Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected: Google search results keep redirecting


  • This topic is locked This topic is locked
17 replies to this topic

#1 laumh

laumh

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:04 PM

Posted 20 November 2011 - 05:07 PM

Hi there,
Running Windows 7 Home and noticed that Google search results in Firefox kept redirecting to some random site. The redirect site often goes via "get-answers-fast.com" or some other names. I've run Rkill and Malwarebytes, but it doesn't seem to find it. Also tried Stopzilla free edition, but that didn't find it either. This is driving me nuts! Please help!

I've also noticed now that when I leave the computer for a while, it shuts down and I get the 'Start Windows in Safe Mode' prompt. It used to just hibernate. I've tried adjusting the settings, but it doesn't stop shutting down. When I shut down normally, it's fine and I don't get the prompt. I don't know if these are related.

Thanks in advance!


DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_29
Run by Michael at 16:48:13 on 2011-11-20
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3884.1549 [GMT -5:00]
.
AV: McAfee VirusScan Enterprise *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee VirusScan Enterprise Antispyware Module *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe
C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mfeann.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
C:\Program Files (x86)\ASUS\AI Recovery\AIRecoveryRemind.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Runtime Software\DriveImage XML\dixml.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Windows Live\Toolbar\wltuser.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://asus.msn.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
mRun: [MDS_Menu] "C:\Program Files (x86)\Cyberlink\MediaShowEspresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\MediaShowEspresso" UpdateWithCreateOnce "Software\CyberLink\MediaShow Espresso\5.0"
mRun: [RemoteControl9] "C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\Cyberlink\PowerDVD9\Language\Language.exe"
mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [Boingo Wi-Fi] "C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk"
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup
mRun: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
mRun: [ShStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Michael\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{CA3DBCD4-516F-484A-8463-97443C55E751} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{CA3DBCD4-516F-484A-8463-97443C55E751}\2375942554831323 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{CA3DBCD4-516F-484A-8463-97443C55E751}\353303037702E45647131343 : DhcpNameServer = 192.168.1.101
TCP: Interfaces\{CA3DBCD4-516F-484A-8463-97443C55E751}\4656661657C647 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{CA3DBCD4-516F-484A-8463-97443C55E751}\54370727563737F625F69716C656 : DhcpNameServer = 4.2.2.2 4.2.2.1
TCP: Interfaces\{CA3DBCD4-516F-484A-8463-97443C55E751}\742796A7A7C69702055616B637 : DhcpNameServer = 10.1.10.1
TCP: Interfaces\{CA3DBCD4-516F-484A-8463-97443C55E751}\751627E696E676 : DhcpNameServer = 10.0.0.10 10.0.0.11 10.0.0.12
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll C:\PROGRA~2\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO-X64: Search Helper - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
BHO-X64: Google Dictionary Compression sdch - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
mRun-x64: [MDS_Menu] "C:\Program Files (x86)\Cyberlink\MediaShowEspresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\MediaShowEspresso" UpdateWithCreateOnce "Software\CyberLink\MediaShow Espresso\5.0"
mRun-x64: [RemoteControl9] "C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe"
mRun-x64: [PDVD9LanguageShortcut] "C:\Program Files (x86)\Cyberlink\PowerDVD9\Language\Language.exe"
mRun-x64: [UpdatePSTShortCut] "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun-x64: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun-x64: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [Boingo Wi-Fi] "C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk"
mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup
mRun-x64: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
mRun-x64: [ShStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll C:\PROGRA~2\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ov3y1mmm.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Michael\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Users\Michael\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\Users\Michael\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Michael\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
P2 McShield;McAfee McShield;C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe [2010-1-6 180968]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
R2 McAfeeEngineService;McAfee Engine Service;C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe [2010-1-6 20792]
R2 McAfeeFramework;McAfee Framework Service;C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [2009-8-25 103744]
R2 McTaskManager;McAfee Task Manager;C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe [2010-1-6 66896]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\system32\mfevtps.exe --> C:\Windows\system32\mfevtps.exe [?]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-6-10 1800808]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-9-14 508264]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-6-10 2314240]
R3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]
R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\system32\DRIVERS\FLxHCIc.sys --> C:\Windows\system32\DRIVERS\FLxHCIc.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-9-14 219496]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-10 135664]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\system32\DRIVERS\FLxHCIh.sys --> C:\Windows\system32\DRIVERS\FLxHCIh.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2008-12-8 533344]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2010-10-31 30192]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-10 135664]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-8-6 118672]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-11-20 17:56:59 -------- d-----w- C:\Program Files (x86)\Runtime Software
2011-11-16 15:51:03 -------- d-----w- C:\Program Files (x86)\Common Files\iS3
2011-11-11 21:55:10 -------- d-sh--w- C:\$RECYCLE.BIN
2011-11-11 21:51:04 -------- d-----w- C:\ProgramData\STOPzilla!
2011-11-11 15:21:46 98816 ----a-w- C:\Windows\sed.exe
2011-11-11 15:21:46 518144 ----a-w- C:\Windows\SWREG.exe
2011-11-11 15:21:46 256000 ----a-w- C:\Windows\PEV.exe
2011-11-11 15:21:46 208896 ----a-w- C:\Windows\MBR.exe
2011-11-11 15:20:29 -------- d-----w- C:\ComboFix
2011-11-09 20:24:31 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-09 20:24:31 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-09 20:24:28 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-11-09 20:24:25 3144704 ----a-w- C:\Windows\System32\win32k.sys
2011-11-08 16:12:05 -------- d-----w- C:\Windows\CheckSur
2011-11-08 03:36:31 -------- d-----w- C:\Users\Michael\AppData\Local\Cyberlink
2011-11-07 06:26:39 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-11-04 21:36:50 -------- d-----w- C:\Users\Michael\AppData\Roaming\Malwarebytes
2011-11-04 21:36:40 -------- d-----w- C:\ProgramData\Malwarebytes
2011-11-04 21:36:33 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-10-25 19:35:08 6144 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2011-10-25 19:35:08 6144 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
2011-10-23 04:45:50 -------- d-----w- C:\Users\Michael\AppData\Roaming\My The Lord of the Rings, The Rise of the Witch-king Files
.
==================== Find3M ====================
.
2011-11-20 17:32:08 45056 ----a-w- C:\Windows\System32\acovcnt.exe
2011-11-09 20:12:24 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-01 03:25:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-10-01 02:42:56 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-08-27 05:37:49 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2011-08-27 05:37:48 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-08-27 04:26:27 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-08-27 04:26:27 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
.
============= FINISH: 16:57:40.74 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:04 PM

Posted 23 November 2011 - 02:30 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 laumh

laumh
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:04 PM

Posted 23 November 2011 - 04:56 PM

Ran Combofix, it took a little while to complete, output is shown below. Google search is still affected. Computer runs a little slow on opening programs.


