Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with System Fix/TDSS Bundle


  • This topic is locked This topic is locked
21 replies to this topic

#1 BillyMadison

BillyMadison

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 26 November 2011 - 06:43 PM

Infected with System Fix/TDSS bundle. RKill isn't picking anything up. I've run it tons of times. TDSS rootkit removal won't run, no matter what the filename is.

EDIT - after steadily working through a few things, the computer seems to be doing much better. DDS wouldn't work so here is my HiJackThis log:

Logfile of random's system information tool 1.09 (written by random/random)
Run by james at 2011-11-27 10:49:43
Microsoft Windows 7 Professional
System drive C: has 402 GB (86%) free of 466 GB
Total RAM: 3071 MB (42% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:49:47 AM, on 11/27/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16869)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Users\james.TONTIPROPERTIES\Desktop\System Fix Tools\dds.com
C:\Windows\SysWOW64\cmd.exe
C:\Users\james.TONTIPROPERTIES\Desktop\System Fix Tools\RSIT.exe
C:\Program Files (x86)\trend micro\james.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\oem\Roxio Burn\RoxioBurnLauncher.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Users\james.TONTIPROPERTIES\Desktop\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (User 'Default user')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O16 - DPF: {00130000-B1BA-11CE-ABC6-F5B2E79D9E3F} (LEAD Main Control (13.0)) - http://161.119.38.203/Recorder/controls/ltocx13n.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = tontiproperties.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = tontiproperties.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = tontiproperties.local
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: SAS Core Service (!SASCORE) - Unknown owner - C:\Users\james.TONTIPROPERTIES\Desktop\SASCORE64.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Trend Micro Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FileOpenManagerSvc - FileOpen Systems Inc. - C:\ProgramData\FileOpen\Services\FileOpenManagerSvc64.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Unknown owner - C:\Users\james.TONTIPROPERTIES\Desktop\Malwarebytes' Anti-Malware\mbamservice.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Trend Micro Security Agent RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\ntrtscan.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RoxMediaDB12OEM - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files (x86)\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmlisten.exe
O23 - Service: Trend Micro Client/Server Security Agent Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPfw.exe
O23 - Service: Trend Micro Client/Server Security Agent Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11590 bytes

======Scheduled tasks folder======

C:\Windows\tasks\FreeFileViewerUpdateChecker.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\james.TONTIPROPERTIES\AppData\Roaming\Mozilla\Firefox\Profiles\yjr5h8ip.default

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0]
"Description"=
"Path"=C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
amazondotcom.xml
bing.xml
eBay.xml
google.xml
twitter.xml
wikipedia.xml
yahoo.xml

C:\Users\james.TONTIPROPERTIES\AppData\Roaming\Mozilla\Firefox\Profiles\yjr5h8ip.default\extensions\
toolbar@ask.com

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 92504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2011-08-23 1515688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-02-12 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2011-08-23 1515688]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"=C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [2010-03-03 284696]
"Dell Registration"=C:\Program Files (x86)\System Registration\prodreg.exe [2010-11-10 4144448]
""= []
"RoxWatchTray"=C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [2010-09-04 240112]
"OfficeScanNT Monitor"=C:\Program Files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe [2010-09-15 1369992]
"Desktop Disc Tool"=C:\Program Files (x86)\Roxio\oem\Roxio Burn\RoxioBurnLauncher.exe [2010-11-01 522736]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-01-31 35760]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"ApnUpdater"=C:\Program Files (x86)\Ask.com\Updater\Updater.exe [2011-08-23 887976]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"=C:\Users\james.TONTIPROPERTIES\Desktop\SUPERAntiSpyware.exe []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\GoToAssist]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"ForceActiveDesktopOn"=0
"NoWelcomeScreen"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\SysWOW64\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.siren"=sirenacm.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2011-11-27 09:57:35 ----D---- C:\Program Files (x86)\Exterminate It!
2011-11-27 09:23:07 ----D---- C:\Users\james.TONTIPROPERTIES\AppData\Roaming\PE Explorer
2011-11-27 09:23:03 ----D---- C:\Program Files (x86)\PE Explorer
2011-11-27 09:06:29 ----D---- C:\Users\james.TONTIPROPERTIES\AppData\Roaming\Resource Tuner
2011-11-27 09:06:25 ----D---- C:\Program Files (x86)\Resource Tuner
2011-11-27 07:46:48 ----D---- C:\Program Files (x86)\STOPzilla!
2011-11-27 07:46:47 ----D---- C:\ProgramData\STOPzilla!
2011-11-27 07:46:47 ----D---- C:\Program Files (x86)\Common Files\iS3
2011-11-26 18:48:37 ----D---- C:\Users\james.TONTIPROPERTIES\AppData\Roaming\SUPERAntiSpyware.com
2011-11-26 18:48:16 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2011-11-26 16:45:13 ----D---- C:\rsit
2011-11-26 14:14:53 ----D---- C:\Users\james.TONTIPROPERTIES\AppData\Roaming\Malwarebytes
2011-11-26 14:14:45 ----HD---- C:\ProgramData\Malwarebytes
2011-11-26 14:14:41 ----HD---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-11-26 13:58:15 ----A---- C:\Windows\ntbtlog.txt
2011-11-25 18:16:58 ----RA---- C:\Windows\SysWOW64\SZIO5.dll
2011-11-25 18:16:58 ----RA---- C:\Windows\SysWOW64\SZComp5.dll
2011-11-25 18:16:58 ----RA---- C:\Windows\SysWOW64\SZBase5.dll
2011-11-25 18:16:58 ----RA---- C:\Windows\SysWOW64\IS3HTUI5.dll
2011-11-25 18:16:56 ----RA---- C:\Windows\SysWOW64\IS3XDat5.dll
2011-11-25 18:16:56 ----RA---- C:\Windows\SysWOW64\IS3Win325.dll
2011-11-25 18:16:56 ----RA---- C:\Windows\SysWOW64\IS3UI5.dll
2011-11-25 18:16:56 ----RA---- C:\Windows\SysWOW64\IS3Svc5.dll
2011-11-25 18:16:56 ----RA---- C:\Windows\SysWOW64\IS3Inet5.dll
2011-11-25 18:16:56 ----RA---- C:\Windows\SysWOW64\IS3Hks5.dll
2011-11-25 18:16:56 ----RA---- C:\Windows\SysWOW64\IS3DBA5.dll
2011-11-25 18:16:56 ----RA---- C:\Windows\SysWOW64\IS3Base5.dll

======List of files/folders modified in the last 1 month======

2011-11-27 10:49:48 ----D---- C:\Windows\Temp
2011-11-27 10:49:46 ----HD---- C:\Program Files (x86)\Trend Micro
2011-11-27 10:34:23 ----HD---- C:\Program Files (x86)\R-Drive Image
2011-11-27 10:31:31 ----HD---- C:\Windows\SysWOW64\drivers
2011-11-27 09:57:35 ----RD---- C:\Program Files (x86)
2011-11-27 09:40:38 ----SHD---- C:\System Volume Information
2011-11-27 09:40:37 ----SHD---- C:\Windows\Installer
2011-11-27 09:26:07 ----D---- C:\Windows\System32
2011-11-27 09:26:07 ----D---- C:\Windows\inf
2011-11-27 09:19:46 ----A---- C:\tmuninst.ini
2011-11-27 09:19:23 ----HD---- C:\ProgramData\NVIDIA
2011-11-27 09:06:29 ----SD---- C:\Users\james.TONTIPROPERTIES\AppData\Roaming\Microsoft
2011-11-27 09:06:29 ----SD---- C:\ProgramData\Microsoft
2011-11-27 07:46:52 ----SHD---- C:\Config.Msi
2011-11-27 07:46:47 ----HD---- C:\ProgramData
2011-11-27 07:46:47 ----HD---- C:\Program Files (x86)\Common Files
2011-11-27 07:46:47 ----D---- C:\Windows\SysWOW64
2011-11-27 07:40:50 ----D---- C:\Windows\Prefetch
2011-11-26 13:58:15 ----D---- C:\Windows
2011-11-14 07:22:51 ----HD---- C:\ProgramData\Microsoft Help
2011-11-10 06:18:53 ----HD---- C:\Program Files (x86)\Mozilla Firefox
2011-11-10 06:00:57 ----A---- C:\Windows\cfgall.ini
2011-11-10 03:20:54 ----D---- C:\Windows\winsxs
2011-11-10 03:19:35 ----HD---- C:\Program Files (x86)\Common Files\System

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys []
R0 PxHlpa64;PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys []
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []
R0 szkg5;szkg5; C:\Windows\SySWOW64\DRIVERS\szkg64.sys [2011-09-26 74768]
R1 SASDIFSV;SASDIFSV; \??\C:\Users\james.TONTIPROPERTIES\Desktop\SASDIFSV64.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Users\james.TONTIPROPERTIES\Desktop\SASKUTIL64.SYS []
R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver; C:\Windows\system32\DRIVERS\tmlwf.sys []
R1 tmtdi;Trend Micro TDI Driver; C:\Windows\system32\DRIVERS\tmtdi.sys []
R2 TmFilter;Trend Micro Filter; \??\C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys [2010-09-15 265744]
R2 TmPreFilter;Trend Micro PreFilter; \??\C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys [2010-09-15 42000]
R2 tmwfp;Trend Micro WFP Callout Driver; C:\Windows\system32\DRIVERS\tmwfp.sys []
R2 VSApiNt;Trend Micro VSAPI NT; \??\C:\Program Files (x86)\Trend Micro\Client Server Security Agent\VSApiNt.sys [2010-09-15 2007056]
R3 DrvSnSht;DrvSnSht; \??\C:\Program Files (x86)\R-Drive Image\DrvSnSht64.sys [2010-05-31 132432]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 NuidFltr;NUID filter driver; C:\Windows\system32\DRIVERS\NuidFltr.sys []
R3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys []
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys []
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys []
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI; C:\Windows\system32\drivers\IntcHdmi.sys []
S3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys []
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys []
S3 R-ImageDisk;R-ImageDisk; \??\C:\Program Files (x86)\R-Drive Image\R-ImageDisk64.sys [2010-10-16 187600]
S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys []
S4 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys []
S4 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 !SASCORE;SAS Core Service; C:\Users\james.TONTIPROPERTIES\Desktop\SASCORE64.EXE []
R2 Amsp;Trend Micro Solution Platform; C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2010-10-21 268504]
R2 DockLoginService;Dock Login Service; C:\Program Files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
R2 FileOpenManagerSvc;FileOpenManagerSvc; C:\ProgramData\FileOpen\Services\FileOpenManagerSvc64.exe [2011-03-09 331648]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-13 20992]
R2 ntrtscan;Trend Micro Security Agent RealTime Scan; C:\Program Files (x86)\Trend Micro\Client Server Security Agent\ntrtscan.exe [2010-09-15 1261872]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe []
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-13 20992]
R2 SeaPort;SeaPort; C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R2 SftService;SoftThinks Agent Service; C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-04-03 240232]
R2 szserver;STOPzilla Service; C:\Program Files (x86)\Common Files\iS3\Anti-Spyware\SZServer.exe [2011-11-25 68648]
R2 TMBMServer;Trend Micro Unauthorized Change Prevention Service; C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe [2010-09-15 564488]
R2 tmlisten;Trend Micro Security Agent Listener; C:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmlisten.exe [2010-09-15 1478152]
R3 TmPfw;Trend Micro Client/Server Security Agent Personal Firewall; C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPfw.exe [2010-09-15 590792]
R3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service; C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe [2010-09-15 899848]
R3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-13 20992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-12 136176]
S2 MBAMService;MBAMService; C:\Users\james.TONTIPROPERTIES\Desktop\Malwarebytes' Anti-Malware\mbamservice.exe []
S2 RoxWatch12;Roxio Hard Drive Watcher 12; C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-09-04 219632]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-13 20992]
S3 GoToAssist;GoToAssist; C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe [2011-02-12 16680]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-12 136176]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-13 20992]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM; C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-09-04 1116656]
S3 stllssvr;stllssvr; C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe [2010-08-26 74392]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-13 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe []
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-13 20992]

-----------------EOF-----------------

Edited by BillyMadison, 27 November 2011 - 11:53 AM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:53 AM

Posted 27 November 2011 - 11:51 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 BillyMadison

BillyMadison
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 28 November 2011 - 07:58 AM

Gringo

Thanks for the help. The computer is running well - Firefox has only crashed once since and that was mid-day yesterday.

Can I run combofix later today? I need my work computer today and can't really take a ton of time to run combofix.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:53 AM

Posted 28 November 2011 - 11:17 AM

Take all the time you need


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:53 AM

Posted 02 December 2011 - 08:49 PM

how are things going?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:53 AM

Posted 05 December 2011 - 12:23 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:53 AM

Posted 08 December 2011 - 11:44 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:53 AM

Posted 27 December 2011 - 01:30 PM

This topic has been re-opened at the request of the person who originally posted.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 BillyMadison

BillyMadison
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 28 December 2011 - 10:06 AM

Here is the log from combofix. I thought the re-direct virus was gone, but it's still there

