Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ads playing in background


  • This topic is locked This topic is locked
16 replies to this topic

#1 pryzthepenguin

pryzthepenguin

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:58 PM

Posted 18 April 2013 - 11:22 AM

I have ran malware bytes and Adaware and F-Secure and my Comcast Norton, and can't stop this.  I just ran combo fix and still hearing adds. but here is my combo fix log if anyone can help.

 

ComboFix 13-04-18.03 - Ryan 04/18/2013  11:03:57.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6135.3376 [GMT -5:00]
Running from: c:\users\Ryan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OF9JPIY6\ComboFix.exe
AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
AV: Trend Micro Internet Security *Disabled/Outdated* {48929DFC-7A52-A34F-8351-C4DBEDBD9C50}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
FW: Trend Micro Personal Firewall *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
SP: Trend Micro Internet Security *Disabled/Updated* {F3F37C18-5C68-ACC1-B9E1-FFA9963AD6ED}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
C:\prefs.js
c:\programdata\Microsoft\Windows\DRM\D25B.tmp
c:\programdata\Microsoft\Windows\DRM\D28B.tmp
c:\users\Ryan\g2mdlhlpx.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-03-18 to 2013-04-18  )))))))))))))))))))))))))))))))
.
.
2013-04-18 16:09 . 2013-04-18 16:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-16 20:14 . 2013-04-16 20:14 -------- d-----w- c:\users\Ryan\AppData\Roaming\Malwarebytes
2013-04-16 20:14 . 2013-04-16 20:14 -------- d-----w- c:\programdata\Malwarebytes
2013-04-16 20:14 . 2013-04-16 20:14 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-04-16 20:14 . 2013-04-04 19:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-12 19:43 . 2013-04-12 20:03 -------- d-----w- c:\users\Ryan\AppData\Local\Spotify
2013-04-12 19:43 . 2013-04-12 20:08 -------- d-----w- c:\users\Ryan\AppData\Roaming\Spotify
2013-04-12 18:39 . 2013-04-12 18:41 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus
2013-04-12 18:38 . 2013-04-12 18:38 -------- d-----w- c:\programdata\Downloaded Installations
2013-04-12 18:38 . 2013-04-12 18:38 -------- d-----w- c:\programdata\Search Protection
2013-04-12 18:38 . 2013-04-12 18:38 -------- d-----w- c:\users\Ryan\AppData\Local\adawarebp
2013-04-12 18:38 . 2013-04-12 18:38 -------- d-----w- c:\programdata\blekko toolbars
2013-04-12 18:38 . 2013-04-12 18:38 -------- d-----w- c:\programdata\adawaretb
2013-04-12 18:38 . 2013-04-12 18:38 -------- d-----w- c:\program files (x86)\adawaretb
2013-04-12 01:04 . 2013-04-12 01:04 -------- d-----w- c:\users\Ryan\AppData\Local\Zemana
2013-04-10 19:25 . 2013-02-15 06:08 44032 ----a-w- c:\windows\system32\tsgqec.dll
2013-04-10 19:25 . 2013-02-15 06:06 3717632 ----a-w- c:\windows\system32\mstscax.dll
2013-04-10 19:25 . 2013-02-15 06:02 158720 ----a-w- c:\windows\system32\aaclient.dll
2013-04-10 19:25 . 2013-02-15 04:37 3217408 ----a-w- c:\windows\SysWow64\mstscax.dll
2013-04-10 19:25 . 2013-02-15 04:34 131584 ----a-w- c:\windows\SysWow64\aaclient.dll
2013-04-10 19:25 . 2013-02-15 03:25 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll
2013-04-10 19:22 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-04-10 19:22 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-04-10 19:22 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-04-10 19:22 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-10 19:22 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-10 19:22 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe
2013-04-10 19:20 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-04-10 15:08 . 2013-04-12 18:38 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2013-04-10 15:08 . 2013-04-10 15:08 -------- d-----w- c:\program files (x86)\Toolbar Cleaner
2013-04-10 15:07 . 2013-04-12 18:37 47496 ----a-w- c:\windows\system32\sbbd.exe
2013-04-10 14:17 . 2013-04-12 02:40 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2013-04-10 14:09 . 2013-04-10 14:09 -------- d-----w- c:\programdata\IsolatedStorage
2013-04-10 14:09 . 2013-04-12 01:17 -------- d-----w- c:\users\Ryan\AppData\Local\ID Vault
2013-04-10 14:09 . 2013-04-10 14:09 -------- d-----w- c:\users\Ryan\AppData\Local\White_Sky,_Inc
2013-04-10 14:08 . 2013-04-12 01:17 -------- d-----w- c:\users\Ryan\AppData\Roaming\ID Vault
2013-04-10 14:08 . 2013-04-10 14:08 -------- d-----w- c:\users\Ryan\AppData\Local\Programs
2013-04-10 14:07 . 2013-04-12 01:32 -------- d-----w- c:\program files (x86)\Constant Guard Protection Suite
2013-04-10 14:07 . 2013-04-10 14:07 -------- d-----w- c:\programdata\White Sky, Inc
2013-04-10 12:58 . 2013-02-22 06:27 2312704 ----a-w- c:\windows\system32\jscript9.dll
2013-04-10 11:52 . 2010-08-21 04:59 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2013-04-10 03:10 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-04-10 03:10 . 2013-03-02 06:04 1655656 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-03-28 18:44 . 2013-03-28 18:44 -------- d-----w- c:\programdata\ATI
2013-03-27 23:16 . 2013-04-10 12:40 -------- d-----w- c:\users\DefaultAppPool
2013-03-26 21:10 . 2013-03-26 21:10 -------- d-----w- c:\windows\PCHEALTH
2013-03-26 21:08 . 2013-03-26 21:08 -------- d-----w- c:\program files\Microsoft Office
2013-03-26 21:08 . 2013-03-26 21:08 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2013-03-26 21:07 . 2013-03-26 21:07 -------- d-----r- C:\MSOCache
2013-03-26 20:38 . 2013-03-26 20:59 -------- d-----w- c:\users\Ryan\AppData\Roaming\Download Manager
2013-03-26 02:35 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-12 18:37 . 2012-12-01 19:55 14456 ----a-w- c:\windows\system32\drivers\gfibto.sys
2013-04-12 00:30 . 2009-11-21 16:11 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-03-13 02:48 . 2012-08-18 00:17 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-13 02:48 . 2011-07-29 08:07 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-13 02:48 . 2013-03-13 02:48 15859416 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-02-19 10:50 . 2013-02-19 10:50 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D4699617-2888-4432-A98D-D76811909967}\offreg.dll
2013-02-12 05:45 . 2013-03-13 03:02 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 03:02 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 03:02 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 03:02 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 03:02 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 03:02 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2013-02-11 10:47 87464 ----a-w- c:\program files (x86)\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2013-02-11 87464]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2013-01-31 542632]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
R1 AntiLog32;AntiLog32;c:\windows\system32\drivers\AntiLog64.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2010-06-21 36328]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2010-07-07 230488]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2010-07-07 1445976]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2010-07-07 95320]
R3 FETND62;D-Link PCI Fast Ethernet Adapter Driver;c:\windows\system32\DRIVERS\DLF62X64.SYS [2009-11-23 49792]
R3 keycrypt;keycrypt;c:\windows\system32\DRIVERS\KeyCrypt64.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2010-06-21 125416]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2010-06-21 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2010-06-21 159208]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2009-02-16 16392]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-20 1255736]
R4 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
R4 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2009-11-13 79360]
R4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-11-13 79360]
R4 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R4 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]
R4 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
R4 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2009-08-17 656624]
R4 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [2009-08-13 587696]
R4 tmproxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2009-08-13 854280]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-04-12 14456]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys [2009-07-21 192528]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2013-03-18 1236336]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
S2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2012-09-20 3677000]
S2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [2010-07-30 42576]
S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys [2009-07-21 277008]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2010-07-07 230488]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2010-07-07 1445976]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2010-07-07 95320]
S3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [2010-07-07 1612888]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-05 216064]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ    Akamai
iissvcs REG_MULTI_SZ    w3svc was
apphost REG_MULTI_SZ    apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-18 02:49]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"DSUpdateLauncher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\runhstart.bat" [2009-03-09 374]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepage&toolbarid=adawaretb&v=2_5&u=B3C8D37A19DFB9FC56FEE8516854B4FF
mLocal Page = c:\windows\SYSTEM32\blank.htm
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\Ryan\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-04-18  11:13:46
ComboFix-quarantined-files.txt  2013-04-18 16:13
.
Pre-Run: 250,660,933,632 bytes free
Post-Run: 252,146,778,112 bytes free
.
- - End Of File - - 77CEA715CC69CFBCCC90A8C1E5C52F21
 



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 11,825 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bement, ILL
  • Local time:01:58 PM

Posted 18 April 2013 - 11:51 AM

Hello pryzthepenguin,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.
  • Finally, please reply using the Post button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  • I will be analyzing your log. I will get back to you with instructions.
  • Do you have a USB Flash Drive you can use?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


un03.png

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 pryzthepenguin

pryzthepenguin
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:58 PM

Posted 18 April 2013 - 12:32 PM

No I don't have a flash drive handy.



