Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I use Bing search and search links redirected to http://dailyprize-winners.com


  • This topic is locked This topic is locked
9 replies to this topic

#1 jan0278

jan0278

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 22 March 2012 - 05:51 PM

DDS.txt Log is below and Attach.txt is attached with this topic.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Jigi at 18:43:11 on 2012-03-22
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4030.1313 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\vcsFPService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\DigitalPersona\Bin\DpHostW.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k ftpsvc
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Windows\system32\inetsrv\inetinfo.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\DigitalPersona\Bin\DPAgent.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\hpdocstart.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\VMware\VMware Player\hqtray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe
C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Browny02\BrYNSvc.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\ProgramData\FLEXnet\Connect\11\agent.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10y_ActiveX.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Kiyara\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kiyara\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kiyara\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kiyara\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kiyara\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kiyara\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Kiyara\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kiyara\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kiyara\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uWindow Title = Internet Explorer, optimized for Bing and MSN
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: PlusIEEventHelper Class: {551a852f-39a6-44a7-9c13-afbec9185a9d} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO: Microsoft Web Test Recorder 10.0 Helper: {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} - C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
EB: Web Test Recorder 10.0: {3142c289-f319-47f5-a594-a827028714c9} - mscoree.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10y_ActiveX.exe -update activex
mRun: [HP Envy Guides AutoPlay] C:\Program Files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\hpdocstart.exe
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [VMware hqtray] "C:\Program Files (x86)\VMware\VMware Player\hqtray.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [IndexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"
mRun: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"
mRun: [PPort12reminder] "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"
mRun: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe
mRun: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe
mRun: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
mRun: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: HideFastUserSwitching = 1 (0x1)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe"
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxp://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxps://picasaweb.google.com/s/v/73.27/uploader2.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CC679CB8-DC4B-458B-B817-D447B3B6AC31} - hxxps://asa1.njit.edu/CACHE/stc/1/binaries/vpnweb.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T27L10NSP28-11263/webex/ieatgpc1.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{C685745C-D723-4338-B8A4-8FFDF1A7EE50} : DhcpNameServer = 10.0.0.1
TCP: Interfaces\{C685745C-D723-4338-B8A4-8FFDF1A7EE50}\2375942554539393 : DhcpNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
LSA: Notification Packages = DPPassFilter scecli
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO-X64: Microsoft Web Test Recorder 10.0 Helper: {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} - C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
EB-X64: {3142c289-f319-47f5-a594-a827028714c9} - No File
mRun-x64: [HP Envy Guides AutoPlay] C:\Program Files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\hpdocstart.exe
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [VMware hqtray] "C:\Program Files (x86)\VMware\VMware Player\hqtray.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [IndexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"
mRun-x64: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"
mRun-x64: [PPort12reminder] "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"
mRun-x64: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe
mRun-x64: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe
mRun-x64: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
mRun-x64: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
IE-X64: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
Hosts: 74.208.10.249 gs.apple.com
.
============= SERVICES / DRIVERS ===============
.
R1 DVMIO;DeviceVM IO Service;C:\Windows\system32\DRIVERS\dvmio.sys --> C:\Windows\system32\DRIVERS\dvmio.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 pfmfs_463;pfmfs_463;C:\Windows\system32\Drivers\pfmfs_463.sys --> C:\Windows\system32\Drivers\pfmfs_463.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2010-11-16 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 DvmMDES;DeviceVM Meta Data Export Service;C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-2-8 338168]
R2 ftpsvc;Microsoft FTP Service;C:\Windows\system32\svchost.exe -k ftpsvc [2009-7-13 20992]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2009-12-16 102968]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-5-21 103992]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 HPWMISVC;HPWMISVC;C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-1-18 20480]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-3-9 144672]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-1-27 2253688]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-5-18 2533400]
R2 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2010-1-6 1791280]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-9-21 539184]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2012-2-13 245760]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 teamviewervpn;TeamViewer VPN Adapter;C:\Windows\system32\DRIVERS\teamviewervpn.sys --> C:\Windows\system32\DRIVERS\teamviewervpn.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2011-8-5 91984]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2011-8-4 111440]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-25 136176]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-1-31 158856]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-25 136176]
S3 hpdoccardsvc;HP Documention Flash Card Detection Service;C:\Program Files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\doccardsvc.exe [2010-3-24 83240]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 MsDepSvc;Web Deployment Agent Service;C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-1-7 63304]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 rcmirror;rcmirror;C:\Windows\system32\DRIVERS\rcmirror.sys --> C:\Windows\system32\DRIVERS\rcmirror.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 VSPerfDrv110;Performance Tools Driver 11.0;C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [2011-7-19 67920]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WMSVC;Web Management Service;C:\Windows\system32\inetsrv\wmsvc.exe --> C:\Windows\system32\inetsrv\wmsvc.exe [?]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2011-8-5 306400]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S4 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
S4 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-1-15 127984]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys --> C:\Windows\system32\DRIVERS\RsFx0103.sys [?]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-9-17 430424]
S4 TeamViewer5;TeamViewer 5;C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-10-16 2002728]
S4 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2011-8-3 645048]
S4 WebFarmService;Web Farm Controller Service;C:\Program Files\IIS\Microsoft Web Farm Framework\WebFarmService.exe [2011-1-20 15640]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-03-22 00:18:16 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0DA47815-DC2E-4CAE-8F75-53167E2406BE}\offreg.dll
2012-03-22 00:03:59 8669240 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0DA47815-DC2E-4CAE-8F75-53167E2406BE}\mpengine.dll
2012-03-17 22:15:42 -------- d-----w- C:\Users\Jigi\AppData\Roaming\Malwarebytes
2012-03-14 08:58:46 -------- d-----w- C:\Users\Jigi\AppData\Roaming\Catalina Marketing Corp
2012-03-14 08:58:36 485576 ----a-w- C:\Users\Jigi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp\UninstallCouponActivator.exe
2012-03-14 07:10:55 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-14 07:10:55 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-14 07:10:54 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-14 06:27:57 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-14 06:27:50 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-14 06:27:50 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-13 21:14:24 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-13 21:14:23 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-13 21:14:23 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-13 21:14:23 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-13 21:14:21 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-13 21:14:21 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-13 21:14:21 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-02-23 04:20:46 327432 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VSA\9.0\VsaEnv\vsaenv.exe
.
==================== Find3M ====================
.
2012-01-31 12:44:20 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2011-12-30 06:26:08 515584 ----a-w- C:\Windows\System32\timedate.cpl
2011-12-30 05:27:56 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2011-12-28 03:59:24 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2011-12-24 05:39:53 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
.
============= FINISH: 18:44:35.02 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:52 PM

Posted 23 March 2012 - 12:34 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

1.Do not run any other tool untill instructed to do so!
doing so will only at best cause you unneeded worry as it finds our backups and may even list our tools
and at worst can cause conficts with our tools and lead to unforseen things to happen2.Please Do not Attach logs or put in code boxes.
besides the time it takes me to open the reports it makes it harder to find something if I need to go back to do more research and putting them in code boxes just makes them so hard to read3. After each step give me a little feedback
It does not need to be long but just something so I know how things are going it can be something like
I am still getting redirected
The computer is running as it should
Don't put things like - it is the same as before or still the same this just makes me go back and look for you last feedback as to how things are4. read every post completely before doing anything
Pay special attention to the Notes** I have put in
These are things I have found that happen allot and can be taken care of easily just by reading the Notes**

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


Backup any files that cannot be replaced

If you have not done it yet spend a few minutes to backup any files that cannot be replaced. Removing malware can be unpredictable and this may save you and me allot of grief later.

You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

you may want to backup the whole harddrive there is some good info in the Preparation Guide on how to make full backups and how to restore it back if something goes wrong. Read the tutorial and print it out so you will know what to do in case the unforeseen happens.

When you have the files backed up you may do the following.


Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 jan0278

jan0278
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 23 March 2012 - 08:40 AM

I just finished running Combofix successfully (2nd try). During 1st try it ran fine and restarted the PC (Win 7 64bit) and on login the combofix app kept flickering and dancing on the screen for 5 mins. Had to forcefully kill it.

Below is the log.

About how my computer is doing, I tried 2-3 quick searches with IE9 using Bing and havent been redirected yet. It didnt use to happen for all results, but if it happens I will repost.

At this time would you recommend running any other spyware removal tools? Do you see some evidence in the logs that the spyware is present or has been flushed out?

Thanks for your help, Gringo.

