:51.0104 5488 rdpbus - ok
22:33:51.0118 5488 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:33:51.0120 5488 RDPCDD - ok
22:33:51.0138 5488 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:33:51.0140 5488 RDPENCDD - ok
22:33:51.0154 5488 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
22:33:51.0155 5488 RDPREFMP - ok
22:33:51.0188 5488 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:33:51.0191 5488 RDPWD - ok
22:33:51.0212 5488 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:33:51.0214 5488 rdyboost - ok
22:33:51.0249 5488 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
22:33:51.0253 5488 RemoteAccess - ok
22:33:51.0276 5488 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:33:51.0280 5488 RemoteRegistry - ok
22:33:51.0287 5488 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:33:51.0290 5488 RpcEptMapper - ok
22:33:51.0307 5488 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
22:33:51.0309 5488 RpcLocator - ok
22:33:51.0328 5488 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
22:33:51.0333 5488 RpcSs - ok
22:33:51.0348 5488 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:33:51.0350 5488 rspndr - ok
22:33:51.0360 5488 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
22:33:51.0362 5488 SamSs - ok
22:33:51.0376 5488 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
22:33:51.0379 5488 sbp2port - ok
22:33:51.0398 5488 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:33:51.0402 5488 SCardSvr - ok
22:33:51.0415 5488 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:33:51.0417 5488 scfilter - ok
22:33:51.0438 5488 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
22:33:51.0461 5488 Schedule - ok
22:33:51.0483 5488 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
22:33:51.0484 5488 SCPolicySvc - ok
22:33:51.0500 5488 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:33:51.0504 5488 SDRSVC - ok
22:33:51.0519 5488 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:33:51.0520 5488 secdrv - ok
22:33:51.0533 5488 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
22:33:51.0537 5488 seclogon - ok
22:33:51.0548 5488 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
22:33:51.0552 5488 SENS - ok
22:33:51.0571 5488 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:33:51.0575 5488 SensrSvc - ok
22:33:51.0587 5488 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
22:33:51.0589 5488 Serenum - ok
22:33:51.0612 5488 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
22:33:51.0615 5488 Serial - ok
22:33:51.0630 5488 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
22:33:51.0633 5488 sermouse - ok
22:33:51.0654 5488 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
22:33:51.0658 5488 SessionEnv - ok
22:33:51.0662 5488 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
22:33:51.0664 5488 sffdisk - ok
22:33:51.0667 5488 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
22:33:51.0669 5488 sffp_mmc - ok
22:33:51.0673 5488 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
22:33:51.0674 5488 sffp_sd - ok
22:33:51.0678 5488 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
22:33:51.0680 5488 sfloppy - ok
22:33:51.0718 5488 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
22:33:51.0722 5488 Sftfs - ok
22:33:51.0756 5488 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
22:33:51.0761 5488 sftlist - ok
22:33:51.0780 5488 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
22:33:51.0781 5488 Sftplay - ok
22:33:51.0795 5488 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
22:33:51.0796 5488 Sftredir - ok
22:33:51.0843 5488 [ 421C30C8E686DC41E64881269982B382 ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
22:33:51.0853 5488 SftService - ok
22:33:51.0864 5488 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
22:33:51.0865 5488 Sftvol - ok
22:33:51.0877 5488 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
22:33:51.0879 5488 sftvsa - ok
22:33:51.0913 5488 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:33:51.0918 5488 SharedAccess - ok
22:33:51.0946 5488 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:33:51.0952 5488 ShellHWDetection - ok
22:33:51.0973 5488 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
22:33:51.0975 5488 SiSRaid2 - ok
22:33:51.0980 5488 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
22:33:51.0981 5488 SiSRaid4 - ok
22:33:52.0112 5488 [ 3740B83AEC21D981065D7E819BD7E878 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
22:33:52.0127 5488 Skype C2C Service - ok
22:33:52.0211 5488 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
22:33:52.0213 5488 SkypeUpdate - ok
22:33:52.0235 5488 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:33:52.0237 5488 Smb - ok
22:33:52.0269 5488 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:33:52.0273 5488 SNMPTRAP - ok
22:33:52.0281 5488 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
22:33:52.0281 5488 spldr - ok
22:33:52.0319 5488 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
22:33:52.0326 5488 Spooler - ok
22:33:52.0384 5488 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
22:33:52.0439 5488 sppsvc - ok
22:33:52.0448 5488 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
22:33:52.0452 5488 sppuinotify - ok
22:33:52.0472 5488 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
22:33:52.0477 5488 srv - ok
22:33:52.0494 5488 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:33:52.0499 5488 srv2 - ok
22:33:52.0516 5488 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:33:52.0518 5488 srvnet - ok
22:33:52.0543 5488 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:33:52.0548 5488 SSDPSRV - ok
22:33:52.0576 5488 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:33:52.0579 5488 SstpSvc - ok
22:33:52.0596 5488 Steam Client Service - ok
22:33:52.0614 5488 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
22:33:52.0614 5488 stexstor - ok
22:33:52.0635 5488 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
22:33:52.0651 5488 stisvc - ok
22:33:52.0674 5488 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
22:33:52.0676 5488 swenum - ok
22:33:52.0689 5488 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