#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 11,825 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bement, ILL
  • Local time:01:58 PM

Posted 18 April 2013 - 04:03 PM

1.
Download AdwCleaner
  • Double click on AdwCleaner.exe to run the tool.
    ***Note: Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select
    Run%20as%20admin.png
  • Click the Delete button.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your next reply.
  • Or you can find the logfile at C:\AdwCleaner[R1].txt.
2.[/b}
  • Download RogueKiller on the desktop
  • Close all the running processes
  • Under Vista/Seven, right click -> Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • When prompted, Click Scan
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
  • [b]If RogueKiller has been blocked, do not hesitate to try a few times more. [b]If really won't run, rename in winlogon.exe (or winlogon.com) and try again
Things to include in your next reply::
AdwCleaner log
Roguekiller log
How is your machine running now?

Edited by fireman4it, 18 April 2013 - 04:03 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


un03.png

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 pryzthepenguin

pryzthepenguin
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:58 PM

Posted 19 April 2013 - 02:02 AM

# AdwCleaner v2.200 - Logfile created 04/19/2013 at 01:56:25
# Updated 02/04/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Ryan - RYAN-PC
# Boot Mode : Normal
# Running from : C:\Users\Ryan\Downloads\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

File Deleted : C:\END
Folder Deleted : C:\Program Files (x86)\adawaretb
Folder Deleted : C:\ProgramData\adawaretb
Folder Deleted : C:\ProgramData\blekko toolbars
Folder Deleted : C:\ProgramData\search protection
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\Ryan\AppData\LocalLow\adawaretb



#6 pryzthepenguin

pryzthepenguin
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:58 PM

Posted 19 April 2013 - 02:18 AM

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Ryan [Admin rights]
Mode : Scan -- Date : 04/19/2013 02:15:51
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1       localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000AAKS-75A7B2 +++++
--- User ---
[MBR] 17563f75ae4cea318aab7c892741fbfb
[BSP] ffbf4328ec3d187cc25ec9472f5d2a32 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 9842 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 20238336 | Size: 467057 Mo
User != LL1 ... KO!
--- LL1 ---
[MBR] 4046b20ede2a1b5cf29f4c2fc492d5eb
[BSP] cfa991dc525bde6a27563a2aacc0c277 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 9842 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 20238336 | Size: 467057 Mo
User != LL2 ... KO!
--- LL2 ---
[MBR] 4046b20ede2a1b5cf29f4c2fc492d5eb
[BSP] cfa991dc525bde6a27563a2aacc0c277 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 9842 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 20238336 | Size: 467057 Mo

Finished : << RKreport[4]_S_04192013_02d0215.txt >>
RKreport[1]_S_04192013_02d0212.txt ; RKreport[2]_D_04192013_02d0214.txt ; RKreport[3]_D_04192013_02d0215.txt ; RKreport[4]_S_04192013_02d0215.txt



#7 pryzthepenguin

pryzthepenguin
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:58 PM

Posted 19 April 2013 - 02:24 AM

When I tried to DL Roguekiller from your link the DL wouldn't finish so I just searched it and found that one. Hopefully that was correct.

 

Machine is the same, ads playing. I dunno if this is useful information but the ads are connected to windows media player.

 

Also I got this malware or whatever type of bug it is, from espn.com off of a 3rd party link I clicked to see different athlete work outs lol. Sadly I can not remember the name of the host site that the video popped up from when I clicked it.



#8 pryzthepenguin

pryzthepenguin
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:58 PM

Posted 19 April 2013 - 09:44 PM

Today i can not load normal webpages such as this or ign.com or even speedtest.net. i am restoring to the morning of the 18th. I am leaving this post from my phone.

#9 pryzthepenguin

pryzthepenguin
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:58 PM

Posted 19 April 2013 - 09:49 PM

Restoring helpd me bring back my internet to being normal. Do you know what may have caused this based on my logs?



#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 11,825 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bement, ILL
  • Local time:01:58 PM

Posted 22 April 2013 - 06:57 PM

Restoring helpd me bring back my internet to being normal. Do you know what may have caused this based on my logs?

 

You had some spyware toolbars installed.

 

Are you still having background ads playing?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


un03.png

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 pryzthepenguin

pryzthepenguin
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:58 PM

Posted 22 April 2013 - 09:09 PM

yes ads are still playing :(. I can not figure it out for the life of me.



#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 11,825 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bement, ILL
  • Local time:01:58 PM

Posted 22 April 2013 - 11:47 PM

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    image000q.png
  • Put a checkmark beside loaded modules.
    2012081514h0118.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    2012081517h0349.png
  • Click the Start Scan button.
    19695967.jpg
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    67776163.jpg
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    62117367.jpg
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

 

Can you get a hold of a USB Flash drive?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