------------------------------------------------------------------------------------------------------------

ComboFix 12-03-22.01 - Jigi 03/23/2012 5:46.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4030.2094 [GMT -4:00]
Running from: c:\users\Kiyara\Downloads\Softwares\Anti-Malware - BleepingComputer\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\users\Kiyara\AppData\Local\assembly\tmp
c:\windows\SysWow64\d2d1debug.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-02-23 to 2012-03-23 )))))))))))))))))))))))))))))))
.
.
2012-03-23 09:56 . 2012-03-23 09:56 -------- d-----w- c:\users\Mcx1-KIYARA-PC\AppData\Local\temp
2012-03-23 09:56 . 2012-03-23 09:56 -------- d-----w- c:\users\Jigi\AppData\Local\temp
2012-03-23 09:56 . 2012-03-23 09:56 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2012-03-23 09:56 . 2012-03-23 09:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-23 09:56 . 2012-03-23 09:56 -------- d-----w- c:\users\Classic .NET AppPool\AppData\Local\temp
2012-03-23 09:56 . 2012-03-23 09:56 -------- d-----w- c:\users\ASP.NET v4.0\AppData\Local\temp
2012-03-23 09:19 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8BF8A243-4A34-4F77-94BE-A29512CDB34C}\mpengine.dll
2012-03-17 22:15 . 2012-03-17 22:15 -------- d-----w- c:\users\Jigi\AppData\Roaming\Malwarebytes
2012-03-14 08:58 . 2012-03-14 08:58 -------- d-----w- c:\users\Jigi\AppData\Roaming\Catalina Marketing Corp
2012-03-14 08:58 . 2012-03-14 08:57 485576 ----a-w- c:\users\Jigi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp\UninstallCouponActivator.exe
2012-03-14 07:10 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 07:10 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 07:10 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 06:27 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 06:27 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 06:27 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-13 21:14 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-13 21:14 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-13 21:14 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 21:14 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-13 21:14 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-13 21:14 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-13 21:14 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-12 21:28 . 2012-03-12 21:28 -------- d-----w- c:\users\Kiyara\AppData\Local\DRMUserPlay
2012-02-23 04:20 . 2012-02-23 04:20 327432 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VSA\9.0\VsaEnv\vsaenv.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-14 07:06 . 2010-11-08 14:04 2398592 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-03-14 03:27 . 2010-10-12 12:44 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-10 23:18 . 2012-02-10 23:18 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DD80A287-3142-451F-BA91-3EA7FD6770E9}\gapaengine.dll
2012-02-06 00:01 . 2012-02-06 00:01 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\81A9.tmp
2012-02-06 00:01 . 2012-02-06 00:01 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\8189.tmp
2012-02-04 02:00 . 2012-02-04 02:00 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\7A46.tmp
2012-02-04 02:00 . 2012-02-04 02:00 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\79F7.tmp
2012-01-31 12:44 . 2010-10-11 05:30 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-25 11:46 . 2010-11-12 07:00 111968 ----a-w- c:\programdata\Microsoft\VPDExpress\10.0\1033\ResourceCache.dll
2012-01-23 01:55 . 2012-01-23 01:44 2332960 ----a-w- c:\programdata\Microsoft\VisualStudio\11.0\1033\ResourceCache.dll
2012-01-19 07:18 . 2011-12-02 01:52 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-01-19 07:18 . 2011-12-02 01:52 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-01-19 07:18 . 2011-12-02 01:51 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-01-19 07:18 . 2011-12-04 19:58 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-01-04 10:44 . 2012-02-16 23:30 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-16 23:30 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2011-12-30 06:26 . 2012-02-16 23:30 515584 ----a-w- c:\windows\system32\timedate.cpl
2011-12-30 05:27 . 2012-02-16 23:30 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2011-12-28 03:59 . 2012-02-16 23:29 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2011-12-26 15:36 . 2011-12-22 03:06 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{876d9f09-c6d6-4324-a2cc-04dd9a4de12f}]
2011-08-25 04:24 65968 ----a-w- c:\program files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\{4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B}]
@="{4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B}"
[HKEY_CLASSES_ROOT\CLSID\{4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B}]
2010-07-07 17:57 153064 ----a-w- c:\windows\SysWOW64\pfmshx_463.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Envy Guides AutoPlay"="c:\program files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\hpdocstart.exe" [2010-03-24 76584]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"VMware hqtray"="c:\program files (x86)\VMware\VMware Player\hqtray.exe" [2010-09-21 64048]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-10 343168]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"IndexSearch"="c:\program files (x86)\Nuance\PaperPort\IndexSearch.exe" [2010-03-09 46368]
"PaperPort PTD"="c:\program files (x86)\Nuance\PaperPort\pptd40nt.exe" [2010-03-09 29984]
"PPort12reminder"="c:\program files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 328992]
"PDFHook"="c:\program files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-06 636192]
"PDF5 Registry Controller"="c:\program files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-06 62752]
"ControlCenter4"="c:\program files (x86)\ControlCenter4\BrCcBoot.exe" [2011-04-20 139264]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2011-08-05 91984]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2011-08-05 111440]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-25 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-01-31 158856]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-25 136176]
R3 hpdoccardsvc;HP Documention Flash Card Detection Service;c:\program files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\doccardsvc.exe [2010-03-24 83240]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-01-07 63304]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 rcmirror;rcmirror;c:\windows\system32\DRIVERS\rcmirror.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VSPerfDrv110;Performance Tools Driver 11.0;c:\program files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [2011-07-19 67920]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WMSVC;Web Management Service;c:\windows\system32\inetsrv\wmsvc.exe [x]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R4 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-01-16 127984]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-09-17 430424]
R4 TeamViewer5;TeamViewer 5;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-10-06 2002728]
R4 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2011-08-03 645048]
R4 WebFarmService;Web Farm Controller Service;c:\program files\IIS\Microsoft Web Farm Framework\WebFarmService.exe [2011-01-20 15640]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys [x]
S1 pfmfs_463;pfmfs_463;c:\windows\system32\Drivers\pfmfs_463.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2010-11-16 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\swsetup\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-02-08 338168]
S2 ftpsvc;Microsoft FTP Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2009-12-16 102968]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-05-21 103992]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-01-18 20480]
S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-03-09 144672]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-01-27 2253688]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-05-01 2533400]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-01-06 2184496]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-09-21 539184]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1854887902-762081700-1416779793-1001Core.job
- c:\users\Kiyara\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-08 05:14]
.
2012-03-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1854887902-762081700-1416779793-1001UA.job
- c:\users\Kiyara\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-08 05:14]
.
2012-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-25 05:29]
.
2012-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-25 05:29]
.
2012-03-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1854887902-762081700-1416779793-1001Core.job
- c:\users\Kiyara\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-20 22:51]
.
2012-03-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1854887902-762081700-1416779793-1001UA.job
- c:\users\Kiyara\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-20 22:51]
.
2012-03-13 c:\windows\Tasks\HPCeeScheduleForKIYARA-PC$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\{4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B}]
@="{4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B}"
[HKEY_CLASSES_ROOT\CLSID\{4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B}]
2010-07-07 17:57 173544 ----a-w- c:\windows\System32\pfmshx_463.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPToneControl"="c:\program files\Hewlett-Packard\HPToneControl\HPTonectl.exe" [2009-08-19 107832]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2009-12-16 8192]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-11-16 487424]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
LSP: c:\program files (x86)\VMware\VMware Player\vsocklib.dll
TCP: DhcpNameServer = 10.0.0.1
DPF: {CC679CB8-DC4B-458B-B817-D447B3B6AC31} - hxxps://asa1.njit.edu/CACHE/stc/1/binaries/vpnweb.cab
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files (x86)\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MsDepSvc]
"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10y_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10y_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10y.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10y.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10y.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10y.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-03-23 06:00:18
ComboFix-quarantined-files.txt 2012-03-23 10:00
.
Pre-Run: 243,549,913,088 bytes free
Post-Run: 243,149,934,592 bytes free
.
- - End Of File - - F110579F47645C3213BA806CCD68B8F6

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:52 PM

Posted 23 March 2012 - 10:31 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 jan0278

jan0278
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 25 March 2012 - 10:02 PM

Gringo,

Thanks for your help. Here are the logs for TDSSKiller and aswMBR.