ComboFix 11-11-23.01 - Michael 11/23/2011 15:57:13.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3884.1990 [GMT -5:00]
Running from: c:\users\Michael\Desktop\ComboFix.exe
AV: McAfee VirusScan Enterprise *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: McAfee VirusScan Enterprise Antispyware Module *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
G:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-10-23 to 2011-11-23 )))))))))))))))))))))))))))))))
.
.
2011-11-23 21:30 . 2011-11-23 21:30 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-11-23 21:30 . 2011-11-23 21:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-20 17:56 . 2011-11-20 17:56 -------- d-----w- c:\program files (x86)\Runtime Software
2011-11-16 15:51 . 2011-11-16 15:51 -------- d-----w- c:\program files (x86)\Common Files\iS3
2011-11-11 21:51 . 2011-11-17 08:11 -------- d-----w- c:\programdata\STOPzilla!
2011-11-09 20:24 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 20:24 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 20:24 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 20:24 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys
2011-11-08 16:12 . 2011-11-08 16:12 -------- d-----w- c:\windows\CheckSur
2011-11-08 03:36 . 2011-11-08 03:36 -------- d-----w- c:\users\Michael\AppData\Local\Cyberlink
2011-11-07 06:27 . 2011-11-07 06:27 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-11-07 06:26 . 2011-10-03 10:06 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-11-04 21:36 . 2011-11-04 21:36 -------- d-----w- c:\users\Michael\AppData\Roaming\Malwarebytes
2011-11-04 21:36 . 2011-11-04 21:36 -------- d-----w- c:\programdata\Malwarebytes
2011-11-04 21:36 . 2011-11-07 00:49 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-04 20:22 . 2011-11-04 20:23 -------- d-----w- c:\users\Michael\AppData\Roaming\Download Manager
2011-10-25 19:35 . 2011-08-13 05:27 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-10-25 19:35 . 2011-08-13 04:18 6144 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll
2011-10-25 07:04 . 2011-10-25 07:04 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-20 17:32 . 2010-11-07 21:39 45056 ----a-w- c:\windows\system32\acovcnt.exe
2011-11-09 20:12 . 2011-10-05 04:22 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-01 03:25 . 2011-10-13 03:54 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-01 02:42 . 2011-10-13 03:54 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-08-27 05:37 . 2011-10-13 03:54 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-27 05:37 . 2011-10-13 03:54 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-08-27 04:26 . 2011-10-13 03:54 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-08-27 04:26 . 2011-10-13 03:54 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-11_16.24.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-11-20 06:30 . 2011-11-20 06:30 13342 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2011-11-10 19:41 . 2011-11-10 19:41 13342 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2009-07-14 04:54 . 2011-11-11 13:59 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-11-23 15:55 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-11-11 13:59 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-23 15:55 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-23 15:55 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-11 13:59 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-06-10 19:21 . 2011-11-20 17:33 42686 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2010-08-12 14:39 . 2011-11-14 09:15 18962 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2009-07-14 05:10 . 2011-11-23 15:57 32304 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-06-11 03:36 . 2011-11-23 16:04 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-06-11 03:36 . 2011-11-11 15:50 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-06-11 03:36 . 2011-11-23 16:04 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-06-11 03:36 . 2011-11-11 15:50 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-23 16:04 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-11 15:50 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-08 19:46 . 2011-11-23 15:54 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-09-08 19:46 . 2011-11-11 13:58 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2011-11-23 15:58 94000 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2010-09-08 19:46 . 2011-11-23 15:54 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-09-08 19:46 . 2011-11-11 13:58 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-09-08 19:46 . 2011-11-23 15:54 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-09-08 19:46 . 2011-11-11 13:58 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-08-12 02:39 . 2011-11-23 21:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-08-12 02:39 . 2011-11-11 16:22 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-08-12 02:39 . 2011-11-23 21:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-08-12 02:39 . 2011-11-11 16:22 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-11-13 08:55 . 2010-03-18 17:16 87408 c:\windows\Microsoft.NET\Framework64\v4.0.30319\GAC20895\WindowsFormsIntegration.dll
+ 2011-11-13 08:55 . 2010-03-18 17:16 93024 c:\windows\Microsoft.NET\Framework64\v4.0.30319\GAC20895\UIAutomationTypes.dll
+ 2011-11-13 08:55 . 2010-03-18 17:16 35688 c:\windows\Microsoft.NET\Framework64\v4.0.30319\GAC20895\UIAutomationProvider.dll
+ 2011-11-13 08:55 . 2011-04-06 20:48 11120 c:\windows\Microsoft.NET\Framework64\v4.0.30319\GAC20895\System.Xml.Serialization.dll
+ 2011-11-13 08:55 . 2010-03-18 17:16 17784 c:\windows\Microsoft.NET\Framework64\v4.0.30319\GAC20895\System.Windows.Presentation.dll
+ 2011-11-13 08:55 . 2010-03-18 17:16 58240 c:\windows\Microsoft.NET\Framework64\v4.0.30319\GAC20895\System.Windows.Input.Manipulations.dll
+ 2011-11-13 08:55 . 2010-03-18 17:16 44920 c:\windows\Microsoft.NET\Framework64\v4.0.30319\GAC20895\System.Web.ApplicationServices.dll
+ 2011-11-13 08:55 . 2010-03-18 17:16 37240 c:\windows\Microsoft.NET\Framework64\v4.0.30319\GAC20895\System.ServiceModel.Channels.dll
+ 2011-11-13 08:55 . 2010-03-18 17:16 64352 c:\windows\Microsoft.NET\Framework64\v4.0.30319\GAC20895\System.Numerics.dll
+ 2011-11-13 08:55 . 2010-03-18 17:16 51032 c:\windows\Microsoft.NET\Framework64\v4.0.30319\GAC20895\System.Device.dll
+ 2011-11-13 08:55 . 2010-03-18 17:16 50552 c:\windows\Microsoft.NET\Framework64\v4.0.30319\GAC20895\System.Data.DataSetExtensions.dll
+ 2011-11-13 08:55 . 2010-03-18 17:16 81784 c:\windows\Microsoft.NET\Framework64\v4.0.30319\GAC20895\System.Configuration.Install.dll
+ 2011-11-13 08:55 . 2010-03-18 17:16 81800 c:\windows\Microsoft.NET\Framework64\v4.0.30319\GAC20895\System.ComponentModel.DataAnnotations.dll
+ 2011-11-13 08:55 . 2010-03-18 17:16 39784 c:\windows\Microsoft.NET\Framework64\v4.0.30319\GAC20895\System.AddIn.Contract.dll
+ 2011-11-13 08:55 . 2010-03-18 17:16 68952 c:\windows\Microsoft.NET\Framework64\v4.0.30319\GAC20895\SMDiagnostics.dll
+ 2011-11-13 08:55 . 2010-03-18 17:16 62880 c:\windows\Microsoft.NET\Framework64\v4.0.30319\GAC20895\Microsoft.Windows.ApplicationServer.Applications.dll
+ 2011-11-13 08:55 . 2010-03-18 17:16 12128 c:\windows\Microsoft.NET\Framework64\v4.0.30319\GAC20895\Microsoft.VisualC.Dll
+ 2011-11-13 08:55 . 2010-03-18 17:16 97680 c:\windows\Microsoft.NET\Framework64\v4.0.30319\GAC20895\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2011-11-13 08:54 . 2010-03-18 18:27 94552 c:\windows\Microsoft.NET\Framework64\v4.0.30319\GAC20895\ISymWrapper.dll
+ 2011-11-13 08:55 . 2010-03-18 18:27 91488 c:\windows\Microsoft.NET\Framework64\v4.0.30319\GAC20895\CustomMarshalers.dll
+ 2011-11-13 08:55 . 2010-03-18 17:16 17240 c:\windows\Microsoft.NET\Framework64\v4.0.30319\GAC20895\Accessibility.dll
+ 2011-11-13 08:54 . 2010-03-18 17:16 87408 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC11120\WindowsFormsIntegration.dll
+ 2011-11-13 08:54 . 2010-03-18 17:16 93024 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC11120\UIAutomationTypes.dll
+ 2011-11-13 08:54 . 2010-03-18 17:16 35688 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC11120\UIAutomationProvider.dll
+ 2011-11-13 08:55 . 2011-04-06 20:48 11120 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC11120\System.Xml.Serialization.dll
+ 2011-11-13 08:54 . 2010-03-18 17:16 17784 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC11120\System.Windows.Presentation.dll
+ 2011-11-13 08:54 . 2010-03-18 17:16 58240 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC11120\System.Windows.Input.Manipulations.dll
+ 2011-11-13 08:54 . 2010-03-18 17:16 44920 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC11120\System.Web.ApplicationServices.dll
+ 2011-11-13 08:54 . 2010-03-18 17:16 37240 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC11120\System.ServiceModel.Channels.dll
+ 2011-11-13 08:54 . 2010-03-18 17:16 64352 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC11120\System.Numerics.dll
+ 2011-11-13 08:54 . 2010-03-18 17:16 51032 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC11120\System.Device.dll
+ 2011-11-13 08:54 . 2010-03-18 17:16 50552 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC11120\System.Data.DataSetExtensions.dll
+ 2011-11-13 08:54 . 2010-03-18 17:16 81784 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC11120\System.Configuration.Install.dll
+ 2011-11-13 08:54 . 2010-03-18 17:16 81800 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC11120\System.ComponentModel.DataAnnotations.dll
+ 2011-11-13 08:54 . 2010-03-18 17:16 39784 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC11120\System.AddIn.Contract.dll
+ 2011-11-13 08:54 . 2010-03-18 17:16 68952 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC11120\SMDiagnostics.dll
+ 2011-11-13 08:54 . 2010-03-18 17:16 62880 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC11120\Microsoft.Windows.ApplicationServer.Applications.dll
+ 2011-11-13 08:54 . 2010-03-18 17:16 12128 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC11120\Microsoft.VisualC.Dll
+ 2011-11-13 08:54 . 2010-03-18 17:16 97680 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC11120\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2011-11-13 08:54 . 2010-03-18 17:16 78168 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC11120\ISymWrapper.dll
+ 2011-11-13 08:54 . 2010-03-18 17:16 81248 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC11120\CustomMarshalers.dll
+ 2011-11-13 08:54 . 2010-03-18 17:16 17240 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC11120\Accessibility.dll
+ 2011-11-14 07:59 . 2011-11-14 07:59 7744 c:\windows\system32\wdi\{a0d86e0d-3f06-411b-9dd5-35bc5666ff3e}.bin
+ 2010-08-12 02:39 . 2011-11-23 15:57 9232 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4267879684-2828950402-1490376751-1001_UserData.bin
- 2011-11-10 19:42 . 2011-11-11 13:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-20 17:31 . 2011-11-23 15:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-20 17:31 . 2011-11-23 15:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-11-10 19:42 . 2011-11-11 13:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-08-11 15:42 . 2011-11-22 18:48 352940 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2011-11-23 16:09 631902 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-11-23 16:09 109730 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2011-11-20 06:30 474208 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-11-10 19:41 474208 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-11-13 08:55 . 2010-03-18 17:16 350592 c:\windows\Microsoft.NET\Framework64\v4.0.30319\GAC20895\UIAutomationClientsideProviders.dll
+ 2011-11-13 08:55 . 2010-03-18 17:16 163168 c:\windows\Microsoft.NET\Framework64\v4.0.30319\GAC20895\UIAutomationClient.dll
+ 2011-11-13 08:55 . 2010-03-18 17:16 138592 c:\windows\Microsoft.NET\Framework64\v4.0.30319\GAC20895\System.Xml.Linq.dll
+ 2011-11-13 08:55 . 2010-03-18 17:16 699224 c:\windows\Microsoft.NET\Framework64\v4.0.30319\GAC20895\System.Xaml.dll
+ 2011-11-13 08:55 . 2010-03-18 17:16 857960 c:\windows\Microsoft.NET\Framework64\v4.0.30319\GAC20895\System.Web.Services.dll
+ 2011-11-13 08:55 . 2010-03-18 18:27 288616 c:\windows\Microsoft.NET\Framework64\v4.0.30319\GAC20895\System.Transactions.dll
+ 2011-11-13 08:55 . 2010-03-18 17:16 675672 c:\windows\Microsoft.NET\Framework64\v4.0.30319\GAC20895\System.Speech.dll
+ 2011-11-13 08:55 . 2010-03-18 17:16 113512 c:\windows\Microsoft.NET\Framework64\v4.0.30319\GAC20895\System.ServiceProcess.dll
+ 2011-11-13 08:55 . 2010-03-18 17:16 129912 c:\windows\Microsoft.NET\Framework64\v4.0.30319\GAC20895\System.ServiceModel.Routing.dll
+ 2011-11-13 08:55 . 2010-03-18 17:16 390008 c:\windows\Microsoft.NET\Framework64\v4.0.30319\GAC20895\System.ServiceModel.Discovery.dll
+ 2011-11-13 08:55 . 2010-03-18 17:16 505208 c:\windows\Microsoft.NET\Framework64\v4.0.30319\GAC20895\System.ServiceModel.Activities.dll
+ 2011-11-13 08:55 . 2010-03-18 17:16 261472 c:\windows\Microsoft.NET\Framework64\v4.0.30319\GAC20895\System.Security.dll
+ 2011-11-13 08:55 . 2010-03-18 17:16 122264 c:\windows\Microsoft.NET\Framework64\v4.0.30319\GAC20895\System.Runtime.Serialization.Formatters.Soap.dll
+ 2011-11-13 08:55 . 2010-03-18 17:16 291184 c:\windows\Microsoft.NET\Framework64\v4.0.30319\GAC20895\System.Runtime.Remoting.dll
+ 2011-11-13 08:55 . 2010-03-18 17:16 349568 c:\windows\Microsoft.NET\Framework64\v4.0.30319\GAC20895\System.Runtime.DurableInstancing.dll
+ 2011-11-13 08:55 . 2010-03-18 18:27 335712 c:\windows\Microsoft.NET\Framework64\v4.0.30319\GAC20895\System.Printing.dll
+ 2011-11-13 08:55 . 2011-04-06 20:48 236880 c:\windows\Microsoft.NET\Framework64\v4.0.30319\GAC20895\System.Net.dll
+ 2011-11-13 08:55 . 2010-03-18 17:16 253280 c:\windows\Microsoft.NET\Framework64\v4.0.30319\GAC20895\System.Messaging.dll
+ 2011-11-13 08:55 . 2010-03-18 17:16 134528 c:\windows\Microsoft.NET\Framework64\v4.0.30319\GAC20895\System.Management.Instrumentation.dll
+ 2011-11-13 08:55 . 2010-03-18 17:16 378720 c:\windows\Microsoft.NET\Framework64\v4.0.30319\GAC20895\System.Management.dll
+ 2011-11-13 08:55 . 2010-03-18 17:16 123736 c:\windows\Microsoft.NET\Framework64\v4.0.30319\GAC20895\System.IO.Log.dll
+ 2011-11-13 08:55 . 2010-03-18 17:16 125816 c:\windows\Microsoft.NET\Framework64\v4.0.30319\GAC20895\System.IdentityModel.Selectors.dll
+ 2011-11-13 08:55 . 2010-03-18 17:16 392552 c:\windows\Microsoft.NET\Framework64\v4.0.30319\GAC20895\System.IdentityModel.dll
+ 2011-11-13 08:54 . 2010-03-18 09:46 125440 c:\windows\Microsoft.NET\Framework64\v4.0.30319\GAC20895\System.EnterpriseServices.Wrapper.dll
+ 2011-11-13 08:54 . 2010-03-18 18:27 237424 c:\windows\Microsoft.NET\Framework64\v4.0.30319\GAC20895\System.EnterpriseServices.dll
+ 2011-11-13 08:55 . 2010-03-18 17:16 120152 c:\windows\Microsoft.NET\Framework64\v4.0.30319\GAC20895\System.Dynamic.dll
+ 2011-11-13 08:55 . 2010-03-18 17:16 607064 c:\windows\Microsoft.NET\Framework64\v4.0.30319\GAC20895\System.Drawing.dll
+ 2011-11-13 08:55 . 2010-03-18 17:16 182144 c:\windows\Microsoft.NET\Framework64\v4.0.30319\GAC20895\System.DirectoryServices.Protocols.dll
+ 2011-11-13 08:55 . 2010-03-18 17:16 395120 c:\windows\Microsoft.NET\Framework64\v4.0.30319\GAC20895\System.DirectoryServices.dll
+ 2011-11-13 08:55 . 2010-03-18 17:16 285072 c:\windows\Microsoft.NET\Framework64\v4.0.30319\GAC20895\System.DirectoryServices.AccountManagement.dll
+ 2011-11-13 08:55 . 2010-03-18 17:16 829280 c:\windows\Microsoft.NET\Framework64\v4.0.30319\GAC20895\System.Deployment.dll
+ 2011-11-13 08:55 . 2010-03-18 17:16 747360 c:\windows\Microsoft.NET\Framework64\v4.0.30319\GAC20895\System.Data.SqlXml.dll
+ 2011-11-13 08:55 . 2010-03-18 17:16 436600 c:\windows\Microsoft.NET\Framework64\v4.0.30319\GAC20895\System.Data.Services.Client.dll
+ 2011-11-13 08:55 . 2010-03-18 17:16 683872 c:\windows\Microsoft.NET\Framework64\v4.0.30319\GAC20895\System.Data.Linq.dll
+ 2011-11-13 08:55 . 2010-03-18 17:16 409448 c:\windows\Microsoft.NET\Framework64\v4.0.30319\GAC20895\System.configuration.dll
+ 2011-11-13 08:55 . 2010-03-18 17:16 210816 c:\windows\Microsoft.NET\Framework64\v4.0.30319\GAC20895\System.ComponentModel.Composition.dll
+ 2011-11-13 08:55 . 2010-03-18 17:16 149848 c:\windows\Microsoft.NET\Framework64\v4.0.30319\GAC20895\System.AddIn.dll
+ 2011-11-13 08:55 . 2010-03-18 17:16 122248 c:\windows\Microsoft.NET\Framework64\v4.0.30319\GAC20895\System.Activities.DurableInstancing.dll
+ 2011-11-13 08:55 . 2010-03-18 17:16 525704 c:\windows\Microsoft.NET\Framework64\v4.0.30319\GAC20895\System.Activities.Core.Presentation.dll
+ 2011-11-13 08:55 . 2010-03-18 17:16 112976 c:\windows\Microsoft.NET\Framework64\v4.0.30319\GAC20895\sysglobl.dll
+ 2011-11-13 08:55 . 2010-03-18 17:16 581464 c:\windows\Microsoft.NET\Framework64\v4.0.30319\GAC20895\ReachFramework.dll