un03.png

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 pryzthepenguin

pryzthepenguin
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:58 PM

Posted 23 April 2013 - 12:23 AM

00:10:25.0371 3720  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
00:10:26.0659 3720  ============================================================
00:10:26.0659 3720  Current date / time: 2013/04/23 00:10:26.0659
00:10:26.0659 3720  SystemInfo:
00:10:26.0659 3720 
00:10:26.0659 3720  OS Version: 6.1.7601 ServicePack: 1.0
00:10:26.0659 3720  Product type: Workstation
00:10:26.0659 3720  ComputerName: RYAN-PC
00:10:26.0659 3720  UserName: Ryan
00:10:26.0659 3720  Windows directory: C:\Windows
00:10:26.0659 3720  System windows directory: C:\Windows
00:10:26.0659 3720  Running under WOW64
00:10:26.0659 3720  Processor architecture: Intel x64
00:10:26.0659 3720  Number of processors: 8
00:10:26.0659 3720  Page size: 0x1000
00:10:26.0659 3720  Boot type: Normal boot
00:10:26.0659 3720  ============================================================
00:10:27.0062 3720  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:10:27.0066 3720  ============================================================
00:10:27.0066 3720  \Device\Harddisk0\DR0:
00:10:27.0080 3720  MBR partitions:
00:10:27.0080 3720  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1339000
00:10:27.0080 3720  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x134D000, BlocksNum 0x39038800
00:10:27.0080 3720  ============================================================
00:10:27.0368 3720  C: <-> \Device\Harddisk0\DR0\Partition2
00:10:27.0368 3720  ============================================================
00:10:27.0368 3720  Initialize success
00:10:27.0368 3720  ============================================================
00:12:18.0888 4896  ============================================================
00:12:18.0888 4896  Scan started
00:12:18.0888 4896  Mode: Manual; SigCheck; TDLFS;
00:12:18.0888 4896  ============================================================
00:12:19.0251 4896  ================ Scan system memory ========================
00:12:19.0251 4896  System memory - ok
00:12:19.0251 4896  ================ Scan services =============================
00:12:19.0403 4896  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
00:12:19.0956 4896  1394ohci - ok
00:12:20.0011 4896  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
00:12:20.0030 4896  ACPI - ok
00:12:20.0058 4896  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
00:12:20.0223 4896  AcpiPmi - ok
00:12:20.0371 4896  [ 9D90344179ED6A05959DE40FC934A022 ] Ad-Aware Service C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
00:12:20.0399 4896  Ad-Aware Service - ok
00:12:20.0515 4896  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
00:12:20.0528 4896  AdobeFlashPlayerUpdateSvc - ok
00:12:20.0565 4896  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
00:12:20.0586 4896  adp94xx - ok
00:12:20.0611 4896  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
00:12:20.0629 4896  adpahci - ok
00:12:20.0642 4896  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
00:12:20.0656 4896  adpu320 - ok
00:12:20.0673 4896  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
00:12:20.0832 4896  AeLookupSvc - ok
00:12:20.0918 4896  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
00:12:21.0053 4896  AFD - ok
00:12:21.0081 4896  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
00:12:21.0093 4896  agp440 - ok
00:12:21.0228 4896  [ C7074BD8D4B8F564859ED373433030AE ] Akamai          c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll
00:12:21.0228 4896  Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll. md5: C7074BD8D4B8F564859ED373433030AE
00:12:21.0233 4896  Akamai ( HiddenFile.Multi.Generic ) - warning
00:12:21.0233 4896  Akamai - detected HiddenFile.Multi.Generic (1)
00:12:21.0243 4896  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
00:12:21.0388 4896  ALG - ok
00:12:21.0419 4896  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
00:12:21.0430 4896  aliide - ok
00:12:21.0460 4896  [ 20C8A3E435A47F0408A1EA674AFA6194 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
00:12:21.0618 4896  AMD External Events Utility - ok
00:12:21.0633 4896  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
00:12:21.0644 4896  amdide - ok
00:12:21.0667 4896  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
00:12:21.0802 4896  AmdK8 - ok
00:12:22.0043 4896  [ 0B45C18B0F3EE996D25BAA4E74884B83 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
00:12:22.0381 4896  amdkmdag - ok
00:12:22.0423 4896  [ 0E57258E5CC4CC7A9A9A877AFDF0CEC6 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
00:12:22.0533 4896  amdkmdap - ok
00:12:22.0544 4896  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
00:12:22.0679 4896  AmdPPM - ok
00:12:22.0709 4896  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
00:12:22.0721 4896  amdsata - ok
00:12:22.0736 4896  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
00:12:22.0750 4896  amdsbs - ok
00:12:22.0759 4896  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
00:12:22.0769 4896  amdxata - ok
00:12:22.0799 4896  [ 4DE0D5D747A73797C95A97DCCE5018B5 ] androidusb      C:\Windows\system32\Drivers\ssadadb.sys
00:12:23.0084 4896  androidusb - ok
00:12:23.0114 4896  AntiLog32 - ok
00:12:23.0187 4896  [ 59D01FA91962C9C1E9B4022B2D3B46DB ] AppHostSvc      C:\Windows\system32\inetsrv\apphostsvc.dll
00:12:23.0323 4896  AppHostSvc - ok
00:12:23.0374 4896  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
00:12:23.0586 4896  AppID - ok
00:12:23.0608 4896  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
00:12:23.0749 4896  AppIDSvc - ok
00:12:23.0784 4896  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
00:12:23.0928 4896  Appinfo - ok
00:12:23.0976 4896  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
00:12:23.0988 4896  arc - ok
00:12:23.0999 4896  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
00:12:24.0011 4896  arcsas - ok
00:12:24.0054 4896  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
00:12:24.0204 4896  AsyncMac - ok
00:12:24.0243 4896  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
00:12:24.0254 4896  atapi - ok
00:12:24.0283 4896  [ 24464B908E143D2561E9E452FEE97309 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
00:12:24.0357 4896  AtiHDAudioService - ok
00:12:24.0387 4896  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
00:12:24.0547 4896  AudioEndpointBuilder - ok
00:12:24.0556 4896  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
00:12:24.0658 4896  AudioSrv - ok
00:12:24.0694 4896  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
00:12:24.0848 4896  AxInstSV - ok
00:12:24.0874 4896  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
00:12:24.0971 4896  b06bdrv - ok
00:12:24.0992 4896  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
00:12:25.0137 4896  b57nd60a - ok
00:12:25.0161 4896  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
00:12:25.0270 4896  BDESVC - ok
00:12:25.0292 4896  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
00:12:25.0403 4896  Beep - ok
00:12:25.0461 4896  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
00:12:25.0614 4896  BFE - ok
00:12:25.0653 4896  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\system32\qmgr.dll
00:12:25.0836 4896  BITS - ok
00:12:25.0855 4896  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
00:12:25.0941 4896  blbdrive - ok
00:12:25.0966 4896  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
00:12:26.0086 4896  bowser - ok
00:12:26.0104 4896  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
00:12:26.0266 4896  BrFiltLo - ok
00:12:26.0279 4896  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
00:12:26.0343 4896  BrFiltUp - ok
00:12:26.0379 4896  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
00:12:26.0490 4896  BridgeMP - ok
00:12:26.0519 4896  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
00:12:26.0606 4896  Browser - ok
00:12:26.0620 4896  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
00:12:26.0740 4896  Brserid - ok
00:12:26.0755 4896  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
00:12:26.0842 4896  BrSerWdm - ok
00:12:26.0857 4896  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
00:12:26.0939 4896  BrUsbMdm - ok
00:12:26.0951 4896  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
00:12:27.0034 4896  BrUsbSer - ok
00:12:27.0052 4896  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
00:12:27.0137 4896  BTHMODEM - ok
00:12:27.0171 4896  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
00:12:27.0289 4896  bthserv - ok
00:12:27.0312 4896  catchme - ok
00:12:27.0327 4896  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
00:12:27.0452 4896  cdfs - ok
00:12:27.0499 4896  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
00:12:27.0584 4896  cdrom - ok
00:12:27.0613 4896  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
00:12:27.0806 4896  CertPropSvc - ok
00:12:27.0834 4896  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
00:12:27.0914 4896  circlass - ok