ComboFix 11-12-27.01 - james 12/27/2011 9:05.1.2 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3071.1609 [GMT -6:00]
Running from: c:\users\james.TONTIPROPERTIES\Desktop\ComboFix.exe
AV: Trend Micro Client/Server Security Agent Antivirus *Enabled/Outdated* {48929DFC-7A52-A34F-8351-C4DBEDBD9C50}
FW: Trend Micro Personal Firewall *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
SP: STOPzilla Anti-Spyware *Disabled/Updated* {B2E69928-50DC-94CA-6A80-AAB054008761}
SP: Trend Micro Client/Server Security Agent Anti-spyware *Enabled/Outdated* {F3F37C18-5C68-ACC1-B9E1-FFA9963AD6ED}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\james.TONTIPROPERTIES\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix
c:\users\james.TONTIPROPERTIES\g2ax_customer_downloadhelper_win32_x86.exe
c:\users\james.TONTIPROPERTIES\g2mdlhlpx.exe
c:\windows\system32\java.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-11-27 to 2011-12-27 )))))))))))))))))))))))))))))))
.
.
2011-12-27 15:39 . 2011-12-27 15:39 -------- d-----w- c:\users\michaelb\AppData\Local\temp
2011-12-27 15:39 . 2011-12-27 15:39 -------- d-----w- c:\users\JAMES~1~TON\AppData\Local\temp
2011-12-27 15:39 . 2011-12-27 15:39 -------- d-----w- c:\users\James\AppData\Local\temp
2011-12-27 15:39 . 2011-12-27 15:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-27 08:27 . 2011-12-27 15:43 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{11FF1CCA-3762-47D9-AC85-F6600530E866}\offreg.dll
2011-12-27 08:27 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{11FF1CCA-3762-47D9-AC85-F6600530E866}\mpengine.dll
2011-12-13 21:41 . 2011-10-15 06:25 723456 ----a-w- c:\windows\system32\EncDec.dll
2011-12-13 21:41 . 2011-10-15 05:48 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-13 21:41 . 2011-11-05 05:17 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-13 21:41 . 2011-11-05 04:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-12-01 16:11 . 2011-12-01 16:11 -------- d-----w- c:\windows\system32\Macromed
2011-12-01 16:11 . 2011-12-01 16:11 -------- d-----w- c:\programdata\McAfee Security Scan
2011-12-01 16:11 . 2011-12-05 14:02 -------- d-----w- c:\program files (x86)\McAfee Security Scan
2011-11-30 09:05 . 2011-11-30 09:05 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2011-11-27 18:07 . 2011-11-27 18:07 70760 ----a-w- c:\windows\SysWow64\drivers\extit.sys
2011-11-27 17:51 . 2011-11-27 17:51 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-11-27 17:50 . 2011-11-27 17:50 -------- d-----w- c:\program files (x86)\Java
2011-11-27 17:47 . 2011-11-27 17:47 -------- d-----w- c:\program files\Java
2011-11-27 17:32 . 2011-11-27 17:32 -------- d-----w- c:\users\james.TONTIPROPERTIES\AppData\Local\Secunia PSI
2011-11-27 17:32 . 2011-11-27 17:32 -------- d-----w- c:\program files (x86)\Secunia
2011-11-27 15:57 . 2011-11-27 18:06 -------- d-----w- c:\program files (x86)\Exterminate It!
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-07 16:49 . 2011-09-01 12:29 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-27 17:50 . 2011-02-12 09:27 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-11-27 17:47 . 2011-02-12 09:27 525544 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-26 00:16 . 2011-11-26 00:16 547880 ----a-r- c:\windows\SysWow64\SZComp5.dll
2011-11-26 00:16 . 2011-11-26 00:16 482344 ----a-r- c:\windows\SysWow64\SZBase5.dll
2011-11-26 00:16 . 2011-11-26 00:16 24616 ----a-r- c:\windows\SysWow64\SZIO5.dll
2011-11-26 00:16 . 2011-11-26 00:16 134184 ----a-r- c:\windows\SysWow64\IS3HTUI5.dll
2011-11-26 00:16 . 2011-11-26 00:16 740392 ----a-r- c:\windows\SysWow64\IS3Base5.dll
2011-11-26 00:16 . 2011-11-26 00:16 68648 ----a-r- c:\windows\SysWow64\IS3Hks5.dll
2011-11-26 00:16 . 2011-11-26 00:16 457768 ----a-r- c:\windows\SysWow64\IS3DBA5.dll
2011-11-26 00:16 . 2011-11-26 00:16 392232 ----a-r- c:\windows\SysWow64\IS3UI5.dll
2011-11-26 00:16 . 2011-11-26 00:16 30248 ----a-r- c:\windows\SysWow64\IS3XDat5.dll
2011-11-26 00:16 . 2011-11-26 00:16 232488 ----a-r- c:\windows\SysWow64\IS3Win325.dll
2011-11-26 00:16 . 2011-11-26 00:16 105512 ----a-r- c:\windows\SysWow64\IS3Inet5.dll
2011-11-26 00:16 . 2011-11-26 00:16 101416 ----a-r- c:\windows\SysWow64\IS3Svc5.dll
2011-09-29 16:24 . 2011-11-09 11:22 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-08-24 02:20 1515688 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-08-24 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"Dell Registration"="c:\program files (x86)\System Registration\prodreg.exe" [2010-11-10 4144448]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-09-04 240112]
"OfficeScanNT Monitor"="c:\program files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe" [2010-09-15 1369992]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\oem\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-02 522736]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2011-08-24 887976]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1516791187-229488438-1842657414-1666\Scripts\Logon\0\0]
"Script"=\\tontiproperties.local\SYSVOL\tontiproperties.local\scripts\loginnop.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1516791187-229488438-1842657414-1666\Scripts\Logon\1\0]
"Script"=\\dellserver\NETLOGON\LOGIN.BAT
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1516791187-229488438-1842657414-1670\Scripts\Logon\0\0]
"Script"=\\dellserver\NETLOGON\LOGIN.BAT
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R0 is3srv;is3srv;c:\windows\SySWOW64\drivers\is3srv64.sys [2011-09-26 74768]
R1 SASDIFSV;SASDIFSV;c:\users\james.TONTIPROPERTIES\Desktop\SASDIFSV64.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\users\james.TONTIPROPERTIES\Desktop\SASKUTIL64.SYS [x]
R2 !SASCORE;SAS Core Service;c:\users\james.TONTIPROPERTIES\Desktop\SASCORE64.EXE [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-12 136176]
R2 MBAMService;MBAMService;c:\users\james.TONTIPROPERTIES\Desktop\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-09-04 219632]
R3 DrvSnSht;DrvSnSht;c:\program files (x86)\R-Drive Image\DrvSnSht64.sys [2010-06-01 132432]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-12 136176]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 R-ImageDisk;R-ImageDisk;c:\program files (x86)\R-Drive Image\R-ImageDisk64.sys [2010-10-16 187600]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-09-04 1116656]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 szkg5;szkg5;c:\windows\SySWOW64\DRIVERS\szkg64.sys [2011-09-26 74768]
S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys [x]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 FileOpenManagerSvc;FileOpenManagerSvc;c:\programdata\FileOpen\Services\FileOpenManagerSvc64.exe [2011-03-09 331648]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-10-14 994360]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-04-03 240232]
S2 TmFilter;Trend Micro Filter;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys [2010-09-15 265744]
S2 TmPreFilter;Trend Micro PreFilter;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys [2010-09-15 42000]
S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 TmPfw;Trend Micro Client/Server Security Agent Personal Firewall;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmPfw.exe [2010-09-15 590792]
S3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe [2010-09-15 899848]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - FileOpenWebPublisherScreenHookDriver
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-27 c:\windows\Tasks\FreeFileViewerUpdateChecker.job
- c:\program files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2011-08-03 20:24]
.
2011-12-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-12 19:22]
.
2011-12-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-12 19:22]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeScanNT Monitor"="-HideWindow" [X]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-21 8306208]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-07-12 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-07-12 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-07-12 365592]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2010-10-27 194080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.12
FF - ProfilePath - c:\users\james.TONTIPROPERTIES\AppData\Roaming\Mozilla\Firefox\Profiles\yjr5h8ip.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Malwarebytes' Anti-Malware_is1 - c:\users\james.TONTIPROPERTIES\Desktop\Malwarebytes' Anti-Malware\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
"Key"="ActionsPane3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0]
"Key"="http://schemas.microsoft.com/office/smartdocuments/2003"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0\{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}\Alias]
"0"="Microsoft Actions Pane 3"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe
c:\program files (x86)\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Completion time: 2011-12-27 10:06:22 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-27 16:06
.
Pre-Run: 422,016,090,112 bytes free
Post-Run: 423,602,741,248 bytes free
.
- - End Of File - - B8C655B5588D3A8A238571409BBEB34F

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:53 AM

Posted 28 December 2011 - 01:47 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 BillyMadison

BillyMadison
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 28 December 2011 - 03:46 PM

Downloaded it to my desktop and renamed it several times - can't get it to run.

Also tried to right click and "Run as Administrator"

Edited by BillyMadison, 28 December 2011 - 03:47 PM.


#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:53 AM

Posted 28 December 2011 - 10:35 PM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun TDSSKiller for me and send me the report

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 BillyMadison

BillyMadison
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 29 December 2011 - 08:45 AM

Ran both tools successfully (I think). TDSS Killer says that it didn't find any threats. Here's the log:

07:40:11.0883 1320 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
07:40:12.0267 1320 ============================================================
07:40:12.0267 1320 Current date / time: 2011/12/29 07:40:12.0267
07:40:12.0267 1320 SystemInfo:
07:40:12.0267 1320
07:40:12.0267 1320 OS Version: 6.1.7600 ServicePack: 0.0
07:40:12.0267 1320 Product type: Workstation
07:40:12.0267 1320 ComputerName: JAMES1-PC
07:40:12.0268 1320 UserName: james
07:40:12.0268 1320 Windows directory: C:\Windows
07:40:12.0268 1320 System windows directory: C:\Windows
07:40:12.0268 1320 Running under WOW64
07:40:12.0268 1320 Processor architecture: Intel x64
07:40:12.0268 1320 Number of processors: 2
07:40:12.0268 1320 Page size: 0x1000
07:40:12.0268 1320 Boot type: Normal boot
07:40:12.0268 1320 ============================================================
07:40:12.0447 1320 Initialize success
07:40:14.0541 5064 ============================================================
07:40:14.0541 5064 Scan started
07:40:14.0541 5064 Mode: Manual;
07:40:14.0541 5064 ============================================================
07:40:15.0273 5064 1394ohci (969c91060cbb5d17cb8440b5f78b4c51) C:\Windows\system32\DRIVERS\1394ohci.sys
07:40:15.0292 5064 1394ohci - ok
07:40:15.0335 5064 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
07:40:15.0337 5064 ACPI - ok
07:40:15.0381 5064 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
07:40:15.0393 5064 AcpiPmi - ok
07:40:15.0426 5064 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
07:40:15.0453 5064 adp94xx - ok
07:40:15.0479 5064 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
07:40:15.0490 5064 adpahci - ok
07:40:15.0512 5064 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
07:40:15.0522 5064 adpu320 - ok
07:40:15.0576 5064 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
07:40:15.0580 5064 AFD - ok
07:40:15.0600 5064 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
07:40:15.0607 5064 agp440 - ok
07:40:15.0642 5064 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
07:40:15.0656 5064 aliide - ok
07:40:15.0665 5064 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
07:40:15.0674 5064 amdide - ok
07:40:15.0697 5064 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
07:40:15.0703 5064 AmdK8 - ok
07:40:15.0710 5064 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
07:40:15.0717 5064 AmdPPM - ok
07:40:15.0758 5064 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
07:40:15.0775 5064 amdsata - ok
07:40:15.0789 5064 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
07:40:15.0800 5064 amdsbs - ok
07:40:15.0812 5064 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
07:40:15.0813 5064 amdxata - ok
07:40:15.0837 5064 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
07:40:15.0838 5064 AppID - ok
07:40:15.0864 5064 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
07:40:15.0865 5064 arc - ok
07:40:15.0878 5064 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
07:40:15.0879 5064 arcsas - ok
07:40:15.0904 5064 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
07:40:15.0905 5064 AsyncMac - ok
07:40:16.0006 5064 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
07:40:16.0007 5064 atapi - ok
07:40:16.0058 5064 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
07:40:16.0061 5064 b06bdrv - ok
07:40:16.0081 5064 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
07:40:16.0082 5064 b57nd60a - ok
07:40:16.0109 5064 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
07:40:16.0110 5064 Beep - ok
07:40:16.0138 5064 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
07:40:16.0138 5064 blbdrive - ok
07:40:16.0163 5064 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
07:40:16.0164 5064 bowser - ok
07:40:16.0171 5064 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
07:40:16.0172 5064 BrFiltLo - ok
07:40:16.0181 5064 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
07:40:16.0181 5064 BrFiltUp - ok
07:40:16.0197 5064 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
07:40:16.0199 5064 Brserid - ok
07:40:16.0209 5064 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
07:40:16.0210 5064 BrSerWdm - ok
07:40:16.0220 5064 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
07:40:16.0221 5064 BrUsbMdm - ok
07:40:16.0229 5064 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
07:40:16.0230 5064 BrUsbSer - ok
07:40:16.0241 5064 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
07:40:16.0242 5064 BTHMODEM - ok
07:40:16.0295 5064 catchme - ok
07:40:16.0310 5064 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
07:40:16.0311 5064 cdfs - ok
07:40:16.0344 5064 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
07:40:16.0346 5064 cdrom - ok
07:40:16.0379 5064 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
07:40:16.0380 5064 circlass - ok
07:40:16.0418 5064 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
07:40:16.0422 5064 CLFS - ok
07:40:16.0451 5064 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
07:40:16.0452 5064 CmBatt - ok
07:40:16.0471 5064 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
07:40:16.0471 5064 cmdide - ok
07:40:16.0492 5064 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
07:40:16.0495 5064 CNG - ok
07:40:16.0514 5064 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
07:40:16.0514 5064 Compbatt - ok
07:40:16.0546 5064 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
07:40:16.0547 5064 CompositeBus - ok
07:40:16.0572 5064 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
07:40:16.0573 5064 crcdisk - ok
07:40:16.0619 5064 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
07:40:16.0623 5064 CSC - ok
07:40:16.0667 5064 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
07:40:16.0668 5064 DfsC - ok
07:40:16.0680 5064 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
07:40:16.0681 5064 discache - ok
07:40:16.0696 5064 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
07:40:16.0696 5064 Disk - ok
07:40:16.0743 5064 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
07:40:16.0744 5064 drmkaud - ok
07:40:16.0821 5064 DrvSnSht (4e375548e71ce02f65d50dff35d6b5b8) C:\Program Files (x86)\R-Drive Image\DrvSnSht64.sys
07:40:16.0823 5064 DrvSnSht - ok
07:40:16.0875 5064 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
07:40:16.0885 5064 DXGKrnl - ok
07:40:16.0957 5064 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
07:40:17.0012 5064 ebdrv - ok
07:40:17.0052 5064 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
07:40:17.0055 5064 elxstor - ok
07:40:17.0062 5064 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
07:40:17.0063 5064 ErrDev - ok
07:40:17.0091 5064 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
07:40:17.0108 5064 exfat - ok
07:40:17.0129 5064 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
07:40:17.0130 5064 fastfat - ok
07:40:17.0139 5064 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
07:40:17.0140 5064 fdc - ok
07:40:17.0165 5064 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
07:40:17.0166 5064 FileInfo - ok
07:40:17.0208 5064 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
07:40:17.0209 5064 Filetrace - ok
07:40:17.0219 5064 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
07:40:17.0220 5064 flpydisk - ok
07:40:17.0240 5064 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
07:40:17.0242 5064 FltMgr - ok
07:40:17.0262 5064 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
07:40:17.0262 5064 FsDepends - ok
07:40:17.0279 5064 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
07:40:17.0279 5064 Fs_Rec - ok
07:40:17.0300 5064 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
07:40:17.0302 5064 fvevol - ok
07:40:17.0349 5064 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
07:40:17.0350 5064 gagp30kx - ok
07:40:17.0406 5064 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
07:40:17.0407 5064 hcw85cir - ok
07:40:17.0442 5064 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
07:40:17.0447 5064 HdAudAddService - ok
07:40:17.0467 5064 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
07:40:17.0468 5064 HDAudBus - ok
07:40:17.0477 5064 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
07:40:17.0478 5064 HidBatt - ok
07:40:17.0487 5064 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
07:40:17.0487 5064 HidBth - ok
07:40:17.0497 5064 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
07:40:17.0497 5064 HidIr - ok
07:40:17.0539 5064 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
07:40:17.0540 5064 HidUsb - ok
07:40:17.0565 5064 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
07:40:17.0566 5064 HpSAMD - ok
07:40:17.0596 5064 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
07:40:17.0601 5064 HTTP - ok
07:40:17.0619 5064 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
07:40:17.0619 5064 hwpolicy - ok
07:40:17.0633 5064 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
07:40:17.0634 5064 i8042prt - ok
07:40:17.0673 5064 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
07:40:17.0674 5064 iaStor - ok
07:40:17.0715 5064 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
07:40:17.0719 5064 iaStorV - ok
07:40:17.0846 5064 igfx (ac4b14e985b2bb19386cc8203fe49bcd) C:\Windows\system32\DRIVERS\igdkmd64.sys
07:40:17.0965 5064 igfx - ok
07:40:17.0990 5064 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
07:40:17.0991 5064 iirsp - ok
07:40:18.0072 5064 IntcAzAudAddService (492cd3a94913d753b4591cd9e29ec843) C:\Windows\system32\drivers\RTKVHD64.sys
07:40:18.0081 5064 IntcAzAudAddService - ok
07:40:18.0112 5064 IntcHdmiAddService (d485d3bd3e2179aa86853a182f70699f) C:\Windows\system32\drivers\IntcHdmi.sys
07:40:18.0113 5064 IntcHdmiAddService - ok
07:40:18.0138 5064 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
07:40:18.0138 5064 intelide - ok
07:40:18.0170 5064 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
07:40:18.0170 5064 intelppm - ok
07:40:18.0180 5064 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:40:18.0181 5064 IpFilterDriver - ok
07:40:18.0192 5064 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
07:40:18.0192 5064 IPMIDRV - ok
07:40:18.0204 5064 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
07:40:18.0205 5064 IPNAT - ok
07:40:18.0234 5064 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
07:40:18.0235 5064 IRENUM - ok
07:40:18.0250 5064 is3srv - ok
07:40:18.0263 5064 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
07:40:18.0264 5064 isapnp - ok
07:40:18.0287 5064 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
07:40:18.0288 5064 iScsiPrt - ok
07:40:18.0308 5064 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
07:40:18.0308 5064 kbdclass - ok
07:40:18.0325 5064 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
07:40:18.0326 5064 kbdhid - ok
07:40:18.0341 5064 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
07:40:18.0342 5064 KSecDD - ok
07:40:18.0371 5064 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
07:40:18.0373 5064 KSecPkg - ok
07:40:18.0390 5064 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
07:40:18.0391 5064 ksthunk - ok
07:40:18.0451 5064 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
07:40:18.0452 5064 lltdio - ok
07:40:18.0476 5064 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
07:40:18.0477 5064 LSI_FC - ok
07:40:18.0495 5064 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
07:40:18.0496 5064 LSI_SAS - ok
07:40:18.0504 5064 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
07:40:18.0504 5064 LSI_SAS2 - ok
07:40:18.0514 5064 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
07:40:18.0515 5064 LSI_SCSI - ok
07:40:18.0536 5064 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
07:40:18.0537 5064 luafv - ok
07:40:18.0548 5064 MBAMProtector - ok
07:40:18.0583 5064 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
07:40:18.0584 5064 megasas - ok
07:40:18.0594 5064 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
07:40:18.0596 5064 MegaSR - ok
07:40:18.0605 5064 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
07:40:18.0606 5064 Modem - ok
07:40:18.0632 5064 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
07:40:18.0632 5064 monitor - ok
07:40:18.0641 5064 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
07:40:18.0642 5064 mouclass - ok
07:40:18.0666 5064 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
07:40:18.0667 5064 mouhid - ok
07:40:18.0682 5064 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
07:40:18.0683 5064 mountmgr - ok
07:40:18.0692 5064 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
07:40:18.0693 5064 mpio - ok
07:40:18.0706 5064 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
07:40:18.0707 5064 mpsdrv - ok
07:40:18.0731 5064 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
07:40:18.0731 5064 MRxDAV - ok
07:40:18.0762 5064 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
07:40:18.0763 5064 mrxsmb - ok
07:40:18.0796 5064 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:40:18.0799 5064 mrxsmb10 - ok
07:40:18.0819 5064 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:40:18.0820 5064 mrxsmb20 - ok
07:40:18.0848 5064 msahci (bccf16d5fb1109162380e3e28dc9e4e5) C:\Windows\system32\DRIVERS\msahci.sys
07:40:18.0848 5064 msahci - ok
07:40:18.0857 5064 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
07:40:18.0858 5064 msdsm - ok
07:40:18.0891 5064 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
07:40:18.0892 5064 Msfs - ok
07:40:18.0903 5064 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
07:40:18.0903 5064 mshidkmdf - ok
07:40:18.0919 5064 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
07:40:18.0920 5064 msisadrv - ok
07:40:18.0944 5064 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
07:40:18.0945 5064 MSKSSRV - ok
07:40:18.0952 5064 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
07:40:18.0953 5064 MSPCLOCK - ok
07:40:18.0962 5064 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
07:40:18.0963 5064 MSPQM - ok
07:40:18.0989 5064 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
07:40:18.0991 5064 MsRPC - ok
07:40:19.0004 5064 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
07:40:19.0005 5064 mssmbios - ok
07:40:19.0012 5064 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
07:40:19.0013 5064 MSTEE - ok
07:40:19.0021 5064 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
07:40:19.0022 5064 MTConfig - ok
07:40:19.0034 5064 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
07:40:19.0035 5064 Mup - ok
07:40:19.0066 5064 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
07:40:19.0068 5064 NativeWifiP - ok
07:40:19.0099 5064 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
07:40:19.0103 5064 NDIS - ok
07:40:19.0118 5064 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
07:40:19.0118 5064 NdisCap - ok
07:40:19.0145 5064 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
07:40:19.0146 5064 NdisTapi - ok
07:40:19.0153 5064 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
07:40:19.0154 5064 Ndisuio - ok
07:40:19.0170 5064 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
07:40:19.0171 5064 NdisWan - ok
07:40:19.0192 5064 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
07:40:19.0193 5064 NDProxy - ok
07:40:19.0228 5064 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
07:40:19.0229 5064 NetBIOS - ok
07:40:19.0246 5064 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
07:40:19.0247 5064 NetBT - ok
07:40:19.0277 5064 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
07:40:19.0277 5064 nfrd960 - ok
07:40:19.0293 5064 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
07:40:19.0294 5064 Npfs - ok
07:40:19.0305 5064 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
07:40:19.0305 5064 nsiproxy - ok
07:40:19.0359 5064 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
07:40:19.0367 5064 Ntfs - ok
07:40:19.0404 5064 NuidFltr (d4012918d3a3847b44b888d56bc095d6) C:\Windows\system32\DRIVERS\NuidFltr.sys
07:40:19.0405 5064 NuidFltr - ok
07:40:19.0415 5064 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
07:40:19.0416 5064 Null - ok
07:40:19.0423 5064 NVHDA - ok
07:40:19.0662 5064 nvlddmkm (aaf5559039e99d0cc22e25255f3dc06e) C:\Windows\system32\DRIVERS\nvlddmkm.sys
07:40:19.0726 5064 nvlddmkm - ok
07:40:19.0768 5064 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
07:40:19.0769 5064 nvraid - ok
07:40:19.0796 5064 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
07:40:19.0799 5064 nvstor - ok
07:40:19.0839 5064 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
07:40:19.0840 5064 nv_agp - ok
07:40:19.0871 5064 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
07:40:19.0872 5064 ohci1394 - ok
07:40:19.0907 5064 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
07:40:19.0908 5064 Parport - ok
07:40:19.0932 5064 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
07:40:19.0933 5064 partmgr - ok
07:40:19.0953 5064 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
07:40:19.0955 5064 pci - ok
07:40:19.0975 5064 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
07:40:19.0975 5064 pciide - ok
07:40:19.0985 5064 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
07:40:19.0987 5064 pcmcia - ok
07:40:20.0004 5064 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
07:40:20.0005 5064 pcw - ok
07:40:20.0032 5064 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
07:40:20.0037 5064 PEAUTH - ok
07:40:20.0114 5064 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
07:40:20.0115 5064 PptpMiniport - ok
07:40:20.0129 5064 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
07:40:20.0129 5064 Processor - ok
07:40:20.0155 5064 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
07:40:20.0155 5064 Psched - ok
07:40:20.0196 5064 PSI (fb46e9a827a8799ebd7bfa9128c91f37) C:\Windows\system32\DRIVERS\psi_mf.sys
07:40:20.0196 5064 PSI - ok
07:40:20.0234 5064 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
07:40:20.0235 5064 PxHlpa64 - ok
07:40:20.0282 5064 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
07:40:20.0295 5064 ql2300 - ok
07:40:20.0303 5064 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
07:40:20.0304 5064 ql40xx - ok
07:40:20.0326 5064 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
07:40:20.0327 5064 QWAVEdrv - ok
07:40:20.0426 5064 R-ImageDisk (05b931c48d60b7b96c38047f251cfa65) C:\Program Files (x86)\R-Drive Image\R-ImageDisk64.sys
07:40:20.0429 5064 R-ImageDisk - ok
07:40:20.0438 5064 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
07:40:20.0439 5064 RasAcd - ok
07:40:20.0490 5064 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
07:40:20.0491 5064 RasAgileVpn - ok
07:40:20.0517 5064 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
07:40:20.0519 5064 Rasl2tp - ok
07:40:20.0547 5064 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
07:40:20.0547 5064 RasPppoe - ok
07:40:20.0577 5064 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
07:40:20.0577 5064 RasSstp - ok
07:40:20.0595 5064 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
07:40:20.0597 5064 rdbss - ok
07:40:20.0614 5064 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
07:40:20.0614 5064 rdpbus - ok
07:40:20.0625 5064 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
07:40:20.0625 5064 RDPCDD - ok
07:40:20.0656 5064 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
07:40:20.0657 5064 RDPDR - ok
07:40:20.0669 5064 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
07:40:20.0670 5064 RDPENCDD - ok
07:40:20.0681 5064 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
07:40:20.0682 5064 RDPREFMP - ok
07:40:20.0700 5064 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
07:40:20.0702 5064 RDPWD - ok
07:40:20.0721 5064 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
07:40:20.0722 5064 rdyboost - ok
07:40:20.0770 5064 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
07:40:20.0771 5064 rspndr - ok
07:40:20.0801 5064 RTL8167 (f65f171165fbb613f7aa3cc78e8cab42) C:\Windows\system32\DRIVERS\Rt64win7.sys
07:40:20.0802 5064 RTL8167 - ok
07:40:20.0850 5064 SASDIFSV - ok
07:40:20.0862 5064 SASKUTIL - ok
07:40:20.0886 5064 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
07:40:20.0887 5064 sbp2port - ok
07:40:20.0903 5064 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
07:40:20.0903 5064 scfilter - ok
07:40:20.0935 5064 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
07:40:20.0936 5064 secdrv - ok
07:40:20.0990 5064 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
07:40:20.0991 5064 Serenum - ok
07:40:21.0001 5064 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
07:40:21.0002 5064 Serial - ok
07:40:21.0013 5064 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
07:40:21.0013 5064 sermouse - ok
07:40:21.0042 5064 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
07:40:21.0043 5064 sffdisk - ok