+ 2011-11-13 08:55 . 2010-03-18 17:16 832856 c:\windows\Microsoft.NET\Framework64\v4.0.30319\GAC20895\PresentationUI.dll
+ 2011-11-13 08:55 . 2010-03-18 17:16 194424 c:\windows\Microsoft.NET\Framework64\v4.0.30319\GAC20895\PresentationFramework.Royale.dll
+ 2011-11-13 08:55 . 2010-03-18 17:16 478576 c:\windows\Microsoft.NET\Framework64\v4.0.30319\GAC20895\PresentationFramework.Luna.dll
+ 2011-11-13 08:55 . 2010-03-18 17:16 167288 c:\windows\Microsoft.NET\Framework64\v4.0.30319\GAC20895\PresentationFramework.Classic.dll
+ 2011-11-13 08:55 . 2010-03-18 17:16 232304 c:\windows\Microsoft.NET\Framework64\v4.0.30319\GAC20895\PresentationFramework.Aero.dll
+ 2011-11-13 08:55 . 2010-03-18 17:16 661352 c:\windows\Microsoft.NET\Framework64\v4.0.30319\GAC20895\Microsoft.VisualBasic.dll
+ 2011-11-13 08:55 . 2010-03-18 17:16 349576 c:\windows\Microsoft.NET\Framework64\v4.0.30319\GAC20895\Microsoft.VisualBasic.Compatibility.dll
+ 2011-11-13 08:55 . 2010-03-18 18:27 187776 c:\windows\Microsoft.NET\Framework64\v4.0.30319\GAC20895\Microsoft.Transactions.Bridge.Dtc.dll
+ 2011-11-13 08:55 . 2010-03-18 17:16 387960 c:\windows\Microsoft.NET\Framework64\v4.0.30319\GAC20895\Microsoft.Transactions.Bridge.dll
+ 2011-11-13 08:55 . 2010-03-18 17:16 746336 c:\windows\Microsoft.NET\Framework64\v4.0.30319\GAC20895\Microsoft.JScript.dll
+ 2011-11-13 08:54 . 2010-03-18 17:16 505184 c:\windows\Microsoft.NET\Framework64\v4.0.30319\GAC20895\Microsoft.CSharp.dll
+ 2011-11-13 08:54 . 2010-03-18 17:16 350592 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC11120\UIAutomationClientsideProviders.dll
+ 2011-11-13 08:54 . 2010-03-18 17:16 163168 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC11120\UIAutomationClient.dll
+ 2011-11-13 08:54 . 2010-03-18 17:16 138592 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC11120\System.Xml.Linq.dll
+ 2011-11-13 08:54 . 2010-03-18 17:16 699224 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC11120\System.Xaml.dll
+ 2011-11-13 08:54 . 2010-03-18 17:16 857960 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC11120\System.Web.Services.dll
+ 2011-11-13 08:54 . 2010-03-18 17:16 269672 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC11120\System.Transactions.dll
+ 2011-11-13 08:54 . 2010-03-18 17:16 675672 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC11120\System.Speech.dll
+ 2011-11-13 08:54 . 2010-03-18 17:16 113512 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC11120\System.ServiceProcess.dll
+ 2011-11-13 08:54 . 2010-03-18 17:16 129912 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC11120\System.ServiceModel.Routing.dll
+ 2011-11-13 08:54 . 2010-03-18 17:16 390008 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC11120\System.ServiceModel.Discovery.dll
+ 2011-11-13 08:54 . 2010-03-18 17:16 505208 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC11120\System.ServiceModel.Activities.dll
+ 2011-11-13 08:54 . 2010-03-18 17:16 261472 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC11120\System.Security.dll
+ 2011-11-13 08:54 . 2010-03-18 17:16 122264 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC11120\System.Runtime.Serialization.Formatters.Soap.dll
+ 2011-11-13 08:54 . 2010-03-18 17:16 291184 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC11120\System.Runtime.Remoting.dll
+ 2011-11-13 08:54 . 2010-03-18 17:16 349568 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC11120\System.Runtime.DurableInstancing.dll
+ 2011-11-13 08:54 . 2010-03-18 17:16 334688 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC11120\System.Printing.dll
+ 2011-11-13 08:54 . 2011-04-06 20:48 236880 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC11120\System.Net.dll
+ 2011-11-13 08:54 . 2010-03-18 17:16 253280 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC11120\System.Messaging.dll
+ 2011-11-13 08:54 . 2010-03-18 17:16 134528 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC11120\System.Management.Instrumentation.dll
+ 2011-11-13 08:54 . 2010-03-18 17:16 378720 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC11120\System.Management.dll
+ 2011-11-13 08:54 . 2010-03-18 17:16 123736 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC11120\System.IO.Log.dll
+ 2011-11-13 08:54 . 2010-03-18 17:16 125816 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC11120\System.IdentityModel.Selectors.dll
+ 2011-11-13 08:54 . 2010-03-18 17:16 392552 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC11120\System.IdentityModel.dll
+ 2011-11-13 08:54 . 2010-03-18 04:51 109568 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC11120\System.EnterpriseServices.Wrapper.dll
+ 2011-11-13 08:54 . 2010-03-18 17:16 246128 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC11120\System.EnterpriseServices.dll
+ 2011-11-13 08:54 . 2010-03-18 17:16 120152 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC11120\System.Dynamic.dll
+ 2011-11-13 08:54 . 2010-03-18 17:16 607064 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC11120\System.Drawing.dll
+ 2011-11-13 08:54 . 2010-03-18 17:16 182144 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC11120\System.DirectoryServices.Protocols.dll
+ 2011-11-13 08:54 . 2010-03-18 17:16 395120 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC11120\System.DirectoryServices.dll
+ 2011-11-13 08:54 . 2010-03-18 17:16 285072 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC11120\System.DirectoryServices.AccountManagement.dll
+ 2011-11-13 08:54 . 2010-03-18 17:16 829280 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC11120\System.Deployment.dll
+ 2011-11-13 08:54 . 2010-03-18 17:16 747360 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC11120\System.Data.SqlXml.dll
+ 2011-11-13 08:54 . 2010-03-18 17:16 436600 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC11120\System.Data.Services.Client.dll
+ 2011-11-13 08:54 . 2010-03-18 17:16 683872 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC11120\System.Data.Linq.dll
+ 2011-11-13 08:54 . 2010-03-18 17:16 409448 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC11120\System.configuration.dll
+ 2011-11-13 08:54 . 2010-03-18 17:16 210816 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC11120\System.ComponentModel.Composition.dll
+ 2011-11-13 08:54 . 2010-03-18 17:16 149848 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC11120\System.AddIn.dll
+ 2011-11-13 08:54 . 2010-03-18 17:16 122248 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC11120\System.Activities.DurableInstancing.dll
+ 2011-11-13 08:54 . 2010-03-18 17:16 525704 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC11120\System.Activities.Core.Presentation.dll
+ 2011-11-13 08:54 . 2010-03-18 17:16 112976 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC11120\sysglobl.dll
+ 2011-11-13 08:54 . 2010-03-18 17:16 581464 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC11120\ReachFramework.dll
+ 2011-11-13 08:54 . 2010-03-18 17:16 832856 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC11120\PresentationUI.dll
+ 2011-11-13 08:54 . 2010-03-18 17:16 194424 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC11120\PresentationFramework.Royale.dll
+ 2011-11-13 08:54 . 2010-03-18 17:16 478576 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC11120\PresentationFramework.Luna.dll
+ 2011-11-13 08:54 . 2010-03-18 17:16 167288 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC11120\PresentationFramework.Classic.dll
+ 2011-11-13 08:54 . 2010-03-18 17:16 232304 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC11120\PresentationFramework.Aero.dll
+ 2011-11-13 08:54 . 2010-03-18 17:16 661352 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC11120\Microsoft.VisualBasic.dll
+ 2011-11-13 08:54 . 2010-03-18 17:16 349576 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC11120\Microsoft.VisualBasic.Compatibility.dll
+ 2011-11-13 08:54 . 2010-03-18 17:16 170368 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC11120\Microsoft.Transactions.Bridge.Dtc.dll
+ 2011-11-13 08:54 . 2010-03-18 17:16 387960 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC11120\Microsoft.Transactions.Bridge.dll
+ 2011-11-13 08:54 . 2010-03-18 17:16 746336 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC11120\Microsoft.JScript.dll
+ 2011-11-13 08:54 . 2010-03-18 17:16 505184 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC11120\Microsoft.CSharp.dll
+ 2009-07-14 04:45 . 2011-11-13 08:51 7112972 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2011-11-10 19:46 7112972 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2010-06-10 04:42 . 2011-11-20 06:30 2016408 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2010-06-10 04:42 . 2011-11-10 19:41 2016408 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-11-13 08:55 . 2011-04-06 20:48 1368920 c:\windows\Microsoft.NET\Framework64\v4.0.30319\GAC20895\WindowsBase.dll
+ 2011-11-13 08:55 . 2011-04-06 20:48 2207568 c:\windows\Microsoft.NET\Framework64\v4.0.30319\GAC20895\System.XML.dll
+ 2011-11-13 08:55 . 2011-04-12 19:11 5028200 c:\windows\Microsoft.NET\Framework64\v4.0.30319\GAC20895\System.Windows.Forms.dll
+ 2011-11-13 08:55 . 2010-03-18 17:16 1711496 c:\windows\Microsoft.NET\Framework64\v4.0.30319\GAC20895\System.Windows.Forms.DataVisualization.dll
+ 2011-11-13 08:55 . 2011-04-06 20:48 6097256 c:\windows\Microsoft.NET\Framework64\v4.0.30319\GAC20895\System.ServiceModel.dll
+ 2011-11-13 08:55 . 2010-03-18 17:16 1026936 c:\windows\Microsoft.NET\Framework64\v4.0.30319\GAC20895\System.Runtime.Serialization.dll
+ 2011-11-13 08:55 . 2011-04-28 12:48 3510600 c:\windows\Microsoft.NET\Framework64\v4.0.30319\GAC20895\System.dll
+ 2011-11-13 08:55 . 2010-03-18 17:16 4464480 c:\windows\Microsoft.NET\Framework64\v4.0.30319\GAC20895\System.Data.Entity.dll
+ 2011-11-13 08:55 . 2011-05-17 14:08 3116376 c:\windows\Microsoft.NET\Framework64\v4.0.30319\GAC20895\System.Data.dll
+ 2011-11-13 08:55 . 2011-04-06 20:48 1354584 c:\windows\Microsoft.NET\Framework64\v4.0.30319\GAC20895\System.Core.dll
+ 2011-11-13 08:55 . 2010-03-18 17:16 1462648 c:\windows\Microsoft.NET\Framework64\v4.0.30319\GAC20895\System.Activities.Presentation.dll
+ 2011-11-13 08:55 . 2010-03-18 17:16 1199968 c:\windows\Microsoft.NET\Framework64\v4.0.30319\GAC20895\System.Activities.dll
+ 2011-11-13 08:55 . 2011-04-06 20:48 6428520 c:\windows\Microsoft.NET\Framework64\v4.0.30319\GAC20895\PresentationFramework.dll
+ 2011-11-13 08:55 . 2011-04-06 21:45 3824480 c:\windows\Microsoft.NET\Framework64\v4.0.30319\GAC20895\PresentationCore.dll
+ 2011-11-13 08:54 . 2011-05-17 14:08 4967248 c:\windows\Microsoft.NET\Framework64\v4.0.30319\GAC20895\mscorlib.dll
+ 2011-11-13 08:55 . 2010-03-18 18:27 3563408 c:\windows\Microsoft.NET\Framework64\v4.0.30319\GAC20895\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2011-11-13 08:54 . 2011-04-06 20:48 1368920 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC11120\WindowsBase.dll
+ 2011-11-13 08:54 . 2011-04-06 20:48 2207568 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC11120\System.XML.dll
+ 2011-11-13 08:54 . 2011-04-12 19:11 5028200 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC11120\System.Windows.Forms.dll
+ 2011-11-13 08:54 . 2010-03-18 17:16 1711496 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC11120\System.Windows.Forms.DataVisualization.dll
+ 2011-11-13 08:54 . 2011-04-06 20:48 6097256 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC11120\System.ServiceModel.dll
+ 2011-11-13 08:54 . 2010-03-18 17:16 1026936 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC11120\System.Runtime.Serialization.dll
+ 2011-11-13 08:54 . 2011-04-28 12:48 3510600 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC11120\System.dll
+ 2011-11-13 08:54 . 2010-03-18 17:16 4464480 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC11120\System.Data.Entity.dll
+ 2011-11-13 08:54 . 2011-05-17 13:27 2975064 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC11120\System.Data.dll
+ 2011-11-13 08:54 . 2011-04-06 20:48 1354584 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC11120\System.Core.dll
+ 2011-11-13 08:54 . 2010-03-18 17:16 1462648 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC11120\System.Activities.Presentation.dll
+ 2011-11-13 08:54 . 2010-03-18 17:16 1199968 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC11120\System.Activities.dll
+ 2011-11-13 08:54 . 2011-04-06 20:48 6428520 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC11120\PresentationFramework.dll
+ 2011-11-13 08:54 . 2011-04-06 20:48 3788128 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC11120\PresentationCore.dll
+ 2011-11-13 08:54 . 2011-05-17 13:27 5197648 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC11120\mscorlib.dll
+ 2011-11-13 08:54 . 2010-03-18 17:16 2989456 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC11120\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2011-11-22 20:00 . 2011-11-22 20:00 7967232 c:\windows\Installer\1d0af4.msi
- 2009-07-14 02:34 . 2011-11-08 16:12 10747904 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2011-11-12 08:12 10747904 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2011-07-12 03:16 . 2011-11-20 06:30 26621484 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4267879684-2828950402-1490376751-1001-8192.dat
+ 2011-07-11 22:33 . 2011-07-11 22:33 23254016 c:\windows\Installer\596c3.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"MDS_Menu"="c:\program files (x86)\Cyberlink\MediaShowEspresso\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"RemoteControl9"="c:\program files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\Cyberlink\PowerDVD9\Language\Language.exe" [2009-04-28 50472]
"UpdatePSTShortCut"="c:\program files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-11-13 210216]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Boingo Wi-Fi"="c:\program files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk" [2010-06-10 2429]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-02-04 7350912]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-01-05 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-06-08 40376]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-22 640440]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Google Desktop Search"="c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" [2010-10-31 30192]
"McAfeeUpdaterUI"="c:\program files (x86)\McAfee\Common Framework\udaterui.exe" [2009-08-25 136512]
"ShStatEXE"="c:\program files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2010-01-07 124240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-2 1080608]
FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe [2010-6-10 12862]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll c:\progra~2\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"
.
R0 is3srv;is3srv;c:\windows\SySWOW64\drivers\is3srv64.sys [x]
R0 szkg5;szkg5;c:\windows\SySWOW64\DRIVERS\szkg64.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-10 135664]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [x]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2010-10-31 30192]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-10 135664]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-08-06 118672]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 McAfeeEngineService;McAfee Engine Service;c:\program files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe [2010-01-07 20792]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-03-27 1800808]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-19 c:\windows\Tasks\ASUS SmartLogon Console Sensor.job
- c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-07-31 17:38]
.
2011-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-10 19:04]
.
2011-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-10 19:04]
.
2011-11-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4267879684-2828950402-1490376751-1001Core.job
- c:\users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-02 15:09]
.
2011-11-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4267879684-2828950402-1490376751-1001UA.job
- c:\users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-02 15:09]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-03-27 17412200]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"XeroxRegistation"="c:\users\Michael\AppData\Local\Temp\Xerox\EReg\EReg.exe" [BU]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-10 167256]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-10 391512]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-10 415064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://asus.msn.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ov3y1mmm.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-11-23 16:51:58
ComboFix-quarantined-files.txt 2011-11-23 21:51
ComboFix2.txt 2011-11-11 16:45
.
Pre-Run: 56,970,010,624 bytes free
Post-Run: 57,137,143,808 bytes free
.
- - End Of File - - 12F32ACDED5DAC3589641F371E8EEE05