00:12:27.0931 4896  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
00:12:27.0948 4896  CLFS - ok
00:12:27.0999 4896  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:12:28.0008 4896  clr_optimization_v2.0.50727_32 - ok
00:12:28.0030 4896  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:12:28.0040 4896  clr_optimization_v2.0.50727_64 - ok
00:12:28.0112 4896  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:12:28.0122 4896  clr_optimization_v4.0.30319_32 - ok
00:12:28.0141 4896  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:12:28.0151 4896  clr_optimization_v4.0.30319_64 - ok
00:12:28.0176 4896  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
00:12:28.0269 4896  CmBatt - ok
00:12:28.0280 4896  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
00:12:28.0290 4896  cmdide - ok
00:12:28.0326 4896  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
00:12:28.0381 4896  CNG - ok
00:12:28.0396 4896  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
00:12:28.0407 4896  Compbatt - ok
00:12:28.0436 4896  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
00:12:28.0532 4896  CompositeBus - ok
00:12:28.0543 4896  COMSysApp - ok
00:12:28.0556 4896  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
00:12:28.0567 4896  crcdisk - ok
00:12:28.0594 4896  [ C8BD651E13895B93ED9EC5B4F1DF42BC ] Creative ALchemy AL6 Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
00:12:28.0696 4896  Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - warning
00:12:28.0696 4896  Creative ALchemy AL6 Licensing Service - detected UnsignedFile.Multi.Generic (1)
00:12:28.0726 4896  [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
00:12:28.0830 4896  Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - warning
00:12:28.0830 4896  Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic (1)
00:12:28.0867 4896  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
00:12:28.0968 4896  CryptSvc - ok
00:12:29.0002 4896  [ 148C9C111291C41D6B2ABFB6FBB43856 ] CT20XUT         C:\Windows\system32\drivers\CT20XUT.SYS
00:12:29.0013 4896  CT20XUT - ok
00:12:29.0044 4896  [ 148C9C111291C41D6B2ABFB6FBB43856 ] CT20XUT.SYS     C:\Windows\System32\drivers\CT20XUT.SYS
00:12:29.0054 4896  CT20XUT.SYS - ok
00:12:29.0086 4896  [ 397FBD4454E5B2FB77E55D1013DF548C ] ctac32k         C:\Windows\system32\drivers\ctac32k.sys
00:12:29.0115 4896  ctac32k - ok
00:12:29.0138 4896  [ 50A8CD4DF066FE57D0C473A2645988CC ] ctaud2k         C:\Windows\system32\drivers\ctaud2k.sys
00:12:29.0156 4896  ctaud2k - ok
00:12:29.0197 4896  [ 5CE3D0E1D1B3832EE052CFC442EEE0FA ] CTAudSvcService C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
00:12:29.0260 4896  CTAudSvcService ( UnsignedFile.Multi.Generic ) - warning
00:12:29.0260 4896  CTAudSvcService - detected UnsignedFile.Multi.Generic (1)
00:12:29.0292 4896  [ 6F9C3C6C78F5296F4BC7102FB0F7CB65 ] CTEXFIFX        C:\Windows\system32\drivers\CTEXFIFX.SYS
00:12:29.0322 4896  CTEXFIFX - ok
00:12:29.0367 4896  [ 6F9C3C6C78F5296F4BC7102FB0F7CB65 ] CTEXFIFX.SYS    C:\Windows\System32\drivers\CTEXFIFX.SYS
00:12:29.0418 4896  CTEXFIFX.SYS - ok
00:12:29.0433 4896  [ AE78CA7EE865A28AC841211DB655ACF3 ] CTHWIUT         C:\Windows\system32\drivers\CTHWIUT.SYS
00:12:29.0442 4896  CTHWIUT - ok
00:12:29.0446 4896  [ AE78CA7EE865A28AC841211DB655ACF3 ] CTHWIUT.SYS     C:\Windows\System32\drivers\CTHWIUT.SYS
00:12:29.0455 4896  CTHWIUT.SYS - ok
00:12:29.0477 4896  [ 757776E207CA5E71E4A16BD1260AE1F2 ] ctprxy2k        C:\Windows\system32\drivers\ctprxy2k.sys
00:12:29.0484 4896  ctprxy2k - ok
00:12:29.0497 4896  [ 9B111EE2F488A8D9C21A13ED4C777795 ] ctsfm2k         C:\Windows\system32\drivers\ctsfm2k.sys
00:12:29.0508 4896  ctsfm2k - ok
00:12:29.0537 4896  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
00:12:29.0674 4896  DcomLaunch - ok
00:12:29.0711 4896  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
00:12:29.0828 4896  defragsvc - ok
00:12:29.0875 4896  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
00:12:30.0024 4896  DfsC - ok
00:12:30.0064 4896  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
00:12:30.0199 4896  Dhcp - ok
00:12:30.0219 4896  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
00:12:30.0327 4896  discache - ok
00:12:30.0349 4896  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
00:12:30.0361 4896  Disk - ok
00:12:30.0390 4896  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
00:12:30.0498 4896  Dnscache - ok
00:12:30.0580 4896  [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
00:12:30.0601 4896  DockLoginService ( UnsignedFile.Multi.Generic ) - warning
00:12:30.0601 4896  DockLoginService - detected UnsignedFile.Multi.Generic (1)
00:12:30.0640 4896  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
00:12:30.0783 4896  dot3svc - ok
00:12:30.0805 4896  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
00:12:30.0924 4896  DPS - ok
00:12:30.0943 4896  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
00:12:31.0001 4896  drmkaud - ok
00:12:31.0039 4896  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
00:12:31.0075 4896  DXGKrnl - ok
00:12:31.0099 4896  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
00:12:31.0225 4896  EapHost - ok
00:12:31.0298 4896  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
00:12:31.0499 4896  ebdrv - ok
00:12:31.0527 4896  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
00:12:31.0665 4896  EFS - ok
00:12:31.0701 4896  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
00:12:31.0764 4896  ehRecvr - ok
00:12:31.0782 4896  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
00:12:31.0864 4896  ehSched - ok
00:12:31.0903 4896  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
00:12:31.0939 4896  elxstor - ok
00:12:31.0966 4896  [ 683DCAF0D4EFC3F95A32E8924849202D ] emupia          C:\Windows\system32\drivers\emupia2k.sys
00:12:32.0027 4896  emupia - ok
00:12:32.0047 4896  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
00:12:32.0131 4896  ErrDev - ok
00:12:32.0167 4896  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
00:12:32.0292 4896  EventSystem - ok
00:12:32.0309 4896  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
00:12:32.0450 4896  exfat - ok
00:12:32.0471 4896  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
00:12:32.0557 4896  fastfat - ok
00:12:32.0600 4896  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
00:12:32.0753 4896  Fax - ok
00:12:32.0774 4896  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
00:12:32.0854 4896  fdc - ok
00:12:32.0866 4896  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
00:12:32.0992 4896  fdPHost - ok
00:12:33.0001 4896  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
00:12:33.0119 4896  FDResPub - ok
00:12:33.0165 4896  [ 46DA57CC28A26508F3103687E253DFF4 ] FETND62         C:\Windows\system32\DRIVERS\DLF62X64.SYS
00:12:33.0256 4896  FETND62 - ok
00:12:33.0292 4896  [ ECCE54654A19F6CC5E526696680C1827 ] FETNDIS         C:\Windows\system32\DRIVERS\fet6x64.sys
00:12:33.0395 4896  FETNDIS - ok
00:12:33.0409 4896  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
00:12:33.0420 4896  FileInfo - ok
00:12:33.0428 4896  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
00:12:33.0600 4896  Filetrace - ok
00:12:33.0615 4896  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
00:12:33.0667 4896  flpydisk - ok
00:12:33.0697 4896  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
00:12:33.0712 4896  FltMgr - ok
00:12:33.0766 4896  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
00:12:33.0870 4896  FontCache - ok
00:12:33.0909 4896  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:12:33.0917 4896  FontCache3.0.0.0 - ok
00:12:33.0933 4896  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
00:12:33.0945 4896  FsDepends - ok
00:12:33.0966 4896  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
00:12:33.0976 4896  Fs_Rec - ok
00:12:34.0024 4896  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
00:12:34.0043 4896  fvevol - ok
00:12:34.0073 4896  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
00:12:34.0084 4896  gagp30kx - ok
00:12:34.0123 4896  [ 14908F4F9005C29DE8F5587E271390EE ] gfibto          C:\Windows\system32\drivers\gfibto.sys
00:12:34.0176 4896  gfibto - ok
00:12:34.0213 4896  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
00:12:34.0354 4896  gpsvc - ok
00:12:34.0406 4896  [ 076F366B87575ADC7D152C7A34ACB3DC ] ha20x22k        C:\Windows\system32\drivers\ha20x22k.sys
00:12:34.0514 4896  ha20x22k - ok
00:12:34.0552 4896  [ 4A7533EB52DC9D1847E7F78DEE1CE322 ] ha20x2k         C:\Windows\system32\drivers\ha20x2k.sys
00:12:34.0648 4896  ha20x2k - ok
00:12:34.0678 4896  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
00:12:34.0775 4896  hcw85cir - ok
00:12:34.0826 4896  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
00:12:34.0945 4896  HdAudAddService - ok
00:12:34.0992 4896  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
00:12:35.0078 4896  HDAudBus - ok
00:12:35.0091 4896  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
00:12:35.0176 4896  HidBatt - ok
00:12:35.0186 4896  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