TDSSKiller Logs

20:21:40.0434 10216 TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00
20:21:40.0746 10216 ============================================================
20:21:40.0746 10216 Current date / time: 2012/03/25 20:21:40.0746
20:21:40.0746 10216 SystemInfo:
20:21:40.0746 10216
20:21:40.0746 10216 OS Version: 6.1.7601 ServicePack: 1.0
20:21:40.0746 10216 Product type: Workstation
20:21:40.0746 10216 ComputerName: KIYARA-PC
20:21:40.0746 10216 UserName: Jigi
20:21:40.0746 10216 Windows directory: C:\Windows
20:21:40.0746 10216 System windows directory: C:\Windows
20:21:40.0746 10216 Running under WOW64
20:21:40.0746 10216 Processor architecture: Intel x64
20:21:40.0746 10216 Number of processors: 8
20:21:40.0746 10216 Page size: 0x1000
20:21:40.0746 10216 Boot type: Normal boot
20:21:40.0746 10216 ============================================================
20:21:41.0136 10216 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:21:47.0494 10216 Drive \Device\Harddisk1\DR2 - Size: 0x15D50D00000 (1397.26 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:21:47.0510 10216 \Device\Harddisk0\DR0:
20:21:47.0510 10216 MBR used
20:21:47.0510 10216 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
20:21:47.0510 10216 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x37869000
20:21:47.0510 10216 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x378CD000, BlocksNum 0x2A85000
20:21:47.0510 10216 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
20:21:47.0510 10216 \Device\Harddisk1\DR2:
20:21:47.0510 10216 MBR used
20:21:47.0510 10216 \Device\Harddisk1\DR2\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAEA86000
20:21:47.0603 10216 Initialize success
20:21:47.0603 10216 ============================================================
20:21:53.0961 9108 ============================================================
20:21:53.0961 9108 Scan started
20:21:53.0961 9108 Mode: Manual;
20:21:53.0961 9108 ============================================================
20:21:54.0819 9108 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
20:21:54.0835 9108 1394ohci - ok
20:21:54.0882 9108 Accelerometer (5c368f4b04ed2a923e6afca2d37baff5) C:\Windows\system32\DRIVERS\Accelerometer.sys
20:21:54.0897 9108 Accelerometer - ok
20:21:54.0913 9108 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
20:21:54.0913 9108 ACPI - ok
20:21:54.0929 9108 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
20:21:54.0944 9108 AcpiPmi - ok
20:21:55.0022 9108 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:21:55.0022 9108 AdobeARMservice - ok
20:21:55.0131 9108 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
20:21:55.0131 9108 adp94xx - ok
20:21:55.0163 9108 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
20:21:55.0163 9108 adpahci - ok
20:21:55.0194 9108 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
20:21:55.0194 9108 adpu320 - ok
20:21:55.0272 9108 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
20:21:55.0272 9108 AeLookupSvc - ok
20:21:55.0350 9108 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
20:21:55.0350 9108 AESTFilters - ok
20:21:55.0397 9108 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
20:21:55.0412 9108 AFD - ok
20:21:55.0521 9108 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
20:21:55.0521 9108 agp440 - ok
20:21:55.0568 9108 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
20:21:55.0568 9108 ALG - ok
20:21:55.0599 9108 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
20:21:55.0599 9108 aliide - ok
20:21:55.0662 9108 AMD External Events Utility (5ec60409bd50953bd4f892b18840039e) C:\Windows\system32\atiesrxx.exe
20:21:55.0662 9108 AMD External Events Utility - ok
20:21:55.0771 9108 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
20:21:55.0771 9108 amdide - ok
20:21:55.0787 9108 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
20:21:55.0787 9108 AmdK8 - ok
20:21:56.0036 9108 amdkmdag (322e5c178990f116f00e3d923f4e6b1c) C:\Windows\system32\DRIVERS\atikmdag.sys
20:21:56.0192 9108 amdkmdag - ok
20:21:56.0301 9108 amdkmdap (961a81a84fdd700e361e8294528a37ba) C:\Windows\system32\DRIVERS\atikmpag.sys
20:21:56.0301 9108 amdkmdap - ok
20:21:56.0348 9108 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
20:21:56.0348 9108 AmdPPM - ok
20:21:56.0395 9108 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
20:21:56.0395 9108 amdsata - ok
20:21:56.0426 9108 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
20:21:56.0426 9108 amdsbs - ok
20:21:56.0442 9108 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
20:21:56.0442 9108 amdxata - ok
20:21:56.0613 9108 AppHostSvc (59d01fa91962c9c1e9b4022b2d3b46db) C:\Windows\system32\inetsrv\apphostsvc.dll
20:21:56.0613 9108 AppHostSvc - ok
20:21:56.0676 9108 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
20:21:56.0676 9108 AppID - ok
20:21:56.0723 9108 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
20:21:56.0723 9108 AppIDSvc - ok
20:21:56.0801 9108 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
20:21:56.0816 9108 Appinfo - ok
20:21:56.0910 9108 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:21:56.0910 9108 Apple Mobile Device - ok
20:21:57.0019 9108 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
20:21:57.0019 9108 arc - ok
20:21:57.0050 9108 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
20:21:57.0050 9108 arcsas - ok
20:21:57.0144 9108 aspnet_state (fdb98c34bb26c59d5e550a734168e4c5) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:21:57.0159 9108 aspnet_state - ok
20:21:57.0191 9108 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:21:57.0191 9108 AsyncMac - ok
20:21:57.0300 9108 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
20:21:57.0300 9108 atapi - ok
20:21:57.0347 9108 AtiHDAudioService (d048e78b8b6416a0a5a18843867c9973) C:\Windows\system32\drivers\AtihdW76.sys
20:21:57.0347 9108 AtiHDAudioService - ok
20:21:57.0378 9108 AtiHdmiService (fb7602c5c508be281368aae0b61b51c6) C:\Windows\system32\drivers\AtiHdmi.sys
20:21:57.0393 9108 AtiHdmiService - ok
20:21:57.0440 9108 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:21:57.0456 9108 AudioEndpointBuilder - ok
20:21:57.0471 9108 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:21:57.0487 9108 AudioSrv - ok
20:21:57.0581 9108 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
20:21:57.0581 9108 AxInstSV - ok
20:21:57.0690 9108 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
20:21:57.0705 9108 b06bdrv - ok
20:21:57.0752 9108 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:21:57.0752 9108 b57nd60a - ok
20:21:57.0830 9108 BBSvc (825f81a6f7dd073509db101f0ba6dc59) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
20:21:57.0846 9108 BBSvc - ok
20:21:57.0893 9108 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
20:21:57.0893 9108 BDESVC - ok
20:21:57.0939 9108 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:21:57.0939 9108 Beep - ok
20:21:58.0064 9108 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
20:21:58.0080 9108 BFE - ok
20:21:58.0173 9108 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
20:21:58.0189 9108 BITS - ok
20:21:58.0267 9108 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:21:58.0283 9108 blbdrive - ok
20:21:58.0376 9108 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
20:21:58.0376 9108 Bonjour Service - ok
20:21:58.0485 9108 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
20:21:58.0485 9108 bowser - ok
20:21:58.0517 9108 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:21:58.0532 9108 BrFiltLo - ok
20:21:58.0548 9108 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:21:58.0548 9108 BrFiltUp - ok
20:21:58.0626 9108 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
20:21:58.0626 9108 BridgeMP - ok
20:21:58.0719 9108 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
20:21:58.0719 9108 Browser - ok
20:21:58.0813 9108 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:21:58.0813 9108 Brserid - ok
20:21:58.0844 9108 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:21:58.0844 9108 BrSerWdm - ok
20:21:58.0860 9108 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:21:58.0860 9108 BrUsbMdm - ok
20:21:58.0875 9108 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:21:58.0875 9108 BrUsbSer - ok
20:21:58.0969 9108 BrYNSvc (ea7e57f87d6fee5fd6c5f813c04e8cd2) C:\Program Files (x86)\Browny02\BrYNSvc.exe
20:21:59.0094 9108 BrYNSvc - ok
20:21:59.0172 9108 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
20:21:59.0172 9108 BTHMODEM - ok
20:21:59.0219 9108 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
20:21:59.0219 9108 bthserv - ok
20:21:59.0234 9108 catchme - ok
20:21:59.0265 9108 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:21:59.0265 9108 cdfs - ok
20:21:59.0375 9108 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
20:21:59.0375 9108 cdrom - ok
20:21:59.0437 9108 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:21:59.0437 9108 CertPropSvc - ok
20:21:59.0499 9108 CinemaNow Service (7b0203a0503b18197c97f5cf598ad5b6) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
20:21:59.0515 9108 CinemaNow Service - ok
20:21:59.0609 9108 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
20:21:59.0609 9108 circlass - ok
20:21:59.0655 9108 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:21:59.0671 9108 CLFS - ok
20:21:59.0718 9108 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:21:59.0733 9108 clr_optimization_v2.0.50727_32 - ok
20:21:59.0796 9108 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:21:59.0796 9108 clr_optimization_v2.0.50727_64 - ok
20:21:59.0874 9108 clr_optimization_v4.0.30319_32 (637245588a4bfde03aa621dcc5aefd4a) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:21:59.0967 9108 clr_optimization_v4.0.30319_32 - ok
20:22:00.0092 9108 clr_optimization_v4.0.30319_64 (6c85bd0f605014ca2277da5518f35dba) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:22:00.0108 9108 clr_optimization_v4.0.30319_64 - ok
20:22:00.0201 9108 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
20:22:00.0201 9108 CmBatt - ok
20:22:00.0248 9108 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
20:22:00.0248 9108 cmdide - ok
20:22:00.0342 9108 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
20:22:00.0357 9108 CNG - ok
20:22:00.0404 9108 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
20:22:00.0404 9108 Compbatt - ok
20:22:00.0467 9108 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
20:22:00.0467 9108 CompositeBus - ok
20:22:00.0482 9108 COMSysApp - ok
20:22:00.0513 9108 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
20:22:00.0513 9108 crcdisk - ok
20:22:00.0623 9108 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
20:22:00.0623 9108 CryptSvc - ok
20:22:00.0701 9108 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:22:00.0701 9108 DcomLaunch - ok
20:22:00.0747 9108 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
20:22:00.0747 9108 defragsvc - ok
20:22:00.0841 9108 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
20:22:00.0841 9108 DfsC - ok
20:22:00.0919 9108 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
20:22:00.0935 9108 Dhcp - ok
20:22:00.0966 9108 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:22:00.0966 9108 discache - ok
20:22:01.0013 9108 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
20:22:01.0013 9108 Disk - ok
20:22:01.0075 9108 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
20:22:01.0075 9108 Dnscache - ok
20:22:01.0137 9108 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
20:22:01.0137 9108 dot3svc - ok