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:04 PM

Posted 23 November 2011 - 10:44 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 laumh

laumh
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:04 PM

Posted 25 November 2011 - 12:11 PM

Ran TDSSKiller, no threats were found:

12:07:36.0935 2724 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
12:07:37.0271 2724 ============================================================
12:07:37.0271 2724 Current date / time: 2011/11/25 12:07:37.0271
12:07:37.0271 2724 SystemInfo:
12:07:37.0271 2724
12:07:37.0271 2724 OS Version: 6.1.7601 ServicePack: 1.0
12:07:37.0271 2724 Product type: Workstation
12:07:37.0271 2724 ComputerName: WORKHORSE
12:07:37.0271 2724 UserName: Michael
12:07:37.0271 2724 Windows directory: C:\Windows
12:07:37.0271 2724 System windows directory: C:\Windows
12:07:37.0271 2724 Running under WOW64
12:07:37.0271 2724 Processor architecture: Intel x64
12:07:37.0271 2724 Number of processors: 4
12:07:37.0271 2724 Page size: 0x1000
12:07:37.0271 2724 Boot type: Normal boot
12:07:37.0272 2724 ============================================================
12:07:41.0466 2724 Initialize success
12:07:50.0025 4132 ============================================================
12:07:50.0025 4132 Scan started
12:07:50.0025 4132 Mode: Manual;
12:07:50.0025 4132 ============================================================
12:07:53.0230 4132 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
12:07:53.0236 4132 1394ohci - ok
12:07:53.0295 4132 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
12:07:53.0301 4132 ACPI - ok
12:07:53.0321 4132 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
12:07:53.0323 4132 AcpiPmi - ok
12:07:53.0369 4132 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
12:07:53.0386 4132 adp94xx - ok
12:07:53.0412 4132 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
12:07:53.0419 4132 adpahci - ok
12:07:53.0438 4132 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
12:07:53.0443 4132 adpu320 - ok
12:07:53.0504 4132 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
12:07:53.0513 4132 AFD - ok
12:07:53.0542 4132 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
12:07:53.0545 4132 agp440 - ok
12:07:53.0571 4132 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
12:07:53.0574 4132 aliide - ok
12:07:53.0592 4132 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
12:07:53.0596 4132 amdide - ok
12:07:53.0614 4132 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
12:07:53.0617 4132 AmdK8 - ok
12:07:53.0637 4132 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
12:07:53.0640 4132 AmdPPM - ok
12:07:53.0685 4132 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
12:07:53.0688 4132 amdsata - ok
12:07:53.0733 4132 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
12:07:53.0738 4132 amdsbs - ok
12:07:53.0763 4132 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
12:07:53.0766 4132 amdxata - ok
12:07:53.0819 4132 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
12:07:53.0825 4132 AppID - ok
12:07:53.0864 4132 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
12:07:53.0868 4132 arc - ok
12:07:53.0890 4132 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
12:07:53.0894 4132 arcsas - ok
12:07:53.0961 4132 ASMMAP64 (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
12:07:53.0963 4132 ASMMAP64 - ok
12:07:53.0992 4132 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
12:07:53.0994 4132 AsyncMac - ok
12:07:54.0030 4132 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
12:07:54.0035 4132 atapi - ok
12:07:54.0174 4132 athr (a5e770426d18f8ef332a593f3289da91) C:\Windows\system32\DRIVERS\athrx.sys
12:07:54.0233 4132 athr - ok
12:07:54.0307 4132 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
12:07:54.0316 4132 b06bdrv - ok
12:07:54.0362 4132 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
12:07:54.0368 4132 b57nd60a - ok
12:07:54.0402 4132 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
12:07:54.0404 4132 Beep - ok
12:07:54.0444 4132 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
12:07:54.0446 4132 blbdrive - ok
12:07:54.0478 4132 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
12:07:54.0481 4132 bowser - ok
12:07:54.0507 4132 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:07:54.0509 4132 BrFiltLo - ok
12:07:54.0527 4132 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:07:54.0529 4132 BrFiltUp - ok
12:07:54.0561 4132 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
12:07:54.0567 4132 Brserid - ok
12:07:54.0579 4132 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
12:07:54.0581 4132 BrSerWdm - ok
12:07:54.0626 4132 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:07:54.0628 4132 BrUsbMdm - ok
12:07:54.0644 4132 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
12:07:54.0647 4132 BrUsbSer - ok
12:07:54.0691 4132 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
12:07:54.0693 4132 BthEnum - ok
12:07:54.0715 4132 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
12:07:54.0718 4132 BTHMODEM - ok
12:07:54.0738 4132 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
12:07:54.0741 4132 BthPan - ok
12:07:54.0786 4132 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
12:07:54.0807 4132 BTHPORT - ok
12:07:54.0850 4132 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
12:07:54.0853 4132 BTHUSB - ok
12:07:54.0890 4132 btusbflt (2641a3fe3d7b0646308f33b67f3b5300) C:\Windows\system32\drivers\btusbflt.sys
12:07:54.0893 4132 btusbflt - ok
12:07:54.0932 4132 btwaudio (6bcfdc2b5b7f66d484486d4bd4b39a6b) C:\Windows\system32\drivers\btwaudio.sys
12:07:54.0935 4132 btwaudio - ok
12:07:54.0956 4132 btwavdt (82dc8b7c626e526681c1bebed2bc3ff9) C:\Windows\system32\drivers\btwavdt.sys
12:07:54.0959 4132 btwavdt - ok
12:07:55.0025 4132 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
12:07:55.0027 4132 btwl2cap - ok
12:07:55.0055 4132 btwrchid (28e105ad3b79f440bf94780f507bf66a) C:\Windows\system32\DRIVERS\btwrchid.sys
12:07:55.0058 4132 btwrchid - ok
12:07:55.0095 4132 catchme - ok
12:07:55.0143 4132 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
12:07:55.0146 4132 cdfs - ok
12:07:55.0183 4132 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
12:07:55.0187 4132 cdrom - ok
12:07:55.0225 4132 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
12:07:55.0233 4132 circlass - ok
12:07:55.0273 4132 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
12:07:55.0279 4132 CLFS - ok
12:07:55.0318 4132 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
12:07:55.0325 4132 CmBatt - ok
12:07:55.0358 4132 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
12:07:55.0360 4132 cmdide - ok
12:07:55.0427 4132 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
12:07:55.0441 4132 CNG - ok
12:07:55.0482 4132 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
12:07:55.0485 4132 Compbatt - ok
12:07:55.0521 4132 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
12:07:55.0524 4132 CompositeBus - ok
12:07:55.0551 4132 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
12:07:55.0554 4132 crcdisk - ok
12:07:55.0631 4132 dc3d (76e02db615a03801d698199a2bc4a06a) C:\Windows\system32\DRIVERS\dc3d.sys
12:07:55.0640 4132 dc3d - ok
12:07:55.0690 4132 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
12:07:55.0697 4132 DfsC - ok
12:07:55.0723 4132 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
12:07:55.0724 4132 discache - ok
12:07:55.0762 4132 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
12:07:55.0765 4132 Disk - ok
12:07:55.0828 4132 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
12:07:55.0830 4132 drmkaud - ok
12:07:55.0885 4132 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
12:07:55.0912 4132 DXGKrnl - ok
12:07:55.0999 4132 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
12:07:56.0076 4132 ebdrv - ok
12:07:56.0190 4132 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
12:07:56.0207 4132 elxstor - ok
12:07:56.0243 4132 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
12:07:56.0245 4132 ErrDev - ok
12:07:56.0294 4132 ETD (0975bf32399a24117e317b5bf1d5d0aa) C:\Windows\system32\DRIVERS\ETD.sys
12:07:56.0298 4132 ETD - ok
12:07:56.0327 4132 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
12:07:56.0331 4132 exfat - ok
12:07:56.0358 4132 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
12:07:56.0363 4132 fastfat - ok
12:07:56.0384 4132 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
12:07:56.0386 4132 fdc - ok
12:07:56.0414 4132 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
12:07:56.0417 4132 FileInfo - ok
12:07:56.0433 4132 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
12:07:56.0435 4132 Filetrace - ok
12:07:56.0463 4132 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
12:07:56.0465 4132 flpydisk - ok
12:07:56.0540 4132 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
12:07:56.0557 4132 FltMgr - ok
12:07:56.0598 4132 FLxHCIc (e546fb34a4986316afc4dbacb32ae80e) C:\Windows\system32\DRIVERS\FLxHCIc.sys
12:07:56.0608 4132 FLxHCIc - ok
12:07:56.0644 4132 FLxHCIh (9f8a77e0292288f399f8127e5e84b002) C:\Windows\system32\DRIVERS\FLxHCIh.sys
12:07:56.0647 4132 FLxHCIh - ok
12:07:56.0706 4132 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
12:07:56.0708 4132 FsDepends - ok
12:07:56.0733 4132 fssfltr (5814011b2f6e088e29d689b5fcd49b8f) C:\Windows\system32\DRIVERS\fssfltr.sys
12:07:56.0737 4132 fssfltr - ok
12:07:56.0759 4132 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
12:07:56.0761 4132 Fs_Rec - ok
12:07:56.0821 4132 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
12:07:56.0825 4132 fvevol - ok
12:07:56.0859 4132 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
12:07:56.0862 4132 gagp30kx - ok
12:07:56.0946 4132 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
12:07:56.0949 4132 hcw85cir - ok
12:07:56.0992 4132 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
12:07:57.0001 4132 HdAudAddService - ok
12:07:57.0034 4132 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
12:07:57.0037 4132 HDAudBus - ok
12:07:57.0070 4132 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
12:07:57.0073 4132 HECIx64 - ok
12:07:57.0089 4132 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
12:07:57.0092 4132 HidBatt - ok
12:07:57.0110 4132 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
12:07:57.0114 4132 HidBth - ok
12:07:57.0130 4132 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
12:07:57.0133 4132 HidIr - ok
12:07:57.0171 4132 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
12:07:57.0174 4132 HidUsb - ok
12:07:57.0221 4132 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
12:07:57.0230 4132 HpSAMD - ok
12:07:57.0294 4132 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
12:07:57.0317 4132 HTTP - ok
12:07:57.0355 4132 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
12:07:57.0356 4132 hwpolicy - ok
12:07:57.0412 4132 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
12:07:57.0421 4132 i8042prt - ok
12:07:57.0512 4132 iaStor (42e00996dfc13c46366689c0ea8abc5e) C:\Windows\system32\DRIVERS\iaStor.sys
12:07:57.0517 4132 iaStor - ok
12:07:57.0599 4132 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
12:07:57.0609 4132 iaStorV - ok
12:07:58.0588 4132 igfx (174bcac474de13b2650e444cf124828e) C:\Windows\system32\DRIVERS\igdkmd64.sys
12:07:58.0937 4132 igfx - ok
12:07:59.0095 4132 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
12:07:59.0102 4132 iirsp - ok
12:07:59.0643 4132 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
12:07:59.0659 4132 Impcd - ok
12:08:00.0157 4132 IntcAzAudAddService (30ce3b186d3f661050be6fed23d842ba) C:\Windows\system32\drivers\RTKVHD64.sys
12:08:00.0240 4132 IntcAzAudAddService - ok
12:08:00.0442 4132 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\Windows\system32\DRIVERS\IntcDAud.sys
12:08:00.0451 4132 IntcDAud - ok
12:08:00.0507 4132 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
12:08:00.0509 4132 intelide - ok
12:08:00.0571 4132 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
12:08:00.0572 4132 intelppm - ok
12:08:00.0626 4132 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:08:00.0630 4132 IpFilterDriver - ok
12:08:00.0709 4132 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
12:08:00.0717 4132 IPMIDRV - ok
12:08:00.0809 4132 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
12:08:00.0813 4132 IPNAT - ok
12:08:00.0839 4132 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
12:08:00.0841 4132 IRENUM - ok
12:08:00.0878 4132 is3srv - ok
12:08:00.0910 4132 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
12:08:00.0913 4132 isapnp - ok
12:08:00.0953 4132 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
12:08:00.0960 4132 iScsiPrt - ok
12:08:00.0990 4132 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
12:08:00.0993 4132 kbdclass - ok
12:08:01.0023 4132 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
12:08:01.0025 4132 kbdhid - ok
12:08:01.0054 4132 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
12:08:01.0054 4132 kbfiltr - ok
12:08:01.0114 4132 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
12:08:01.0118 4132 KSecDD - ok
12:08:01.0160 4132 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
12:08:01.0164 4132 KSecPkg - ok
12:08:01.0200 4132 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
12:08:01.0202 4132 ksthunk - ok
12:08:01.0244 4132 L1C (48686c29856f46443952a831424f8d6f) C:\Windows\system32\DRIVERS\L1C62x64.sys
12:08:01.0247 4132 L1C - ok
12:08:01.0304 4132 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
12:08:01.0306 4132 lltdio - ok
12:08:01.0370 4132 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
12:08:01.0374 4132 LSI_FC - ok
12:08:01.0393 4132 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
12:08:01.0397 4132 LSI_SAS - ok
12:08:01.0421 4132 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:08:01.0424 4132 LSI_SAS2 - ok
12:08:01.0465 4132 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:08:01.0468 4132 LSI_SCSI - ok
12:08:01.0502 4132 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
12:08:01.0505 4132 luafv - ok
12:08:01.0587 4132 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
12:08:01.0591 4132 megasas - ok
12:08:01.0631 4132 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
12:08:01.0637 4132 MegaSR - ok
12:08:01.0695 4132 mfeapfk (12ad015f8c2c109c6a74d25da94607fe) C:\Windows\system32\drivers\mfeapfk.sys
12:08:01.0713 4132 mfeapfk - ok
12:08:01.0751 4132 mfeavfk (dd17753ad5fa52f3bcd3b512934690c4) C:\Windows\system32\drivers\mfeavfk.sys
12:08:01.0754 4132 mfeavfk - ok
12:08:01.0792 4132 mfehidk (3ba96b0584ad024f03eb9835d45619c2) C:\Windows\system32\drivers\mfehidk.sys
12:08:01.0800 4132 mfehidk - ok
12:08:01.0834 4132 mferkdet (158c24a8ed5f2cab71a86fd775bc1727) C:\Windows\system32\drivers\mferkdet.sys
12:08:01.0838 4132 mferkdet - ok
12:08:01.0866 4132 mfetdik (6cfff53e82808268dd61ab4790a36426) C:\Windows\system32\drivers\mfetdik.sys
12:08:01.0869 4132 mfetdik - ok
12:08:01.0947 4132 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
12:08:01.0949 4132 Modem - ok
12:08:01.0991 4132 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
12:08:01.0992 4132 monitor - ok
12:08:02.0041 4132 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
12:08:02.0050 4132 mouclass - ok
12:08:02.0086 4132 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
12:08:02.0088 4132 mouhid - ok
12:08:02.0126 4132 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
12:08:02.0134 4132 mountmgr - ok
12:08:02.0158 4132 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
12:08:02.0163 4132 mpio - ok
12:08:02.0188 4132 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
12:08:02.0191 4132 mpsdrv - ok