00:12:35.0279 4896  HidBth - ok
00:12:35.0311 4896  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
00:12:35.0411 4896  HidIr - ok
00:12:35.0433 4896  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
00:12:35.0569 4896  hidserv - ok
00:12:35.0590 4896  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
00:12:35.0641 4896  HidUsb - ok
00:12:35.0660 4896  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
00:12:35.0776 4896  hkmsvc - ok
00:12:35.0799 4896  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
00:12:35.0872 4896  HomeGroupListener - ok
00:12:35.0893 4896  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
00:12:35.0976 4896  HomeGroupProvider - ok
00:12:35.0989 4896  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
00:12:36.0000 4896  HpSAMD - ok
00:12:36.0042 4896  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
00:12:36.0201 4896  HTTP - ok
00:12:36.0220 4896  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
00:12:36.0231 4896  hwpolicy - ok
00:12:36.0265 4896  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
00:12:36.0319 4896  i8042prt - ok
00:12:36.0369 4896  [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON        C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
00:12:36.0433 4896  IAANTMON - ok
00:12:36.0460 4896  [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
00:12:36.0533 4896  iaStor - ok
00:12:36.0553 4896  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
00:12:36.0573 4896  iaStorV - ok
00:12:36.0612 4896  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:12:36.0645 4896  idsvc - ok
00:12:36.0667 4896  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
00:12:36.0678 4896  iirsp - ok
00:12:36.0703 4896  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
00:12:36.0862 4896  IKEEXT - ok
00:12:36.0904 4896  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
00:12:36.0915 4896  intelide - ok
00:12:36.0934 4896  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
00:12:37.0030 4896  intelppm - ok
00:12:37.0056 4896  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
00:12:37.0172 4896  IPBusEnum - ok
00:12:37.0192 4896  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:12:37.0259 4896  IpFilterDriver - ok
00:12:37.0293 4896  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
00:12:37.0376 4896  iphlpsvc - ok
00:12:37.0393 4896  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
00:12:37.0672 4896  IPMIDRV - ok
00:12:37.0686 4896  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
00:12:37.0856 4896  IPNAT - ok
00:12:37.0883 4896  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
00:12:38.0240 4896  IRENUM - ok
00:12:38.0267 4896  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
00:12:38.0514 4896  isapnp - ok
00:12:38.0544 4896  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
00:12:38.0568 4896  iScsiPrt - ok
00:12:38.0592 4896  [ 71235F7BAA7E5E79D38157DF7A0F806A ] JRAID           C:\Windows\system32\DRIVERS\jraid.sys
00:12:38.0663 4896  JRAID - ok
00:12:38.0684 4896  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
00:12:38.0695 4896  kbdclass - ok
00:12:38.0714 4896  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
00:12:38.0792 4896  kbdhid - ok
00:12:38.0809 4896  keycrypt - ok
00:12:38.0813 4896  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
00:12:38.0887 4896  KeyIso - ok
00:12:38.0916 4896  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
00:12:38.0928 4896  KSecDD - ok
00:12:38.0950 4896  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
00:12:38.0963 4896  KSecPkg - ok
00:12:38.0976 4896  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
00:12:39.0117 4896  ksthunk - ok
00:12:39.0150 4896  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
00:12:39.0268 4896  KtmRm - ok
00:12:39.0308 4896  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
00:12:39.0466 4896  LanmanServer - ok
00:12:39.0486 4896  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
00:12:39.0538 4896  LanmanWorkstation - ok
00:12:39.0561 4896  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
00:12:39.0616 4896  lltdio - ok
00:12:39.0648 4896  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
00:12:39.0693 4896  lltdsvc - ok
00:12:39.0705 4896  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
00:12:39.0807 4896  lmhosts - ok
00:12:39.0826 4896  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
00:12:39.0838 4896  LSI_FC - ok
00:12:39.0850 4896  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
00:12:39.0863 4896  LSI_SAS - ok
00:12:39.0886 4896  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
00:12:39.0898 4896  LSI_SAS2 - ok
00:12:39.0914 4896  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
00:12:40.0258 4896  LSI_SCSI - ok
00:12:40.0281 4896  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
00:12:40.0674 4896  luafv - ok
00:12:40.0702 4896  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
00:12:41.0086 4896  Mcx2Svc - ok
00:12:41.0097 4896  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
00:12:41.0108 4896  megasas - ok
00:12:41.0125 4896  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
00:12:41.0141 4896  MegaSR - ok
00:12:41.0170 4896  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
00:12:41.0293 4896  MMCSS - ok
00:12:41.0308 4896  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
00:12:41.0434 4896  Modem - ok
00:12:41.0457 4896  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
00:12:41.0541 4896  monitor - ok
00:12:41.0569 4896  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
00:12:41.0580 4896  mouclass - ok
00:12:41.0599 4896  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
00:12:41.0710 4896  mouhid - ok
00:12:41.0730 4896  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
00:12:41.0742 4896  mountmgr - ok
00:12:41.0774 4896  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
00:12:41.0787 4896  mpio - ok
00:12:41.0791 4896  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
00:12:41.0910 4896  mpsdrv - ok
00:12:41.0951 4896  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
00:12:42.0081 4896  MpsSvc - ok
00:12:42.0106 4896  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
00:12:42.0210 4896  MRxDAV - ok
00:12:42.0232 4896  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
00:12:42.0329 4896  mrxsmb - ok
00:12:42.0360 4896  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:12:42.0459 4896  mrxsmb10 - ok
00:12:42.0478 4896  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:12:42.0529 4896  mrxsmb20 - ok
00:12:42.0541 4896  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
00:12:42.0557 4896  msahci - ok
00:12:42.0581 4896  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
00:12:42.0594 4896  msdsm - ok
00:12:42.0612 4896  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
00:12:42.0708 4896  MSDTC - ok
00:12:42.0727 4896  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
00:12:42.0829 4896  Msfs - ok
00:12:42.0847 4896  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
00:12:42.0977 4896  mshidkmdf - ok
00:12:42.0997 4896  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
00:12:43.0007 4896  msisadrv - ok
00:12:43.0029 4896  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
00:12:43.0124 4896  MSiSCSI - ok
00:12:43.0127 4896  msiserver - ok
00:12:43.0152 4896  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
00:12:43.0287 4896  MSKSSRV - ok
00:12:43.0300 4896  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
00:12:43.0437 4896  MSPCLOCK - ok
00:12:43.0440 4896  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
00:12:43.0556 4896  MSPQM - ok
00:12:43.0589 4896  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
00:12:43.0606 4896  MsRPC - ok
00:12:43.0619 4896  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
00:12:43.0630 4896  mssmbios - ok
00:12:43.0633 4896  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
00:12:43.0783 4896  MSTEE - ok
00:12:43.0792 4896  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
00:12:43.0843 4896  MTConfig - ok
00:12:43.0869 4896  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
00:12:43.0880 4896  Mup - ok
00:12:43.0910 4896  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
00:12:44.0052 4896  napagent - ok
00:12:44.0081 4896  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
00:12:44.0190 4896  NativeWifiP - ok
00:12:44.0235 4896  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
00:12:44.0260 4896  NDIS - ok
00:12:44.0273 4896  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
00:12:44.0408 4896  NdisCap - ok
00:12:44.0431 4896  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
00:12:44.0523 4896  NdisTapi - ok
00:12:44.0547 4896  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
00:12:44.0661 4896  Ndisuio - ok
00:12:44.0712 4896  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
00:12:44.0827 4896  NdisWan - ok
00:12:44.0854 4896  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
00:12:44.0965 4896  NDProxy - ok
00:12:44.0977 4896  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
00:12:45.0100 4896  NetBIOS - ok