20:22:01.0200 9108 DpHost (eac9d9868d37c8785d12475a9bb65a11) C:\Program Files\DigitalPersona\Bin\DpHostW.exe
20:22:01.0262 9108 DpHost - ok
20:22:01.0325 9108 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
20:22:01.0325 9108 DPS - ok
20:22:01.0403 9108 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:22:01.0403 9108 drmkaud - ok
20:22:01.0449 9108 DVMIO (a298aea9fca253e7eff040a08c7c6376) C:\Windows\system32\DRIVERS\dvmio.sys
20:22:01.0449 9108 DVMIO - ok
20:22:01.0512 9108 DvmMDES (291a3dee24999ee4618ed0c7a9a8db7a) C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe
20:22:01.0590 9108 DvmMDES - ok
20:22:01.0683 9108 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
20:22:01.0683 9108 DXGKrnl - ok
20:22:01.0746 9108 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
20:22:01.0746 9108 EapHost - ok
20:22:01.0886 9108 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
20:22:01.0933 9108 ebdrv - ok
20:22:02.0011 9108 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
20:22:02.0011 9108 EFS - ok
20:22:02.0105 9108 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
20:22:02.0120 9108 ehRecvr - ok
20:22:02.0151 9108 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
20:22:02.0151 9108 ehSched - ok
20:22:02.0245 9108 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
20:22:02.0261 9108 elxstor - ok
20:22:02.0307 9108 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
20:22:02.0307 9108 ErrDev - ok
20:22:02.0370 9108 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
20:22:02.0370 9108 EventSystem - ok
20:22:02.0448 9108 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:22:02.0448 9108 exfat - ok
20:22:02.0495 9108 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:22:02.0510 9108 fastfat - ok
20:22:02.0588 9108 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
20:22:02.0604 9108 Fax - ok
20:22:02.0775 9108 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
20:22:02.0775 9108 fdc - ok
20:22:02.0822 9108 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
20:22:02.0822 9108 fdPHost - ok
20:22:02.0853 9108 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
20:22:02.0853 9108 FDResPub - ok
20:22:02.0885 9108 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:22:02.0885 9108 FileInfo - ok
20:22:02.0900 9108 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:22:02.0900 9108 Filetrace - ok
20:22:02.0916 9108 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
20:22:02.0916 9108 flpydisk - ok
20:22:02.0963 9108 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
20:22:02.0978 9108 FltMgr - ok
20:22:03.0072 9108 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
20:22:03.0072 9108 FontCache - ok
20:22:03.0165 9108 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:22:03.0165 9108 FontCache3.0.0.0 - ok
20:22:03.0212 9108 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:22:03.0212 9108 FsDepends - ok
20:22:03.0275 9108 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
20:22:03.0290 9108 fssfltr - ok
20:22:03.0399 9108 fsssvc (40cdfad174b3d5e80f95dda003c0b97f) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
20:22:03.0415 9108 fsssvc - ok
20:22:03.0509 9108 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
20:22:03.0524 9108 Fs_Rec - ok
20:22:03.0602 9108 ftpsvc (79179c6f8a3784cc3a20cde998d5bd2c) C:\Windows\system32\inetsrv\ftpsvc.dll
20:22:03.0618 9108 ftpsvc - ok
20:22:03.0696 9108 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:22:03.0696 9108 fvevol - ok
20:22:03.0774 9108 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:22:03.0774 9108 gagp30kx - ok
20:22:03.0852 9108 GameConsoleService (e53ee18a21c025deabcfe0f72fc481bb) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
20:22:03.0852 9108 GameConsoleService - ok
20:22:03.0899 9108 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:22:03.0899 9108 GEARAspiWDM - ok
20:22:04.0008 9108 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
20:22:04.0023 9108 gpsvc - ok
20:22:04.0164 9108 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:22:04.0179 9108 gupdate - ok
20:22:04.0195 9108 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:22:04.0195 9108 gupdatem - ok
20:22:04.0289 9108 hcmon (94d46ded293c216822fb39df2ec6add4) C:\Windows\system32\drivers\hcmon.sys
20:22:04.0289 9108 hcmon - ok
20:22:04.0304 9108 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:22:04.0304 9108 hcw85cir - ok
20:22:04.0367 9108 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
20:22:04.0367 9108 HdAudAddService - ok
20:22:04.0398 9108 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
20:22:04.0413 9108 HDAudBus - ok
20:22:04.0491 9108 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
20:22:04.0491 9108 HECIx64 - ok
20:22:04.0523 9108 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
20:22:04.0538 9108 HidBatt - ok
20:22:04.0538 9108 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
20:22:04.0554 9108 HidBth - ok
20:22:04.0569 9108 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
20:22:04.0569 9108 HidIr - ok
20:22:04.0616 9108 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
20:22:04.0616 9108 hidserv - ok
20:22:04.0741 9108 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
20:22:04.0741 9108 HidUsb - ok
20:22:04.0788 9108 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
20:22:04.0788 9108 hkmsvc - ok
20:22:04.0819 9108 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
20:22:04.0835 9108 HomeGroupListener - ok
20:22:04.0866 9108 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
20:22:04.0881 9108 HomeGroupProvider - ok
20:22:05.0022 9108 HP Support Assistant Service (170233b8d743efe35f462a5d516b93e3) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
20:22:05.0022 9108 HP Support Assistant Service - ok
20:22:05.0069 9108 HP Wireless Assistant Service (a2de0a67c77ebc6dfad3d55232790add) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
20:22:05.0069 9108 HP Wireless Assistant Service - ok
20:22:05.0100 9108 hpdoccardsvc (cecf7cb10e778f921cf41858c653ea15) C:\Program Files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\doccardsvc.exe
20:22:05.0115 9108 hpdoccardsvc - ok
20:22:05.0178 9108 HPDrvMntSvc.exe (c958976c7daaf47084a33ebbc6e28b84) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
20:22:05.0178 9108 HPDrvMntSvc.exe - ok
20:22:05.0287 9108 hpdskflt (4e0bec0f78096ffd6d3314b497fc49d3) C:\Windows\system32\DRIVERS\hpdskflt.sys
20:22:05.0287 9108 hpdskflt - ok
20:22:05.0396 9108 hpqwmiex (09fbd4c4db2fd84b9ab1c5bfdcc95559) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
20:22:05.0412 9108 hpqwmiex - ok
20:22:05.0521 9108 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
20:22:05.0521 9108 HpSAMD - ok
20:22:05.0552 9108 hpsrv (fc7c13b5a9e9be23b7ae72bbc7fdb278) C:\Windows\system32\Hpservice.exe
20:22:05.0552 9108 hpsrv - ok
20:22:05.0615 9108 HPWMISVC (b6492d01712a22ff3fea25a999dbd321) C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
20:22:05.0630 9108 HPWMISVC - ok
20:22:05.0693 9108 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
20:22:05.0708 9108 HTTP - ok
20:22:05.0786 9108 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
20:22:05.0786 9108 hwpolicy - ok
20:22:05.0864 9108 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
20:22:05.0864 9108 i8042prt - ok
20:22:05.0911 9108 iaStor (1384872112e8e7fd5786eceb8bddf4c9) C:\Windows\system32\DRIVERS\iaStor.sys
20:22:05.0911 9108 iaStor - ok
20:22:06.0020 9108 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
20:22:06.0036 9108 iaStorV - ok
20:22:06.0145 9108 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:22:06.0161 9108 idsvc - ok
20:22:06.0363 9108 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
20:22:06.0410 9108 igfx - ok
20:22:06.0504 9108 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
20:22:06.0504 9108 iirsp - ok
20:22:06.0566 9108 IISADMIN (ab55b8a9b13130f638546881ce4425f8) C:\Windows\system32\inetsrv\inetinfo.exe
20:22:06.0566 9108 IISADMIN - ok
20:22:06.0629 9108 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
20:22:06.0644 9108 IKEEXT - ok
20:22:06.0753 9108 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
20:22:06.0753 9108 intelide - ok
20:22:06.0785 9108 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:22:06.0785 9108 intelppm - ok
20:22:06.0831 9108 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
20:22:06.0831 9108 IPBusEnum - ok
20:22:06.0941 9108 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:22:06.0941 9108 IpFilterDriver - ok
20:22:07.0019 9108 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
20:22:07.0019 9108 iphlpsvc - ok
20:22:07.0065 9108 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
20:22:07.0065 9108 IPMIDRV - ok
20:22:07.0159 9108 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:22:07.0159 9108 IPNAT - ok
20:22:07.0268 9108 iPod Service (ee4c2a137c7088911a8919effc9812e7) C:\Program Files\iPod\bin\iPodService.exe
20:22:07.0284 9108 iPod Service - ok
20:22:07.0362 9108 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:22:07.0377 9108 IRENUM - ok
20:22:07.0409 9108 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
20:22:07.0409 9108 isapnp - ok
20:22:07.0440 9108 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
20:22:07.0440 9108 iScsiPrt - ok
20:22:07.0471 9108 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
20:22:07.0471 9108 kbdclass - ok
20:22:07.0502 9108 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
20:22:07.0502 9108 kbdhid - ok
20:22:07.0533 9108 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:22:07.0533 9108 KeyIso - ok
20:22:07.0643 9108 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
20:22:07.0643 9108 KSecDD - ok
20:22:07.0689 9108 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
20:22:07.0689 9108 KSecPkg - ok
20:22:07.0721 9108 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:22:07.0721 9108 ksthunk - ok
20:22:07.0783 9108 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
20:22:07.0783 9108 KtmRm - ok
20:22:07.0892 9108 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
20:22:07.0892 9108 LanmanServer - ok
20:22:07.0939 9108 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
20:22:07.0939 9108 LanmanWorkstation - ok
20:22:08.0017 9108 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:22:08.0017 9108 lltdio - ok
20:22:08.0079 9108 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
20:22:08.0095 9108 lltdsvc - ok
20:22:08.0142 9108 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
20:22:08.0142 9108 lmhosts - ok
20:22:08.0220 9108 LMS (6d515466ab8bfe61184092b635ae6eb4) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
20:22:08.0235 9108 LMS - ok
20:22:08.0282 9108 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:22:08.0282 9108 LSI_FC - ok
20:22:08.0298 9108 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:22:08.0298 9108 LSI_SAS - ok
20:22:08.0298 9108 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:22:08.0313 9108 LSI_SAS2 - ok
20:22:08.0313 9108 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:22:08.0313 9108 LSI_SCSI - ok
20:22:08.0391 9108 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:22:08.0391 9108 luafv - ok
20:22:08.0438 9108 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
20:22:08.0438 9108 Mcx2Svc - ok
20:22:08.0532 9108 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
20:22:08.0547 9108 MDM - ok
20:22:08.0579 9108 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
20:22:08.0579 9108 megasas - ok
20:22:08.0641 9108 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
20:22:08.0641 9108 MegaSR - ok