12:08:02.0251 4132 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
12:08:02.0256 4132 MRxDAV - ok
12:08:02.0292 4132 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:08:02.0297 4132 mrxsmb - ok
12:08:02.0341 4132 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:08:02.0345 4132 mrxsmb10 - ok
12:08:02.0369 4132 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:08:02.0373 4132 mrxsmb20 - ok
12:08:02.0402 4132 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
12:08:02.0413 4132 msahci - ok
12:08:02.0439 4132 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
12:08:02.0443 4132 msdsm - ok
12:08:02.0497 4132 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
12:08:02.0500 4132 Msfs - ok
12:08:02.0521 4132 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
12:08:02.0524 4132 mshidkmdf - ok
12:08:02.0537 4132 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
12:08:02.0539 4132 msisadrv - ok
12:08:02.0587 4132 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
12:08:02.0590 4132 MSKSSRV - ok
12:08:02.0649 4132 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
12:08:02.0651 4132 MSPCLOCK - ok
12:08:02.0670 4132 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
12:08:02.0672 4132 MSPQM - ok
12:08:02.0722 4132 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
12:08:02.0739 4132 MsRPC - ok
12:08:02.0779 4132 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
12:08:02.0780 4132 mssmbios - ok
12:08:02.0811 4132 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
12:08:02.0813 4132 MSTEE - ok
12:08:02.0833 4132 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
12:08:02.0835 4132 MTConfig - ok
12:08:02.0863 4132 MTsensor (032d35c996f21d19a205a7c8f0b76f3c) C:\Windows\system32\DRIVERS\ATK64AMD.sys
12:08:02.0865 4132 MTsensor - ok
12:08:02.0897 4132 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
12:08:02.0899 4132 Mup - ok
12:08:02.0954 4132 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
12:08:02.0962 4132 NativeWifiP - ok
12:08:03.0060 4132 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
12:08:03.0086 4132 NDIS - ok
12:08:03.0124 4132 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
12:08:03.0128 4132 NdisCap - ok
12:08:03.0158 4132 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
12:08:03.0160 4132 NdisTapi - ok
12:08:03.0247 4132 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
12:08:03.0255 4132 Ndisuio - ok
12:08:03.0370 4132 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
12:08:03.0375 4132 NdisWan - ok
12:08:03.0425 4132 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
12:08:03.0430 4132 NDProxy - ok
12:08:03.0509 4132 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
12:08:03.0515 4132 NetBIOS - ok
12:08:03.0615 4132 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
12:08:03.0619 4132 NetBT - ok
12:08:03.0869 4132 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
12:08:03.0875 4132 nfrd960 - ok
12:08:04.0105 4132 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
12:08:04.0109 4132 Npfs - ok
12:08:04.0279 4132 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
12:08:04.0280 4132 nsiproxy - ok
12:08:04.0537 4132 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
12:08:04.0580 4132 Ntfs - ok
12:08:04.0783 4132 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
12:08:04.0787 4132 Null - ok
12:08:06.0023 4132 nvlddmkm (ce62dfd25e51c471517642405addc8bb) C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:08:06.0260 4132 nvlddmkm - ok
12:08:06.0439 4132 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
12:08:06.0445 4132 nvraid - ok
12:08:06.0564 4132 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
12:08:06.0569 4132 nvstor - ok
12:08:06.0803 4132 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
12:08:06.0808 4132 nv_agp - ok
12:08:06.0919 4132 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
12:08:06.0923 4132 ohci1394 - ok
12:08:07.0192 4132 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
12:08:07.0199 4132 Parport - ok
12:08:07.0364 4132 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
12:08:07.0369 4132 partmgr - ok
12:08:07.0546 4132 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
12:08:07.0552 4132 pci - ok
12:08:07.0627 4132 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
12:08:07.0629 4132 pciide - ok
12:08:07.0677 4132 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
12:08:07.0683 4132 pcmcia - ok
12:08:07.0820 4132 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
12:08:07.0863 4132 pcw - ok
12:08:08.0083 4132 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
12:08:08.0109 4132 PEAUTH - ok
12:08:08.0345 4132 Point64 (33328fa8a580885ab0065be6db266e9f) C:\Windows\system32\DRIVERS\point64.sys
12:08:08.0348 4132 Point64 - ok
12:08:08.0407 4132 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
12:08:08.0429 4132 PptpMiniport - ok
12:08:08.0460 4132 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
12:08:08.0463 4132 Processor - ok
12:08:08.0516 4132 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
12:08:08.0519 4132 Psched - ok
12:08:08.0583 4132 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
12:08:08.0646 4132 ql2300 - ok
12:08:08.0669 4132 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
12:08:08.0673 4132 ql40xx - ok
12:08:08.0707 4132 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
12:08:08.0716 4132 QWAVEdrv - ok
12:08:08.0748 4132 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
12:08:08.0751 4132 RasAcd - ok
12:08:08.0795 4132 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:08:08.0797 4132 RasAgileVpn - ok
12:08:08.0838 4132 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:08:08.0842 4132 Rasl2tp - ok
12:08:08.0871 4132 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
12:08:08.0874 4132 RasPppoe - ok
12:08:08.0890 4132 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
12:08:08.0893 4132 RasSstp - ok
12:08:08.0939 4132 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
12:08:08.0945 4132 rdbss - ok
12:08:08.0967 4132 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
12:08:08.0969 4132 rdpbus - ok
12:08:08.0992 4132 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:08:08.0993 4132 RDPCDD - ok
12:08:09.0026 4132 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
12:08:09.0027 4132 RDPENCDD - ok
12:08:09.0062 4132 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
12:08:09.0063 4132 RDPREFMP - ok
12:08:09.0124 4132 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
12:08:09.0132 4132 RDPWD - ok
12:08:09.0193 4132 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
12:08:09.0210 4132 rdyboost - ok
12:08:09.0246 4132 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
12:08:09.0250 4132 RFCOMM - ok
12:08:09.0338 4132 RSPCIESTOR (0103aa79589fca09df1df9b31273b16d) C:\Windows\system32\DRIVERS\RtsPStor.sys
12:08:09.0341 4132 RSPCIESTOR - ok
12:08:09.0378 4132 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
12:08:09.0381 4132 rspndr - ok
12:08:09.0421 4132 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
12:08:09.0427 4132 sbp2port - ok
12:08:09.0464 4132 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
12:08:09.0466 4132 scfilter - ok
12:08:09.0515 4132 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
12:08:09.0519 4132 sdbus - ok
12:08:09.0564 4132 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:08:09.0566 4132 secdrv - ok
12:08:09.0619 4132 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
12:08:09.0622 4132 Serenum - ok
12:08:09.0655 4132 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
12:08:09.0658 4132 Serial - ok
12:08:09.0718 4132 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
12:08:09.0721 4132 sermouse - ok
12:08:09.0813 4132 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
12:08:09.0816 4132 sffdisk - ok
12:08:09.0858 4132 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
12:08:09.0860 4132 sffp_mmc - ok
12:08:09.0896 4132 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
12:08:09.0903 4132 sffp_sd - ok
12:08:09.0936 4132 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
12:08:09.0938 4132 sfloppy - ok
12:08:10.0044 4132 Sftfs (a40abfdcb75f835fdf3ce0cc64e4250d) C:\Windows\system32\DRIVERS\Sftfslh.sys
12:08:10.0062 4132 Sftfs - ok
12:08:10.0115 4132 Sftplay (411769ed1cb12d2b44217734347bdb7a) C:\Windows\system32\DRIVERS\Sftplaylh.sys
12:08:10.0121 4132 Sftplay - ok
12:08:10.0145 4132 Sftredir (a14d0df34bbb00ea94da16193d0c7957) C:\Windows\system32\DRIVERS\Sftredirlh.sys
12:08:10.0147 4132 Sftredir - ok
12:08:10.0172 4132 Sftvol (393b22addd89979eb1c60898f51c3648) C:\Windows\system32\DRIVERS\Sftvollh.sys
12:08:10.0175 4132 Sftvol - ok
12:08:10.0235 4132 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
12:08:10.0238 4132 SiSGbeLH - ok
12:08:10.0270 4132 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:08:10.0273 4132 SiSRaid2 - ok
12:08:10.0291 4132 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
12:08:10.0294 4132 SiSRaid4 - ok
12:08:10.0319 4132 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
12:08:10.0323 4132 Smb - ok
12:08:10.0447 4132 SNP2UVC (2114518e55b380a3acc28b2c27fd499a) C:\Windows\system32\DRIVERS\snp2uvc.sys
12:08:10.0490 4132 SNP2UVC - ok
12:08:10.0530 4132 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
12:08:10.0532 4132 spldr - ok
12:08:10.0612 4132 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
12:08:10.0628 4132 srv - ok
12:08:10.0667 4132 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
12:08:10.0674 4132 srv2 - ok
12:08:10.0696 4132 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
12:08:10.0701 4132 srvnet - ok
12:08:10.0745 4132 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
12:08:10.0748 4132 stexstor - ok
12:08:10.0777 4132 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
12:08:10.0779 4132 swenum - ok
12:08:10.0821 4132 szkg5 - ok
12:08:11.0075 4132 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
12:08:11.0134 4132 Tcpip - ok
12:08:11.0396 4132 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
12:08:11.0412 4132 TCPIP6 - ok
12:08:11.0589 4132 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
12:08:11.0595 4132 tcpipreg - ok
12:08:11.0632 4132 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
12:08:11.0636 4132 TDPIPE - ok
12:08:11.0672 4132 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
12:08:11.0677 4132 TDTCP - ok
12:08:11.0724 4132 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
12:08:11.0727 4132 tdx - ok
12:08:11.0758 4132 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
12:08:11.0761 4132 TermDD - ok
12:08:11.0878 4132 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:08:11.0883 4132 tssecsrv - ok
12:08:11.0959 4132 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
12:08:11.0962 4132 TsUsbFlt - ok
12:08:12.0043 4132 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
12:08:12.0046 4132 tunnel - ok
12:08:12.0080 4132 TurboB (c45a3e051c65106a28982caed125f855) C:\Windows\system32\DRIVERS\TurboB.sys
12:08:12.0082 4132 TurboB - ok
12:08:12.0120 4132 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
12:08:12.0137 4132 uagp35 - ok
12:08:12.0187 4132 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
12:08:12.0193 4132 udfs - ok
12:08:12.0247 4132 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
12:08:12.0249 4132 uliagpkx - ok
12:08:12.0287 4132 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
12:08:12.0292 4132 umbus - ok
12:08:12.0324 4132 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
12:08:12.0327 4132 UmPass - ok
12:08:12.0375 4132 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
12:08:12.0378 4132 usbccgp - ok
12:08:12.0412 4132 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
12:08:12.0416 4132 usbcir - ok
12:08:12.0446 4132 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
12:08:12.0449 4132 usbehci - ok
12:08:12.0486 4132 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
12:08:12.0493 4132 usbhub - ok
12:08:12.0517 4132 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
12:08:12.0520 4132 usbohci - ok
12:08:12.0545 4132 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
12:08:12.0548 4132 usbprint - ok
12:08:12.0576 4132 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:08:12.0578 4132 USBSTOR - ok
12:08:12.0614 4132 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
12:08:12.0618 4132 usbuhci - ok
12:08:12.0660 4132 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
12:08:12.0665 4132 usbvideo - ok
12:08:12.0719 4132 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
12:08:12.0722 4132 vdrvroot - ok
12:08:12.0770 4132 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
12:08:12.0773 4132 vga - ok
12:08:12.0798 4132 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
12:08:12.0800 4132 VgaSave - ok
12:08:12.0833 4132 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
12:08:12.0838 4132 vhdmp - ok
12:08:12.0876 4132 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
12:08:12.0878 4132 viaide - ok
12:08:12.0902 4132 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
12:08:12.0905 4132 volmgr - ok
12:08:12.0943 4132 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
12:08:12.0950 4132 volmgrx - ok
12:08:12.0978 4132 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
12:08:12.0985 4132 volsnap - ok
12:08:13.0026 4132 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
12:08:13.0030 4132 vsmraid - ok
12:08:13.0058 4132 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
12:08:13.0060 4132 vwifibus - ok
12:08:13.0082 4132 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
12:08:13.0084 4132 vwififlt - ok
12:08:13.0116 4132 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
12:08:13.0118 4132 vwifimp - ok
12:08:13.0150 4132 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
12:08:13.0154 4132 WacomPen - ok
12:08:13.0201 4132 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:08:13.0204 4132 WANARP - ok
12:08:13.0220 4132 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:08:13.0222 4132 Wanarpv6 - ok
12:08:13.0279 4132 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
12:08:13.0282 4132 Wd - ok
12:08:13.0319 4132 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
12:08:13.0339 4132 Wdf01000 - ok
12:08:13.0394 4132 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
12:08:13.0396 4132 WfpLwf - ok
12:08:13.0430 4132 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
12:08:13.0438 4132 WimFltr - ok
12:08:13.0462 4132 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
12:08:13.0464 4132 WIMMount - ok
12:08:13.0517 4132 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
12:08:13.0518 4132 WmiAcpi - ok
12:08:13.0569 4132 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
12:08:13.0571 4132 ws2ifsl - ok
12:08:13.0647 4132 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
12:08:13.0651 4132 WudfPf - ok
12:08:13.0688 4132 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:08:13.0692 4132 WUDFRd - ok
12:08:13.0746 4132 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
12:08:13.0767 4132 \Device\Harddisk0\DR0 - ok
12:08:13.0774 4132 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
12:08:13.0783 4132 \Device\Harddisk1\DR1 - ok
12:08:13.0788 4132 MBR (0x1B8) (180dbde3af7ea48b3db3ac27b1ddf401) \Device\Harddisk2\DR2
12:08:20.0346 4132 \Device\Harddisk2\DR2 - ok
12:08:20.0360 4132 Boot (0x1200) (ddf734624205841f59b31b85d3558c3e) \Device\Harddisk0\DR0\Partition0
12:08:20.0364 4132 \Device\Harddisk0\DR0\Partition0 - ok
12:08:20.0385 4132 Boot (0x1200) (d204fcd98d13a5a0fee89b71feec3777) \Device\Harddisk0\DR0\Partition1
12:08:20.0388 4132 \Device\Harddisk0\DR0\Partition1 - ok