07:40:21.0056 5064 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
07:40:21.0056 5064 sffp_mmc - ok
07:40:21.0068 5064 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
07:40:21.0068 5064 sffp_sd - ok
07:40:21.0076 5064 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
07:40:21.0076 5064 sfloppy - ok
07:40:21.0095 5064 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
07:40:21.0096 5064 SiSRaid2 - ok
07:40:21.0107 5064 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
07:40:21.0108 5064 SiSRaid4 - ok
07:40:21.0116 5064 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
07:40:21.0117 5064 Smb - ok
07:40:21.0143 5064 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
07:40:21.0144 5064 spldr - ok
07:40:21.0184 5064 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
07:40:21.0187 5064 srv - ok
07:40:21.0207 5064 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
07:40:21.0210 5064 srv2 - ok
07:40:21.0233 5064 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
07:40:21.0234 5064 srvnet - ok
07:40:21.0263 5064 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
07:40:21.0264 5064 stexstor - ok
07:40:21.0288 5064 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
07:40:21.0288 5064 swenum - ok
07:40:21.0298 5064 szkg5 - ok
07:40:21.0358 5064 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
07:40:21.0366 5064 Tcpip - ok
07:40:21.0424 5064 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
07:40:21.0436 5064 TCPIP6 - ok
07:40:21.0477 5064 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
07:40:21.0478 5064 tcpipreg - ok
07:40:21.0498 5064 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
07:40:21.0499 5064 TDPIPE - ok
07:40:21.0516 5064 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
07:40:21.0516 5064 TDTCP - ok
07:40:21.0533 5064 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
07:40:21.0534 5064 tdx - ok
07:40:21.0542 5064 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
07:40:21.0543 5064 TermDD - ok
07:40:21.0647 5064 TmFilter (850db5e4b0c840c1ede013ac9838f1eb) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys
07:40:21.0650 5064 TmFilter - ok
07:40:21.0672 5064 tmlwf (2d80a3f3e92caae696c561db6e8f30b7) C:\Windows\system32\DRIVERS\tmlwf.sys
07:40:21.0673 5064 tmlwf - ok
07:40:21.0707 5064 TmPreFilter (ee0d3cb7368bf08ff5610dd62990e62e) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys
07:40:21.0708 5064 TmPreFilter - ok
07:40:21.0743 5064 tmtdi (59e0649a8fbfb978a753dc03136b4f00) C:\Windows\system32\DRIVERS\tmtdi.sys
07:40:21.0745 5064 tmtdi - ok
07:40:21.0763 5064 tmwfp (8dec71d2568140c37b47e5a622155a38) C:\Windows\system32\DRIVERS\tmwfp.sys
07:40:21.0765 5064 tmwfp - ok
07:40:21.0791 5064 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
07:40:21.0791 5064 tssecsrv - ok
07:40:21.0814 5064 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
07:40:21.0815 5064 tunnel - ok
07:40:21.0831 5064 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
07:40:21.0832 5064 uagp35 - ok
07:40:21.0860 5064 udfs (31ba4a33afab6a69ea092b18017f737f) C:\Windows\system32\DRIVERS\udfs.sys
07:40:21.0863 5064 udfs - ok
07:40:21.0879 5064 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
07:40:21.0880 5064 uliagpkx - ok
07:40:21.0903 5064 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
07:40:21.0903 5064 umbus - ok
07:40:21.0911 5064 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
07:40:21.0912 5064 UmPass - ok
07:40:21.0963 5064 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
07:40:21.0965 5064 usbccgp - ok
07:40:21.0985 5064 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
07:40:21.0986 5064 usbcir - ok
07:40:22.0014 5064 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\DRIVERS\usbehci.sys
07:40:22.0015 5064 usbehci - ok
07:40:22.0037 5064 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
07:40:22.0039 5064 usbhub - ok
07:40:22.0051 5064 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys
07:40:22.0051 5064 usbohci - ok
07:40:22.0063 5064 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
07:40:22.0064 5064 usbprint - ok
07:40:22.0090 5064 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
07:40:22.0091 5064 USBSTOR - ok
07:40:22.0104 5064 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\DRIVERS\usbuhci.sys
07:40:22.0105 5064 usbuhci - ok
07:40:22.0123 5064 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
07:40:22.0123 5064 vdrvroot - ok
07:40:22.0139 5064 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
07:40:22.0140 5064 vga - ok
07:40:22.0154 5064 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
07:40:22.0155 5064 VgaSave - ok
07:40:22.0165 5064 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
07:40:22.0166 5064 vhdmp - ok
07:40:22.0184 5064 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
07:40:22.0185 5064 viaide - ok
07:40:22.0206 5064 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
07:40:22.0206 5064 volmgr - ok
07:40:22.0224 5064 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
07:40:22.0226 5064 volmgrx - ok
07:40:22.0244 5064 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
07:40:22.0245 5064 volsnap - ok
07:40:22.0346 5064 VSApiNt (6a42451b220ac2eaeb3524200c3b8acc) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\VSApiNt.sys
07:40:22.0364 5064 VSApiNt - ok
07:40:22.0381 5064 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
07:40:22.0382 5064 vsmraid - ok
07:40:22.0401 5064 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
07:40:22.0402 5064 vwifibus - ok
07:40:22.0417 5064 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
07:40:22.0418 5064 WacomPen - ok
07:40:22.0440 5064 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
07:40:22.0441 5064 WANARP - ok
07:40:22.0446 5064 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
07:40:22.0447 5064 Wanarpv6 - ok
07:40:22.0469 5064 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
07:40:22.0470 5064 Wd - ok
07:40:22.0491 5064 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
07:40:22.0494 5064 Wdf01000 - ok
07:40:22.0526 5064 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
07:40:22.0527 5064 WfpLwf - ok
07:40:22.0564 5064 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
07:40:22.0565 5064 WimFltr - ok
07:40:22.0573 5064 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
07:40:22.0574 5064 WIMMount - ok
07:40:22.0603 5064 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
07:40:22.0604 5064 WmiAcpi - ok
07:40:22.0644 5064 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
07:40:22.0645 5064 ws2ifsl - ok
07:40:22.0685 5064 WudfPf (c63907207b837a5c05cf6d1606aa0008) C:\Windows\system32\drivers\WudfPf.sys
07:40:22.0686 5064 WudfPf - ok
07:40:22.0715 5064 WUDFRd (d885a873d733020f8b9b9ff4b1666158) C:\Windows\system32\DRIVERS\WUDFRd.sys
07:40:22.0717 5064 WUDFRd - ok
07:40:22.0745 5064 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
07:40:22.0798 5064 \Device\Harddisk0\DR0 - ok
07:40:22.0803 5064 Boot (0x1200) (4473d2eeb7b419e99aad0ff2a719014e) \Device\Harddisk0\DR0\Partition0
07:40:22.0805 5064 \Device\Harddisk0\DR0\Partition0 - ok
07:40:22.0824 5064 Boot (0x1200) (937b3ee39cbabec1ccb4e52996283f03) \Device\Harddisk0\DR0\Partition1
07:40:22.0825 5064 \Device\Harddisk0\DR0\Partition1 - ok
07:40:22.0825 5064 ============================================================
07:40:22.0826 5064 Scan finished
07:40:22.0826 5064 ============================================================
07:40:22.0838 3676 Detected object count: 0
07:40:22.0838 3676 Actual detected object count: 0
07:40:45.0846 3820 ============================================================
07:40:45.0846 3820 Scan started
07:40:45.0846 3820 Mode: Manual;
07:40:45.0846 3820 ============================================================
07:40:46.0119 3820 1394ohci (969c91060cbb5d17cb8440b5f78b4c51) C:\Windows\system32\DRIVERS\1394ohci.sys
07:40:46.0120 3820 1394ohci - ok
07:40:46.0149 3820 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
07:40:46.0151 3820 ACPI - ok
07:40:46.0161 3820 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
07:40:46.0162 3820 AcpiPmi - ok
07:40:46.0175 3820 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
07:40:46.0177 3820 adp94xx - ok
07:40:46.0189 3820 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
07:40:46.0191 3820 adpahci - ok
07:40:46.0200 3820 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
07:40:46.0201 3820 adpu320 - ok
07:40:46.0248 3820 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
07:40:46.0250 3820 AFD - ok
07:40:46.0258 3820 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
07:40:46.0258 3820 agp440 - ok
07:40:46.0280 3820 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
07:40:46.0281 3820 aliide - ok
07:40:46.0289 3820 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
07:40:46.0290 3820 amdide - ok
07:40:46.0297 3820 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
07:40:46.0298 3820 AmdK8 - ok
07:40:46.0307 3820 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
07:40:46.0307 3820 AmdPPM - ok
07:40:46.0339 3820 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
07:40:46.0339 3820 amdsata - ok
07:40:46.0355 3820 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
07:40:46.0356 3820 amdsbs - ok
07:40:46.0375 3820 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
07:40:46.0375 3820 amdxata - ok
07:40:46.0386 3820 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
07:40:46.0387 3820 AppID - ok
07:40:46.0405 3820 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
07:40:46.0406 3820 arc - ok
07:40:46.0416 3820 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
07:40:46.0417 3820 arcsas - ok
07:40:46.0434 3820 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
07:40:46.0434 3820 AsyncMac - ok
07:40:46.0460 3820 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
07:40:46.0461 3820 atapi - ok
07:40:46.0488 3820 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
07:40:46.0490 3820 b06bdrv - ok
07:40:46.0500 3820 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
07:40:46.0501 3820 b57nd60a - ok
07:40:46.0522 3820 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
07:40:46.0522 3820 Beep - ok
07:40:46.0542 3820 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
07:40:46.0543 3820 blbdrive - ok
07:40:46.0568 3820 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
07:40:46.0568 3820 bowser - ok
07:40:46.0575 3820 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
07:40:46.0576 3820 BrFiltLo - ok
07:40:46.0595 3820 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
07:40:46.0596 3820 BrFiltUp - ok
07:40:46.0608 3820 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
07:40:46.0610 3820 Brserid - ok
07:40:46.0617 3820 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
07:40:46.0618 3820 BrSerWdm - ok
07:40:46.0627 3820 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
07:40:46.0628 3820 BrUsbMdm - ok
07:40:46.0638 3820 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
07:40:46.0638 3820 BrUsbSer - ok
07:40:46.0649 3820 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
07:40:46.0649 3820 BTHMODEM - ok
07:40:46.0674 3820 catchme - ok
07:40:46.0689 3820 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
07:40:46.0690 3820 cdfs - ok
07:40:46.0706 3820 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
07:40:46.0707 3820 cdrom - ok
07:40:46.0716 3820 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
07:40:46.0716 3820 circlass - ok
07:40:46.0747 3820 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
07:40:46.0749 3820 CLFS - ok
07:40:46.0770 3820 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
07:40:46.0771 3820 CmBatt - ok
07:40:46.0783 3820 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
07:40:46.0784 3820 cmdide - ok
07:40:46.0805 3820 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
07:40:46.0807 3820 CNG - ok
07:40:46.0814 3820 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
07:40:46.0815 3820 Compbatt - ok
07:40:46.0834 3820 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
07:40:46.0835 3820 CompositeBus - ok
07:40:46.0847 3820 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
07:40:46.0847 3820 crcdisk - ok
07:40:46.0892 3820 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
07:40:46.0898 3820 CSC - ok
07:40:46.0947 3820 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
07:40:46.0949 3820 DfsC - ok
07:40:46.0968 3820 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
07:40:46.0969 3820 discache - ok
07:40:46.0983 3820 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
07:40:46.0984 3820 Disk - ok
07:40:47.0023 3820 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
07:40:47.0023 3820 drmkaud - ok
07:40:47.0093 3820 DrvSnSht (4e375548e71ce02f65d50dff35d6b5b8) C:\Program Files (x86)\R-Drive Image\DrvSnSht64.sys
07:40:47.0094 3820 DrvSnSht - ok
07:40:47.0133 3820 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
07:40:47.0137 3820 DXGKrnl - ok
07:40:47.0207 3820 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
07:40:47.0224 3820 ebdrv - ok
07:40:47.0273 3820 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
07:40:47.0278 3820 elxstor - ok
07:40:47.0286 3820 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
07:40:47.0287 3820 ErrDev - ok
07:40:47.0314 3820 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
07:40:47.0316 3820 exfat - ok
07:40:47.0341 3820 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
07:40:47.0343 3820 fastfat - ok
07:40:47.0353 3820 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
07:40:47.0354 3820 fdc - ok
07:40:47.0370 3820 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
07:40:47.0370 3820 FileInfo - ok
07:40:47.0388 3820 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
07:40:47.0388 3820 Filetrace - ok
07:40:47.0397 3820 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
07:40:47.0397 3820 flpydisk - ok
07:40:47.0411 3820 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
07:40:47.0413 3820 FltMgr - ok
07:40:47.0433 3820 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
07:40:47.0433 3820 FsDepends - ok
07:40:47.0450 3820 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
07:40:47.0451 3820 Fs_Rec - ok
07:40:47.0464 3820 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
07:40:47.0466 3820 fvevol - ok
07:40:47.0479 3820 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
07:40:47.0480 3820 gagp30kx - ok
07:40:47.0502 3820 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
07:40:47.0503 3820 hcw85cir - ok
07:40:47.0537 3820 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
07:40:47.0539 3820 HdAudAddService - ok
07:40:47.0555 3820 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
07:40:47.0556 3820 HDAudBus - ok
07:40:47.0565 3820 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
07:40:47.0566 3820 HidBatt - ok
07:40:47.0579 3820 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
07:40:47.0580 3820 HidBth - ok
07:40:47.0587 3820 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
07:40:47.0588 3820 HidIr - ok
07:40:47.0619 3820 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
07:40:47.0619 3820 HidUsb - ok
07:40:47.0644 3820 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
07:40:47.0645 3820 HpSAMD - ok
07:40:47.0675 3820 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
07:40:47.0679 3820 HTTP - ok
07:40:47.0698 3820 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
07:40:47.0699 3820 hwpolicy - ok
07:40:47.0707 3820 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
07:40:47.0708 3820 i8042prt - ok
07:40:47.0735 3820 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
07:40:47.0737 3820 iaStor - ok
07:40:47.0776 3820 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
07:40:47.0778 3820 iaStorV - ok
07:40:47.0912 3820 igfx (ac4b14e985b2bb19386cc8203fe49bcd) C:\Windows\system32\DRIVERS\igdkmd64.sys
07:40:47.0944 3820 igfx - ok
07:40:47.0970 3820 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
07:40:47.0970 3820 iirsp - ok
07:40:48.0019 3820 IntcAzAudAddService (492cd3a94913d753b4591cd9e29ec843) C:\Windows\system32\drivers\RTKVHD64.sys
07:40:48.0028 3820 IntcAzAudAddService - ok
07:40:48.0050 3820 IntcHdmiAddService (d485d3bd3e2179aa86853a182f70699f) C:\Windows\system32\drivers\IntcHdmi.sys
07:40:48.0051 3820 IntcHdmiAddService - ok
07:40:48.0067 3820 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
07:40:48.0068 3820 intelide - ok
07:40:48.0083 3820 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
07:40:48.0083 3820 intelppm - ok
07:40:48.0093 3820 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:40:48.0094 3820 IpFilterDriver - ok
07:40:48.0105 3820 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
07:40:48.0105 3820 IPMIDRV - ok
07:40:48.0115 3820 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
07:40:48.0116 3820 IPNAT - ok
07:40:48.0130 3820 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
07:40:48.0131 3820 IRENUM - ok
07:40:48.0134 3820 is3srv - ok
07:40:48.0142 3820 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
07:40:48.0143 3820 isapnp - ok
07:40:48.0166 3820 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
07:40:48.0167 3820 iScsiPrt - ok
07:40:48.0179 3820 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
07:40:48.0180 3820 kbdclass - ok
07:40:48.0196 3820 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
07:40:48.0197 3820 kbdhid - ok
07:40:48.0212 3820 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
07:40:48.0214 3820 KSecDD - ok
07:40:48.0242 3820 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
07:40:48.0243 3820 KSecPkg - ok
07:40:48.0253 3820 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
07:40:48.0253 3820 ksthunk - ok
07:40:48.0281 3820 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
07:40:48.0281 3820 lltdio - ok
07:40:48.0305 3820 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
07:40:48.0306 3820 LSI_FC - ok
07:40:48.0317 3820 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
07:40:48.0318 3820 LSI_SAS - ok
07:40:48.0327 3820 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
07:40:48.0328 3820 LSI_SAS2 - ok
07:40:48.0337 3820 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
07:40:48.0338 3820 LSI_SCSI - ok
07:40:48.0357 3820 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
07:40:48.0358 3820 luafv - ok
07:40:48.0364 3820 MBAMProtector - ok
07:40:48.0381 3820 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
07:40:48.0382 3820 megasas - ok
07:40:48.0392 3820 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
07:40:48.0394 3820 MegaSR - ok
07:40:48.0404 3820 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
07:40:48.0405 3820 Modem - ok
07:40:48.0419 3820 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
07:40:48.0420 3820 monitor - ok
07:40:48.0429 3820 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
07:40:48.0430 3820 mouclass - ok
07:40:48.0446 3820 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
07:40:48.0446 3820 mouhid - ok
07:40:48.0461 3820 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
07:40:48.0462 3820 mountmgr - ok
07:40:48.0471 3820 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
07:40:48.0473 3820 mpio - ok
07:40:48.0485 3820 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
07:40:48.0486 3820 mpsdrv - ok
07:40:48.0502 3820 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
07:40:48.0502 3820 MRxDAV - ok
07:40:48.0533 3820 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
07:40:48.0534 3820 mrxsmb - ok
07:40:48.0567 3820 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:40:48.0570 3820 mrxsmb10 - ok
07:40:48.0590 3820 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:40:48.0591 3820 mrxsmb20 - ok
07:40:48.0610 3820 msahci (bccf16d5fb1109162380e3e28dc9e4e5) C:\Windows\system32\DRIVERS\msahci.sys
07:40:48.0611 3820 msahci - ok
07:40:48.0627 3820 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
07:40:48.0628 3820 msdsm - ok
07:40:48.0654 3820 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
07:40:48.0654 3820 Msfs - ok
07:40:48.0665 3820 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
07:40:48.0666 3820 mshidkmdf - ok
07:40:48.0682 3820 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
07:40:48.0682 3820 msisadrv - ok
07:40:48.0693 3820 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
07:40:48.0694 3820 MSKSSRV - ok
07:40:48.0703 3820 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
07:40:48.0704 3820 MSPCLOCK - ok
07:40:48.0714 3820 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
07:40:48.0714 3820 MSPQM - ok
07:40:48.0736 3820 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
07:40:48.0737 3820 MsRPC - ok
07:40:48.0750 3820 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
07:40:48.0751 3820 mssmbios - ok