22:33:52.0696 5488 swprv - ok
22:33:52.0726 5488 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
22:33:52.0762 5488 SysMain - ok
22:33:52.0773 5488 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:33:52.0779 5488 TabletInputService - ok
22:33:52.0803 5488 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
22:33:52.0809 5488 TapiSrv - ok
22:33:52.0821 5488 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
22:33:52.0825 5488 TBS - ok
22:33:52.0894 5488 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:33:52.0930 5488 Tcpip - ok
22:33:52.0970 5488 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
22:33:52.0980 5488 TCPIP6 - ok
22:33:53.0021 5488 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:33:53.0023 5488 tcpipreg - ok
22:33:53.0040 5488 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:33:53.0041 5488 TDPIPE - ok
22:33:53.0056 5488 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:33:53.0058 5488 TDTCP - ok
22:33:53.0067 5488 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:33:53.0070 5488 tdx - ok
22:33:53.0076 5488 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
22:33:53.0078 5488 TermDD - ok
22:33:53.0096 5488 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
22:33:53.0105 5488 TermService - ok
22:33:53.0117 5488 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
22:33:53.0121 5488 Themes - ok
22:33:53.0144 5488 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
22:33:53.0147 5488 THREADORDER - ok
22:33:53.0155 5488 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
22:33:53.0159 5488 TrkWks - ok
22:33:53.0202 5488 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:33:53.0204 5488 TrustedInstaller - ok
22:33:53.0216 5488 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:33:53.0218 5488 tssecsrv - ok
22:33:53.0243 5488 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
22:33:53.0245 5488 TsUsbFlt - ok
22:33:53.0257 5488 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
22:33:53.0259 5488 TsUsbGD - ok
22:33:53.0285 5488 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:33:53.0287 5488 tunnel - ok
22:33:53.0301 5488 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
22:33:53.0303 5488 uagp35 - ok
22:33:53.0319 5488 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:33:53.0324 5488 udfs - ok
22:33:53.0348 5488 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:33:53.0351 5488 UI0Detect - ok
22:33:53.0373 5488 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
22:33:53.0374 5488 uliagpkx - ok
22:33:53.0391 5488 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
22:33:53.0393 5488 umbus - ok
22:33:53.0408 5488 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
22:33:53.0409 5488 UmPass - ok
22:33:53.0429 5488 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
22:33:53.0435 5488 upnphost - ok
22:33:53.0492 5488 [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
22:33:53.0495 5488 USBAAPL64 - ok
22:33:53.0538 5488 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
22:33:53.0541 5488 usbaudio - ok
22:33:53.0557 5488 [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:33:53.0560 5488 usbccgp - ok
22:33:53.0577 5488 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
22:33:53.0580 5488 usbcir - ok
22:33:53.0597 5488 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
22:33:53.0599 5488 usbehci - ok
22:33:53.0635 5488 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:33:53.0638 5488 usbhub - ok
22:33:53.0652 5488 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
22:33:53.0654 5488 usbohci - ok
22:33:53.0673 5488 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
22:33:53.0697 5488 usbprint - ok
22:33:53.0716 5488 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
22:33:53.0718 5488 usbscan - ok
22:33:53.0733 5488 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:33:53.0736 5488 USBSTOR - ok
22:33:53.0752 5488 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
22:33:53.0755 5488 usbuhci - ok
22:33:53.0788 5488 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
22:33:53.0791 5488 usbvideo - ok
22:33:53.0820 5488 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
22:33:53.0824 5488 UxSms - ok
22:33:53.0832 5488 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
22:33:53.0834 5488 VaultSvc - ok
22:33:53.0849 5488 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
22:33:53.0850 5488 vdrvroot - ok
22:33:53.0872 5488 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
22:33:53.0880 5488 vds - ok
22:33:53.0899 5488 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:33:53.0901 5488 vga - ok
22:33:53.0918 5488 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
22:33:53.0920 5488 VgaSave - ok
22:33:53.0940 5488 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
22:33:53.0943 5488 vhdmp - ok
22:33:53.0955 5488 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
22:33:53.0957 5488 viaide - ok
22:33:53.0969 5488 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
22:33:53.0971 5488 volmgr - ok
22:33:53.0981 5488 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:33:53.0985 5488 volmgrx - ok
22:33:53.0999 5488 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:33:54.0002 5488 volsnap - ok
22:33:54.0015 5488 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
22:33:54.0018 5488 vsmraid - ok
22:33:54.0061 5488 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
22:33:54.0087 5488 VSS - ok
22:33:54.0100 5488 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
22:33:54.0101 5488 vwifibus - ok
22:33:54.0121 5488 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
22:33:54.0127 5488 W32Time - ok
22:33:54.0168 5488 [ B32009DB1972E7F2C227499289C4384A ] W3SVC C:\Windows\system32\inetsrv\iisw3adm.dll
22:33:54.0173 5488 W3SVC - ok
22:33:54.0188 5488 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
22:33:54.0190 5488 WacomPen - ok
22:33:54.0215 5488 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
22:33:54.0217 5488 WANARP - ok
22:33:54.0228 5488 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:33:54.0229 5488 Wanarpv6 - ok