20:22:08.0703 9108 Microsoft SharePoint Workspace Audit Service - ok
20:22:08.0735 9108 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:22:08.0735 9108 MMCSS - ok
20:22:08.0797 9108 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:22:08.0797 9108 Modem - ok
20:22:08.0844 9108 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:22:08.0844 9108 monitor - ok
20:22:08.0906 9108 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
20:22:08.0906 9108 mouclass - ok
20:22:08.0937 9108 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:22:08.0937 9108 mouhid - ok
20:22:09.0047 9108 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
20:22:09.0047 9108 mountmgr - ok
20:22:09.0125 9108 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
20:22:09.0125 9108 MpFilter - ok
20:22:09.0171 9108 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
20:22:09.0171 9108 mpio - ok
20:22:09.0203 9108 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
20:22:09.0203 9108 MpNWMon - ok
20:22:09.0265 9108 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:22:09.0265 9108 mpsdrv - ok
20:22:09.0359 9108 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
20:22:09.0374 9108 MpsSvc - ok
20:22:09.0452 9108 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
20:22:09.0452 9108 MRxDAV - ok
20:22:09.0499 9108 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:22:09.0499 9108 mrxsmb - ok
20:22:09.0546 9108 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:22:09.0561 9108 mrxsmb10 - ok
20:22:09.0608 9108 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:22:09.0608 9108 mrxsmb20 - ok
20:22:09.0686 9108 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
20:22:09.0686 9108 msahci - ok
20:22:09.0811 9108 MsDepSvc (a1d066fbee853912f8e1c3f0a62dd6b5) C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe
20:22:09.0811 9108 MsDepSvc - ok
20:22:09.0905 9108 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
20:22:09.0905 9108 msdsm - ok
20:22:09.0951 9108 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
20:22:09.0951 9108 MSDTC - ok
20:22:10.0029 9108 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:22:10.0029 9108 Msfs - ok
20:22:10.0061 9108 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:22:10.0061 9108 mshidkmdf - ok
20:22:10.0154 9108 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
20:22:10.0154 9108 msisadrv - ok
20:22:10.0201 9108 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
20:22:10.0217 9108 MSiSCSI - ok
20:22:10.0232 9108 msiserver - ok
20:22:10.0279 9108 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:22:10.0279 9108 MSKSSRV - ok
20:22:10.0388 9108 MsMpSvc (157e9e498206a3366baa7e4697bdd947) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
20:22:10.0388 9108 MsMpSvc - ok
20:22:10.0482 9108 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:22:10.0482 9108 MSPCLOCK - ok
20:22:10.0529 9108 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:22:10.0529 9108 MSPQM - ok
20:22:10.0591 9108 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
20:22:10.0591 9108 MsRPC - ok
20:22:10.0638 9108 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
20:22:10.0638 9108 mssmbios - ok
20:22:10.0763 9108 MSSQL$SQLEXPRESS - ok
20:22:10.0825 9108 MSSQLServerADHelper100 (7a2a8c975356858eb38466a6b1592e8d) c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
20:22:10.0841 9108 MSSQLServerADHelper100 - ok
20:22:10.0934 9108 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:22:10.0934 9108 MSTEE - ok
20:22:10.0981 9108 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
20:22:10.0981 9108 MTConfig - ok
20:22:11.0028 9108 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:22:11.0028 9108 Mup - ok
20:22:11.0106 9108 MySQL - ok
20:22:11.0153 9108 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
20:22:11.0153 9108 napagent - ok
20:22:11.0246 9108 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:22:11.0262 9108 NativeWifiP - ok
20:22:11.0309 9108 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
20:22:11.0324 9108 NDIS - ok
20:22:11.0355 9108 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:22:11.0355 9108 NdisCap - ok
20:22:11.0449 9108 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:22:11.0449 9108 NdisTapi - ok
20:22:11.0511 9108 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
20:22:11.0511 9108 Ndisuio - ok
20:22:11.0558 9108 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
20:22:11.0574 9108 NdisWan - ok
20:22:11.0621 9108 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
20:22:11.0621 9108 NDProxy - ok
20:22:11.0714 9108 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:22:11.0714 9108 NetBIOS - ok
20:22:11.0761 9108 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
20:22:11.0777 9108 NetBT - ok
20:22:11.0823 9108 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:22:11.0823 9108 Netlogon - ok
20:22:11.0855 9108 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
20:22:11.0870 9108 Netman - ok
20:22:11.0979 9108 NetMsmqActivator (536baf64228ad71305c50fb6b5c2dc6f) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:22:12.0011 9108 NetMsmqActivator - ok
20:22:12.0011 9108 NetPipeActivator (536baf64228ad71305c50fb6b5c2dc6f) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:22:12.0026 9108 NetPipeActivator - ok
20:22:12.0089 9108 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
20:22:12.0089 9108 netprofm - ok
20:22:12.0229 9108 NetTcpActivator (536baf64228ad71305c50fb6b5c2dc6f) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:22:12.0229 9108 NetTcpActivator - ok
20:22:12.0245 9108 NetTcpPortSharing (536baf64228ad71305c50fb6b5c2dc6f) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:22:12.0245 9108 NetTcpPortSharing - ok
20:22:12.0463 9108 NETw5s64 (24f64343f14a119308456e1ca7507b26) C:\Windows\system32\DRIVERS\NETw5s64.sys
20:22:12.0557 9108 NETw5s64 - ok
20:22:13.0196 9108 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
20:22:13.0368 9108 netw5v64 - ok
20:22:14.0335 9108 NETwNs64 (ac69618de5bcce8747c9ab0aae1003c1) C:\Windows\system32\DRIVERS\NETwNs64.sys
20:22:14.0631 9108 NETwNs64 - ok
20:22:14.0709 9108 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
20:22:14.0709 9108 nfrd960 - ok
20:22:14.0756 9108 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
20:22:14.0756 9108 NisDrv - ok
20:22:14.0850 9108 NisSrv (566ddd5d82520da01d75f81428ac4c38) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
20:22:14.0850 9108 NisSrv - ok
20:22:14.0928 9108 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
20:22:14.0943 9108 NlaSvc - ok
20:22:15.0021 9108 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:22:15.0037 9108 Npfs - ok
20:22:15.0053 9108 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
20:22:15.0068 9108 nsi - ok
20:22:15.0084 9108 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:22:15.0084 9108 nsiproxy - ok
20:22:15.0162 9108 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
20:22:15.0193 9108 Ntfs - ok
20:22:15.0287 9108 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:22:15.0287 9108 Null - ok
20:22:15.0349 9108 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
20:22:15.0349 9108 nvraid - ok
20:22:15.0380 9108 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
20:22:15.0380 9108 nvstor - ok
20:22:15.0427 9108 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
20:22:15.0427 9108 nv_agp - ok
20:22:15.0443 9108 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
20:22:15.0443 9108 ohci1394 - ok
20:22:15.0536 9108 ose64 (4965b005492cba7719e82b71e3245495) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:22:15.0536 9108 ose64 - ok
20:22:15.0677 9108 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:22:15.0723 9108 osppsvc - ok
20:22:15.0801 9108 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:22:15.0801 9108 p2pimsvc - ok
20:22:15.0833 9108 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
20:22:15.0833 9108 p2psvc - ok
20:22:15.0864 9108 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
20:22:15.0864 9108 Parport - ok
20:22:15.0942 9108 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
20:22:15.0942 9108 partmgr - ok
20:22:15.0957 9108 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
20:22:15.0957 9108 PcaSvc - ok
20:22:16.0067 9108 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
20:22:16.0067 9108 pci - ok
20:22:16.0098 9108 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
20:22:16.0098 9108 pciide - ok
20:22:16.0129 9108 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
20:22:16.0145 9108 pcmcia - ok
20:22:16.0191 9108 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:22:16.0191 9108 pcw - ok
20:22:16.0285 9108 PDFProFiltSrvPP (c1c3baf078be5a14384a4ba2d730817d) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
20:22:16.0301 9108 PDFProFiltSrvPP - ok
20:22:16.0394 9108 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:22:16.0394 9108 PEAUTH - ok
20:22:16.0457 9108 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
20:22:16.0457 9108 PerfHost - ok
20:22:16.0597 9108 pfmfs_463 (a120e98df6a92913df885fa5ccda090e) C:\Windows\system32\Drivers\pfmfs_463.sys
20:22:17.0892 9108 pfmfs_463 - ok
20:22:18.0126 9108 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
20:22:18.0141 9108 pla - ok
20:22:18.0262 9108 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
20:22:18.0272 9108 PlugPlay - ok
20:22:18.0317 9108 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
20:22:18.0327 9108 PNRPAutoReg - ok
20:22:18.0427 9108 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:22:18.0427 9108 PNRPsvc - ok
20:22:18.0587 9108 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
20:22:18.0597 9108 PolicyAgent - ok
20:22:18.0677 9108 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
20:22:18.0682 9108 Power - ok
20:22:18.0812 9108 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
20:22:18.0817 9108 PptpMiniport - ok
20:22:18.0882 9108 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
20:22:18.0887 9108 Processor - ok
20:22:18.0952 9108 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
20:22:18.0957 9108 ProfSvc - ok
20:22:19.0062 9108 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:22:19.0062 9108 ProtectedStorage - ok
20:22:19.0197 9108 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
20:22:19.0197 9108 Psched - ok
20:22:19.0292 9108 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
20:22:19.0312 9108 ql2300 - ok
20:22:19.0417 9108 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
20:22:19.0422 9108 ql40xx - ok
20:22:19.0507 9108 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
20:22:19.0517 9108 QWAVE - ok
20:22:19.0577 9108 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:22:19.0582 9108 QWAVEdrv - ok
20:22:19.0632 9108 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:22:19.0657 9108 RasAcd - ok
20:22:19.0752 9108 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:22:19.0762 9108 RasAgileVpn - ok
20:22:19.0867 9108 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
20:22:19.0872 9108 RasAuto - ok
20:22:19.0972 9108 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:22:20.0002 9108 Rasl2tp - ok
20:22:20.0107 9108 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
20:22:20.0117 9108 RasMan - ok
20:22:20.0202 9108 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:22:20.0207 9108 RasPppoe - ok
20:22:20.0277 9108 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:22:20.0277 9108 RasSstp - ok
20:22:20.0382 9108 rcmirror (96597c96d5acf4a3ef0b24d396853879) C:\Windows\system32\DRIVERS\rcmirror.sys