00:12:45.0129 4896  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
00:12:45.0237 4896  NetBT - ok
00:12:45.0260 4896  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
00:12:45.0310 4896  Netlogon - ok
00:12:45.0348 4896  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
00:12:45.0501 4896  Netman - ok
00:12:45.0520 4896  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
00:12:45.0643 4896  netprofm - ok
00:12:45.0667 4896  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:12:45.0677 4896  NetTcpPortSharing - ok
00:12:45.0700 4896  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
00:12:45.0711 4896  nfrd960 - ok
00:12:45.0750 4896  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
00:12:45.0887 4896  NlaSvc - ok
00:12:45.0900 4896  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
00:12:45.0992 4896  Npfs - ok
00:12:45.0999 4896  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
00:12:46.0125 4896  nsi - ok
00:12:46.0141 4896  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
00:12:46.0272 4896  nsiproxy - ok
00:12:46.0318 4896  [ B8965FB53551B5455630A4B804D0791F ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
00:12:46.0381 4896  Ntfs - ok
00:12:46.0398 4896  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
00:12:46.0526 4896  Null - ok
00:12:46.0558 4896  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
00:12:46.0572 4896  nvraid - ok
00:12:46.0587 4896  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
00:12:46.0601 4896  nvstor - ok
00:12:46.0622 4896  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
00:12:46.0634 4896  nv_agp - ok
00:12:46.0651 4896  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
00:12:46.0699 4896  ohci1394 - ok
00:12:46.0771 4896  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:12:46.0780 4896  ose - ok
00:12:46.0942 4896  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
00:12:47.0099 4896  osppsvc - ok
00:12:47.0148 4896  [ A29A80A1CF63D0DC27EEFCAF27D34664 ] ossrv           C:\Windows\system32\drivers\ctoss2k.sys
00:12:47.0159 4896  ossrv - ok
00:12:47.0202 4896  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
00:12:47.0307 4896  p2pimsvc - ok
00:12:47.0330 4896  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
00:12:47.0403 4896  p2psvc - ok
00:12:47.0414 4896  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
00:12:47.0467 4896  Parport - ok
00:12:47.0488 4896  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
00:12:47.0500 4896  partmgr - ok
00:12:47.0512 4896  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
00:12:47.0627 4896  PcaSvc - ok
00:12:47.0644 4896  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
00:12:47.0657 4896  pci - ok
00:12:47.0680 4896  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
00:12:47.0691 4896  pciide - ok
00:12:47.0700 4896  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
00:12:47.0714 4896  pcmcia - ok
00:12:47.0730 4896  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
00:12:47.0741 4896  pcw - ok
00:12:47.0762 4896  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
00:12:47.0899 4896  PEAUTH - ok
00:12:47.0960 4896  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
00:12:48.0044 4896  PerfHost - ok
00:12:48.0094 4896  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
00:12:48.0244 4896  pla - ok
00:12:48.0288 4896  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
00:12:48.0395 4896  PlugPlay - ok
00:12:48.0418 4896  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
00:12:48.0523 4896  PNRPAutoReg - ok
00:12:48.0544 4896  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
00:12:48.0618 4896  PNRPsvc - ok
00:12:48.0656 4896  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
00:12:48.0800 4896  PolicyAgent - ok
00:12:48.0828 4896  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
00:12:48.0936 4896  Power - ok
00:12:48.0974 4896  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
00:12:49.0095 4896  PptpMiniport - ok
00:12:49.0109 4896  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
00:12:49.0195 4896  Processor - ok
00:12:49.0226 4896  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
00:12:49.0322 4896  ProfSvc - ok
00:12:49.0335 4896  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
00:12:49.0387 4896  ProtectedStorage - ok
00:12:49.0424 4896  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
00:12:49.0575 4896  Psched - ok
00:12:49.0608 4896  [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
00:12:49.0659 4896  PxHlpa64 - ok
00:12:49.0707 4896  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
00:12:49.0760 4896  ql2300 - ok
00:12:49.0772 4896  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
00:12:49.0785 4896  ql40xx - ok
00:12:49.0807 4896  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
00:12:49.0913 4896  QWAVE - ok
00:12:49.0920 4896  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
00:12:50.0017 4896  QWAVEdrv - ok
00:12:50.0033 4896  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
00:12:50.0107 4896  RasAcd - ok
00:12:50.0125 4896  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
00:12:50.0209 4896  RasAgileVpn - ok
00:12:50.0225 4896  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
00:12:50.0340 4896  RasAuto - ok
00:12:50.0374 4896  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
00:12:50.0526 4896  Rasl2tp - ok
00:12:50.0570 4896  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
00:12:50.0698 4896  RasMan - ok
00:12:50.0749 4896  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
00:12:50.0862 4896  RasPppoe - ok
00:12:50.0875 4896  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
00:12:51.0017 4896  RasSstp - ok
00:12:51.0044 4896  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
00:12:51.0160 4896  rdbss - ok
00:12:51.0175 4896  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
00:12:51.0263 4896  rdpbus - ok
00:12:51.0278 4896  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
00:12:51.0414 4896  RDPCDD - ok
00:12:51.0432 4896  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
00:12:51.0552 4896  RDPENCDD - ok
00:12:51.0570 4896  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
00:12:51.0663 4896  RDPREFMP - ok
00:12:51.0692 4896  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
00:12:51.0786 4896  RDPWD - ok
00:12:51.0818 4896  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
00:12:51.0833 4896  rdyboost - ok
00:12:51.0858 4896  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
00:12:51.0976 4896  RemoteAccess - ok
00:12:52.0001 4896  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
00:12:52.0141 4896  RemoteRegistry - ok
00:12:52.0225 4896  [ 05FC44D32A144925EAE45570029FD6E1 ] RoxMediaDB10    c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
00:12:52.0316 4896  RoxMediaDB10 - ok
00:12:52.0348 4896  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
00:12:52.0476 4896  RpcEptMapper - ok
00:12:52.0497 4896  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
00:12:52.0588 4896  RpcLocator - ok
00:12:52.0612 4896  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
00:12:52.0711 4896  RpcSs - ok
00:12:52.0734 4896  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
00:12:52.0875 4896  rspndr - ok
00:12:52.0908 4896  [ 2DB8116D52B19216812C4E6D5D837810 ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
00:12:52.0971 4896  RSUSBSTOR - ok
00:12:53.0003 4896  [ BAEFEE35D27A5440D35092CE10267BEC ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
00:12:53.0067 4896  RTL8167 - ok
00:12:53.0070 4896  RxFilter - ok
00:12:53.0074 4896  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
00:12:53.0131 4896  SamSs - ok
00:12:53.0285 4896  [ 99FC1599F89A80216E41175B8CA44D89 ] SBAMSvc         C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
00:12:53.0429 4896  SBAMSvc - ok
00:12:53.0462 4896  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
00:12:53.0474 4896  sbp2port - ok
00:12:53.0490 4896  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
00:12:53.0577 4896  SCardSvr - ok
00:12:53.0603 4896  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
00:12:53.0759 4896  scfilter - ok
00:12:53.0791 4896  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
00:12:53.0896 4896  Schedule - ok
00:12:53.0922 4896  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
00:12:54.0053 4896  SCPolicySvc - ok
00:12:54.0078 4896  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
00:12:54.0187 4896  SDRSVC - ok
00:12:54.0225 4896  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
00:12:54.0377 4896  secdrv - ok
00:12:54.0397 4896  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
00:12:54.0476 4896  seclogon - ok
00:12:54.0487 4896  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
00:12:54.0569 4896  SENS - ok
00:12:54.0587 4896  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
00:12:54.0678 4896  SensrSvc - ok
00:12:54.0701 4896  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
00:12:54.0781 4896  Serenum - ok
00:12:54.0804 4896  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