22:33:54.0246 5488 [ B32009DB1972E7F2C227499289C4384A ] WAS C:\Windows\system32\inetsrv\iisw3adm.dll
22:33:54.0248 5488 WAS - ok
22:33:54.0311 5488 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
22:33:54.0330 5488 WatAdminSvc - ok
22:33:54.0369 5488 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
22:33:54.0395 5488 wbengine - ok
22:33:54.0413 5488 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
22:33:54.0418 5488 WbioSrvc - ok
22:33:54.0433 5488 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:33:54.0439 5488 wcncsvc - ok
22:33:54.0452 5488 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:33:54.0460 5488 WcsPlugInService - ok
22:33:54.0489 5488 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
22:33:54.0491 5488 Wd - ok
22:33:54.0523 5488 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:33:54.0530 5488 Wdf01000 - ok
22:33:54.0545 5488 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:33:54.0550 5488 WdiServiceHost - ok
22:33:54.0554 5488 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:33:54.0558 5488 WdiSystemHost - ok
22:33:54.0576 5488 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
22:33:54.0581 5488 WebClient - ok
22:33:54.0592 5488 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:33:54.0597 5488 Wecsvc - ok
22:33:54.0612 5488 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:33:54.0616 5488 wercplsupport - ok
22:33:54.0634 5488 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
22:33:54.0638 5488 WerSvc - ok
22:33:54.0666 5488 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
22:33:54.0667 5488 WfpLwf - ok
22:33:54.0715 5488 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
22:33:54.0719 5488 WimFltr - ok
22:33:54.0727 5488 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
22:33:54.0729 5488 WIMMount - ok
22:33:54.0736 5488 WinDefend - ok
22:33:54.0743 5488 WinHttpAutoProxySvc - ok
22:33:54.0781 5488 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:33:54.0784 5488 Winmgmt - ok
22:33:54.0820 5488 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
22:33:54.0855 5488 WinRM - ok
22:33:54.0908 5488 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
22:33:54.0909 5488 WinUsb - ok
22:33:54.0930 5488 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
22:33:54.0941 5488 Wlansvc - ok
22:33:54.0989 5488 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
22:33:54.0991 5488 wlcrasvc - ok
22:33:55.0062 5488 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:33:55.0096 5488 wlidsvc - ok
22:33:55.0119 5488 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
22:33:55.0121 5488 WmiAcpi - ok
22:33:55.0143 5488 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:33:55.0146 5488 wmiApSrv - ok
22:33:55.0157 5488 WMPNetworkSvc - ok
22:33:55.0178 5488 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:33:55.0182 5488 WPCSvc - ok
22:33:55.0187 5488 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:33:55.0191 5488 WPDBusEnum - ok
22:33:55.0201 5488 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:33:55.0203 5488 ws2ifsl - ok
22:33:55.0216 5488 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
22:33:55.0220 5488 wscsvc - ok
22:33:55.0224 5488 WSearch - ok
22:33:55.0285 5488 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
22:33:55.0335 5488 wuauserv - ok
22:33:55.0365 5488 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:33:55.0367 5488 WudfPf - ok
22:33:55.0393 5488 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:33:55.0396 5488 WUDFRd - ok
22:33:55.0408 5488 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:33:55.0412 5488 wudfsvc - ok
22:33:55.0425 5488 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
22:33:55.0431 5488 WwanSvc - ok
22:33:55.0447 5488 ================ Scan global ===============================
22:33:55.0460 5488 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
22:33:55.0498 5488 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
22:33:55.0508 5488 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
22:33:55.0529 5488 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
22:33:55.0545 5488 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
22:33:55.0549 5488 [Global] - ok
22:33:55.0549 5488 ================ Scan MBR ==================================
22:33:55.0563 5488 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
22:33:55.0807 5488 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
22:33:55.0807 5488 \Device\Harddisk0\DR0 - detected TDSS File System (1)
22:33:55.0808 5488 ================ Scan VBR ==================================
22:33:55.0811 5488 [ CBC702B32DBA01F2A7C9659AF7B3343D ] \Device\Harddisk0\DR0\Partition1
22:33:55.0812 5488 \Device\Harddisk0\DR0\Partition1 - ok
22:33:55.0822 5488 [ 62BDE3B5B3027436305ABECCBE91CF49 ] \Device\Harddisk0\DR0\Partition2
22:33:55.0824 5488 \Device\Harddisk0\DR0\Partition2 - ok
22:33:55.0824 5488 ============================================================
22:33:55.0824 5488 Scan finished
22:33:55.0824 5488 ============================================================
22:33:55.0833 2800 Detected object count: 1
22:33:55.0833 2800 Actual detected object count: 1
22:45:54.0615 2800 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
22:45:54.0625 2800 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
22:45:54.0669 2800 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
22:45:58.0032 2800 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
22:46:00.0194 2800 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
22:46:00.0195 2800 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
22:46:00.0197 2800 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
22:46:00.0200 2800 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
22:46:00.0230 2800 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
22:46:00.0254 2800 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
22:46:00.0256 2800 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
22:46:00.0257 2800 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
22:46:00.0258 2800 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Quarantine
22:46:14.0189 4204 Deinitialize success