20:22:20.0392 9108 rcmirror - ok
20:22:20.0537 9108 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
20:22:20.0547 9108 rdbss - ok
20:22:20.0642 9108 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:22:20.0642 9108 rdpbus - ok
20:22:20.0677 9108 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:22:20.0677 9108 RDPCDD - ok
20:22:20.0692 9108 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:22:20.0692 9108 RDPENCDD - ok
20:22:20.0752 9108 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:22:20.0752 9108 RDPREFMP - ok
20:22:20.0822 9108 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
20:22:20.0827 9108 RDPWD - ok
20:22:20.0967 9108 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
20:22:20.0977 9108 rdyboost - ok
20:22:21.0077 9108 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
20:22:21.0077 9108 RemoteAccess - ok
20:22:21.0202 9108 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
20:22:21.0207 9108 RemoteRegistry - ok
20:22:21.0242 9108 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
20:22:21.0257 9108 RpcEptMapper - ok
20:22:21.0307 9108 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
20:22:21.0307 9108 RpcLocator - ok
20:22:21.0382 9108 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:22:21.0382 9108 RpcSs - ok
20:22:21.0562 9108 RsFx0103 (cd553b8633466a6d1c115812f2619f1f) C:\Windows\system32\DRIVERS\RsFx0103.sys
20:22:21.0567 9108 RsFx0103 - ok
20:22:21.0682 9108 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:22:21.0687 9108 rspndr - ok
20:22:21.0747 9108 RSUSBSTOR (907c4464381b5ebdfdc60f6c7d0dedfc) C:\Windows\system32\Drivers\RtsUStor.sys
20:22:21.0752 9108 RSUSBSTOR - ok
20:22:21.0862 9108 RTL8167 (777fc2c418465404e3d8a290dc247d24) C:\Windows\system32\DRIVERS\Rt64win7.sys
20:22:21.0867 9108 RTL8167 - ok
20:22:21.0942 9108 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:22:21.0947 9108 SamSs - ok
20:22:22.0207 9108 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
20:22:22.0207 9108 sbp2port - ok
20:22:22.0307 9108 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
20:22:22.0307 9108 SCardSvr - ok
20:22:22.0387 9108 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
20:22:22.0422 9108 scfilter - ok
20:22:22.0557 9108 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
20:22:22.0567 9108 Schedule - ok
20:22:22.0667 9108 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:22:22.0667 9108 SCPolicySvc - ok
20:22:22.0727 9108 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
20:22:22.0737 9108 sdbus - ok
20:22:22.0792 9108 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
20:22:22.0797 9108 SDRSVC - ok
20:22:22.0912 9108 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
20:22:22.0917 9108 SeaPort - ok
20:22:23.0062 9108 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:22:23.0062 9108 secdrv - ok
20:22:23.0122 9108 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
20:22:23.0122 9108 seclogon - ok
20:22:23.0167 9108 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
20:22:23.0167 9108 SENS - ok
20:22:23.0248 9108 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
20:22:23.0258 9108 SensrSvc - ok
20:22:23.0313 9108 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
20:22:23.0313 9108 Serenum - ok
20:22:23.0371 9108 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
20:22:23.0376 9108 Serial - ok
20:22:23.0436 9108 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
20:22:23.0436 9108 sermouse - ok
20:22:23.0496 9108 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
20:22:23.0496 9108 SessionEnv - ok
20:22:23.0536 9108 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
20:22:23.0536 9108 sffdisk - ok
20:22:23.0551 9108 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
20:22:23.0551 9108 sffp_mmc - ok
20:22:23.0601 9108 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
20:22:23.0601 9108 sffp_sd - ok
20:22:23.0636 9108 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
20:22:23.0636 9108 sfloppy - ok
20:22:23.0701 9108 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
20:22:23.0706 9108 SharedAccess - ok
20:22:23.0806 9108 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
20:22:23.0816 9108 ShellHWDetection - ok
20:22:23.0881 9108 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:22:23.0886 9108 SiSRaid2 - ok
20:22:23.0926 9108 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
20:22:23.0931 9108 SiSRaid4 - ok
20:22:24.0006 9108 SkypeUpdate (17eab7852ff9f15fbaab4e95efc0b812) C:\Program Files (x86)\Skype\Updater\Updater.exe
20:22:24.0011 9108 SkypeUpdate - ok
20:22:24.0091 9108 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:22:24.0096 9108 Smb - ok
20:22:24.0146 9108 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
20:22:24.0151 9108 SNMPTRAP - ok
20:22:24.0196 9108 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:22:24.0196 9108 spldr - ok
20:22:24.0267 9108 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
20:22:24.0277 9108 Spooler - ok
20:22:24.0422 9108 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
20:22:24.0457 9108 sppsvc - ok
20:22:24.0532 9108 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
20:22:24.0532 9108 sppuinotify - ok
20:22:24.0672 9108 SQLAgent$SQLEXPRESS (a5609d0178b2fec118a7f4a24ecd1bfb) c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
20:22:24.0682 9108 SQLAgent$SQLEXPRESS - ok
20:22:24.0752 9108 SQLBrowser (b54b48f6d92423440c264e91225c5ff1) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
20:22:24.0757 9108 SQLBrowser - ok
20:22:24.0797 9108 SQLWriter (f4e01e2d1e1f49222d55c3323a4c5f6e) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
20:22:24.0797 9108 SQLWriter - ok
20:22:24.0897 9108 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
20:22:24.0907 9108 srv - ok
20:22:24.0927 9108 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
20:22:24.0937 9108 srv2 - ok
20:22:24.0977 9108 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
20:22:24.0987 9108 SrvHsfHDA - ok
20:22:25.0042 9108 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
20:22:25.0067 9108 SrvHsfV92 - ok
20:22:25.0177 9108 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
20:22:25.0187 9108 SrvHsfWinac - ok
20:22:25.0237 9108 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
20:22:25.0242 9108 srvnet - ok
20:22:25.0282 9108 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
20:22:25.0287 9108 SSDPSRV - ok
20:22:25.0347 9108 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
20:22:25.0352 9108 SstpSvc - ok
20:22:25.0437 9108 STacSV (b00068ba94f5f306911b14b425aaeb56) C:\Program Files\IDT\WDM\STacSV64.exe
20:22:25.0442 9108 STacSV - ok
20:22:25.0477 9108 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
20:22:25.0477 9108 stexstor - ok
20:22:25.0557 9108 STHDA (da40d9c9ccb9836d6abd1706935a2277) C:\Windows\system32\DRIVERS\stwrt64.sys
20:22:25.0567 9108 STHDA - ok
20:22:25.0617 9108 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
20:22:25.0617 9108 StillCam - ok
20:22:25.0667 9108 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
20:22:25.0682 9108 stisvc - ok
20:22:25.0737 9108 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
20:22:25.0742 9108 swenum - ok
20:22:25.0822 9108 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
20:22:25.0832 9108 swprv - ok
20:22:25.0922 9108 SynTP (33e6a285daa5134d8ea2247914c86c09) C:\Windows\system32\DRIVERS\SynTP.sys
20:22:25.0947 9108 SynTP - ok
20:22:26.0067 9108 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
20:22:26.0092 9108 SysMain - ok
20:22:26.0152 9108 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
20:22:26.0157 9108 TabletInputService - ok
20:22:26.0217 9108 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
20:22:26.0227 9108 TapiSrv - ok
20:22:26.0267 9108 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
20:22:26.0272 9108 TBS - ok
20:22:26.0372 9108 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
20:22:26.0402 9108 Tcpip - ok
20:22:26.0527 9108 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
20:22:26.0537 9108 TCPIP6 - ok
20:22:26.0582 9108 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
20:22:26.0582 9108 tcpipreg - ok
20:22:26.0677 9108 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:22:26.0677 9108 TDPIPE - ok
20:22:26.0722 9108 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
20:22:26.0727 9108 TDTCP - ok
20:22:26.0767 9108 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
20:22:26.0772 9108 tdx - ok
20:22:26.0897 9108 TeamViewer5 (960c1194dc43744c4851995f7daf0552) C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
20:22:26.0922 9108 TeamViewer5 - ok
20:22:27.0067 9108 TeamViewer6 (fe559178000347d2ca1b7847f0379749) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
20:22:27.0107 9108 TeamViewer6 - ok
20:22:27.0207 9108 teamviewervpn (f5520dbb47c60ee83024b38720abda24) C:\Windows\system32\DRIVERS\teamviewervpn.sys
20:22:27.0212 9108 teamviewervpn - ok
20:22:27.0257 9108 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
20:22:27.0262 9108 TermDD - ok
20:22:27.0312 9108 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
20:22:27.0327 9108 TermService - ok
20:22:27.0417 9108 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
20:22:27.0422 9108 Themes - ok
20:22:27.0452 9108 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:22:27.0457 9108 THREADORDER - ok
20:22:27.0477 9108 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
20:22:27.0482 9108 TrkWks - ok
20:22:27.0532 9108 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
20:22:27.0537 9108 TrustedInstaller - ok
20:22:27.0582 9108 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:22:27.0582 9108 tssecsrv - ok
20:22:27.0637 9108 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
20:22:27.0642 9108 TsUsbFlt - ok
20:22:27.0742 9108 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
20:22:27.0747 9108 tunnel - ok
20:22:27.0777 9108 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
20:22:27.0782 9108 uagp35 - ok
20:22:27.0837 9108 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
20:22:27.0842 9108 udfs - ok
20:22:27.0922 9108 ufad-ws60 (215462ae7e6a897d675e84dd1e3b3b56) C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe
20:22:27.0927 9108 ufad-ws60 - ok
20:22:27.0972 9108 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
20:22:27.0977 9108 UI0Detect - ok
20:22:28.0082 9108 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
20:22:28.0087 9108 uliagpkx - ok
20:22:28.0157 9108 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
20:22:28.0157 9108 umbus - ok
20:22:28.0202 9108 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
20:22:28.0207 9108 UmPass - ok
20:22:28.0322 9108 UNS (0fadd949576a164b4e51e716f46b6c33) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
20:22:28.0342 9108 UNS - ok
20:22:28.0432 9108 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
20:22:28.0442 9108 upnphost - ok
20:22:28.0517 9108 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
20:22:28.0522 9108 USBAAPL64 - ok
20:22:28.0572 9108 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
20:22:28.0577 9108 usbaudio - ok
20:22:28.0692 9108 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
20:22:28.0692 9108 usbccgp - ok
20:22:28.0732 9108 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
20:22:28.0732 9108 usbcir - ok
20:22:28.0757 9108 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
20:22:28.0767 9108 usbehci - ok
20:22:28.0817 9108 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
20:22:28.0827 9108 usbhub - ok