00:12:54.0850 4896  Serial - ok
00:12:54.0869 4896  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
00:12:54.0956 4896  sermouse - ok
00:12:54.0981 4896  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
00:12:55.0133 4896  SessionEnv - ok
00:12:55.0151 4896  SessionLauncher - ok
00:12:55.0202 4896  [ E6ED35BE01496F02ED7BE8A79C677F87 ] SfCtlCom        c:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
00:12:55.0224 4896  SfCtlCom - ok
00:12:55.0257 4896  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
00:12:55.0336 4896  sffdisk - ok
00:12:55.0353 4896  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
00:12:55.0438 4896  sffp_mmc - ok
00:12:55.0453 4896  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
00:12:55.0542 4896  sffp_sd - ok
00:12:55.0574 4896  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
00:12:55.0666 4896  sfloppy - ok
00:12:55.0714 4896  [ DBEB7C353FB71E7D8B9ABCE62D93D590 ] SftService      C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
00:12:55.0740 4896  SftService - ok
00:12:55.0774 4896  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
00:12:55.0855 4896  SharedAccess - ok
00:12:55.0882 4896  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
00:12:56.0014 4896  ShellHWDetection - ok
00:12:56.0040 4896  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
00:12:56.0051 4896  SiSRaid2 - ok
00:12:56.0059 4896  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
00:12:56.0072 4896  SiSRaid4 - ok
00:12:56.0089 4896  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
00:12:56.0185 4896  Smb - ok
00:12:56.0225 4896  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
00:12:56.0307 4896  SNMPTRAP - ok
00:12:56.0313 4896  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
00:12:56.0323 4896  spldr - ok
00:12:56.0360 4896  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
00:12:56.0434 4896  Spooler - ok
00:12:56.0511 4896  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
00:12:56.0734 4896  sppsvc - ok
00:12:56.0747 4896  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
00:12:56.0893 4896  sppuinotify - ok
00:12:56.0939 4896  [ D630B6F2E8379B6F10DC16E82A426552 ] sprtsvc_DellSupportCenter C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
00:12:56.0950 4896  sprtsvc_DellSupportCenter - ok
00:12:56.0982 4896  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
00:12:57.0087 4896  srv - ok
00:12:57.0114 4896  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
00:12:57.0210 4896  srv2 - ok
00:12:57.0226 4896  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
00:12:57.0312 4896  srvnet - ok
00:12:57.0339 4896  [ 866F8212EF7E75BAC8BCA03331E30CB4 ] ssadbus         C:\Windows\system32\DRIVERS\ssadbus.sys
00:12:57.0446 4896  ssadbus - ok
00:12:57.0478 4896  [ 73E2BA39E7EB024DC686412E2E924A74 ] ssadmdfl        C:\Windows\system32\DRIVERS\ssadmdfl.sys
00:12:57.0580 4896  ssadmdfl - ok
00:12:57.0603 4896  [ 74B032D6C1E36AE2F790752FDE8CE055 ] ssadmdm         C:\Windows\system32\DRIVERS\ssadmdm.sys
00:12:57.0712 4896  ssadmdm - ok
00:12:57.0735 4896  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
00:12:57.0884 4896  SSDPSRV - ok
00:12:57.0900 4896  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
00:12:58.0000 4896  SstpSvc - ok
00:12:58.0026 4896  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
00:12:58.0037 4896  stexstor - ok
00:12:58.0078 4896  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
00:12:58.0231 4896  stisvc - ok
00:12:58.0262 4896  [ FF5EB78AF7DFB68C2FB363537AAF753E ] stllssvr        c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
00:12:58.0271 4896  stllssvr - ok
00:12:58.0290 4896  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
00:12:58.0301 4896  swenum - ok
00:12:58.0321 4896  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
00:12:58.0451 4896  swprv - ok
00:12:58.0526 4896  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
00:12:58.0669 4896  SysMain - ok
00:12:58.0691 4896  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
00:12:58.0799 4896  TabletInputService - ok
00:12:58.0815 4896  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
00:12:58.0966 4896  TapiSrv - ok
00:12:58.0977 4896  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
00:12:59.0051 4896  TBS - ok
00:12:59.0109 4896  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
00:12:59.0190 4896  Tcpip - ok
00:12:59.0237 4896  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
00:12:59.0278 4896  TCPIP6 - ok
00:12:59.0304 4896  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
00:12:59.0387 4896  tcpipreg - ok
00:12:59.0411 4896  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
00:12:59.0515 4896  TDPIPE - ok
00:12:59.0539 4896  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
00:12:59.0646 4896  TDTCP - ok
00:12:59.0687 4896  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
00:12:59.0806 4896  tdx - ok
00:12:59.0831 4896  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
00:12:59.0843 4896  TermDD - ok
00:12:59.0880 4896  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
00:13:00.0038 4896  TermService - ok
00:13:00.0066 4896  [ CE4B6956E4E12492715A53076E58761F ] TFsExDisk       C:\Windows\System32\Drivers\TFsExDisk.sys
00:13:00.0115 4896  TFsExDisk - ok
00:13:00.0131 4896  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
00:13:00.0246 4896  Themes - ok
00:13:00.0262 4896  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
00:13:00.0337 4896  THREADORDER - ok
00:13:00.0395 4896  [ 8AEE64FBCE15F673DD235B8B71527834 ] TMBMServer      c:\Program Files\Trend Micro\BM\TMBMSRV.exe
00:13:00.0422 4896  TMBMServer - ok
00:13:00.0461 4896  [ B58ABB45275E4257CB70F7BC01BBC799 ] tmlwf           C:\Windows\system32\DRIVERS\tmlwf.sys
00:13:00.0521 4896  tmlwf - ok
00:13:00.0565 4896  [ C4A578C20726F127FE2D8CDDE7D461FB ] TmPfw           c:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
00:13:00.0623 4896  TmPfw - ok
00:13:00.0653 4896  [ 803EE35DF92815EA5D41CEE7410C8CC1 ] tmpreflt        C:\Windows\system32\DRIVERS\tmpreflt.sys
00:13:00.0662 4896  tmpreflt - ok
00:13:00.0704 4896  [ 8C9EC10E855C47CAA55C8308259C10ED ] tmproxy         c:\Program Files\Trend Micro\Internet Security\TmProxy.exe
00:13:00.0734 4896  tmproxy - ok
00:13:00.0766 4896  [ F7311129A02A7579226B641B94F402E6 ] tmtdi           C:\Windows\system32\DRIVERS\tmtdi.sys
00:13:00.0778 4896  tmtdi - ok
00:13:00.0811 4896  [ 45B1F8C658CBC23C57E8C8C4A4B56450 ] tmwfp           C:\Windows\system32\DRIVERS\tmwfp.sys
00:13:00.0822 4896  tmwfp - ok
00:13:00.0880 4896  [ 9BD32132A3470CEFB3CBEA5FA492BD6F ] tmxpflt         C:\Windows\system32\DRIVERS\tmxpflt.sys
00:13:00.0893 4896  tmxpflt - ok
00:13:00.0942 4896  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
00:13:01.0043 4896  TrkWks - ok
00:13:01.0106 4896  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
00:13:01.0235 4896  TrustedInstaller - ok
00:13:01.0257 4896  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
00:13:01.0364 4896  tssecsrv - ok
00:13:01.0414 4896  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
00:13:01.0494 4896  TsUsbFlt - ok
00:13:01.0533 4896  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
00:13:01.0651 4896  tunnel - ok
00:13:01.0675 4896  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
00:13:01.0687 4896  uagp35 - ok
00:13:01.0721 4896  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
00:13:01.0836 4896  udfs - ok
00:13:01.0854 4896  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
00:13:01.0912 4896  UI0Detect - ok
00:13:01.0939 4896  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
00:13:01.0953 4896  uliagpkx - ok
00:13:01.0977 4896  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
00:13:02.0071 4896  umbus - ok
00:13:02.0082 4896  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
00:13:02.0183 4896  UmPass - ok
00:13:02.0202 4896  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
00:13:02.0360 4896  upnphost - ok
00:13:02.0375 4896  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
00:13:02.0492 4896  usbccgp - ok
00:13:02.0516 4896  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
00:13:02.0581 4896  usbcir - ok
00:13:02.0595 4896  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
00:13:02.0646 4896  usbehci - ok
00:13:02.0663 4896  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
00:13:02.0720 4896  usbhub - ok
00:13:02.0730 4896  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
00:13:02.0806 4896  usbohci - ok
00:13:02.0820 4896  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
00:13:02.0937 4896  usbprint - ok
00:13:02.0951 4896  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:13:03.0035 4896  USBSTOR - ok
00:13:03.0039 4896  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
00:13:03.0133 4896  usbuhci - ok
00:13:03.0147 4896  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
00:13:03.0261 4896  UxSms - ok
00:13:03.0277 4896  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
00:13:03.0329 4896  VaultSvc - ok
00:13:03.0351 4896  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
00:13:03.0362 4896  vdrvroot - ok