----------------------------------------------------------------------------------------------------------

MiniToolBox by Farbar Version: 25-11-2012
Ran by Skeith (administrator) on 06-12-2012 at 22:35:51
Running from "C:\Users\Skeith\Downloads"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Broadcom NetLink ™ Gigabit Ethernet = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
set interface interface="ethernet_13" forwarding=disabled advertise=disabled metric=9000 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : ShadowSkeith-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : Belkin

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : Belkin
Description . . . . . . . . . . . : Broadcom NetLink ™ Gigabit Ethernet
Physical Address. . . . . . . . . : D4-BE-D9-D3-54-A5
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::945:b3f8:5224:c890%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.2.10(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, December 06, 2012 10:29:53 PM
Lease Expires . . . . . . . . . . : Monday, January 13, 2149 5:04:17 AM
Default Gateway . . . . . . . . . : 192.168.2.1
DHCP Server . . . . . . . . . . . : 192.168.2.1
DHCPv6 IAID . . . . . . . . . . . : 248823513
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-08-1B-7D-D4-BE-D9-D3-54-A5
DNS Servers . . . . . . . . . . . : 192.168.2.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.Belkin:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : Belkin
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:953c:2cb5:1665:9d12:3f7(Preferred)
Link-local IPv6 Address . . . . . : fe80::2cb5:1665:9d12:3f7%15(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: UnKnown
Address: 192.168.2.1

Name: google.com
Addresses: 2607:f8b0:400a:800::1004
173.194.33.37
173.194.33.39
173.194.33.46
173.194.33.33
173.194.33.40
173.194.33.41
173.194.33.34
173.194.33.32
173.194.33.35
173.194.33.38
173.194.33.36


Pinging google.com [173.194.33.46] with 32 bytes of data:
Reply from 173.194.33.46: bytes=32 time=15ms TTL=55
Reply from 173.194.33.46: bytes=32 time=11ms TTL=55

Ping statistics for 173.194.33.46:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 11ms, Maximum = 15ms, Average = 13ms
Server: UnKnown
Address: 192.168.2.1

Name: yahoo.com
Addresses: 98.138.253.109
72.30.38.140
98.139.183.24


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=178ms TTL=47
Reply from 98.139.183.24: bytes=32 time=375ms TTL=47

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 178ms, Maximum = 375ms, Average = 276ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
11...d4 be d9 d3 54 a5 ......Broadcom NetLink ™ Gigabit Ethernet
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
15...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.10 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.2.0 255.255.255.0 On-link 192.168.2.10 276
192.168.2.10 255.255.255.255 On-link 192.168.2.10 276
192.168.2.255 255.255.255.255 On-link 192.168.2.10 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.2.10 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.2.10 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
15 58 ::/0 On-link
1 306 ::1/128 On-link
15 58 2001::/32 On-link
15 306 2001:0:9d38:953c:2cb5:1665:9d12:3f7/128
On-link
11 276 fe80::/64 On-link
15 306 fe80::/64 On-link
11 276 fe80::945:b3f8:5224:c890/128
On-link
15 306 fe80::2cb5:1665:9d12:3f7/128
On-link
1 306 ff00::/8 On-link
15 306 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
If Metric Network Destination Gateway
0 4294967295 2620:9b::/96 On-link
===========================================================================
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/06/2012 10:31:32 PM) (Source: Bonjour Service) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 24

Error: (12/06/2012 10:31:32 PM) (Source: Bonjour Service) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 23

Error: (12/06/2012 10:31:32 PM) (Source: Bonjour Service) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 22

Error: (12/06/2012 10:31:32 PM) (Source: Bonjour Service) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 21

Error: (12/06/2012 10:31:32 PM) (Source: Bonjour Service) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 20

Error: (12/06/2012 10:31:32 PM) (Source: Bonjour Service) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 19

Error: (12/06/2012 10:31:32 PM) (Source: Bonjour Service) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 18

Error: (12/06/2012 10:31:32 PM) (Source: Bonjour Service) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 17

Error: (12/06/2012 10:31:32 PM) (Source: Bonjour Service) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 16

Error: (12/06/2012 10:31:32 PM) (Source: Bonjour Service) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 15


System errors:
=============
Error: (12/06/2012 10:31:28 PM) (Source: Service Control Manager) (User: )
Description: The SoftThinks Agent Service service terminated unexpectedly. It has done this 1 time(s).

Error: (12/06/2012 10:29:56 PM) (Source: Service Control Manager) (User: )
Description: The lxebCATSCustConnectService service failed to start due to the following error:
%%1053

Error: (12/06/2012 10:29:56 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the lxebCATSCustConnectService service to connect.

Error: (12/06/2012 09:21:57 PM) (Source: WMPNetworkSvc) (User: )
Description: 0x80004004-1

Error: (12/06/2012 02:15:37 PM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (12/06/2012 01:57:08 PM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (12/06/2012 01:57:03 PM) (Source: Service Control Manager) (User: )
Description: The iPod Service service terminated unexpectedly. It has done this 1 time(s).

Error: (12/06/2012 10:49:38 AM) (Source: Service Control Manager) (User: )
Description: The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).

Error: (12/05/2012 03:58:30 PM) (Source: Service Control Manager) (User: )
Description: The Steam Client Service service failed to start due to the following error:
%%1053

Error: (12/05/2012 03:58:30 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.