20:22:28.0907 9108 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
20:22:28.0912 9108 usbohci - ok
20:22:28.0972 9108 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:22:28.0982 9108 usbprint - ok
20:22:29.0062 9108 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:22:29.0067 9108 USBSTOR - ok
20:22:29.0162 9108 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
20:22:29.0172 9108 usbuhci - ok
20:22:29.0552 9108 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
20:22:29.0587 9108 usbvideo - ok
20:22:29.0772 9108 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
20:22:29.0782 9108 UxSms - ok
20:22:29.0867 9108 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:22:29.0872 9108 VaultSvc - ok
20:22:30.0313 9108 VBoxDrv (b6437a7c60c817a0d7bea1d994b01612) C:\Windows\system32\DRIVERS\VBoxDrv.sys
20:22:30.0318 9108 VBoxDrv - ok
20:22:30.0553 9108 VBoxNetAdp (9e607f6240eadc4c0b3570f3e5e0358c) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
20:22:30.0578 9108 VBoxNetAdp - ok
20:22:30.0663 9108 VBoxNetFlt (9f7bc6d33a3aa4aff35c9dbd69c2bca0) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
20:22:30.0668 9108 VBoxNetFlt - ok
20:22:30.0778 9108 VBoxUSBMon (84b57b85a550476456ec5ab32fa99513) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
20:22:30.0778 9108 VBoxUSBMon - ok
20:22:30.0858 9108 vcsFPService (8159f83408230045f731c6c7799a7d44) C:\Windows\system32\vcsFPService.exe
20:22:30.0883 9108 vcsFPService - ok
20:22:30.0978 9108 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
20:22:30.0978 9108 vdrvroot - ok
20:22:31.0033 9108 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
20:22:31.0043 9108 vds - ok
20:22:31.0108 9108 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:22:31.0113 9108 vga - ok
20:22:31.0128 9108 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:22:31.0128 9108 VgaSave - ok
20:22:31.0158 9108 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
20:22:31.0163 9108 vhdmp - ok
20:22:31.0253 9108 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
20:22:31.0258 9108 viaide - ok
20:22:31.0343 9108 VMAuthdService (fc52155ecff50582104829859bc8d087) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
20:22:31.0348 9108 VMAuthdService - ok
20:22:31.0378 9108 vmci (d6b4525535406147c01a5f4569c26dc1) C:\Windows\system32\drivers\vmci.sys
20:22:31.0378 9108 vmci - ok
20:22:31.0398 9108 vmkbd (95569794560db9aa8cf27f890096ffe9) C:\Windows\system32\drivers\VMkbd.sys
20:22:31.0403 9108 vmkbd - ok
20:22:31.0523 9108 vmm (21c96aa588d3993191761a08dbaabb15) C:\Windows\system32\Drivers\vmm.sys
20:22:31.0528 9108 vmm - ok
20:22:31.0568 9108 VMnetAdapter (9d54f1339e78c95bf3d9939ebcb66378) C:\Windows\system32\DRIVERS\vmnetadapter.sys
20:22:31.0573 9108 VMnetAdapter - ok
20:22:31.0593 9108 VMnetBridge (fb54ef3aa613d2832fd3812e7cb2fc75) C:\Windows\system32\DRIVERS\vmnetbridge.sys
20:22:31.0593 9108 VMnetBridge - ok
20:22:31.0608 9108 VMnetDHCP - ok
20:22:31.0633 9108 VMnetuserif (1a220c8f429bf45ec7693c9f6bf475b1) C:\Windows\system32\drivers\vmnetuserif.sys
20:22:31.0633 9108 VMnetuserif - ok
20:22:31.0723 9108 VMUSBArbService (dfef590c1818955e101654c30283f8ea) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
20:22:31.0733 9108 VMUSBArbService - ok
20:22:31.0798 9108 VMware NAT Service - ok
20:22:31.0868 9108 vmx86 (f81ba84faa718cf638e4d01a56febff8) C:\Windows\system32\drivers\vmx86.sys
20:22:31.0873 9108 vmx86 - ok
20:22:31.0918 9108 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
20:22:31.0923 9108 volmgr - ok
20:22:31.0983 9108 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
20:22:31.0993 9108 volmgrx - ok
20:22:32.0033 9108 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
20:22:32.0038 9108 volsnap - ok
20:22:32.0073 9108 vpcbus (b4a73ca4ef9a02b9738cea9ad5fe5917) C:\Windows\system32\DRIVERS\vpchbus.sys
20:22:32.0078 9108 vpcbus - ok
20:22:32.0168 9108 vpcnfltr (e675fb2b48c54f09895482e2253b289c) C:\Windows\system32\DRIVERS\vpcnfltr.sys
20:22:32.0173 9108 vpcnfltr - ok
20:22:32.0198 9108 vpcusb (5fb42082b0d19a0268705f1dd343df20) C:\Windows\system32\DRIVERS\vpcusb.sys
20:22:32.0198 9108 vpcusb - ok
20:22:32.0263 9108 vpcvmm (207b6539799cc1c112661a9b620dd233) C:\Windows\system32\drivers\vpcvmm.sys
20:22:32.0268 9108 vpcvmm - ok
20:22:32.0353 9108 vpnagent (d6653180d162cb3144fdbc8a651cebb1) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
20:22:32.0368 9108 vpnagent - ok
20:22:32.0468 9108 vpnva (13e6d95e7ac67abb7a1196557ef8849f) C:\Windows\system32\DRIVERS\vpnva64.sys
20:22:32.0468 9108 vpnva - ok
20:22:32.0513 9108 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
20:22:32.0518 9108 vsmraid - ok
20:22:32.0658 9108 VSPerfDrv110 (2264088602a687d6032dde26e808c4c5) C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys
20:22:32.0663 9108 VSPerfDrv110 - ok
20:22:32.0798 9108 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
20:22:32.0828 9108 VSS - ok
20:22:32.0878 9108 vstor2-ws60 (e61c910e2ddf4797c1b1f9239636e894) C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys
20:22:32.0883 9108 vstor2-ws60 - ok
20:22:32.0928 9108 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
20:22:32.0928 9108 vwifibus - ok
20:22:32.0998 9108 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
20:22:33.0003 9108 vwififlt - ok
20:22:33.0043 9108 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
20:22:33.0053 9108 W32Time - ok
20:22:33.0143 9108 W3SVC (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll
20:22:33.0153 9108 W3SVC - ok
20:22:33.0238 9108 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
20:22:33.0238 9108 WacomPen - ok
20:22:33.0288 9108 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:22:33.0293 9108 WANARP - ok
20:22:33.0303 9108 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:22:33.0303 9108 Wanarpv6 - ok
20:22:33.0393 9108 WAS (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll
20:22:33.0398 9108 WAS - ok
20:22:33.0518 9108 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
20:22:33.0538 9108 WatAdminSvc - ok
20:22:33.0618 9108 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
20:22:33.0638 9108 wbengine - ok
20:22:33.0718 9108 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
20:22:33.0728 9108 WbioSrvc - ok
20:22:33.0778 9108 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
20:22:33.0788 9108 wcncsvc - ok
20:22:33.0823 9108 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
20:22:33.0828 9108 WcsPlugInService - ok
20:22:33.0873 9108 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
20:22:33.0873 9108 Wd - ok
20:22:33.0918 9108 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:22:33.0928 9108 Wdf01000 - ok
20:22:34.0008 9108 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:22:34.0018 9108 WdiServiceHost - ok
20:22:34.0023 9108 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:22:34.0028 9108 WdiSystemHost - ok
20:22:34.0098 9108 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
20:22:34.0108 9108 WebClient - ok
20:22:34.0208 9108 WebFarmService (d4de1482f9770a6e3e4f03c4bc5eb193) C:\Program Files\IIS\Microsoft Web Farm Framework\WebFarmService.exe
20:22:34.0213 9108 WebFarmService - ok
20:22:34.0233 9108 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
20:22:34.0243 9108 Wecsvc - ok
20:22:34.0263 9108 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
20:22:34.0268 9108 wercplsupport - ok
20:22:34.0353 9108 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
20:22:34.0358 9108 WerSvc - ok
20:22:34.0403 9108 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:22:34.0408 9108 WfpLwf - ok
20:22:34.0433 9108 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:22:34.0433 9108 WIMMount - ok
20:22:34.0483 9108 WinDefend - ok
20:22:34.0498 9108 WinHttpAutoProxySvc - ok
20:22:34.0548 9108 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
20:22:34.0553 9108 Winmgmt - ok
20:22:34.0668 9108 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
20:22:34.0683 9108 WinRM - ok
20:22:34.0793 9108 WinUSB (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
20:22:34.0793 9108 WinUSB - ok
20:22:34.0838 9108 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
20:22:34.0853 9108 Wlansvc - ok
20:22:34.0973 9108 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
20:22:34.0973 9108 wlcrasvc - ok
20:22:35.0078 9108 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:22:35.0103 9108 wlidsvc - ok
20:22:35.0198 9108 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
20:22:35.0198 9108 WmiAcpi - ok
20:22:35.0239 9108 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
20:22:35.0239 9108 wmiApSrv - ok
20:22:35.0299 9108 WMPNetworkSvc - ok
20:22:35.0354 9108 WMSVC (b5bd872122a2ce82d196abf2d5d8d80a) C:\Windows\system32\inetsrv\wmsvc.exe
20:22:35.0354 9108 WMSVC - ok
20:22:35.0459 9108 WMZuneComm (83b6ca03c846fcd47f9883d77d1eb27b) c:\Program Files\Zune\WMZuneComm.exe
20:22:35.0464 9108 WMZuneComm - ok
20:22:35.0559 9108 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
20:22:35.0564 9108 WPCSvc - ok
20:22:35.0609 9108 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
20:22:35.0614 9108 WPDBusEnum - ok
20:22:35.0659 9108 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:22:35.0659 9108 ws2ifsl - ok
20:22:35.0699 9108 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
20:22:35.0704 9108 wscsvc - ok
20:22:35.0709 9108 WSearch - ok
20:22:35.0794 9108 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
20:22:35.0834 9108 wuauserv - ok
20:22:35.0934 9108 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
20:22:35.0939 9108 WudfPf - ok
20:22:35.0979 9108 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:22:35.0984 9108 WUDFRd - ok
20:22:36.0039 9108 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
20:22:36.0044 9108 wudfsvc - ok
20:22:36.0079 9108 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
20:22:36.0089 9108 WwanSvc - ok
20:22:36.0139 9108 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
20:22:36.0144 9108 yukonw7 - ok
20:22:36.0404 9108 ZuneNetworkSvc (67b787c34fb2888d01b130ae007042d8) c:\Program Files\Zune\ZuneNss.exe
20:22:36.0559 9108 ZuneNetworkSvc - ok
20:22:36.0669 9108 ZuneWlanCfgSvc (4d89fc1c20cf655739efac5da81a67bc) c:\Program Files\Zune\ZuneWlanCfgSvc.exe
20:22:36.0674 9108 ZuneWlanCfgSvc - ok
20:22:36.0724 9108 MBR (0x1B8) (845439a498daa39de453cde1573736d0) \Device\Harddisk0\DR0
20:22:36.0759 9108 \Device\Harddisk0\DR0 - ok
20:22:36.0764 9108 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR2
20:22:36.0769 9108 \Device\Harddisk1\DR2 - ok
20:22:36.0794 9108 Boot (0x1200) (f745d1ce33baf88accf45aa3205d92c3) \Device\Harddisk0\DR0\Partition0
20:22:36.0799 9108 \Device\Harddisk0\DR0\Partition0 - ok
20:22:36.0809 9108 Boot (0x1200) (b097f41b50f55d8e93981e6c4b20e392) \Device\Harddisk0\DR0\Partition1
20:22:36.0814 9108 \Device\Harddisk0\DR0\Partition1 - ok
20:22:36.0839 9108 Boot (0x1200) (e7ee73f4876fe562debb57b1ffac4c1b) \Device\Harddisk0\DR0\Partition2
20:22:36.0839 9108 \Device\Harddisk0\DR0\Partition2 - ok
20:22:36.0859 9108 Boot (0x1200) (cea3117813dbfa5b1bf594f4cb8a705b) \Device\Harddisk0\DR0\Partition3
20:22:36.0859 9108 \Device\Harddisk0\DR0\Partition3 - ok
20:22:36.0864 9108 Boot (0x1200) (5ed5ff20f346e4876b14352f65345b56) \Device\Harddisk1\DR2\Partition0
20:22:36.0869 9108 \Device\Harddisk1\DR2\Partition0 - ok
20:22:36.0869 9108 ============================================================
20:22:36.0869 9108 Scan finished
20:22:36.0869 9108 ============================================================
20:22:36.0884 1888 Detected object count: 0
20:22:36.0884 1888 Actual detected object count: 0