07:40:48.0758 3820 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
07:40:48.0758 3820 MSTEE - ok
07:40:48.0768 3820 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
07:40:48.0768 3820 MTConfig - ok
07:40:48.0797 3820 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
07:40:48.0798 3820 Mup - ok
07:40:48.0820 3820 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
07:40:48.0822 3820 NativeWifiP - ok
07:40:48.0853 3820 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
07:40:48.0858 3820 NDIS - ok
07:40:48.0872 3820 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
07:40:48.0873 3820 NdisCap - ok
07:40:48.0891 3820 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
07:40:48.0892 3820 NdisTapi - ok
07:40:48.0899 3820 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
07:40:48.0900 3820 Ndisuio - ok
07:40:48.0916 3820 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
07:40:48.0917 3820 NdisWan - ok
07:40:48.0938 3820 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
07:40:48.0939 3820 NDProxy - ok
07:40:48.0958 3820 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
07:40:48.0958 3820 NetBIOS - ok
07:40:48.0975 3820 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
07:40:48.0976 3820 NetBT - ok
07:40:49.0006 3820 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
07:40:49.0007 3820 nfrd960 - ok
07:40:49.0017 3820 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
07:40:49.0017 3820 Npfs - ok
07:40:49.0028 3820 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
07:40:49.0028 3820 nsiproxy - ok
07:40:49.0087 3820 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
07:40:49.0103 3820 Ntfs - ok
07:40:49.0134 3820 NuidFltr (d4012918d3a3847b44b888d56bc095d6) C:\Windows\system32\DRIVERS\NuidFltr.sys
07:40:49.0134 3820 NuidFltr - ok
07:40:49.0145 3820 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
07:40:49.0146 3820 Null - ok
07:40:49.0153 3820 NVHDA - ok
07:40:49.0368 3820 nvlddmkm (aaf5559039e99d0cc22e25255f3dc06e) C:\Windows\system32\DRIVERS\nvlddmkm.sys
07:40:49.0429 3820 nvlddmkm - ok
07:40:49.0464 3820 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
07:40:49.0465 3820 nvraid - ok
07:40:49.0491 3820 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
07:40:49.0492 3820 nvstor - ok
07:40:49.0509 3820 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
07:40:49.0510 3820 nv_agp - ok
07:40:49.0541 3820 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
07:40:49.0541 3820 ohci1394 - ok
07:40:49.0567 3820 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
07:40:49.0568 3820 Parport - ok
07:40:49.0585 3820 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
07:40:49.0586 3820 partmgr - ok
07:40:49.0606 3820 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
07:40:49.0607 3820 pci - ok
07:40:49.0628 3820 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
07:40:49.0629 3820 pciide - ok
07:40:49.0642 3820 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
07:40:49.0643 3820 pcmcia - ok
07:40:49.0666 3820 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
07:40:49.0666 3820 pcw - ok
07:40:49.0686 3820 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
07:40:49.0689 3820 PEAUTH - ok
07:40:49.0731 3820 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
07:40:49.0732 3820 PptpMiniport - ok
07:40:49.0740 3820 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
07:40:49.0740 3820 Processor - ok
07:40:49.0758 3820 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
07:40:49.0759 3820 Psched - ok
07:40:49.0791 3820 PSI (fb46e9a827a8799ebd7bfa9128c91f37) C:\Windows\system32\DRIVERS\psi_mf.sys
07:40:49.0791 3820 PSI - ok
07:40:49.0830 3820 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
07:40:49.0831 3820 PxHlpa64 - ok
07:40:49.0872 3820 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
07:40:49.0880 3820 ql2300 - ok
07:40:49.0890 3820 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
07:40:49.0891 3820 ql40xx - ok
07:40:49.0913 3820 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
07:40:49.0914 3820 QWAVEdrv - ok
07:40:49.0981 3820 R-ImageDisk (05b931c48d60b7b96c38047f251cfa65) C:\Program Files (x86)\R-Drive Image\R-ImageDisk64.sys
07:40:49.0983 3820 R-ImageDisk - ok
07:40:49.0991 3820 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
07:40:49.0992 3820 RasAcd - ok
07:40:50.0019 3820 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
07:40:50.0020 3820 RasAgileVpn - ok
07:40:50.0037 3820 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
07:40:50.0038 3820 Rasl2tp - ok
07:40:50.0051 3820 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
07:40:50.0052 3820 RasPppoe - ok
07:40:50.0064 3820 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
07:40:50.0065 3820 RasSstp - ok
07:40:50.0082 3820 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
07:40:50.0084 3820 rdbss - ok
07:40:50.0101 3820 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
07:40:50.0102 3820 rdpbus - ok
07:40:50.0113 3820 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
07:40:50.0113 3820 RDPCDD - ok
07:40:50.0144 3820 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
07:40:50.0145 3820 RDPDR - ok
07:40:50.0153 3820 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
07:40:50.0153 3820 RDPENCDD - ok
07:40:50.0165 3820 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
07:40:50.0165 3820 RDPREFMP - ok
07:40:50.0180 3820 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
07:40:50.0181 3820 RDPWD - ok
07:40:50.0200 3820 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
07:40:50.0201 3820 rdyboost - ok
07:40:50.0233 3820 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
07:40:50.0234 3820 rspndr - ok
07:40:50.0255 3820 RTL8167 (f65f171165fbb613f7aa3cc78e8cab42) C:\Windows\system32\DRIVERS\Rt64win7.sys
07:40:50.0257 3820 RTL8167 - ok
07:40:50.0304 3820 SASDIFSV - ok
07:40:50.0311 3820 SASKUTIL - ok
07:40:50.0332 3820 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
07:40:50.0334 3820 sbp2port - ok
07:40:50.0357 3820 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
07:40:50.0358 3820 scfilter - ok
07:40:50.0381 3820 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
07:40:50.0382 3820 secdrv - ok
07:40:50.0401 3820 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
07:40:50.0402 3820 Serenum - ok
07:40:50.0411 3820 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
07:40:50.0412 3820 Serial - ok
07:40:50.0421 3820 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
07:40:50.0421 3820 sermouse - ok
07:40:50.0447 3820 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
07:40:50.0447 3820 sffdisk - ok
07:40:50.0460 3820 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
07:40:50.0461 3820 sffp_mmc - ok
07:40:50.0472 3820 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
07:40:50.0473 3820 sffp_sd - ok
07:40:50.0481 3820 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
07:40:50.0481 3820 sfloppy - ok
07:40:50.0501 3820 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
07:40:50.0502 3820 SiSRaid2 - ok
07:40:50.0514 3820 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
07:40:50.0515 3820 SiSRaid4 - ok
07:40:50.0527 3820 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
07:40:50.0528 3820 Smb - ok
07:40:50.0556 3820 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
07:40:50.0557 3820 spldr - ok
07:40:50.0597 3820 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
07:40:50.0599 3820 srv - ok
07:40:50.0619 3820 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
07:40:50.0621 3820 srv2 - ok
07:40:50.0638 3820 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
07:40:50.0639 3820 srvnet - ok
07:40:50.0667 3820 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
07:40:50.0668 3820 stexstor - ok
07:40:50.0692 3820 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
07:40:50.0693 3820 swenum - ok
07:40:50.0700 3820 szkg5 - ok
07:40:50.0770 3820 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
07:40:50.0787 3820 Tcpip - ok
07:40:50.0829 3820 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
07:40:50.0838 3820 TCPIP6 - ok
07:40:50.0856 3820 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
07:40:50.0857 3820 tcpipreg - ok
07:40:50.0878 3820 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
07:40:50.0878 3820 TDPIPE - ok
07:40:50.0895 3820 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
07:40:50.0896 3820 TDTCP - ok
07:40:50.0913 3820 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
07:40:50.0914 3820 tdx - ok
07:40:50.0922 3820 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
07:40:50.0923 3820 TermDD - ok
07:40:51.0018 3820 TmFilter (850db5e4b0c840c1ede013ac9838f1eb) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys
07:40:51.0021 3820 TmFilter - ok
07:40:51.0043 3820 tmlwf (2d80a3f3e92caae696c561db6e8f30b7) C:\Windows\system32\DRIVERS\tmlwf.sys
07:40:51.0046 3820 tmlwf - ok
07:40:51.0078 3820 TmPreFilter (ee0d3cb7368bf08ff5610dd62990e62e) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys
07:40:51.0079 3820 TmPreFilter - ok
07:40:51.0097 3820 tmtdi (59e0649a8fbfb978a753dc03136b4f00) C:\Windows\system32\DRIVERS\tmtdi.sys
07:40:51.0098 3820 tmtdi - ok
07:40:51.0118 3820 tmwfp (8dec71d2568140c37b47e5a622155a38) C:\Windows\system32\DRIVERS\tmwfp.sys
07:40:51.0119 3820 tmwfp - ok
07:40:51.0145 3820 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
07:40:51.0146 3820 tssecsrv - ok
07:40:51.0155 3820 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
07:40:51.0156 3820 tunnel - ok
07:40:51.0165 3820 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
07:40:51.0166 3820 uagp35 - ok
07:40:51.0197 3820 udfs (31ba4a33afab6a69ea092b18017f737f) C:\Windows\system32\DRIVERS\udfs.sys
07:40:51.0199 3820 udfs - ok
07:40:51.0214 3820 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
07:40:51.0215 3820 uliagpkx - ok
07:40:51.0224 3820 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
07:40:51.0224 3820 umbus - ok
07:40:51.0241 3820 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
07:40:51.0242 3820 UmPass - ok
07:40:51.0275 3820 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
07:40:51.0276 3820 usbccgp - ok
07:40:51.0288 3820 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
07:40:51.0290 3820 usbcir - ok
07:40:51.0317 3820 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\DRIVERS\usbehci.sys
07:40:51.0318 3820 usbehci - ok
07:40:51.0332 3820 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
07:40:51.0334 3820 usbhub - ok
07:40:51.0346 3820 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys
07:40:51.0347 3820 usbohci - ok
07:40:51.0358 3820 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
07:40:51.0359 3820 usbprint - ok
07:40:51.0385 3820 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
07:40:51.0386 3820 USBSTOR - ok
07:40:51.0399 3820 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\DRIVERS\usbuhci.sys
07:40:51.0400 3820 usbuhci - ok
07:40:51.0418 3820 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
07:40:51.0418 3820 vdrvroot - ok
07:40:51.0431 3820 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
07:40:51.0431 3820 vga - ok
07:40:51.0449 3820 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
07:40:51.0450 3820 VgaSave - ok
07:40:51.0467 3820 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
07:40:51.0468 3820 vhdmp - ok
07:40:51.0488 3820 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
07:40:51.0488 3820 viaide - ok
07:40:51.0509 3820 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
07:40:51.0510 3820 volmgr - ok
07:40:51.0528 3820 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
07:40:51.0530 3820 volmgrx - ok
07:40:51.0547 3820 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
07:40:51.0549 3820 volsnap - ok
07:40:51.0649 3820 VSApiNt (6a42451b220ac2eaeb3524200c3b8acc) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\VSApiNt.sys
07:40:51.0661 3820 VSApiNt - ok
07:40:51.0684 3820 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
07:40:51.0685 3820 vsmraid - ok
07:40:51.0705 3820 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
07:40:51.0705 3820 vwifibus - ok
07:40:51.0724 3820 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
07:40:51.0724 3820 WacomPen - ok
07:40:51.0744 3820 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
07:40:51.0744 3820 WANARP - ok
07:40:51.0749 3820 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
07:40:51.0750 3820 Wanarpv6 - ok
07:40:51.0772 3820 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
07:40:51.0772 3820 Wd - ok
07:40:51.0802 3820 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
07:40:51.0806 3820 Wdf01000 - ok
07:40:51.0839 3820 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
07:40:51.0840 3820 WfpLwf - ok
07:40:51.0869 3820 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
07:40:51.0871 3820 WimFltr - ok
07:40:51.0882 3820 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
07:40:51.0883 3820 WIMMount - ok
07:40:51.0919 3820 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
07:40:51.0920 3820 WmiAcpi - ok
07:40:51.0949 3820 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
07:40:51.0949 3820 ws2ifsl - ok
07:40:51.0989 3820 WudfPf (c63907207b837a5c05cf6d1606aa0008) C:\Windows\system32\drivers\WudfPf.sys
07:40:51.0990 3820 WudfPf - ok
07:40:52.0002 3820 WUDFRd (d885a873d733020f8b9b9ff4b1666158) C:\Windows\system32\DRIVERS\WUDFRd.sys
07:40:52.0003 3820 WUDFRd - ok
07:40:52.0025 3820 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
07:40:52.0086 3820 \Device\Harddisk0\DR0 - ok
07:40:52.0091 3820 Boot (0x1200) (4473d2eeb7b419e99aad0ff2a719014e) \Device\Harddisk0\DR0\Partition0
07:40:52.0092 3820 \Device\Harddisk0\DR0\Partition0 - ok
07:40:52.0112 3820 Boot (0x1200) (937b3ee39cbabec1ccb4e52996283f03) \Device\Harddisk0\DR0\Partition1
07:40:52.0113 3820 \Device\Harddisk0\DR0\Partition1 - ok
07:40:52.0114 3820 ============================================================
07:40:52.0114 3820 Scan finished
07:40:52.0114 3820 ============================================================
07:40:52.0122 2336 Detected object count: 0
07:40:52.0122 2336 Actual detected object count: 0
07:41:39.0658 3944 ============================================================
07:41:39.0658 3944 Scan started
07:41:39.0658 3944 Mode: Manual;
07:41:39.0658 3944 ============================================================
07:41:39.0940 3944 1394ohci (969c91060cbb5d17cb8440b5f78b4c51) C:\Windows\system32\DRIVERS\1394ohci.sys
07:41:39.0941 3944 1394ohci - ok
07:41:39.0971 3944 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
07:41:39.0975 3944 ACPI - ok
07:41:39.0990 3944 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
07:41:39.0991 3944 AcpiPmi - ok
07:41:40.0005 3944 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
07:41:40.0008 3944 adp94xx - ok
07:41:40.0021 3944 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
07:41:40.0023 3944 adpahci - ok
07:41:40.0031 3944 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
07:41:40.0033 3944 adpu320 - ok
07:41:40.0069 3944 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
07:41:40.0071 3944 AFD - ok
07:41:40.0078 3944 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
07:41:40.0079 3944 agp440 - ok
07:41:40.0101 3944 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
07:41:40.0102 3944 aliide - ok
07:41:40.0110 3944 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
07:41:40.0111 3944 amdide - ok
07:41:40.0118 3944 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
07:41:40.0119 3944 AmdK8 - ok
07:41:40.0127 3944 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
07:41:40.0128 3944 AmdPPM - ok
07:41:40.0168 3944 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
07:41:40.0170 3944 amdsata - ok
07:41:40.0185 3944 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
07:41:40.0187 3944 amdsbs - ok
07:41:40.0204 3944 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
07:41:40.0205 3944 amdxata - ok
07:41:40.0215 3944 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
07:41:40.0215 3944 AppID - ok
07:41:40.0235 3944 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
07:41:40.0236 3944 arc - ok
07:41:40.0246 3944 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
07:41:40.0247 3944 arcsas - ok
07:41:40.0263 3944 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
07:41:40.0263 3944 AsyncMac - ok
07:41:40.0290 3944 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
07:41:40.0290 3944 atapi - ok
07:41:40.0317 3944 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
07:41:40.0319 3944 b06bdrv - ok
07:41:40.0330 3944 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
07:41:40.0331 3944 b57nd60a - ok
07:41:40.0351 3944 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
07:41:40.0352 3944 Beep - ok
07:41:40.0371 3944 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
07:41:40.0372 3944 blbdrive - ok
07:41:40.0397 3944 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
07:41:40.0398 3944 bowser - ok
07:41:40.0407 3944 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
07:41:40.0407 3944 BrFiltLo - ok
07:41:40.0425 3944 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
07:41:40.0425 3944 BrFiltUp - ok
07:41:40.0437 3944 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
07:41:40.0438 3944 Brserid - ok
07:41:40.0445 3944 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
07:41:40.0446 3944 BrSerWdm - ok
07:41:40.0456 3944 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
07:41:40.0457 3944 BrUsbMdm - ok
07:41:40.0465 3944 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
07:41:40.0466 3944 BrUsbSer - ok
07:41:40.0476 3944 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
07:41:40.0476 3944 BTHMODEM - ok
07:41:40.0504 3944 catchme - ok
07:41:40.0520 3944 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
07:41:40.0520 3944 cdfs - ok
07:41:40.0536 3944 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
07:41:40.0537 3944 cdrom - ok
07:41:40.0555 3944 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
07:41:40.0556 3944 circlass - ok
07:41:40.0585 3944 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
07:41:40.0587 3944 CLFS - ok
07:41:40.0603 3944 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
07:41:40.0604 3944 CmBatt - ok
07:41:40.0622 3944 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
07:41:40.0623 3944 cmdide - ok
07:41:40.0644 3944 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
07:41:40.0646 3944 CNG - ok
07:41:40.0653 3944 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
07:41:40.0654 3944 Compbatt - ok
07:41:40.0664 3944 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
07:41:40.0665 3944 CompositeBus - ok
07:41:40.0676 3944 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
07:41:40.0677 3944 crcdisk - ok
07:41:40.0712 3944 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
07:41:40.0715 3944 CSC - ok
07:41:40.0761 3944 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
07:41:40.0762 3944 DfsC - ok
07:41:40.0781 3944 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
07:41:40.0782 3944 discache - ok
07:41:40.0797 3944 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
07:41:40.0798 3944 Disk - ok
07:41:40.0836 3944 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
07:41:40.0837 3944 drmkaud - ok
07:41:40.0898 3944 DrvSnSht (4e375548e71ce02f65d50dff35d6b5b8) C:\Program Files (x86)\R-Drive Image\DrvSnSht64.sys
07:41:40.0900 3944 DrvSnSht - ok
07:41:40.0946 3944 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
07:41:40.0951 3944 DXGKrnl - ok
07:41:41.0028 3944 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
07:41:41.0043 3944 ebdrv - ok
07:41:41.0078 3944 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
07:41:41.0081 3944 elxstor - ok
07:41:41.0089 3944 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
07:41:41.0089 3944 ErrDev - ok
07:41:41.0108 3944 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
07:41:41.0109 3944 exfat - ok
07:41:41.0130 3944 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
07:41:41.0131 3944 fastfat - ok
07:41:41.0141 3944 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
07:41:41.0141 3944 fdc - ok
07:41:41.0158 3944 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
07:41:41.0159 3944 FileInfo - ok
07:41:41.0176 3944 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
07:41:41.0177 3944 Filetrace - ok
07:41:41.0185 3944 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
07:41:41.0186 3944 flpydisk - ok
07:41:41.0200 3944 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
07:41:41.0201 3944 FltMgr - ok
07:41:41.0221 3944 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
07:41:41.0222 3944 FsDepends - ok
07:41:41.0239 3944 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