Microsoft Office Sessions:
=========================
Error: (12/06/2012 10:31:32 PM) (Source: Bonjour Service)(User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 24

Error: (12/06/2012 10:31:32 PM) (Source: Bonjour Service)(User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 23

Error: (12/06/2012 10:31:32 PM) (Source: Bonjour Service)(User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 22

Error: (12/06/2012 10:31:32 PM) (Source: Bonjour Service)(User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 21

Error: (12/06/2012 10:31:32 PM) (Source: Bonjour Service)(User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 20

Error: (12/06/2012 10:31:32 PM) (Source: Bonjour Service)(User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 19

Error: (12/06/2012 10:31:32 PM) (Source: Bonjour Service)(User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 18

Error: (12/06/2012 10:31:32 PM) (Source: Bonjour Service)(User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 17

Error: (12/06/2012 10:31:32 PM) (Source: Bonjour Service)(User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 16

Error: (12/06/2012 10:31:32 PM) (Source: Bonjour Service)(User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 15


CodeIntegrity Errors:
===================================
Date: 2012-11-02 07:00:13.283
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-11-02 07:00:13.252
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


=========================== Installed Programs ============================

7-Zip 9.07 beta
Acoustica Effects Pack (Version: 3.0)
Acoustica Mixcraft 5
Adobe Flash Player 11 ActiveX (Version: 11.2.202.235)
Adobe Flash Player 11 ActiveX 64-bit (Version: 11.1.102.55)
Adobe Flash Player 11 Plugin (Version: 11.2.202.235)
Adobe Reader X MUI (Version: 10.0.0)
Adobe Shockwave Player 11.6 (Version: 11.6.5.635)
Apple Application Support (Version: 2.3.2)
Apple Mobile Device Support (Version: 6.0.1.3)
Apple Software Update (Version: 2.1.3.127)
ATI Catalyst Control Center (Version: 2.009.0714.2131)
avast! Internet Security (Version: 7.0.1474.0)
Bonjour (Version: 3.0.0.10)
Build Your Own Net Dream (remove only)
BYOND (Version: 495.1136)
Camtasia Studio 7 (Version: 7.1.1)
Castle Crashers
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center InstallProxy (Version: 2009.0714.2132.36830)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell DataSafe Local Backup - Support Software (Version: 9.4.64)
Dell DataSafe Local Backup (Version: 9.4.64)
Dell Edoc Viewer (Version: 1.0.0)
Dell Getting Started Guide (Version: 1.00.0000)
Dell MusicStage (Version: 1.6.225.0)
Dell PhotoStage (Version: 1.5.0.65)
Dell Stage (Version: 1.6.301.0)
Dell Support Center (Version: 3.2.6032.55)
Dell VideoStage (Version: 1.3.0.2214)
GamersFirst LIVE!
Google Chrome (Version: 23.0.1271.95)
Google Chrome Frame (Version: 23.0.1271.95)
Google Talk Plugin (Version: 3.10.2.10212)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3230.2052)
Google Update Helper (Version: 1.3.21.123)
iCloud (Version: 2.1.0.39)
Install Creator
iTunes (Version: 11.0.0.163)
Java 7 Update 9 (64-bit) (Version: 7.0.90)
Java 7 Update 9 (Version: 7.0.90)
Java Auto Updater (Version: 2.1.9.0)
join.me (Version: 1.7.0.131)
Junk Mail filter update (Version: 15.4.3502.0922)
League of Legends (Version: 1.3)
Left 4 Dead 2
Lexmark Pro200-S500 Series
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
ManyCam 3.0.80 (remove only) (Version: 3.0.80)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Multi-Targeting Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Corporation (Version: 9.1.0.0)
Microsoft Games for Windows - LIVE (Version: 2.0.687.0)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.92.0)
Microsoft Help Viewer 1.0 (Version: 1.0.30319)
Microsoft LifeCam (Version: 3.22.270.0)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Starter 2010 - English (Version: 14.0.4763.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server 2008 R2 Management Objects (Version: 10.50.1447.4)
Microsoft SQL Server Compact 3.5 SP2 ENU (Version: 3.5.8080.0)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (Version: 3.5.8080.0)
Microsoft SQL Server System CLR Types (Version: 10.50.1447.4)
Microsoft Visual Basic PowerPacks 10.0 (Version: 10.0.20911)
Microsoft Visual C# 2010 Express - ENU (Version: 10.0.30319)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (Version: 10.0.30319)
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (Version: 10.0.30319)
Microsoft XNA Framework Redistributable 3.1 (Version: 3.1.10527.0)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
OpenOffice.org 3.4.1 (Version: 3.41.9593)
PMA
Pokemon Online 2.0.05
Pokémon Trading Card Game Online (Version: 1.0.0)
Portal 2
QuickTime (Version: 7.73.80.64)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer (Version: 15.0.4)
Realtek High Definition Audio Driver (Version: 6.0.1.5977)
RealUpgrade 1.1 (Version: 1.1.0)
Resident Evil 5
RGSS-RTP Standard (Version: 1.04)
Skype Click to Call (Version: 6.4.11328)
Skype™ 6.0 (Version: 6.0.126)
Steam (Version: 1.0.0.0)
swMSM (Version: 12.0.0.1)
Synthesia (remove only)
TrustedID (Version: 5.0)
UE3Redist (Version: 1.00.0000)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Uplay (Version: 2.0)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (Version: 4.0.8080.0)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3508.1109)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WinRAR 4.11 (32-bit) (Version: 4.11.0)

========================= Memory info: ===================================

Percentage of memory in use: 42%
Total physical RAM: 3838.98 MB
Available physical RAM: 2221.2 MB
Total Pagefile: 7676.14 MB
Available Pagefile: 5987 MB
Total Virtual: 4095.88 MB
Available Virtual: 3953.12 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:450.91 GB) (Free:301.79 GB) NTFS

========================= Users: ========================================

User accounts for \\SHADOWSKEITH-PC

Administrator Guest Skeith


**** End of log ****


---------------------

Edited by Sotyr, 07 December 2012 - 09:04 AM.