------------------------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------------------------

aswMBR Logs

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-25 20:21:46
-----------------------------
20:21:46.901 OS Version: Windows x64 6.1.7601 Service Pack 1
20:21:46.901 Number of processors: 8 586 0x1E05
20:21:46.917 ComputerName: KIYARA-PC UserName: Jigi
20:21:48.227 Initialize success
20:25:47.415 AVAST engine defs: 12032501
22:41:06.810 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:41:06.810 Disk 0 Vendor: Hitachi_ PC4O Size: 476940MB BusType: 3
22:41:06.825 Disk 1 \Device\Harddisk1\DR2 -> \Device\000000ab
22:41:06.825 Disk 1 Vendor: Size: 476940MB BusType: 0
22:41:06.841 Disk 0 MBR read successfully
22:41:06.841 Disk 0 MBR scan
22:41:06.856 Disk 0 unknown MBR code
22:41:06.856 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
22:41:06.903 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 454866 MB offset 409600
22:41:06.950 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 21770 MB offset 931975168
22:41:07.028 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 976560128
22:41:07.153 Disk 0 scanning C:\Windows\system32\drivers
22:41:21.130 Service scanning
22:42:14.045 Modules scanning
22:42:14.065 Disk 0 trace - called modules:
22:42:14.095 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll
22:42:14.105 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004db9790]
22:42:14.125 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> [0xfffffa8004ccdb10]
22:42:14.135 5 hpdskflt.sys[fffff88001bd4189] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004b3f050]
22:42:17.100 AVAST engine scan C:\Windows
22:42:25.141 AVAST engine scan C:\Windows\system32
22:50:34.045 AVAST engine scan C:\Windows\system32\drivers
22:50:54.824 AVAST engine scan C:\Users\Jigi
22:52:48.685 AVAST engine scan C:\ProgramData
22:54:32.032 File: C:\ProgramData\Microsoft\Windows\DRM\79F7.tmp **INFECTED** Win32:Malware-gen
22:54:32.082 File: C:\ProgramData\Microsoft\Windows\DRM\7A46.tmp **INFECTED** Win32:Malware-gen
22:54:32.142 File: C:\ProgramData\Microsoft\Windows\DRM\8189.tmp **INFECTED** Win32:Malware-gen
22:54:32.172 File: C:\ProgramData\Microsoft\Windows\DRM\81A9.tmp **INFECTED** Win32:Malware-gen
22:56:32.742 Scan finished successfully
22:58:06.258 Disk 0 MBR has been saved successfully to "C:\Users\Kiyara\Downloads\Softwares\Anti-Malware - BleepingComputer\MBR.dat"
22:58:06.368 The log file has been saved successfully to "C:\Users\Kiyara\Downloads\Softwares\Anti-Malware - BleepingComputer\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:52 PM

Posted 25 March 2012 - 10:50 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:52 PM

Posted 28 March 2012 - 12:02 AM

Hello


Just checking in on you as it has been a couple of days since I have heard from you.

Are you having any troubles or just need more time?




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:52 PM

Posted 31 March 2012 - 01:12 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:52 PM

Posted 04 April 2012 - 01:11 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:52 PM

Posted 04 April 2012 - 01:16 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users