07:41:41.0239 3944 Fs_Rec - ok
07:41:41.0253 3944 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
07:41:41.0254 3944 fvevol - ok
07:41:41.0267 3944 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
07:41:41.0268 3944 gagp30kx - ok
07:41:41.0291 3944 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
07:41:41.0291 3944 hcw85cir - ok
07:41:41.0326 3944 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
07:41:41.0329 3944 HdAudAddService - ok
07:41:41.0351 3944 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
07:41:41.0352 3944 HDAudBus - ok
07:41:41.0359 3944 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
07:41:41.0359 3944 HidBatt - ok
07:41:41.0369 3944 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
07:41:41.0370 3944 HidBth - ok
07:41:41.0379 3944 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
07:41:41.0380 3944 HidIr - ok
07:41:41.0399 3944 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
07:41:41.0400 3944 HidUsb - ok
07:41:41.0425 3944 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
07:41:41.0425 3944 HpSAMD - ok
07:41:41.0447 3944 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
07:41:41.0451 3944 HTTP - ok
07:41:41.0462 3944 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
07:41:41.0462 3944 hwpolicy - ok
07:41:41.0470 3944 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
07:41:41.0471 3944 i8042prt - ok
07:41:41.0499 3944 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
07:41:41.0501 3944 iaStor - ok
07:41:41.0532 3944 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
07:41:41.0534 3944 iaStorV - ok
07:41:41.0651 3944 igfx (ac4b14e985b2bb19386cc8203fe49bcd) C:\Windows\system32\DRIVERS\igdkmd64.sys
07:41:41.0683 3944 igfx - ok
07:41:41.0699 3944 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
07:41:41.0700 3944 iirsp - ok
07:41:41.0748 3944 IntcAzAudAddService (492cd3a94913d753b4591cd9e29ec843) C:\Windows\system32\drivers\RTKVHD64.sys
07:41:41.0759 3944 IntcAzAudAddService - ok
07:41:41.0779 3944 IntcHdmiAddService (d485d3bd3e2179aa86853a182f70699f) C:\Windows\system32\drivers\IntcHdmi.sys
07:41:41.0780 3944 IntcHdmiAddService - ok
07:41:41.0796 3944 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
07:41:41.0797 3944 intelide - ok
07:41:41.0812 3944 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
07:41:41.0812 3944 intelppm - ok
07:41:41.0824 3944 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:41:41.0825 3944 IpFilterDriver - ok
07:41:41.0835 3944 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
07:41:41.0836 3944 IPMIDRV - ok
07:41:41.0846 3944 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
07:41:41.0847 3944 IPNAT - ok
07:41:41.0860 3944 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
07:41:41.0860 3944 IRENUM - ok
07:41:41.0863 3944 is3srv - ok
07:41:41.0873 3944 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
07:41:41.0874 3944 isapnp - ok
07:41:41.0895 3944 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
07:41:41.0896 3944 iScsiPrt - ok
07:41:41.0908 3944 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
07:41:41.0909 3944 kbdclass - ok
07:41:41.0926 3944 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
07:41:41.0926 3944 kbdhid - ok
07:41:41.0975 3944 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
07:41:41.0976 3944 KSecDD - ok
07:41:42.0039 3944 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
07:41:42.0041 3944 KSecPkg - ok
07:41:42.0057 3944 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
07:41:42.0058 3944 ksthunk - ok
07:41:42.0093 3944 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
07:41:42.0094 3944 lltdio - ok
07:41:42.0126 3944 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
07:41:42.0127 3944 LSI_FC - ok
07:41:42.0144 3944 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
07:41:42.0145 3944 LSI_SAS - ok
07:41:42.0170 3944 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
07:41:42.0171 3944 LSI_SAS2 - ok
07:41:42.0189 3944 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
07:41:42.0190 3944 LSI_SCSI - ok
07:41:42.0211 3944 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
07:41:42.0212 3944 luafv - ok
07:41:42.0220 3944 MBAMProtector - ok
07:41:42.0267 3944 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
07:41:42.0267 3944 megasas - ok
07:41:42.0323 3944 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
07:41:42.0326 3944 MegaSR - ok
07:41:42.0355 3944 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
07:41:42.0356 3944 Modem - ok
07:41:42.0374 3944 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
07:41:42.0374 3944 monitor - ok
07:41:42.0383 3944 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
07:41:42.0384 3944 mouclass - ok
07:41:42.0400 3944 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
07:41:42.0400 3944 mouhid - ok
07:41:42.0415 3944 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
07:41:42.0416 3944 mountmgr - ok
07:41:42.0427 3944 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
07:41:42.0428 3944 mpio - ok
07:41:42.0440 3944 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
07:41:42.0440 3944 mpsdrv - ok
07:41:42.0464 3944 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
07:41:42.0465 3944 MRxDAV - ok
07:41:42.0495 3944 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
07:41:42.0496 3944 mrxsmb - ok
07:41:42.0528 3944 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:41:42.0530 3944 mrxsmb10 - ok
07:41:42.0544 3944 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:41:42.0544 3944 mrxsmb20 - ok
07:41:42.0556 3944 msahci (bccf16d5fb1109162380e3e28dc9e4e5) C:\Windows\system32\DRIVERS\msahci.sys
07:41:42.0557 3944 msahci - ok
07:41:42.0582 3944 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
07:41:42.0583 3944 msdsm - ok
07:41:42.0608 3944 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
07:41:42.0609 3944 Msfs - ok
07:41:42.0620 3944 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
07:41:42.0620 3944 mshidkmdf - ok
07:41:42.0636 3944 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
07:41:42.0637 3944 msisadrv - ok
07:41:42.0651 3944 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
07:41:42.0651 3944 MSKSSRV - ok
07:41:42.0660 3944 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
07:41:42.0661 3944 MSPCLOCK - ok
07:41:42.0674 3944 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
07:41:42.0675 3944 MSPQM - ok
07:41:42.0698 3944 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
07:41:42.0700 3944 MsRPC - ok
07:41:42.0713 3944 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
07:41:42.0713 3944 mssmbios - ok
07:41:42.0721 3944 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
07:41:42.0722 3944 MSTEE - ok
07:41:42.0731 3944 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
07:41:42.0731 3944 MTConfig - ok
07:41:42.0760 3944 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
07:41:42.0760 3944 Mup - ok
07:41:42.0783 3944 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
07:41:42.0785 3944 NativeWifiP - ok
07:41:42.0816 3944 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
07:41:42.0820 3944 NDIS - ok
07:41:42.0843 3944 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
07:41:42.0844 3944 NdisCap - ok
07:41:42.0862 3944 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
07:41:42.0863 3944 NdisTapi - ok
07:41:42.0871 3944 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
07:41:42.0871 3944 Ndisuio - ok
07:41:42.0887 3944 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
07:41:42.0888 3944 NdisWan - ok
07:41:42.0909 3944 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
07:41:42.0910 3944 NDProxy - ok
07:41:42.0929 3944 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
07:41:42.0929 3944 NetBIOS - ok
07:41:42.0946 3944 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
07:41:42.0947 3944 NetBT - ok
07:41:42.0969 3944 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
07:41:42.0969 3944 nfrd960 - ok
07:41:42.0979 3944 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
07:41:42.0980 3944 Npfs - ok
07:41:42.0993 3944 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
07:41:42.0994 3944 nsiproxy - ok
07:41:43.0058 3944 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
07:41:43.0072 3944 Ntfs - ok
07:41:43.0096 3944 NuidFltr (d4012918d3a3847b44b888d56bc095d6) C:\Windows\system32\DRIVERS\NuidFltr.sys
07:41:43.0097 3944 NuidFltr - ok
07:41:43.0107 3944 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
07:41:43.0108 3944 Null - ok
07:41:43.0114 3944 NVHDA - ok
07:41:43.0336 3944 nvlddmkm (aaf5559039e99d0cc22e25255f3dc06e) C:\Windows\system32\DRIVERS\nvlddmkm.sys
07:41:43.0399 3944 nvlddmkm - ok
07:41:43.0435 3944 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
07:41:43.0436 3944 nvraid - ok
07:41:43.0462 3944 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
07:41:43.0463 3944 nvstor - ok
07:41:43.0480 3944 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
07:41:43.0481 3944 nv_agp - ok
07:41:43.0503 3944 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
07:41:43.0504 3944 ohci1394 - ok
07:41:43.0529 3944 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
07:41:43.0530 3944 Parport - ok
07:41:43.0556 3944 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
07:41:43.0557 3944 partmgr - ok
07:41:43.0577 3944 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
07:41:43.0578 3944 pci - ok
07:41:43.0591 3944 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
07:41:43.0591 3944 pciide - ok
07:41:43.0601 3944 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
07:41:43.0602 3944 pcmcia - ok
07:41:43.0620 3944 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
07:41:43.0621 3944 pcw - ok
07:41:43.0640 3944 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
07:41:43.0643 3944 PEAUTH - ok
07:41:43.0686 3944 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
07:41:43.0687 3944 PptpMiniport - ok
07:41:43.0711 3944 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
07:41:43.0712 3944 Processor - ok
07:41:43.0737 3944 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
07:41:43.0738 3944 Psched - ok
07:41:43.0770 3944 PSI (fb46e9a827a8799ebd7bfa9128c91f37) C:\Windows\system32\DRIVERS\psi_mf.sys
07:41:43.0771 3944 PSI - ok
07:41:43.0800 3944 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
07:41:43.0801 3944 PxHlpa64 - ok
07:41:43.0833 3944 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
07:41:43.0840 3944 ql2300 - ok
07:41:43.0849 3944 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
07:41:43.0850 3944 ql40xx - ok
07:41:43.0867 3944 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
07:41:43.0867 3944 QWAVEdrv - ok
07:41:43.0934 3944 R-ImageDisk (05b931c48d60b7b96c38047f251cfa65) C:\Program Files (x86)\R-Drive Image\R-ImageDisk64.sys
07:41:43.0936 3944 R-ImageDisk - ok
07:41:43.0944 3944 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
07:41:43.0944 3944 RasAcd - ok
07:41:43.0973 3944 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
07:41:43.0973 3944 RasAgileVpn - ok
07:41:43.0991 3944 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
07:41:43.0992 3944 Rasl2tp - ok
07:41:44.0004 3944 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
07:41:44.0005 3944 RasPppoe - ok
07:41:44.0018 3944 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
07:41:44.0018 3944 RasSstp - ok
07:41:44.0036 3944 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
07:41:44.0037 3944 rdbss - ok
07:41:44.0046 3944 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
07:41:44.0047 3944 rdpbus - ok
07:41:44.0058 3944 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
07:41:44.0058 3944 RDPCDD - ok
07:41:44.0089 3944 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
07:41:44.0090 3944 RDPDR - ok
07:41:44.0096 3944 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
07:41:44.0097 3944 RDPENCDD - ok
07:41:44.0109 3944 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
07:41:44.0110 3944 RDPREFMP - ok
07:41:44.0125 3944 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
07:41:44.0126 3944 RDPWD - ok
07:41:44.0145 3944 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
07:41:44.0146 3944 rdyboost - ok
07:41:44.0178 3944 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
07:41:44.0179 3944 rspndr - ok
07:41:44.0200 3944 RTL8167 (f65f171165fbb613f7aa3cc78e8cab42) C:\Windows\system32\DRIVERS\Rt64win7.sys
07:41:44.0202 3944 RTL8167 - ok
07:41:44.0249 3944 SASDIFSV - ok
07:41:44.0256 3944 SASKUTIL - ok
07:41:44.0277 3944 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
07:41:44.0277 3944 sbp2port - ok
07:41:44.0294 3944 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
07:41:44.0294 3944 scfilter - ok
07:41:44.0318 3944 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
07:41:44.0318 3944 secdrv - ok
07:41:44.0343 3944 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
07:41:44.0343 3944 Serenum - ok
07:41:44.0353 3944 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
07:41:44.0354 3944 Serial - ok
07:41:44.0361 3944 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
07:41:44.0362 3944 sermouse - ok
07:41:44.0392 3944 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
07:41:44.0392 3944 sffdisk - ok
07:41:44.0405 3944 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
07:41:44.0405 3944 sffp_mmc - ok
07:41:44.0417 3944 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
07:41:44.0418 3944 sffp_sd - ok
07:41:44.0425 3944 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
07:41:44.0426 3944 sfloppy - ok
07:41:44.0442 3944 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
07:41:44.0443 3944 SiSRaid2 - ok
07:41:44.0452 3944 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
07:41:44.0453 3944 SiSRaid4 - ok
07:41:44.0461 3944 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
07:41:44.0462 3944 Smb - ok
07:41:44.0484 3944 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
07:41:44.0485 3944 spldr - ok
07:41:44.0525 3944 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
07:41:44.0528 3944 srv - ok
07:41:44.0547 3944 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
07:41:44.0550 3944 srv2 - ok
07:41:44.0566 3944 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
07:41:44.0568 3944 srvnet - ok
07:41:44.0596 3944 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
07:41:44.0596 3944 stexstor - ok
07:41:44.0620 3944 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
07:41:44.0621 3944 swenum - ok
07:41:44.0630 3944 szkg5 - ok
07:41:44.0707 3944 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
07:41:44.0720 3944 Tcpip - ok
07:41:44.0757 3944 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
07:41:44.0765 3944 TCPIP6 - ok
07:41:44.0785 3944 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
07:41:44.0785 3944 tcpipreg - ok
07:41:44.0806 3944 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
07:41:44.0807 3944 TDPIPE - ok
07:41:44.0823 3944 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
07:41:44.0824 3944 TDTCP - ok
07:41:44.0841 3944 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
07:41:44.0842 3944 tdx - ok
07:41:44.0850 3944 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
07:41:44.0851 3944 TermDD - ok
07:41:44.0946 3944 TmFilter (850db5e4b0c840c1ede013ac9838f1eb) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys
07:41:44.0950 3944 TmFilter - ok
07:41:44.0972 3944 tmlwf (2d80a3f3e92caae696c561db6e8f30b7) C:\Windows\system32\DRIVERS\tmlwf.sys
07:41:44.0975 3944 tmlwf - ok
07:41:45.0007 3944 TmPreFilter (ee0d3cb7368bf08ff5610dd62990e62e) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys
07:41:45.0007 3944 TmPreFilter - ok
07:41:45.0026 3944 tmtdi (59e0649a8fbfb978a753dc03136b4f00) C:\Windows\system32\DRIVERS\tmtdi.sys
07:41:45.0026 3944 tmtdi - ok
07:41:45.0046 3944 tmwfp (8dec71d2568140c37b47e5a622155a38) C:\Windows\system32\DRIVERS\tmwfp.sys
07:41:45.0048 3944 tmwfp - ok
07:41:45.0073 3944 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
07:41:45.0074 3944 tssecsrv - ok
07:41:45.0085 3944 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
07:41:45.0086 3944 tunnel - ok
07:41:45.0096 3944 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
07:41:45.0096 3944 uagp35 - ok
07:41:45.0125 3944 udfs (31ba4a33afab6a69ea092b18017f737f) C:\Windows\system32\DRIVERS\udfs.sys
07:41:45.0127 3944 udfs - ok
07:41:45.0142 3944 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
07:41:45.0143 3944 uliagpkx - ok
07:41:45.0159 3944 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
07:41:45.0160 3944 umbus - ok
07:41:45.0178 3944 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
07:41:45.0178 3944 UmPass - ok
07:41:45.0211 3944 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
07:41:45.0212 3944 usbccgp - ok
07:41:45.0220 3944 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
07:41:45.0221 3944 usbcir - ok
07:41:45.0245 3944 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\DRIVERS\usbehci.sys
07:41:45.0246 3944 usbehci - ok
07:41:45.0260 3944 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
07:41:45.0262 3944 usbhub - ok
07:41:45.0274 3944 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys
07:41:45.0275 3944 usbohci - ok
07:41:45.0295 3944 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
07:41:45.0295 3944 usbprint - ok
07:41:45.0322 3944 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
07:41:45.0324 3944 USBSTOR - ok
07:41:45.0344 3944 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\DRIVERS\usbuhci.sys
07:41:45.0345 3944 usbuhci - ok
07:41:45.0363 3944 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
07:41:45.0363 3944 vdrvroot - ok
07:41:45.0374 3944 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
07:41:45.0375 3944 vga - ok
07:41:45.0386 3944 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
07:41:45.0387 3944 VgaSave - ok
07:41:45.0403 3944 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
07:41:45.0405 3944 vhdmp - ok
07:41:45.0433 3944 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
07:41:45.0433 3944 viaide - ok
07:41:45.0455 3944 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
07:41:45.0456 3944 volmgr - ok
07:41:45.0474 3944 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
07:41:45.0475 3944 volmgrx - ok
07:41:45.0493 3944 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
07:41:45.0494 3944 volsnap - ok
07:41:45.0587 3944 VSApiNt (6a42451b220ac2eaeb3524200c3b8acc) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\VSApiNt.sys
07:41:45.0596 3944 VSApiNt - ok
07:41:45.0630 3944 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
07:41:45.0631 3944 vsmraid - ok
07:41:45.0651 3944 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
07:41:45.0651 3944 vwifibus - ok
07:41:45.0666 3944 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
07:41:45.0666 3944 WacomPen - ok
07:41:45.0689 3944 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
07:41:45.0690 3944 WANARP - ok
07:41:45.0694 3944 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
07:41:45.0695 3944 Wanarpv6 - ok
07:41:45.0715 3944 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
07:41:45.0715 3944 Wd - ok
07:41:45.0740 3944 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
07:41:45.0743 3944 Wdf01000 - ok
07:41:45.0776 3944 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
07:41:45.0776 3944 WfpLwf - ok
07:41:45.0805 3944 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
07:41:45.0806 3944 WimFltr - ok
07:41:45.0817 3944 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
07:41:45.0818 3944 WIMMount - ok
07:41:45.0846 3944 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
07:41:45.0847 3944 WmiAcpi - ok
07:41:45.0885 3944 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
07:41:45.0886 3944 ws2ifsl - ok
07:41:45.0926 3944 WudfPf (c63907207b837a5c05cf6d1606aa0008) C:\Windows\system32\drivers\WudfPf.sys
07:41:45.0927 3944 WudfPf - ok
07:41:45.0939 3944 WUDFRd (d885a873d733020f8b9b9ff4b1666158) C:\Windows\system32\DRIVERS\WUDFRd.sys
07:41:45.0940 3944 WUDFRd - ok
07:41:45.0961 3944 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
07:41:46.0023 3944 \Device\Harddisk0\DR0 - ok
07:41:46.0028 3944 Boot (0x1200) (4473d2eeb7b419e99aad0ff2a719014e) \Device\Harddisk0\DR0\Partition0
07:41:46.0029 3944 \Device\Harddisk0\DR0\Partition0 - ok
07:41:46.0040 3944 Boot (0x1200) (937b3ee39cbabec1ccb4e52996283f03) \Device\Harddisk0\DR0\Partition1
07:41:46.0041 3944 \Device\Harddisk0\DR0\Partition1 - ok
07:41:46.0041 3944 ============================================================
07:41:46.0041 3944 Scan finished
07:41:46.0041 3944 ============================================================
07:41:46.0056 0744 Detected object count: 0
07:41:46.0056 0744 Actual detected object count: 0