#9 Sotyr

Sotyr
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:39 AM

Posted 07 December 2012 - 01:52 AM

The page wouldn't go (Said Page was unavalible at the time) so I didn't realize it posted twice.

Edited by Sotyr, 07 December 2012 - 09:00 AM.


#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 61,705 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:39 AM

Posted 07 December 2012 - 07:42 PM

Hello,no problem with those being open..
A reboot was needed after those scans.

You do have a problem with what was found . These infection look to obtain confidential information about customers and clients using online banking and payment systems. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.


We should also run these next to be sure there are no more.

Please download aswMBR ( 4.5MB ) to your desktop.
  • Double click the aswMBR.exe icon, and click Run.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Click the Scan button to start the scan.
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

ADW Cleaner

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

>>>>>>

ESET ONLINE


I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

NOTE:Sometimes if ESET finds no infections it will not create a log.
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#11 Sotyr

Sotyr
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:39 AM

Posted 08 December 2012 - 04:11 AM

Restart after Both scans? Or just ADWCleaner?



--------------------------------------------------------------------------------------------------


aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-12-07 19:49:48
-----------------------------
19:49:48.579 OS Version: Windows x64 6.1.7601 Service Pack 1
19:49:48.579 Number of processors: 2 586 0x603
19:49:48.580 ComputerName: SHADOWSKEITH-PC UserName: Skeith
19:49:52.905 Initialize success
19:49:52.977 AVAST engine defs: 12120701
19:50:10.414 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:50:10.416 Disk 0 Vendor: ST500DM002-1BD142 KC45 Size: 476940MB BusType: 11
19:50:10.436 Disk 0 MBR read successfully
19:50:10.438 Disk 0 MBR scan
19:50:10.441 Disk 0 Windows VISTA default MBR code
19:50:10.445 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
19:50:10.449 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15168 MB offset 81920
19:50:10.452 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461728 MB offset 31145984
19:50:10.482 Disk 0 scanning C:\Windows\system32\drivers
19:50:16.784 Service scanning
19:50:32.029 Modules scanning
19:50:32.040 Disk 0 trace - called modules:
19:50:32.051 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
19:50:32.382 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004638680]
19:50:32.394 3 CLASSPNP.SYS[fffff880019ba43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80045dc680]
19:50:33.309 AVAST engine scan C:\Windows
19:50:34.253 File: C:\Windows\PEV.exe **INFECTED** Win32:Rootkit-gen [Rtk]
19:50:35.883 AVAST engine scan C:\Windows\system32
19:52:59.975 AVAST engine scan C:\Windows\system32\drivers
19:53:27.913 AVAST engine scan C:\Users\Skeith
20:04:20.252 Disk 0 MBR has been saved successfully to "C:\Users\Skeith\Desktop\MBR.dat"
20:04:20.253 The log file has been saved successfully to "C:\Users\Skeith\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-12-07 20:05:08
-----------------------------
20:05:08.329 OS Version: Windows x64 6.1.7601 Service Pack 1
20:05:08.329 Number of processors: 2 586 0x603
20:05:08.331 ComputerName: SHADOWSKEITH-PC UserName: Skeith
20:05:33.119 Initialize success
20:05:33.242 AVAST engine defs: 12120701
20:05:47.756 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:05:47.758 Disk 0 Vendor: ST500DM002-1BD142 KC45 Size: 476940MB BusType: 11
20:05:47.808 Disk 0 MBR read successfully
20:05:47.811 Disk 0 MBR scan
20:05:47.814 Disk 0 Windows VISTA default MBR code
20:05:47.827 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
20:05:47.839 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15168 MB offset 81920
20:05:47.854 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461728 MB offset 31145984
20:05:47.913 Disk 0 scanning C:\Windows\system32\drivers
20:06:04.544 Service scanning
20:06:23.780 Modules scanning
20:06:23.786 Disk 0 trace - called modules:
20:06:23.810 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
20:06:24.142 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004638680]
20:06:24.146 3 CLASSPNP.SYS[fffff880019ba43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80045dc680]
20:06:27.843 AVAST engine scan C:\Windows
20:06:29.452 File: C:\Windows\PEV.exe **INFECTED** Win32:Rootkit-gen [Rtk]
20:06:36.893 AVAST engine scan C:\Windows\system32
20:08:56.331 AVAST engine scan C:\Windows\system32\drivers
20:09:07.335 AVAST engine scan C:\Users\Skeith
21:14:12.620 AVAST engine scan C:\ProgramData
21:21:35.456 Scan finished successfully
21:25:58.142 Disk 0 MBR has been saved successfully to "C:\Users\Skeith\Desktop\MBR.dat"
21:25:58.165 The log file has been saved successfully to "C:\Users\Skeith\Desktop\aswMBR.txt"



--------------------------------------------------------------------------------------------------