12:08:20.0393 4132 Boot (0x1200) (972d920f34c0d342327c5b3838e1bfc2) \Device\Harddisk1\DR1\Partition0
12:08:20.0394 4132 \Device\Harddisk1\DR1\Partition0 - ok
12:08:20.0400 4132 Boot (0x1200) (7e900e203bdbd4c4638484eb070d10b5) \Device\Harddisk2\DR2\Partition0
12:08:20.0401 4132 \Device\Harddisk2\DR2\Partition0 - ok
12:08:20.0404 4132 ============================================================
12:08:20.0404 4132 Scan finished
12:08:20.0404 4132 ============================================================
12:08:20.0480 3496 Detected object count: 0
12:08:20.0481 3496 Actual detected object count: 0
12:08:56.0543 4304 ============================================================
12:08:56.0543 4304 Scan started
12:08:56.0543 4304 Mode: Manual; SigCheck; TDLFS;
12:08:56.0543 4304 ============================================================
12:08:58.0116 4304 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
12:08:58.0223 4304 1394ohci - ok
12:08:58.0353 4304 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
12:08:58.0397 4304 ACPI - ok
12:08:58.0446 4304 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
12:08:58.0543 4304 AcpiPmi - ok
12:08:58.0667 4304 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
12:08:58.0719 4304 adp94xx - ok
12:08:58.0834 4304 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
12:08:58.0882 4304 adpahci - ok
12:08:58.0984 4304 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
12:08:59.0010 4304 adpu320 - ok
12:08:59.0144 4304 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
12:08:59.0208 4304 AFD - ok
12:08:59.0336 4304 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
12:08:59.0356 4304 agp440 - ok
12:08:59.0481 4304 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
12:08:59.0503 4304 aliide - ok
12:08:59.0609 4304 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
12:08:59.0625 4304 amdide - ok
12:08:59.0754 4304 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
12:08:59.0801 4304 AmdK8 - ok
12:08:59.0851 4304 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
12:08:59.0904 4304 AmdPPM - ok
12:08:59.0957 4304 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
12:08:59.0977 4304 amdsata - ok
12:09:00.0096 4304 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
12:09:00.0128 4304 amdsbs - ok
12:09:00.0266 4304 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
12:09:00.0294 4304 amdxata - ok
12:09:00.0413 4304 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
12:09:00.0701 4304 AppID - ok
12:09:00.0903 4304 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
12:09:00.0922 4304 arc - ok
12:09:01.0012 4304 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
12:09:01.0035 4304 arcsas - ok
12:09:01.0166 4304 ASMMAP64 (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
12:09:01.0574 4304 ASMMAP64 - ok
12:09:01.0724 4304 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
12:09:02.0045 4304 AsyncMac - ok
12:09:02.0217 4304 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
12:09:02.0236 4304 atapi - ok
12:09:02.0544 4304 athr (a5e770426d18f8ef332a593f3289da91) C:\Windows\system32\DRIVERS\athrx.sys
12:09:02.0700 4304 athr - ok
12:09:02.0922 4304 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
12:09:02.0971 4304 b06bdrv - ok
12:09:03.0150 4304 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
12:09:03.0219 4304 b57nd60a - ok
12:09:03.0430 4304 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
12:09:03.0529 4304 Beep - ok
12:09:03.0702 4304 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
12:09:03.0733 4304 blbdrive - ok
12:09:03.0860 4304 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
12:09:03.0943 4304 bowser - ok
12:09:04.0112 4304 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:09:04.0325 4304 BrFiltLo - ok
12:09:04.0520 4304 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:09:04.0561 4304 BrFiltUp - ok
12:09:04.0831 4304 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
12:09:04.0882 4304 Brserid - ok
12:09:05.0217 4304 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
12:09:05.0280 4304 BrSerWdm - ok
12:09:05.0551 4304 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:09:05.0595 4304 BrUsbMdm - ok
12:09:05.0908 4304 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
12:09:05.0955 4304 BrUsbSer - ok
12:09:06.0169 4304 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
12:09:06.0229 4304 BthEnum - ok
12:09:06.0366 4304 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
12:09:06.0449 4304 BTHMODEM - ok
12:09:06.0537 4304 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
12:09:06.0583 4304 BthPan - ok
12:09:06.0725 4304 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
12:09:06.0789 4304 BTHPORT - ok
12:09:06.0915 4304 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
12:09:06.0948 4304 BTHUSB - ok
12:09:07.0079 4304 btusbflt (2641a3fe3d7b0646308f33b67f3b5300) C:\Windows\system32\drivers\btusbflt.sys
12:09:07.0095 4304 btusbflt - ok
12:09:07.0220 4304 btwaudio (6bcfdc2b5b7f66d484486d4bd4b39a6b) C:\Windows\system32\drivers\btwaudio.sys
12:09:07.0240 4304 btwaudio - ok
12:09:07.0307 4304 btwavdt (82dc8b7c626e526681c1bebed2bc3ff9) C:\Windows\system32\drivers\btwavdt.sys
12:09:07.0323 4304 btwavdt - ok
12:09:07.0387 4304 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
12:09:07.0399 4304 btwl2cap - ok
12:09:07.0433 4304 btwrchid (28e105ad3b79f440bf94780f507bf66a) C:\Windows\system32\DRIVERS\btwrchid.sys
12:09:07.0452 4304 btwrchid - ok
12:09:07.0482 4304 catchme - ok
12:09:07.0563 4304 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
12:09:07.0650 4304 cdfs - ok
12:09:07.0784 4304 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
12:09:07.0825 4304 cdrom - ok
12:09:07.0975 4304 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
12:09:08.0056 4304 circlass - ok
12:09:08.0206 4304 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
12:09:08.0233 4304 CLFS - ok
12:09:08.0365 4304 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
12:09:08.0414 4304 CmBatt - ok
12:09:08.0512 4304 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
12:09:08.0535 4304 cmdide - ok
12:09:08.0691 4304 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
12:09:08.0758 4304 CNG - ok
12:09:08.0925 4304 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
12:09:08.0943 4304 Compbatt - ok
12:09:09.0081 4304 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
12:09:09.0121 4304 CompositeBus - ok
12:09:09.0258 4304 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
12:09:09.0277 4304 crcdisk - ok
12:09:09.0453 4304 dc3d (76e02db615a03801d698199a2bc4a06a) C:\Windows\system32\DRIVERS\dc3d.sys
12:09:09.0469 4304 dc3d - ok
12:09:09.0645 4304 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
12:09:09.0730 4304 DfsC - ok
12:09:09.0884 4304 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
12:09:09.0982 4304 discache - ok
12:09:10.0129 4304 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
12:09:10.0152 4304 Disk - ok
12:09:10.0376 4304 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
12:09:10.0412 4304 drmkaud - ok
12:09:10.0651 4304 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
12:09:10.0733 4304 DXGKrnl - ok
12:09:11.0129 4304 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
12:09:11.0279 4304 ebdrv - ok
12:09:11.0514 4304 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
12:09:11.0565 4304 elxstor - ok
12:09:11.0748 4304 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
12:09:11.0859 4304 ErrDev - ok
12:09:12.0032 4304 ETD (0975bf32399a24117e317b5bf1d5d0aa) C:\Windows\system32\DRIVERS\ETD.sys
12:09:12.0059 4304 ETD - ok
12:09:12.0245 4304 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
12:09:12.0349 4304 exfat - ok
12:09:12.0540 4304 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
12:09:12.0637 4304 fastfat - ok
12:09:12.0846 4304 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
12:09:12.0896 4304 fdc - ok
12:09:13.0041 4304 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
12:09:13.0076 4304 FileInfo - ok
12:09:13.0267 4304 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
12:09:13.0401 4304 Filetrace - ok
12:09:13.0602 4304 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
12:09:13.0650 4304 flpydisk - ok
12:09:13.0797 4304 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
12:09:13.0824 4304 FltMgr - ok
12:09:13.0959 4304 FLxHCIc (e546fb34a4986316afc4dbacb32ae80e) C:\Windows\system32\DRIVERS\FLxHCIc.sys
12:09:14.0116 4304 FLxHCIc - ok
12:09:14.0262 4304 FLxHCIh (9f8a77e0292288f399f8127e5e84b002) C:\Windows\system32\DRIVERS\FLxHCIh.sys
12:09:14.0289 4304 FLxHCIh - ok
12:09:14.0365 4304 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
12:09:14.0384 4304 FsDepends - ok
12:09:14.0434 4304 fssfltr (5814011b2f6e088e29d689b5fcd49b8f) C:\Windows\system32\DRIVERS\fssfltr.sys
12:09:14.0452 4304 fssfltr - ok
12:09:14.0500 4304 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
12:09:14.0519 4304 Fs_Rec - ok
12:09:14.0618 4304 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
12:09:14.0655 4304 fvevol - ok
12:09:14.0971 4304 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
12:09:14.0994 4304 gagp30kx - ok
12:09:15.0124 4304 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
12:09:15.0146 4304 hcw85cir - ok
12:09:15.0293 4304 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
12:09:15.0359 4304 HdAudAddService - ok
12:09:15.0574 4304 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
12:09:15.0617 4304 HDAudBus - ok
12:09:15.0759 4304 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
12:09:15.0775 4304 HECIx64 - ok
12:09:15.0911 4304 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
12:09:15.0934 4304 HidBatt - ok
12:09:16.0080 4304 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
12:09:16.0144 4304 HidBth - ok
12:09:16.0248 4304 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
12:09:16.0295 4304 HidIr - ok
12:09:16.0372 4304 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
12:09:16.0400 4304 HidUsb - ok
12:09:16.0480 4304 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
12:09:16.0503 4304 HpSAMD - ok
12:09:16.0597 4304 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
12:09:16.0737 4304 HTTP - ok
12:09:16.0952 4304 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
12:09:16.0971 4304 hwpolicy - ok
12:09:17.0092 4304 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
12:09:17.0116 4304 i8042prt - ok
12:09:17.0260 4304 iaStor (42e00996dfc13c46366689c0ea8abc5e) C:\Windows\system32\DRIVERS\iaStor.sys
12:09:17.0301 4304 iaStor - ok
12:09:17.0456 4304 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
12:09:17.0491 4304 iaStorV - ok
12:09:18.0345 4304 igfx (174bcac474de13b2650e444cf124828e) C:\Windows\system32\DRIVERS\igdkmd64.sys
12:09:18.0801 4304 igfx - ok
12:09:18.0947 4304 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
12:09:18.0966 4304 iirsp - ok
12:09:19.0165 4304 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
12:09:19.0262 4304 Impcd - ok
12:09:19.0629 4304 IntcAzAudAddService (30ce3b186d3f661050be6fed23d842ba) C:\Windows\system32\drivers\RTKVHD64.sys
12:09:19.0759 4304 IntcAzAudAddService - ok
12:09:19.0886 4304 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\Windows\system32\DRIVERS\IntcDAud.sys
12:09:19.0933 4304 IntcDAud - ok
12:09:20.0087 4304 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
12:09:20.0108 4304 intelide - ok
12:09:20.0316 4304 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
12:09:20.0356 4304 intelppm - ok
12:09:20.0495 4304 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:09:20.0579 4304 IpFilterDriver - ok
12:09:21.0039 4304 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
12:09:21.0083 4304 IPMIDRV - ok
12:09:21.0206 4304 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
12:09:21.0319 4304 IPNAT - ok
12:09:21.0483 4304 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
12:09:21.0682 4304 IRENUM - ok
12:09:21.0686 4304 is3srv - ok
12:09:21.0819 4304 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
12:09:21.0837 4304 isapnp - ok
12:09:22.0031 4304 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
12:09:22.0054 4304 iScsiPrt - ok
12:09:22.0212 4304 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
12:09:22.0229 4304 kbdclass - ok
12:09:22.0369 4304 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
12:09:22.0398 4304 kbdhid - ok
12:09:22.0665 4304 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
12:09:22.0856 4304 kbfiltr - ok
12:09:23.0178 4304 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
12:09:23.0203 4304 KSecDD - ok
12:09:23.0364 4304 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
12:09:23.0388 4304 KSecPkg - ok
12:09:23.0544 4304 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
12:09:23.0626 4304 ksthunk - ok
12:09:23.0861 4304 L1C (48686c29856f46443952a831424f8d6f) C:\Windows\system32\DRIVERS\L1C62x64.sys
12:09:23.0875 4304 L1C - ok
12:09:24.0210 4304 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
12:09:24.0323 4304 lltdio - ok
12:09:24.0475 4304 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
12:09:24.0495 4304 LSI_FC - ok
12:09:24.0646 4304 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
12:09:24.0666 4304 LSI_SAS - ok
12:09:24.0764 4304 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:09:24.0781 4304 LSI_SAS2 - ok
12:09:24.0841 4304 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:09:24.0860 4304 LSI_SCSI - ok
12:09:24.0911 4304 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
12:09:24.0991 4304 luafv - ok
12:09:25.0112 4304 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
12:09:25.0131 4304 megasas - ok
12:09:25.0249 4304 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
12:09:25.0272 4304 MegaSR - ok
12:09:25.0385 4304 mfeapfk (12ad015f8c2c109c6a74d25da94607fe) C:\Windows\system32\drivers\mfeapfk.sys
12:09:25.0400 4304 mfeapfk - ok
12:09:25.0507 4304 mfeavfk (dd17753ad5fa52f3bcd3b512934690c4) C:\Windows\system32\drivers\mfeavfk.sys
12:09:25.0524 4304 mfeavfk - ok
12:09:25.0616 4304 mfehidk (3ba96b0584ad024f03eb9835d45619c2) C:\Windows\system32\drivers\mfehidk.sys
12:09:25.0647 4304 mfehidk - ok
12:09:25.0730 4304 mferkdet (158c24a8ed5f2cab71a86fd775bc1727) C:\Windows\system32\drivers\mferkdet.sys
12:09:25.0742 4304 mferkdet - ok
12:09:25.0820 4304 mfetdik (6cfff53e82808268dd61ab4790a36426) C:\Windows\system32\drivers\mfetdik.sys
12:09:25.0832 4304 mfetdik - ok
12:09:25.0909 4304 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
12:09:26.0009 4304 Modem - ok
12:09:26.0102 4304 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
12:09:26.0133 4304 monitor - ok
12:09:26.0201 4304 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
12:09:26.0216 4304 mouclass - ok
12:09:26.0296 4304 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
12:09:26.0314 4304 mouhid - ok
12:09:26.0443 4304 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
12:09:26.0459 4304 mountmgr - ok
12:09:26.0574 4304 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
12:09:26.0591 4304 mpio - ok
12:09:26.0661 4304 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
12:09:26.0737 4304 mpsdrv - ok
12:09:26.0862 4304 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
12:09:26.0892 4304 MRxDAV - ok
12:09:26.0980 4304 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:09:27.0032 4304 mrxsmb - ok
12:09:27.0114 4304 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:09:27.0159 4304 mrxsmb10 - ok
12:09:27.0263 4304 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:09:27.0307 4304 mrxsmb20 - ok
12:09:27.0395 4304 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
12:09:27.0410 4304 msahci - ok
12:09:27.0589 4304 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