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:53 AM

Posted 29 December 2011 - 09:04 AM

Greetings

How is the computer doing now? I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 BillyMadison

BillyMadison
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 29 December 2011 - 10:17 AM

Done. Had Windows shut-down unexpectedly earlier, but not sure if that was due to running one of the programs I ran. Here's the log:

ComboFix 11-12-29.04 - james 12/29/2011 8:44:40.2.2 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3071.1684 [GMT -6:00]
Running from: C:\Users\james.TONTIPROPERTIES\Desktop\ComboFix.exe
Command switches used :: C:\Users\james.TONTIPROPERTIES\Desktop\CFScript.txt
AV: Trend Micro Client/Server Security Agent Antivirus *Enabled/Outdated* {48929DFC-7A52-A34F-8351-C4DBEDBD9C50}
FW: Trend Micro Personal Firewall *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
SP: STOPzilla Anti-Spyware *Disabled/Updated* {B2E69928-50DC-94CA-6A80-AAB054008761}
SP: Trend Micro Client/Server Security Agent Anti-spyware *Enabled/Outdated* {F3F37C18-5C68-ACC1-B9E1-FFA9963AD6ED}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-29 )))))))))))))))))))))))))))))))


2011-12-29 14:55:10 . 2011-12-29 14:55:11 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{11FF1CCA-3762-47D9-AC85-F6600530E866}\offreg.dll
2011-12-29 14:53:54 . 2011-12-29 14:53:54 -------- d-----w- C:\Users\michaelb\AppData\Local\temp
2011-12-29 14:53:54 . 2011-12-29 14:53:54 -------- d-----w- C:\Users\JAMES~1~TON\AppData\Local\temp
2011-12-29 14:53:54 . 2011-12-29 14:53:54 -------- d-----w- C:\Users\James\AppData\Local\temp
2011-12-29 14:53:54 . 2011-12-29 14:53:54 -------- d-----w- C:\Users\Default\AppData\Local\temp
2011-12-29 13:40:12 . 2011-12-29 13:40:12 111408 ----a-w- C:\Windows\system32\drivers\86582777.sys
2011-12-29 13:34:56 . 2011-12-29 13:34:56 27256 ----a-w- C:\Windows\system32\drivers\FixTDSS.sys
2011-12-28 20:12:06 . 2011-12-28 20:12:06 -------- d-----w- C:\Program Files (x86)\Conduit
2011-12-28 20:12:05 . 2011-12-28 20:12:06 -------- d-----w- C:\Program Files (x86)\midicairUSA
2011-12-28 20:12:05 . 2011-12-28 20:12:05 -------- d-----w- C:\Users\james.TONTIPROPERTIES\AppData\Local\Conduit
2011-12-27 08:27:28 . 2011-11-21 11:40:38 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{11FF1CCA-3762-47D9-AC85-F6600530E866}\mpengine.dll
2011-12-13 21:41:59 . 2011-10-15 06:25:12 723456 ----a-w- C:\Windows\system32\EncDec.dll
2011-12-13 21:41:59 . 2011-10-15 05:48:52 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-12-13 21:41:54 . 2011-11-05 05:17:42 2048 ----a-w- C:\Windows\system32\tzres.dll
2011-12-13 21:41:54 . 2011-11-05 04:30:11 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-12-01 16:11:11 . 2011-12-01 16:11:11 -------- d-----w- C:\Windows\system32\Macromed
2011-12-01 16:11:10 . 2011-12-01 16:11:10 -------- d-----w- C:\ProgramData\McAfee Security Scan
2011-12-01 16:11:05 . 2011-12-05 14:02:11 -------- d-----w- C:\Program Files (x86)\McAfee Security Scan
2011-11-30 09:05:23 . 2011-11-30 09:05:23 -------- d-----w- C:\Users\Default\AppData\Local\Microsoft Help
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-12-07 16:49:41 . 2011-09-01 12:29:32 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-27 18:07:29 . 2011-11-27 18:07:29 70760 ----a-w- C:\Windows\SysWow64\drivers\extit.sys
2011-11-27 17:50:46 . 2011-02-12 09:27:05 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-11-27 17:47:45 . 2011-02-12 09:27:28 525544 ----a-w- C:\Windows\system32\deployJava1.dll
2011-11-26 00:16:58 . 2011-11-26 00:16:58 547880 ----a-r- C:\Windows\SysWow64\SZComp5.dll
2011-11-26 00:16:58 . 2011-11-26 00:16:58 482344 ----a-r- C:\Windows\SysWow64\SZBase5.dll
2011-11-26 00:16:58 . 2011-11-26 00:16:58 24616 ----a-r- C:\Windows\SysWow64\SZIO5.dll
2011-11-26 00:16:58 . 2011-11-26 00:16:58 134184 ----a-r- C:\Windows\SysWow64\IS3HTUI5.dll
2011-11-26 00:16:56 . 2011-11-26 00:16:56 740392 ----a-r- C:\Windows\SysWow64\IS3Base5.dll
2011-11-26 00:16:56 . 2011-11-26 00:16:56 68648 ----a-r- C:\Windows\SysWow64\IS3Hks5.dll
2011-11-26 00:16:56 . 2011-11-26 00:16:56 457768 ----a-r- C:\Windows\SysWow64\IS3DBA5.dll
2011-11-26 00:16:56 . 2011-11-26 00:16:56 392232 ----a-r- C:\Windows\SysWow64\IS3UI5.dll
2011-11-26 00:16:56 . 2011-11-26 00:16:56 30248 ----a-r- C:\Windows\SysWow64\IS3XDat5.dll
2011-11-26 00:16:56 . 2011-11-26 00:16:56 232488 ----a-r- C:\Windows\SysWow64\IS3Win325.dll
2011-11-26 00:16:56 . 2011-11-26 00:16:56 105512 ----a-r- C:\Windows\SysWow64\IS3Inet5.dll
2011-11-26 00:16:56 . 2011-11-26 00:16:56 101416 ----a-r- C:\Windows\SysWow64\IS3Svc5.dll


((((((((((((((((((((((((((((( SnapShot@2011-12-27_15.45.06 )))))))))))))))))))))))))))))))))))))))))