# AdwCleaner v2.006 - Logfile created 11/04/2012 at 15:15:47
# Updated 30/10/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Skeith - SHADOWSKEITH-PC
# Boot Mode : Normal
# Running from : C:\Users\Skeith\Downloads\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\Skeith\AppData\Local\APN
Folder Deleted : C:\Users\Skeith\AppData\Local\Conduit
Folder Deleted : C:\Users\Skeith\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Folder Deleted : C:\Users\Skeith\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Skeith\AppData\Roaming\Mozilla\Firefox\Profiles\1uyfdlyt.default\ConduitCommon
Folder Deleted : C:\Users\Skeith\AppData\Roaming\Mozilla\Firefox\Profiles\1uyfdlyt.default\CT3072253
Folder Deleted : C:\Users\Skeith\AppData\Roaming\Mozilla\Firefox\Profiles\1uyfdlyt.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jplinpmadfkdgipabgcdchbdikologlh
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0 (en-US)

Profile name : default
File : C:\Users\Skeith\AppData\Roaming\Mozilla\Firefox\Profiles\1uyfdlyt.default\prefs.js

C:\Users\Skeith\AppData\Roaming\Mozilla\Firefox\Profiles\1uyfdlyt.default\user.js ... Deleted !

Deleted : user_pref("CT3072253..clientLogIsEnabled", false);
Deleted : user_pref("CT3072253..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT3072253..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT3072253.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT3072253.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT3072253.AppTrackingLastCheckTime", "Fri Jul 20 2012 00:59:44 GMT-0700 (Pacific Daylight[...]
Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129573915102477663", true);
Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129749445881800338", true);
Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129805375651312503", true);
Deleted : user_pref("CT3072253.CTID", "CT3072253");
Deleted : user_pref("CT3072253.CurrentServerDate", "4-11-2012");
Deleted : user_pref("CT3072253.DSInstall", false);
Deleted : user_pref("CT3072253.DialogsAlignMode", "LTR");
Deleted : user_pref("CT3072253.DialogsGetterLastCheckTime", "Sat Nov 03 2012 18:06:54 GMT-0700 (Pacific Daylig[...]
Deleted : user_pref("CT3072253.DownloadReferralCookieData", "");
Deleted : user_pref("CT3072253.FirstServerDate", "2-7-2012");
Deleted : user_pref("CT3072253.FirstTime", true);
Deleted : user_pref("CT3072253.FirstTimeFF3", true);
Deleted : user_pref("CT3072253.FirstTimeHiddenVer", true);
Deleted : user_pref("CT3072253.FixPageNotFoundErrors", true);
Deleted : user_pref("CT3072253.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT3072253.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT3072253.HPInstall", false);
Deleted : user_pref("CT3072253.HasUserGlobalKeys", true);
Deleted : user_pref("CT3072253.HomePageProtectorEnabled", false);
Deleted : user_pref("CT3072253.HomepageBeforeUnload", "chrome://branding/locale/browserconfig.properties");
Deleted : user_pref("CT3072253.Initialize", true);
Deleted : user_pref("CT3072253.InitializeCommonPrefs", true);
Deleted : user_pref("CT3072253.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT3072253.InstallationId", "fft232C.tmp.exe");
Deleted : user_pref("CT3072253.InstallationType", "XPE");
Deleted : user_pref("CT3072253.InstalledDate", "Mon Jul 02 2012 07:28:02 GMT-0700 (Pacific Daylight Time)");
Deleted : user_pref("CT3072253.IsAlertDBUpdated", true);
Deleted : user_pref("CT3072253.IsGrouping", false);
Deleted : user_pref("CT3072253.IsInitSetupIni", true);
Deleted : user_pref("CT3072253.IsMulticommunity", false);
Deleted : user_pref("CT3072253.IsOpenThankYouPage", true);
Deleted : user_pref("CT3072253.IsOpenUninstallPage", false);
Deleted : user_pref("CT3072253.LanguagePackLastCheckTime", "Sat Nov 03 2012 18:06:54 GMT-0700 (Pacific Dayligh[...]
Deleted : user_pref("CT3072253.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT3072253.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT3072253.LastLogin_3.13.0.6", "Mon Jul 16 2012 21:48:34 GMT-0700 (Pacific Daylight Time)[...]
Deleted : user_pref("CT3072253.LastLogin_3.14.1.0", "Tue Aug 28 2012 10:49:36 GMT-0700 (Pacific Daylight Time)[...]
Deleted : user_pref("CT3072253.LastLogin_3.15.1.0", "Sat Nov 03 2012 18:06:54 GMT-0700 (Pacific Daylight Time)[...]
Deleted : user_pref("CT3072253.LatestVersion", "3.14.1.0");
Deleted : user_pref("CT3072253.Locale", "en");
Deleted : user_pref("CT3072253.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT3072253.MCDetectTooltipShow", false);
Deleted : user_pref("CT3072253.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT3072253.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT3072253.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT3072253.OriginalFirstVersion", "3.13.0.6");
Deleted : user_pref("CT3072253.SHRINK_TOOLBAR", 1);
Deleted : user_pref("CT3072253.SearchBoxWidth", 150);
Deleted : user_pref("CT3072253.SearchCaption", "uTorrentControl2 Customized Web Search");
Deleted : user_pref("CT3072253.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");
Deleted : user_pref("CT3072253.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT3072253.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT307[...]
Deleted : user_pref("CT3072253.SearchInNewTabEnabled", true);
Deleted : user_pref("CT3072253.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT3072253.SearchInNewTabLastCheckTime", "Sat Nov 03 2012 18:06:53 GMT-0700 (Pacific Dayli[...]
Deleted : user_pref("CT3072253.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT3072253.SearchProtectorEnabled", false);
Deleted : user_pref("CT3072253.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT3072253.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT3072253.ServiceMapLastCheckTime", "Sat Nov 03 2012 18:06:54 GMT-0700 (Pacific Daylight [...]
Deleted : user_pref("CT3072253.SettingsLastCheckTime", "Sat Nov 03 2012 18:06:53 GMT-0700 (Pacific Daylight Ti[...]