12:09:27.0608 4304 msdsm - ok
12:09:27.0821 4304 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
12:09:27.0891 4304 Msfs - ok
12:09:27.0960 4304 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
12:09:28.0035 4304 mshidkmdf - ok
12:09:28.0091 4304 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
12:09:28.0105 4304 msisadrv - ok
12:09:28.0133 4304 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
12:09:28.0229 4304 MSKSSRV - ok
12:09:28.0261 4304 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
12:09:28.0346 4304 MSPCLOCK - ok
12:09:28.0389 4304 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
12:09:28.0484 4304 MSPQM - ok
12:09:28.0542 4304 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
12:09:28.0565 4304 MsRPC - ok
12:09:28.0622 4304 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
12:09:28.0636 4304 mssmbios - ok
12:09:28.0679 4304 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
12:09:28.0760 4304 MSTEE - ok
12:09:28.0817 4304 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
12:09:28.0866 4304 MTConfig - ok
12:09:28.0929 4304 MTsensor (032d35c996f21d19a205a7c8f0b76f3c) C:\Windows\system32\DRIVERS\ATK64AMD.sys
12:09:28.0940 4304 MTsensor - ok
12:09:28.0979 4304 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
12:09:28.0994 4304 Mup - ok
12:09:29.0078 4304 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
12:09:29.0135 4304 NativeWifiP - ok
12:09:29.0269 4304 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
12:09:29.0308 4304 NDIS - ok
12:09:29.0455 4304 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
12:09:29.0541 4304 NdisCap - ok
12:09:29.0735 4304 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
12:09:29.0834 4304 NdisTapi - ok
12:09:30.0064 4304 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
12:09:30.0128 4304 Ndisuio - ok
12:09:30.0220 4304 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
12:09:30.0317 4304 NdisWan - ok
12:09:30.0457 4304 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
12:09:30.0534 4304 NDProxy - ok
12:09:30.0764 4304 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
12:09:30.0895 4304 NetBIOS - ok
12:09:31.0075 4304 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
12:09:31.0148 4304 NetBT - ok
12:09:31.0222 4304 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
12:09:31.0236 4304 nfrd960 - ok
12:09:31.0268 4304 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
12:09:31.0360 4304 Npfs - ok
12:09:31.0426 4304 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
12:09:31.0496 4304 nsiproxy - ok
12:09:31.0668 4304 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
12:09:31.0726 4304 Ntfs - ok
12:09:31.0780 4304 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
12:09:31.0881 4304 Null - ok
12:09:32.0946 4304 nvlddmkm (ce62dfd25e51c471517642405addc8bb) C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:09:33.0323 4304 nvlddmkm - ok
12:09:33.0503 4304 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
12:09:33.0522 4304 nvraid - ok
12:09:33.0578 4304 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
12:09:33.0597 4304 nvstor - ok
12:09:33.0685 4304 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
12:09:33.0703 4304 nv_agp - ok
12:09:33.0794 4304 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
12:09:33.0825 4304 ohci1394 - ok
12:09:33.0926 4304 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
12:09:33.0970 4304 Parport - ok
12:09:34.0049 4304 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
12:09:34.0069 4304 partmgr - ok
12:09:34.0140 4304 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
12:09:34.0164 4304 pci - ok
12:09:34.0197 4304 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
12:09:34.0215 4304 pciide - ok
12:09:34.0329 4304 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
12:09:34.0353 4304 pcmcia - ok
12:09:34.0405 4304 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
12:09:34.0423 4304 pcw - ok
12:09:34.0554 4304 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
12:09:34.0671 4304 PEAUTH - ok
12:09:34.0824 4304 Point64 (33328fa8a580885ab0065be6db266e9f) C:\Windows\system32\DRIVERS\point64.sys
12:09:34.0837 4304 Point64 - ok
12:09:34.0960 4304 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
12:09:35.0043 4304 PptpMiniport - ok
12:09:35.0128 4304 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
12:09:35.0178 4304 Processor - ok
12:09:35.0333 4304 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
12:09:35.0416 4304 Psched - ok
12:09:35.0594 4304 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
12:09:35.0653 4304 ql2300 - ok
12:09:35.0734 4304 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
12:09:35.0758 4304 ql40xx - ok
12:09:35.0805 4304 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
12:09:35.0854 4304 QWAVEdrv - ok
12:09:35.0920 4304 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
12:09:36.0018 4304 RasAcd - ok
12:09:36.0066 4304 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:09:36.0150 4304 RasAgileVpn - ok
12:09:36.0208 4304 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:09:36.0305 4304 Rasl2tp - ok
12:09:36.0389 4304 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
12:09:36.0475 4304 RasPppoe - ok
12:09:36.0549 4304 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
12:09:36.0657 4304 RasSstp - ok
12:09:36.0743 4304 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
12:09:36.0849 4304 rdbss - ok
12:09:36.0881 4304 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
12:09:36.0923 4304 rdpbus - ok
12:09:36.0956 4304 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:09:37.0047 4304 RDPCDD - ok
12:09:37.0100 4304 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
12:09:37.0215 4304 RDPENCDD - ok
12:09:37.0265 4304 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
12:09:37.0369 4304 RDPREFMP - ok
12:09:37.0508 4304 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
12:09:37.0625 4304 RDPWD - ok
12:09:37.0727 4304 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
12:09:37.0751 4304 rdyboost - ok
12:09:37.0852 4304 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
12:09:37.0895 4304 RFCOMM - ok
12:09:37.0986 4304 RSPCIESTOR (0103aa79589fca09df1df9b31273b16d) C:\Windows\system32\DRIVERS\RtsPStor.sys
12:09:38.0006 4304 RSPCIESTOR - ok
12:09:38.0060 4304 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
12:09:38.0160 4304 rspndr - ok
12:09:38.0250 4304 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
12:09:38.0273 4304 sbp2port - ok
12:09:38.0517 4304 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
12:09:38.0601 4304 scfilter - ok
12:09:38.0683 4304 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
12:09:38.0725 4304 sdbus - ok
12:09:38.0765 4304 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:09:38.0861 4304 secdrv - ok
12:09:38.0911 4304 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
12:09:38.0948 4304 Serenum - ok
12:09:39.0005 4304 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
12:09:39.0040 4304 Serial - ok
12:09:39.0085 4304 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
12:09:39.0121 4304 sermouse - ok
12:09:39.0179 4304 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
12:09:39.0229 4304 sffdisk - ok
12:09:39.0249 4304 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
12:09:39.0293 4304 sffp_mmc - ok
12:09:39.0328 4304 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
12:09:39.0370 4304 sffp_sd - ok
12:09:39.0401 4304 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
12:09:39.0433 4304 sfloppy - ok
12:09:39.0526 4304 Sftfs (a40abfdcb75f835fdf3ce0cc64e4250d) C:\Windows\system32\DRIVERS\Sftfslh.sys
12:09:39.0564 4304 Sftfs - ok
12:09:39.0628 4304 Sftplay (411769ed1cb12d2b44217734347bdb7a) C:\Windows\system32\DRIVERS\Sftplaylh.sys
12:09:39.0651 4304 Sftplay - ok
12:09:39.0701 4304 Sftredir (a14d0df34bbb00ea94da16193d0c7957) C:\Windows\system32\DRIVERS\Sftredirlh.sys
12:09:39.0714 4304 Sftredir - ok
12:09:39.0762 4304 Sftvol (393b22addd89979eb1c60898f51c3648) C:\Windows\system32\DRIVERS\Sftvollh.sys
12:09:39.0774 4304 Sftvol - ok
12:09:39.0890 4304 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
12:09:39.0927 4304 SiSGbeLH - ok
12:09:40.0007 4304 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:09:40.0028 4304 SiSRaid2 - ok
12:09:40.0185 4304 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
12:09:40.0206 4304 SiSRaid4 - ok
12:09:40.0478 4304 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
12:09:40.0579 4304 Smb - ok
12:09:40.0688 4304 SNP2UVC (2114518e55b380a3acc28b2c27fd499a) C:\Windows\system32\DRIVERS\snp2uvc.sys
12:09:40.0780 4304 SNP2UVC - ok
12:09:40.0829 4304 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
12:09:40.0848 4304 spldr - ok
12:09:40.0948 4304 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
12:09:41.0005 4304 srv - ok
12:09:41.0046 4304 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
12:09:41.0093 4304 srv2 - ok
12:09:41.0118 4304 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
12:09:41.0151 4304 srvnet - ok
12:09:41.0184 4304 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
12:09:41.0199 4304 stexstor - ok
12:09:41.0249 4304 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
12:09:41.0268 4304 swenum - ok
12:09:41.0284 4304 szkg5 - ok
12:09:41.0489 4304 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
12:09:41.0559 4304 Tcpip - ok
12:09:41.0697 4304 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
12:09:41.0769 4304 TCPIP6 - ok
12:09:41.0847 4304 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
12:09:41.0933 4304 tcpipreg - ok
12:09:41.0998 4304 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
12:09:42.0098 4304 TDPIPE - ok
12:09:42.0211 4304 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
12:09:42.0296 4304 TDTCP - ok
12:09:42.0370 4304 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
12:09:42.0439 4304 tdx - ok
12:09:42.0487 4304 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
12:09:42.0502 4304 TermDD - ok
12:09:42.0582 4304 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:09:42.0670 4304 tssecsrv - ok
12:09:42.0737 4304 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
12:09:42.0768 4304 TsUsbFlt - ok
12:09:42.0813 4304 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
12:09:42.0882 4304 tunnel - ok
12:09:42.0916 4304 TurboB (c45a3e051c65106a28982caed125f855) C:\Windows\system32\DRIVERS\TurboB.sys
12:09:42.0933 4304 TurboB - ok
12:09:42.0989 4304 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
12:09:43.0005 4304 uagp35 - ok
12:09:43.0081 4304 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
12:09:43.0155 4304 udfs - ok
12:09:43.0231 4304 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
12:09:43.0251 4304 uliagpkx - ok
12:09:43.0305 4304 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
12:09:43.0339 4304 umbus - ok
12:09:43.0374 4304 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
12:09:43.0415 4304 UmPass - ok
12:09:43.0466 4304 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
12:09:43.0486 4304 usbccgp - ok
12:09:43.0520 4304 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
12:09:43.0566 4304 usbcir - ok
12:09:43.0596 4304 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
12:09:43.0628 4304 usbehci - ok
12:09:43.0693 4304 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
12:09:43.0727 4304 usbhub - ok
12:09:43.0757 4304 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
12:09:43.0774 4304 usbohci - ok
12:09:43.0802 4304 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
12:09:43.0832 4304 usbprint - ok
12:09:43.0866 4304 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:09:43.0899 4304 USBSTOR - ok
12:09:43.0921 4304 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
12:09:43.0946 4304 usbuhci - ok
12:09:43.0990 4304 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
12:09:44.0032 4304 usbvideo - ok
12:09:44.0075 4304 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
12:09:44.0092 4304 vdrvroot - ok
12:09:44.0142 4304 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
12:09:44.0186 4304 vga - ok
12:09:44.0212 4304 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
12:09:44.0294 4304 VgaSave - ok
12:09:44.0332 4304 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
12:09:44.0356 4304 vhdmp - ok
12:09:44.0397 4304 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
12:09:44.0414 4304 viaide - ok
12:09:44.0447 4304 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
12:09:44.0466 4304 volmgr - ok
12:09:44.0540 4304 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
12:09:44.0568 4304 volmgrx - ok
12:09:44.0613 4304 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
12:09:44.0645 4304 volsnap - ok
12:09:44.0738 4304 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
12:09:44.0764 4304 vsmraid - ok
12:09:44.0843 4304 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
12:09:44.0887 4304 vwifibus - ok
12:09:44.0949 4304 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
12:09:44.0998 4304 vwififlt - ok
12:09:45.0033 4304 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
12:09:45.0068 4304 vwifimp - ok
12:09:45.0183 4304 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
12:09:45.0214 4304 WacomPen - ok
12:09:45.0291 4304 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:09:45.0375 4304 WANARP - ok
12:09:45.0383 4304 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:09:45.0470 4304 Wanarpv6 - ok
12:09:45.0559 4304 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
12:09:45.0578 4304 Wd - ok
12:09:45.0632 4304 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
12:09:45.0677 4304 Wdf01000 - ok
12:09:45.0748 4304 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
12:09:45.0839 4304 WfpLwf - ok
12:09:45.0898 4304 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
12:09:45.0921 4304 WimFltr - ok
12:09:45.0972 4304 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
12:09:45.0990 4304 WIMMount - ok
12:09:46.0090 4304 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
12:09:46.0131 4304 WmiAcpi - ok
12:09:46.0195 4304 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
12:09:46.0283 4304 ws2ifsl - ok
12:09:46.0364 4304 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
12:09:46.0483 4304 WudfPf - ok
12:09:46.0537 4304 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:09:46.0629 4304 WUDFRd - ok
12:09:46.0670 4304 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
12:09:46.0900 4304 \Device\Harddisk0\DR0 - ok
12:09:46.0906 4304 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
12:09:47.0014 4304 \Device\Harddisk1\DR1 - ok
12:09:47.0020 4304 MBR (0x1B8) (180dbde3af7ea48b3db3ac27b1ddf401) \Device\Harddisk2\DR2
12:09:54.0161 4304 \Device\Harddisk2\DR2 - ok
12:09:54.0181 4304 Boot (0x1200) (ddf734624205841f59b31b85d3558c3e) \Device\Harddisk0\DR0\Partition0
12:09:54.0184 4304 \Device\Harddisk0\DR0\Partition0 - ok
12:09:54.0206 4304 Boot (0x1200) (d204fcd98d13a5a0fee89b71feec3777) \Device\Harddisk0\DR0\Partition1
12:09:54.0209 4304 \Device\Harddisk0\DR0\Partition1 - ok
12:09:54.0220 4304 Boot (0x1200) (972d920f34c0d342327c5b3838e1bfc2) \Device\Harddisk1\DR1\Partition0
12:09:54.0221 4304 \Device\Harddisk1\DR1\Partition0 - ok
12:09:54.0226 4304 Boot (0x1200) (7e900e203bdbd4c4638484eb070d10b5) \Device\Harddisk2\DR2\Partition0
12:09:54.0227 4304 \Device\Harddisk2\DR2\Partition0 - ok
12:09:54.0229 4304 ============================================================
12:09:54.0229 4304 Scan finished
12:09:54.0229 4304 ============================================================
12:09:54.0240 5764 Detected object count: 0
12:09:54.0240 5764 Actual detected object count: 0