00:13:03.0389 4896  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
00:13:03.0537 4896  vds - ok
00:13:03.0540 4896  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
00:13:03.0597 4896  vga - ok
00:13:03.0600 4896  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
00:13:03.0721 4896  VgaSave - ok
00:13:03.0750 4896  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
00:13:03.0773 4896  vhdmp - ok
00:13:03.0797 4896  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
00:13:03.0808 4896  viaide - ok
00:13:03.0823 4896  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
00:13:03.0835 4896  volmgr - ok
00:13:03.0870 4896  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
00:13:03.0899 4896  volmgrx - ok
00:13:03.0911 4896  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
00:13:03.0927 4896  volsnap - ok
00:13:03.0983 4896  [ B01CE1F5A44126892240D179A6DBD43F ] vsapint         C:\Windows\system32\DRIVERS\vsapint.sys
00:13:04.0082 4896  vsapint - ok
00:13:04.0111 4896  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
00:13:04.0125 4896  vsmraid - ok
00:13:04.0171 4896  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
00:13:04.0344 4896  VSS - ok
00:13:04.0362 4896  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
00:13:04.0480 4896  vwifibus - ok
00:13:04.0507 4896  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
00:13:04.0606 4896  W32Time - ok
00:13:04.0682 4896  [ B32009DB1972E7F2C227499289C4384A ] W3SVC           C:\Windows\system32\inetsrv\iisw3adm.dll
00:13:04.0791 4896  W3SVC - ok
00:13:04.0813 4896  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
00:13:04.0887 4896  WacomPen - ok
00:13:04.0918 4896  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
00:13:05.0045 4896  WANARP - ok
00:13:05.0056 4896  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
00:13:05.0139 4896  Wanarpv6 - ok
00:13:05.0164 4896  [ B32009DB1972E7F2C227499289C4384A ] WAS             C:\Windows\system32\inetsrv\iisw3adm.dll
00:13:05.0239 4896  WAS - ok
00:13:05.0305 4896  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
00:13:05.0377 4896  WatAdminSvc - ok
00:13:05.0418 4896  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
00:13:05.0527 4896  wbengine - ok
00:13:05.0555 4896  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
00:13:05.0660 4896  WbioSrvc - ok
00:13:05.0685 4896  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
00:13:05.0823 4896  wcncsvc - ok
00:13:05.0835 4896  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
00:13:05.0920 4896  WcsPlugInService - ok
00:13:05.0942 4896  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
00:13:05.0953 4896  Wd - ok
00:13:05.0988 4896  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
00:13:06.0023 4896  Wdf01000 - ok
00:13:06.0034 4896  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
00:13:06.0125 4896  WdiServiceHost - ok
00:13:06.0128 4896  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
00:13:06.0213 4896  WdiSystemHost - ok
00:13:06.0247 4896  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
00:13:06.0354 4896  WebClient - ok
00:13:06.0369 4896  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
00:13:06.0509 4896  Wecsvc - ok
00:13:06.0526 4896  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
00:13:06.0650 4896  wercplsupport - ok
00:13:06.0669 4896  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
00:13:06.0804 4896  WerSvc - ok
00:13:06.0826 4896  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
00:13:06.0928 4896  WfpLwf - ok
00:13:06.0956 4896  [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr         C:\Windows\system32\DRIVERS\wimfltr.sys
00:13:06.0969 4896  WimFltr - ok
00:13:06.0981 4896  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
00:13:06.0992 4896  WIMMount - ok
00:13:07.0002 4896  WinDefend - ok
00:13:07.0006 4896  WinHttpAutoProxySvc - ok
00:13:07.0053 4896  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
00:13:07.0135 4896  Winmgmt - ok
00:13:07.0209 4896  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
00:13:07.0361 4896  WinRM - ok
00:13:07.0417 4896  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
00:13:07.0501 4896  WinUsb - ok
00:13:07.0528 4896  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
00:13:07.0632 4896  Wlansvc - ok
00:13:07.0666 4896  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
00:13:07.0876 4896  WmiAcpi - ok
00:13:07.0887 4896  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
00:13:08.0078 4896  wmiApSrv - ok
00:13:08.0091 4896  WMPNetworkSvc - ok
00:13:08.0102 4896  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
00:13:08.0246 4896  WPCSvc - ok
00:13:08.0289 4896  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
00:13:08.0418 4896  WPDBusEnum - ok
00:13:08.0444 4896  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
00:13:08.0619 4896  ws2ifsl - ok
00:13:08.0628 4896  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
00:13:08.0713 4896  wscsvc - ok
00:13:08.0716 4896  WSearch - ok
00:13:08.0774 4896  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
00:13:08.0866 4896  wuauserv - ok
00:13:08.0886 4896  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
00:13:08.0969 4896  WudfPf - ok
00:13:08.0991 4896  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
00:13:09.0101 4896  wudfsvc - ok
00:13:09.0120 4896  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
00:13:09.0238 4896  WwanSvc - ok
00:13:09.0251 4896  ================ Scan global ===============================
00:13:09.0276 4896  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
00:13:09.0307 4896  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
00:13:09.0323 4896  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
00:13:09.0341 4896  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
00:13:09.0372 4896  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
00:13:09.0375 4896  [Global] - ok
00:13:09.0375 4896  ================ Scan MBR ==================================
00:13:09.0388 4896  [ 03FD8DB771253D88F17BBE2DF5008AFA ] \Device\Harddisk0\DR0
00:13:09.0388 4896  Suspicious mbr (Forged): \Device\Harddisk0\DR0
00:13:09.0448 4896  \Device\Harddisk0\DR0 ( Rootkit.Boot.Harbinger.a ) - infected
00:13:09.0448 4896  \Device\Harddisk0\DR0 - detected Rootkit.Boot.Harbinger.a (0)
00:13:09.0545 4896  ================ Scan VBR ==================================
00:13:09.0548 4896  [ 9F364C932D2CDBB13043F5419133095C ] \Device\Harddisk0\DR0\Partition1
00:13:09.0549 4896  \Device\Harddisk0\DR0\Partition1 - ok
00:13:09.0576 4896  [ E161187B42113CE832977BB9ED717F83 ] \Device\Harddisk0\DR0\Partition2
00:13:09.0577 4896  \Device\Harddisk0\DR0\Partition2 - ok
00:13:09.0577 4896  ============================================================
00:13:09.0577 4896  Scan finished
00:13:09.0578 4896  ============================================================
00:13:09.0586 2864  Detected object count: 6
00:13:09.0586 2864  Actual detected object count: 6
00:14:21.0746 2864  Akamai ( HiddenFile.Multi.Generic ) - skipped by user
00:14:21.0746 2864  Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
00:14:21.0748 2864  Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
00:14:21.0748 2864  Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:14:21.0749 2864  Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
00:14:21.0749 2864  Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:14:21.0750 2864  CTAudSvcService ( UnsignedFile.Multi.Generic ) - skipped by user
00:14:21.0750 2864  CTAudSvcService ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:14:21.0751 2864  DockLoginService ( UnsignedFile.Multi.Generic ) - skipped by user
00:14:21.0751 2864  DockLoginService ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:14:22.0155 2864  \Device\Harddisk0\DR0\# - copied to quarantine
00:14:22.0156 2864  \Device\Harddisk0\DR0 - copied to quarantine
00:14:22.0256 2864  \Device\Harddisk0\DR0 ( Rootkit.Boot.Harbinger.a ) - will be cured on reboot
00:14:22.0257 2864  \Device\Harddisk0\DR0 - ok
00:14:22.0264 2864  \Device\Harddisk0\DR0 ( Rootkit.Boot.Harbinger.a ) - User select action: Cure
00:14:25.0005 3624  Deinitialize success
 



#14 pryzthepenguin

pryzthepenguin
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:58 PM

Posted 23 April 2013 - 12:26 AM

I just searched rootkit.boot.harbinger.a   

 

and another fellow guy

 

said his computer had these symtoms

 

* The computer will play sound advertisments randomly even when no other programs are open.

 

* The computer takes about twice as long to boot up

 

* Computer programs will freeze randomly and the computer needs to be restarted to fix the program.

 

* The computer will randomly blue screen.

 

so maybe that was it?



#15 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 11,825 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bement, ILL
  • Local time:01:58 PM

Posted 23 April 2013 - 04:02 PM

How is the machine running now? Still getting the ads?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


un03.png

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users