Deleted : user_pref("CT3072253.SettingsLastUpdate", "1351515188");
Deleted : user_pref("CT3072253.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3072253&SearchSource=13");
Deleted : user_pref("CT3072253.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT3072253.ThirdPartyComponentsLastCheck", "Fri Oct 19 2012 13:35:49 GMT-0700 (Pacific Day[...]
Deleted : user_pref("CT3072253.ThirdPartyComponentsLastUpdate", "1331805997");
Deleted : user_pref("CT3072253.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT3072253.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3072253");
Deleted : user_pref("CT3072253.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT3072253.UserID", "UN63925671128858041");
Deleted : user_pref("CT3072253.ValidationData_Search", 1);
Deleted : user_pref("CT3072253.ValidationData_Toolbar", 2);
Deleted : user_pref("CT3072253.alertChannelId", "1463702");
Deleted : user_pref("CT3072253.approveUntrustedApps", false);
Deleted : user_pref("CT3072253.autoDisableScopes", 14);
Deleted : user_pref("CT3072253.backendstorage.cb", "30");
Deleted : user_pref("CT3072253.backendstorage.cb_experience_000", "363331");
Deleted : user_pref("CT3072253.backendstorage.cb_firstuse0100", "31");
Deleted : user_pref("CT3072253.backendstorage.cb_user_id_000", "43423132393632393538303232335F46697265666F78")[...]
Deleted : user_pref("CT3072253.backendstorage.cbcountry_001", "5553");
Deleted : user_pref("CT3072253.backendstorage.cbfirsttime", "4D6F6E204A756C20303220323031322030373A32383A30342[...]
Deleted : user_pref("CT3072253.backendstorage.url_history0001", "687474703A2F2F7777772E6C34646D6170732E636F6D2[...]
Deleted : user_pref("CT3072253.components.129593762370823811", false);
Deleted : user_pref("CT3072253.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT3072253.globalFirstTimeInfoLastCheckTime", "Fri Oct 26 2012 00:55:30 GMT-0700 (Pacific [...]
Deleted : user_pref("CT3072253.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT3072253.initDone", true);
Deleted : user_pref("CT3072253.isAppTrackingManagerOn", false);
Deleted : user_pref("CT3072253.myStuffEnabled", true);
Deleted : user_pref("CT3072253.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT3072253.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT3072253.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT3072253.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT3072253.navigateToUrlOnSearch", false);
Deleted : user_pref("CT3072253.oldAppsList", "129295695672325902,129571859753931591,111,129593762370823811,129[...]
Deleted : user_pref("CT3072253.revertSettingsEnabled", false);
Deleted : user_pref("CT3072253.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT3072253.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT3072253.testingCtid", "");
Deleted : user_pref("CT3072253.toolbarAppMetaDataLastCheckTime", "Sat Nov 03 2012 18:06:54 GMT-0700 (Pacific D[...]
Deleted : user_pref("CT3072253.toolbarContextMenuLastCheckTime", "Wed Oct 31 2012 23:47:17 GMT-0700 (Pacific D[...]
Deleted : user_pref("CT3072253.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3072253/CT3072253[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3072253", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3072253",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"e13[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Skeith\\AppData\\Roaming\\Mozilla\\[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.15.1.0");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT3072253");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT3072253");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT3072253");
Deleted : user_pref("CommunityToolbar.globalUserId", "d91908da-31da-4cee-91a4-dc65fa26d89c");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3072253");
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Thu Nov 01 2012 11:43:3[...]
Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", false);
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sat Nov 03 2012 18:06:55 GMT-0700 (P[...]
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "bc544a43-a468-490f-962c-a33ad99fb3e3");
Deleted : user_pref("CommunityToolbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");
Deleted : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties[...]
Deleted : user_pref("extensions[email protected]", true);
Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=[...]

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Skeith\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [15452 octets] - [04/11/2012 15:15:47]

########## EOF - C:\AdwCleaner[S1].txt - [15513 octets] ##########




--------------------------------------------------------------------------------------------------



C:\TDSSKiller_Quarantine\06.12.2012_22.33.22\tdlfs0000\tsk0000.dta a variant of Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\06.12.2012_22.33.22\tdlfs0000\tsk0001.dta a variant of Win64/Olmarik.AM trojan cleaned by deleting - quarantined

--------------------------------------------------------------------------------------------------

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 61,705 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:39 AM

Posted 08 December 2012 - 10:25 AM

Well after the TDSS scan but you should reboot again now.. How is it running?
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#13 Sotyr

Sotyr
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:39 AM

Posted 08 December 2012 - 03:40 PM

It's running the same as it was.

#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 61,705 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:39 AM

Posted 08 December 2012 - 05:28 PM

I think we should get a deeper look. Please follow this Preparation Guide and post in a new topic.

Let me know if all went well.

Include this link back to here...
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users