+ 2009-07-14 04:54:17 . 2011-12-29 14:55:03 32768 C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54:17 . 2011-12-27 15:43:15 32768 C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54:17 . 2011-12-29 14:55:03 49152 C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54:17 . 2011-12-27 15:43:15 49152 C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54:17 . 2011-12-27 15:43:15 32768 C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54:17 . 2011-12-29 14:55:03 32768 C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-04-12 15:33:02 . 2011-12-29 14:34:49 38604 C:\Windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10:35 . 2011-12-29 14:34:50 31064 C:\Windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2011-04-12 15:34:39 . 2011-12-27 15:43:13 16384 C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-04-12 15:34:39 . 2011-12-28 20:36:19 16384 C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-04-12 15:34:39 . 2011-12-28 20:36:19 32768 C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-04-12 15:34:39 . 2011-12-27 15:43:13 32768 C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-04-12 15:34:39 . 2011-12-28 20:36:19 16384 C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-04-12 15:34:39 . 2011-12-27 15:43:13 16384 C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-05-11 15:50:05 . 2011-12-29 14:08:08 16384 C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-05-11 15:50:05 . 2011-12-27 15:10:34 16384 C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-05-11 15:50:05 . 2011-12-29 14:08:08 16384 C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-05-11 15:50:05 . 2011-12-27 15:10:34 16384 C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-12-29 09:02:54 . 2011-12-29 09:02:54 86016 C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.dll
- 2011-12-27 09:02:58 . 2011-12-27 09:02:58 86016 C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.dll
- 2011-12-27 09:02:58 . 2011-12-27 09:02:58 65536 C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Word.AddInProxy.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Word.AddInProxy.v9.0.dll
+ 2011-12-29 09:02:54 . 2011-12-29 09:02:54 65536 C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Word.AddInProxy.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Word.AddInProxy.v9.0.dll
+ 2011-12-29 09:02:54 . 2011-12-29 09:02:54 36864 C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0.dll
- 2011-12-27 09:02:58 . 2011-12-27 09:02:58 36864 C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0.dll
+ 2011-12-29 09:02:54 . 2011-12-29 09:02:54 45056 C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.dll
- 2011-12-27 09:02:58 . 2011-12-27 09:02:58 45056 C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.dll
+ 2011-12-29 09:02:53 . 2011-12-29 09:02:53 77824 C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.dll
- 2011-12-27 09:02:58 . 2011-12-27 09:02:58 77824 C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.dll
- 2011-12-27 09:02:58 . 2011-12-27 09:02:58 86016 C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.dll
+ 2011-12-29 09:02:54 . 2011-12-29 09:02:54 86016 C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.dll
+ 2011-12-29 09:02:54 . 2011-12-29 09:02:54 53248 C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Excel.AddInProxy.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Excel.AddInProxy.v9.0.dll
- 2011-12-27 09:02:58 . 2011-12-27 09:02:58 53248 C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Excel.AddInProxy.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Excel.AddInProxy.v9.0.dll
+ 2011-12-29 09:02:54 . 2011-12-29 09:02:54 36864 C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0.dll
- 2011-12-27 09:02:58 . 2011-12-27 09:02:58 36864 C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0.dll
+ 2011-12-29 09:02:54 . 2011-12-29 09:02:54 49152 C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Contract.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Contract.v9.0.dll
- 2011-12-27 09:02:58 . 2011-12-27 09:02:58 49152 C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Contract.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Contract.v9.0.dll
+ 2011-12-29 09:02:54 . 2011-12-29 09:02:54 28672 C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Contract.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.dll
- 2011-12-27 09:02:58 . 2011-12-27 09:02:58 28672 C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Contract.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.dll
- 2011-12-27 09:02:58 . 2011-12-27 09:02:58 65536 C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.ContainerControl.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.ContainerControl.v10.0.dll
+ 2011-12-29 09:02:53 . 2011-12-29 09:02:53 65536 C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.ContainerControl.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.ContainerControl.v10.0.dll
+ 2011-12-29 09:02:54 . 2011-12-29 09:02:54 81920 C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.dll
- 2011-12-27 09:02:58 . 2011-12-27 09:02:58 81920 C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.dll
- 2011-12-27 09:02:59 . 2011-12-27 09:02:59 77824 C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.dll
+ 2011-12-29 09:02:54 . 2011-12-29 09:02:54 77824 C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.dll
- 2011-12-27 09:02:59 . 2011-12-27 09:02:59 45056 C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.dll
+ 2011-12-29 09:02:54 . 2011-12-29 09:02:54 45056 C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.dll
+ 2011-12-29 09:02:54 . 2011-12-29 09:02:54 40960 C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.dll
- 2011-12-27 09:02:59 . 2011-12-27 09:02:59 40960 C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.dll
- 2011-12-27 09:02:59 . 2011-12-27 09:02:59 22016 C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.dll
+ 2011-12-29 09:02:54 . 2011-12-29 09:02:54 22016 C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.dll
+ 2011-12-29 09:02:54 . 2011-12-29 09:02:54 28672 C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.dll
- 2011-12-27 09:02:59 . 2011-12-27 09:02:59 28672 C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.dll
- 2011-12-27 09:02:59 . 2011-12-27 09:02:59 45056 C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.dll
+ 2011-12-29 09:02:54 . 2011-12-29 09:02:54 45056 C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.dll
+ 2011-12-29 09:02:54 . 2011-12-29 09:02:54 45056 C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0.dll
- 2011-12-27 09:02:59 . 2011-12-27 09:02:59 45056 C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0.dll
- 2011-12-27 09:02:58 . 2011-12-27 09:02:58 94208 C:\Windows\assembly\GAC_MSIL\Microsoft.Office.Tools.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.v9.0.dll
+ 2011-12-29 09:02:54 . 2011-12-29 09:02:54 94208 C:\Windows\assembly\GAC_MSIL\Microsoft.Office.Tools.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.v9.0.dll
+ 2011-12-29 09:02:54 . 2011-12-29 09:02:54 77824 C:\Windows\assembly\GAC_MSIL\Microsoft.Office.Tools.Outlook.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.Outlook.v9.0.dll
- 2011-12-27 09:02:59 . 2011-12-27 09:02:59 77824 C:\Windows\assembly\GAC_MSIL\Microsoft.Office.Tools.Outlook.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.Outlook.v9.0.dll
+ 2011-04-12 16:53:25 . 2011-12-29 14:34:50 7716 C:\Windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1516791187-229488438-1842657414-1670_UserData.bin
- 2011-12-27 15:43:12 . 2011-12-27 15:43:12 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-12-29 14:55:01 . 2011-12-29 14:55:01 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-12-29 14:55:01 . 2011-12-29 14:55:01 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-12-27 15:43:12 . 2011-12-27 15:43:12 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-12-29 14:55:54 . 2011-12-29 14:55:54 322896 C:\Windows\temp\Wofie\BinarySupport\tmdbg20_64x.dll
- 2011-12-27 15:44:07 . 2011-03-29 18:02:24 484880 C:\Windows\temp\upgrade.exe
+ 2011-12-27 17:01:49 . 2011-03-29 18:02:24 484880 C:\Windows\temp\upgrade.exe
+ 2011-12-29 14:55:47 . 2011-03-29 21:57:52 528912 C:\Windows\temp\TmUpgradeUI.exe
- 2011-12-27 15:44:07 . 2011-03-29 21:57:52 528912 C:\Windows\temp\TmUpgradeUI.exe
- 2011-12-27 15:44:07 . 2011-03-29 21:57:48 323600 C:\Windows\temp\tmdbg20_64x.dll
+ 2011-12-27 17:01:49 . 2011-03-29 21:57:48 323600 C:\Windows\temp\tmdbg20_64x.dll
- 2009-07-14 02:36:59 . 2011-12-14 09:31:50 626844 C:\Windows\system32\perfh009.dat
+ 2009-07-14 02:36:59 . 2011-12-29 14:37:22 626844 C:\Windows\system32\perfh009.dat
+ 2009-07-14 02:36:59 . 2011-12-29 14:37:22 107160 C:\Windows\system32\perfc009.dat
- 2009-07-14 02:36:59 . 2011-12-14 09:31:50 107160 C:\Windows\system32\perfc009.dat
+ 2009-07-14 05:01:48 . 2011-12-29 14:54:24 355364 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01:48 . 2011-11-30 09:22:48 355364 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-12-27 09:02:58 . 2011-12-27 09:02:58 385024 C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Runtime.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Runtime.v10.0.dll
+ 2011-12-29 09:02:54 . 2011-12-29 09:02:54 385024 C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Runtime.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Runtime.v10.0.dll
+ 2011-12-29 09:02:54 . 2011-12-29 09:02:54 131072 C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.AppInfoDocument.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.AppInfoDocument.v9.0.dll
- 2011-12-27 09:02:58 . 2011-12-27 09:02:58 131072 C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.AppInfoDocument.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.AppInfoDocument.v9.0.dll
- 2011-12-27 09:02:59 . 2011-12-27 09:02:59 110592 C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v9.0.dll
+ 2011-12-29 09:02:54 . 2011-12-29 09:02:54 110592 C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v9.0.dll
- 2011-12-27 09:02:59 . 2011-12-27 09:02:59 212992 C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0.dll
+ 2011-12-29 09:02:54 . 2011-12-29 09:02:54 212992 C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0.dll
- 2011-12-27 09:02:59 . 2011-12-27 09:02:59 143360 C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Hosting.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Hosting.v9.0.dll
+ 2011-12-29 09:02:54 . 2011-12-29 09:02:54 143360 C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Hosting.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Hosting.v9.0.dll
- 2011-12-27 09:02:59 . 2011-12-27 09:02:59 176128 C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0.dll
+ 2011-12-29 09:02:54 . 2011-12-29 09:02:54 176128 C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0.dll
- 2011-12-27 09:02:59 . 2011-12-27 09:02:59 286720 C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Adapter.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Adapter.v9.0.dll
+ 2011-12-29 09:02:54 . 2011-12-29 09:02:54 286720 C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Adapter.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Adapter.v9.0.dll
+ 2011-12-29 09:02:54 . 2011-12-29 09:02:54 299008 C:\Windows\assembly\GAC_MSIL\Microsoft.Office.Tools.Word.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.Word.v9.0.dll
- 2011-12-27 09:02:59 . 2011-12-27 09:02:59 299008 C:\Windows\assembly\GAC_MSIL\Microsoft.Office.Tools.Word.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.Word.v9.0.dll
- 2011-12-27 09:02:59 . 2011-12-27 09:02:59 438272 C:\Windows\assembly\GAC_MSIL\Microsoft.Office.Tools.Excel.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.Excel.v9.0.dll
+ 2011-12-29 09:02:54 . 2011-12-29 09:02:54 438272 C:\Windows\assembly\GAC_MSIL\Microsoft.Office.Tools.Excel.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.Excel.v9.0.dll
+ 2011-12-29 09:02:54 . 2011-12-29 09:02:54 356352 C:\Windows\assembly\GAC_MSIL\Microsoft.Office.Tools.Common.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.Common.v9.0.dll
- 2011-12-27 09:02:58 . 2011-12-27 09:02:58 356352 C:\Windows\assembly\GAC_MSIL\Microsoft.Office.Tools.Common.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.Common.v9.0.dll
+ 2011-04-15 13:45:59 . 2011-12-29 14:54:24 5326548 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1516791187-229488438-1842657414-1670-12288.dat
- 2011-04-15 13:45:59 . 2011-11-30 09:22:51 5326548 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1516791187-229488438-1842657414-1670-12288.dat
+ 2011-12-13 07:10:57 . 2011-12-13 07:10:57 4703232 C:\Windows\Installer\2c3a04.msp
- 2009-07-14 02:34:08 . 2011-12-27 09:13:17 10485760 C:\Windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34:08 . 2011-12-29 09:13:10 10485760 C:\Windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2011-12-29 14:55:47 . 2011-12-29 14:55:51 103107072 C:\Windows\temp\ClientSetup.msi

-- Snapshot reset to current date --

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{f3902028-4a21-4793-8e05-793e183d51c2}"= "C:\Program Files (x86)\midicairUSA\prxtbmidi.dll" [2011-05-09 08:49:38 176936]

[HKEY_CLASSES_ROOT\clsid\{f3902028-4a21-4793-8e05-793e183d51c2}]

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-08-24 02:20:12 1515688 ----a-w- C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{f3902028-4a21-4793-8e05-793e183d51c2}]
2011-05-09 08:49:38 176936 ----a-w- C:\Program Files (x86)\midicairUSA\prxtbmidi.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll" [2011-08-24 02:20:12 1515688]
"{f3902028-4a21-4793-8e05-793e183d51c2}"= "C:\Program Files (x86)\midicairUSA\prxtbmidi.dll" [2011-05-09 08:49:38 176936]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CLASSES_ROOT\clsid\{f3902028-4a21-4793-8e05-793e183d51c2}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 02:16:04 284696]
"Dell Registration"="C:\Program Files (x86)\System Registration\prodreg.exe" [2010-11-10 20:52:42 4144448]
"RoxWatchTray"="C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-09-04 07:15:02 240112]
"OfficeScanNT Monitor"="C:\Program Files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe" [2010-09-15 16:28:52 1369992]
"Desktop Disc Tool"="C:\Program Files (x86)\Roxio\oem\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-02 04:02:12 522736]
"Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 22:58:10 37296]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 04:59:06 937920]
"ApnUpdater"="C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [2011-08-24 02:20:18 887976]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 19:06:06 254696]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Secunia PSI Tray.lnk - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe [2011-10-14 291896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1516791187-229488438-1842657414-1666\Scripts\Logon\0\0]
"Script"=\\tontiproperties.local\SYSVOL\tontiproperties.local\scripts\loginnop.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1516791187-229488438-1842657414-1666\Scripts\Logon\1\0]
"Script"=\\dellserver\NETLOGON\LOGIN.BAT

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1516791187-229488438-1842657414-1670\Scripts\Logon\0\0]
"Script"=\\dellserver\NETLOGON\LOGIN.BAT

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

R0 is3srv;is3srv;C:\Windows\SySWOW64\drivers\is3srv64.sys [2011-09-26 17:21:26 74768]
R1 SASDIFSV;SASDIFSV;C:\Users\james.TONTIPROPERTIES\Desktop\SASDIFSV64.SYS [x]
R1 SASKUTIL;SASKUTIL;C:\Users\james.TONTIPROPERTIES\Desktop\SASKUTIL64.SYS [x]
R2 !SASCORE;SAS Core Service;C:\Users\james.TONTIPROPERTIES\Desktop\SASCORE64.EXE [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 18:16:28 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 19:27:14 138576]
R2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-12 19:22:22 136176]
R2 MBAMService;MBAMService;C:\Users\james.TONTIPROPERTIES\Desktop\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-09-04 07:15:22 219632]
R3 DrvSnSht;DrvSnSht;C:\Program Files (x86)\R-Drive Image\DrvSnSht64.sys [2010-06-01 05:18:56 132432]
R3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-12 19:22:22 136176]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys [x]
R3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 12:49:20 227232]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 02:34:24 4925184]
R3 R-ImageDisk;R-ImageDisk;C:\Program Files (x86)\R-Drive Image\R-ImageDisk64.sys [2010-10-16 15:27:00 187600]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-09-04 07:14:26 1116656]
R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [x]
R4 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys [x]
S0 PxHlpa64;PxHlpa64;C:\Windows\System32\Drivers\PxHlpa64.sys [x]
S0 szkg5;szkg5;C:\Windows\SySWOW64\DRIVERS\szkg64.sys [2011-09-26 17:21:26 74768]
S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;C:\Windows\system32\DRIVERS\tmlwf.sys [x]
S2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
S2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-06-09 14:11:14 155648]
S2 FileOpenManagerSvc;FileOpenManagerSvc;C:\ProgramData\FileOpen\Services\FileOpenManagerSvc64.exe [2011-03-09 23:02:56 331648]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 02:16:06 13336]
S2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\PSIA.exe [2011-10-14 06:01:50 994360]
S2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-10-14 06:01:48 399416]
S2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 23:53:08 689472]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-04-03 21:59:00 240232]
S2 TmFilter;Trend Micro Filter;C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys [2010-09-15 16:29:08 265744]
S2 TmPreFilter;Trend Micro PreFilter;C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys [2010-09-15 16:29:04 42000]
S2 tmwfp;Trend Micro WFP Callout Driver;C:\Windows\system32\DRIVERS\tmwfp.sys [x]
S3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys [x]
S3 TmPfw;Trend Micro Client/Server Security Agent Personal Firewall;C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPfw.exe [2010-09-15 16:29:04 590792]
S3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe [2010-09-15 16:29:06 899848]


--- Other Services/Drivers In Memory ---

*Deregistered* - FileOpenWebPublisherScreenHookDriver

Contents of the 'Scheduled Tasks' folder

2011-12-29 C:\Windows\Tasks\FreeFileViewerUpdateChecker.job
- C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2011-08-03 15:59:38 . 2011-03-11 20:24:32]

2011-12-29 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-12 19:22:24 . 2011-04-12 19:22:22]

2011-12-29 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-12 19:22:24 . 2011-04-12 19:22:22]

2011-12-28 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1516791187-229488438-1842657414-1670Core.job
- C:\Users\james.TONTIPROPERTIES\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-27 16:33:26 . 2011-12-27 16:33:25]

2011-12-29 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1516791187-229488438-1842657414-1670UA.job
- C:\Users\james.TONTIPROPERTIES\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-27 16:33:26 . 2011-12-27 16:33:25]


--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeScanNT Monitor"="-HideWindow" [X]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-21 02:10:36 8306208]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2009-07-12 19:25:56 165912]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2009-07-12 19:25:44 387608]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2009-07-12 19:25:52 365592]
"Trend Micro Client Framework"="C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2010-10-27 12:55:44 194080]

------- Supplementary Scan -------

uLocal Page = C:\Windows\system32\blank.htm
mLocal Page = C:\Windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.12
FF - ProfilePath - C:\Users\james.TONTIPROPERTIES\AppData\Roaming\Mozilla\Firefox\Profiles\yjr5h8ip.default\
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3070524&SearchSource=2&q=

- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users