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:04 PM

Posted 25 November 2011 - 07:11 PM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 laumh

laumh
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:04 PM

Posted 26 November 2011 - 01:01 AM

Here is the log from the aswMBR program:

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-26 00:58:27
-----------------------------
00:58:27.680 OS Version: Windows x64 6.1.7601 Service Pack 1
00:58:27.681 Number of processors: 4 586 0x2505
00:58:27.683 ComputerName: WORKHORSE UserName: Michael
00:58:29.883 Initialize success
00:58:55.593 AVAST engine download error: 0
00:59:03.866 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
00:59:03.871 Disk 0 Vendor: ST950042 0003 Size: 476940MB BusType: 3
00:59:03.886 Disk 0 MBR read successfully
00:59:03.890 Disk 0 MBR scan
00:59:03.894 Disk 0 Windows 7 default MBR code found via API
00:59:03.898 Disk 0 unknown MBR code
00:59:03.903 Disk 0 MBR hidden
00:59:03.907 Disk 0 MBR [possible unknown bootkit@MBR] **ROOTKIT**
00:59:03.914 Disk 0 trace - called modules:
00:59:03.921 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8006d49334]<<
00:59:03.928 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006d2f060]
00:59:03.934 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> [0xfffffa8004cc4960]
00:59:03.940 5 ACPI.sys[fffff88000f9d7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004cc7050]
00:59:03.949 \Driver\iaStor[0xfffffa8004ca0920] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8006d49334
00:59:03.957 Scan finished successfully
00:59:43.708 Disk 0 MBR has been saved successfully to "C:\Users\Michael\Desktop\MBR.dat"
00:59:43.718 The log file has been saved successfully to "C:\Users\Michael\Desktop\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:04 PM

Posted 26 November 2011 - 07:30 AM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun ASWMbr for me and send me the report

  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 laumh

laumh
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:04 PM

Posted 27 November 2011 - 12:51 PM

fixTDSS found something and repaired it.

Something stalled when I was running the aswMBR program and so I clicked Exit, then my machine blue screened on me.
Windows is unable to restart. I don't have any system restore points, but I did back up my files on an external hard drive.
Problem is, I can't access the hard drive in repair mode. What to do....?

Startup Repair log:

Problem Signature:
Problem Event Name: StartupRepairOffline
Problem Signature 01: 6.1.7600.16385
Problem Signature 02: 6.1.7699.16385
Problem Signature 03: unknown
Problem Signature 04: 21200791
Problem Signature 05: Autofailover
Problem Signature 06: 2
Problem Signature 07: BadDriver
OS Version: 6.1.7600.2.0.0.256.1
Locale ID: 1033

Edited by laumh, 27 November 2011 - 01:01 PM.


#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:04 PM

Posted 27 November 2011 - 03:48 PM

System Recovery Environment

To access the System Recovery Environment in Windows 7, simply boot your PC,

  • just before the system loads the Windows operating system, hit the [F8] Function 8 key on your keyboard which will launch the Advanced Boot Options menu.
  • There you will see a new option 'Repair Your Computer', select this option and hit 'Enter' on your keyboard.
  • Now, from the System Recovery Options dialog, select the "Operating System" you want to repair, then click Next:
  • From the "Choose a Recovery Tool" dialog menu, select "Command Prompt":
  • Type the following into the "Command Prompt Window": and press enter

    bootrec.exe /fixmbr

If you have problems booting the computer after you have run that command boot back into the System Recovery Environment and Type the following into the "Command Prompt Window": and press enter

bootrec.exe /fixboot
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 laumh

laumh
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:04 PM

Posted 29 November 2011 - 10:23 AM

Thanks for all your help, this issue has been resolved.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:04 PM

Posted 29 November 2011 - 10:50 AM

Greetings

fixmbr fixed the problem?

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 laumh

laumh
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:04 PM

Posted 29 November 2011 - 11:10 AM

Not sure, I gave in and took it to someone to repair it because I needed to use my computer quickly. I believe he did not use fixmbr, but I think he used Combofix in the end. He said that I had pretty much got rid of the rootkit by that point. Machine is up and running and virus free :)

Thanks for all your help. This site is a great help to all us non-techies!

#14 laumh

laumh
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:04 PM

Posted 29 November 2011 - 11:11 AM

If there's something you think I should run to make sure that everything was caught or for information for you regarding the virus, please let me know and I can do that to share with you.

Thanks!

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:04 PM

Posted 29 November 2011 - 11:34 AM

give me a scan with aswMBR


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users